Emulation assistance from Unicorn.
Classes:
Functions:
-
parse_consts–Unicorn "consts" is a python module consisting of a variable definition
-
create_reg_to_const_map– -
debug–
Attributes:
-
pwndbg.emu.emulator - Documentation emulator ¤Emulation assistance from Unicorn.
Classes:
Functions:
-
parse_consts–Unicorn "consts" is a python module consisting of a variable definition
-
create_reg_to_const_map– -
debug–
Attributes:
arch_to_UC_constsmodule-attribute¤arch_to_UC_consts = { "i386": parse_consts(x86_const), "x86-64": parse_consts(x86_const), @@ -59,7 +65,8 @@ "aarch64": parse_consts(arm64_const), "rv32": parse_consts(riscv_const), "rv64": parse_consts(riscv_const), -} + "s390x": parse_consts(s390x_const), +}arch_to_reg_const_mapmodule-attribute¤arch_to_reg_const_map = { "i386": create_reg_to_const_map(arch_to_UC_consts["rv64"]), -} + "s390x": create_reg_to_const_map(arch_to_UC_consts["s390x"]), +} +arch_to_SYSCALLmodule-attribute¤arch_to_SYSCALL = { UC_ARCH_X86: [ diff --git a/dev/reference/pwndbg/lib/arch/index.html b/dev/reference/pwndbg/lib/arch/index.html index 62daca61f..7e5157742 100644 --- a/dev/reference/pwndbg/lib/arch/index.html +++ b/dev/reference/pwndbg/lib/arch/index.html @@ -41,7 +41,8 @@ "sparc", "powerpc", "loongarch64", -] + "s390x", +]PWNDBG_SUPPORTED_ARCHITECTURESmodule-attribute¤Arch ¤Arch( diff --git a/dev/reference/pwndbg/lib/elftypes/index.html b/dev/reference/pwndbg/lib/elftypes/index.html index 32b65a55e..38eeb7be8 100644 --- a/dev/reference/pwndbg/lib/elftypes/index.html +++ b/dev/reference/pwndbg/lib/elftypes/index.html @@ -135,7 +135,7 @@ 47: "AT_L3_CACHEGEOMETRY", 51: "AT_MINSIGSTKSZ", } -constants ¤Attributes:
-
pwndbg.lib.regs - Documentation regs ¤Reading register value from the inferior, and provides a standardized interface to registers like "sp" and "pc".
Classes:
Attributes:
-
pwndbg.lib.regs - Documentation regs ¤Reading register value from the inferior, and provides a standardized interface to registers like "sp" and "pc".
Classes:
Attributes:
-
loongarch64– -
loongarch64– -
s390x– -
s390xmodule-attribute¤s390x = RegisterSet( + pc="pc", + retaddr=("r14",), + stack="r15", + flags={"pswm": BitFlags()}, + gpr=( + "r0", + "r1", + "r2", + "r3", + "r4", + "r5", + "r6", + "r7", + "r8", + "r9", + "r10", + "r11", + "r12", + "r13", + ), + args=("r2", "r3", "r4", "r5", "r6"), + retval="r2", +)RegisterSet ¤RegisterSet( pc: str = "pc", stack: str = "sp", diff --git a/dev/search/search_index.json b/dev/search/search_index.json index d07999c64..48268db24 100644 --- a/dev/search/search_index.json +++ b/dev/search/search_index.json @@ -1 +1 @@ -{"config":{"lang":["en"],"separator":"[\\s\\u200b\\-_,:!=\\[\\]()\"`/]+|\\.(?!\\d)|&[lg]t;|(?!\\b)(?=[A-Z][a-z])","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":""},{"location":"#pwndbg","title":"pwndbg","text":"pwndbg(/pa\u028an\u02c8di\u02ccb\u028c\u0261/) is a GDB and LLDB plug-in that makes debugging suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.It has a boatload of features, see FEATURES.md and CHEATSHEET (feel free to print it!).
"},{"location":"#why","title":"Why?","text":"Vanilla GDB and LLDB are terrible to use for reverse engineering and exploit development. Typing
"},{"location":"#what","title":"What?","text":"x/g30x $espor navigating cumbersome LLDB commands is not fun and often provides minimal information. The year is 2025, and core debuggers still lack many user-friendly features such as a robust hexdump command. Windbg users are completely lost when they occasionally need to bump into GDB or LLDB.Pwndbg is a Python module which is loaded directly into GDB or LLDB*. It provides a suite of utilities and enhancements that fill the gaps left by these debuggers, smoothing out rough edges and making them more user-friendly.
Many other projects from the past (e.g., gdbinit, PEDA) and present (e.g. GEF) exist to fill some these gaps. Each provides an excellent experience and great features -- but they're difficult to extend (some are unmaintained, and all are a single 100KB, 200KB, or 363KB file (respectively)).
Pwndbg exists not only to replace all of its predecessors, but also to have a clean implementation that runs quickly and is resilient against all the weird corner cases that come up. It also comes batteries-included, so all of its features are available if you run
"},{"location":"#when-to-use-gdb-or-lldb","title":"When to Use GDB or LLDB?","text":"setup.sh.Pwndbg supports both GDB and LLDB, and each debugger has its own strengths. Here's a quick guide to help you decide which one to use:
Use Case Supported Debugger Debugging Linux binaries or ELF files GDB, LLDB Debugging Mach-O binaries on macOS LLDB Linux kernel debugging (qemu-system) GDB, LLDB Linux user-space emulation (qemu-user) GDB Embedded debugging (ARM Cortex M* or RISC-V/32) GDB, LLDBPwndbg ensures a consistent experience across both, so switching between them is seamless.
The LLDB implementation in Pwndbg is still in early-stage and may contain bugs or limitations. Known issues are tracked in GitHub Issues.
If you encounter any problems, feel free to report them or discuss on our Discord server.
"},{"location":"#compatibility-table","title":"Compatibility Table","text":"Feature Supported Version Notes pwndbg-gdb - Python 3.10+ - GDB 12.1+ Battle-tested on Ubuntu 22.04/24.04 pwndbg-lldb - Python 3.12+ - LLDB 19+ Experimental/early-stage support qemu-user QEMU 8.1+ vFile API is needed for vmmap qemu-system QEMU 6.2+ Supported version since ubuntu 22.04"},{"location":"#how","title":"How?","text":"For a portable version with no external dependencies, scroll down for the Portable Installation section.
"},{"location":"#installing-lldb","title":"Installing LLDB","text":"- Install via the Nix package manager (you can use Nix on any distribution):
nix shell github:pwndbg/pwndbg#pwndbg-lldb\npwndbg-lldb ./your-binary\n - Or download portable version with no external dependencies, scroll down for the Portable Installation section
- Or install from source, instructions below. (not supported)
- Install via the Nix package manager (you can use Nix on any distribution):
nix shell github:pwndbg/pwndbg\npwndbg ./your-binary\n -
Or download portable version with no external dependencies, scroll down for the Portable Installation section
-
Or install from source, instructions below.
Pwndbg is supported on Ubuntu 22.04, and 24.04 with GDB 12.1 and later. We do not test on any older versions of Ubuntu, so `pwndbg` may not work on these versions. - For Ubuntu 20.04 use the [2024.08.29 release](https://github.com/pwndbg/pwndbg/releases/tag/2024.08.29) - For Ubuntu 18.04 use the [2023.07.17: ubuntu18.04-final release](https://github.com/pwndbg/pwndbg/releases/tag/2023.07.17) We may accept pull requests fixing issues in older versions on a case by case basis, please discuss this with us on [Discord][discord] first. You can also always checkout an older version of `pwndbg` from around the time the Ubuntu version you're interested in was still supported by Canonical, or you can attempt to build a newer version of GDB from source. Other Linux distributions are also supported via `setup.sh`, including: * Debian-based OSes (via apt-get) * Fedora and Red Hat (via dnf) * Clear (via swiped) * OpenSUSE LEAP (via zypper) * Arch and Manjaro (via community AUR packages) * Void (via xbps) * Gentoo (via emerge) If you use any Linux distribution other than Ubuntu, we recommend using the [latest available GDB](https://www.gnu.org/software/gdb/download/) built from source. You can build it as:git clone https://github.com/pwndbg/pwndbg\ncd pwndbg\n./setup.sh\n
"},{"location":"#portable-installation","title":"Portable Installation:","text":"cd <gdb-sources-dir>\nmkdir build && cd build\nsudo apt install libgmp-dev libmpfr-dev libreadline-dev texinfo # required by build\n../configure --disable-nls --disable-werror --with-system-readline --with-python=`which python3` --with-system-gdbinit=/etc/gdb/gdbinit --enable-targets=all\nmake -j7\nThe portable version includes all necessary dependencies and should work without the need to install additional packages.
"},{"location":"#download-the-portable-version","title":"Download the Portable Version:","text":"Download the portable version from the Pwndbg releases page by selecting the desired version.
Note: For LLDB, only the tarball version is available.
Make sure to select the correct file for your operating system and architecture: - Linux (x86_64, armv7l, aarch64, riscv64): -
pwndbg_2025.04.13_amd64.tar.xz(x86_64 for GDB) -pwndbg_2025.04.13_armv7.tar.xz(armv7l for GDB) -pwndbg_2025.04.13_arm64.tar.xz(aarch64 for GDB) -pwndbg_2025.04.13_riscv64.tar.xz(riscv64 for GDB) -pwndbg-lldb_2025.04.13_amd64.tar.xz(x86_64 for LLDB) -pwndbg-lldb_2025.04.13_armv7.tar.xz(armv7l for LLDB) -pwndbg-lldb_2025.04.13_arm64.tar.xz(aarch64 for LLDB) -pwndbg-lldb_2025.04.13_riscv64.tar.xz(riscv64 for LLDB)- macOS (amd64, arm64):
pwndbg-lldb_2025.04.13_macos_amd64.tar.xz(macOS, Intel/AMD CPUs, for LLDB)pwndbg-lldb_2025.04.13_macos_arm64.tar.xz(macOS, Apple Silicon/M1/M2/M*, for LLDB)pwndbg_2025.04.13_macos_amd64.tar.xz(macOS, Intel/AMD CPUs for GDB)pwndbg_2025.04.13_macos_amd64.tar.xz(macOS, Apple Silicon/M1/M2/M*, for GDB via Rosseta emulation)
- Portable tarball:
tar -v -xf ./pwndbg_2025.04.13_amd64.tar.xz\n# ./pwndbg/bin/pwndbg\n# or ./pwndbg/bin/pwndbg-lldb\n -
Installation on RPM-based Systems (CentOS/Alma/Rocky/RHEL):
dnf install ./pwndbg-2025.04.13.x86_64.rpm\n# pwndbg\n# and/or pwndbg-lldb\n -
Installation on DEB-based Systems (Debian/Ubuntu/Kali):
apt install ./pwndbg_2025.04.13_amd64.deb\n# pwndbg\n# and/or pwndbg-lldb\n -
Installation on Alpine:
apk add --allow-untrusted ./pwndbg_2025.04.13_x86_64.apk\n# pwndbg\n# and/or pwndbg-lldb\n -
Installation on Arch Linux:
pacman -U ./pwndbg-2025.04.13-1-x86_64.pkg.tar.zst\n# pwndbg\n# and/or pwndbg-lldb\n
For further info about features/functionalities, see FEATURES.
"},{"location":"#who","title":"Who?","text":"Pwndbg is an open-source project, maintained by many contributors!
Pwndbg was originally created by Zach Riggle, who is no longer with us. We want to thank Zach for all of his contributions to Pwndbg and the wider security community.
Want to help with development? Read CONTRIBUTING or join our Discord server!
"},{"location":"#how-to-develop","title":"How to develop?","text":"To run tests locally you can do this in docker image, after cloning repo run simply
Disclaimer - this won't work on apple silicon macs."},{"location":"#contact","title":"Contact","text":"docker compose run main ./tests.sh\nIf you have any questions not worthy of a bug report, feel free to ping anybody on Discord and ask away.
"},{"location":"setup/","title":"Setup","text":""},{"location":"setup/#quick-start","title":"Quick start","text":"Installation from source is straightforward:
"},{"location":"setup/#install-on-linux-distributions","title":"Install on Linux distributions","text":"git clone https://github.com/pwndbg/pwndbg\ncd pwndbg\n./setup.sh\nNix package manager (you can use Nix on any distribution):
nix shell github:pwndbg/pwndbg\npwndbg ./your-binary\nPwndbg is supported on Ubuntu 22.04, and 24.04 with GDB 12.1 and later. We do not test on any older versions of Ubuntu, so
pwndbgmay not work on these versions (for Ubuntu 18.04 use the 2023.07.17: ubuntu18.04-final release). We may accept pull requests fixing issues in older versions on a case by case basis, please discuss this with us on Discord first. You can also always checkout an older version ofpwndbgfrom around the time the Ubuntu version you're interested in was still supported by Canonical, or you can attempt to build a newer version of GDB from source.Other Linux distributions are also supported via
setup.sh, including:- Debian-based OSes (via apt-get)
- Fedora and Red Hat (via dnf)
- Clear (via swiped)
- OpenSUSE LEAP (via zypper)
- Arch and Manjaro (via community AUR packages)
- Void (via xbps)
- Gentoo (via emerge)
If you use any Linux distribution other than Ubuntu, we recommend using the latest available GDB built from source. You can build it as:
"},{"location":"setup/#portable-installation-from-package","title":"Portable Installation from package","text":"cd <gdb-sources-dir>\nmkdir build\ncd build\n../configure --disable-nls --disable-werror --with-system-readline --with-python=`which python3` --with-system-gdbinit=/etc/gdb/gdbinit --enable-targets=all\nmake -j7\nThe portable version includes all necessary dependencies and should work without the need to install additional packages.
"},{"location":"setup/#download-the-portable-version","title":"Download the Portable Version:","text":"Download the portable version from the Pwndbg releases page by selecting the desired version. Choose the appropriate version for your system architecture (x86_64, armv7l, aarch64, riscv64).
"},{"location":"setup/#installation-on-rpm-based-systems-centosalmarockyrhel","title":"Installation on RPM-based Systems (CentOS/Alma/Rocky/RHEL):","text":"
"},{"location":"setup/#installation-on-deb-based-systems-debianubuntukali","title":"Installation on DEB-based Systems (Debian/Ubuntu/Kali):","text":"dnf install ./pwndbg-2025.04.13.x86_64.rpm\n# pwndbg\n
"},{"location":"setup/#installation-on-alpine","title":"Installation on Alpine:","text":"apt install ./pwndbg_2025.04.13_amd64.deb\n# pwndbg\n
"},{"location":"setup/#installation-on-arch-linux","title":"Installation on Arch Linux:","text":"apk add --allow-untrusted ./pwndbg_2025.04.13_x86_64.apk\n# pwndbg\n
"},{"location":"setup/#generic-linux-installation","title":"Generic Linux Installation:","text":"pacman -U ./pwndbg-2025.04.13-1-x86_64.pkg.tar.zst\n# pwndbg\n
"},{"location":"blog/","title":"Blog","text":""},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/","title":"Pwndbg coding sprints report","text":"tar -v -xf ./pwndbg_2025.04.13_amd64.tar.xz\n# ./pwndbg/bin/pwndbg\nThis blog post is a report of the two coding sprints for the Pwndbg project that I organized first on the EuroPython 2022 conference and then, taking inspiration from the previous one, in the Hackerspace Krak\u00f3w, located in Cracow, Poland.
PS: If you are only looking for a list of things done, scroll down!
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#where-i-got-the-idea-for-sprints","title":"Where I got the idea for sprints?","text":"I have recently attended the EuroPython 2022 conference and I enjoyed the \u201csprints\u201d there. In short, a sprint is a semi-organized event, where anyone can announce a project they will be working on and others can join them. This helps both the projects and the event participants to learn about the project and to make first-time contributions. At the EuroPython conference, there were 16 officially announced projects, but I know that even more projects were being worked on in practice. Of course, other communities or conferences also do this (e.g. NixCon).
At the EuroPython conference, I announced my own sprint to work on the Pwndbg project that I maintain. Having no expectations, I felt excited when four people showed up to learn something new and hack together on the project. Later, taking inspiration from it, I organized another sprint, this time in Cracow in the local Hackerspace with even a bigger response. Below, you can read a small report on the two sprints that have happened.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#my-general-idea-for-a-pwndbg-sprint","title":"My general idea for a Pwndbg sprint","text":"Pwndbg is written in Python, so on one hand is easy to hack on, but on the other hand it is a plugin for GDB, a console debugger for native programs (e.g. ones written in C, C++, Go or Rust). The general idea of Pwndbg is to alleviate the pain points of working with and improve the UX of GDB when debugging assembly code, reverse engineering a binary or during exploit development.
Since not everyone is familiar with debuggers or the underlyings of programs execution (e.g. assembly code, CPU registers or stack or heap memory) I knew that I had to make some introduction to those concepts and if possible, prepare a list of simple tasks, so that people can get familiar with the codebase and the tool and contribute something.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#europython-2022-sprint","title":"EuroPython 2022 sprint","text":"On the first sprint, four people showed up, mostly having no prior experience with the topic. We started with an introduction to what GDB and Pwndbg are and why and when they are useful.
For this, I took a small C program that had a buffer overflow bug:
#include <stdio.h>\n#include <string.h>\n\nint main(int argc, char* argv[]) {\n char name[16] = {0};\n\n // NOTE: We copy the `argv[1]` string which may be of arbitrary length\n // into the `name` buffer which is only of 16-bytes long. Thus, we can\n // overwrite the stack memory of the program past the `name` buffer.\n strcpy(name, argv[1]);\n\n printf(\"Hello %s!\\n\", name);\n}\nThen, after compiling it (
gcc main.c), we ran the program twice to see that it will crash if we provide a too long string as its argument:$ ./a.out Disconnect3d\nHello Disconnect3d!\n\n$ ./a.out Disconnect3d_at_EuroPython\nHello Disconnect3d_at_EuroPython!\n*** stack smashing detected ***: <unknown> terminated\nAborted (core dumped)\nThen, I explained that the \"stack smashing detected\" we see is the \"stack canaries\" (also called \"stack cookies\") exploit mitigation added by compilers. This compiler feature adds a special 8-bytes canary value after the function's local variables located on the stack, so that then a stack frame may look like this:
------------------------------ lower addresses\nchar name[16]; |\nuint8_t canary[8]; |\nvoid* function_return_address; V\n------------------------------ higher addresses\nThis local stack canary value is then filled in just after the function\u2019s prologue and is verified against a global value before the function returns to see if the stack was not corrupted (starting from the canary). Of course this may not detect all possible stack memory corruptions but it often makes it impossible to exploit a program (e.g. by changing the return address, also located on the stack), knowing just this vulnerability.
The stack canary mitigation can also be disabled. And if it were done (by passing in a
-fno-stack-protectorflag during compilation), we would get a different result when running the resulting program:$ gcc -fno-stack-protector buf.c\n\n$ ./a.out Disconnect3d_on_EuroPython\nHello Disconnect3d_on_EuroPython!\nSegmentation fault (core dumped)\nNow, the \"stack smashing detected\" is gone, but the program still crashed, because we still corrupted a part of its memory that we shouldn't have touched in a way that made the program do illegal things (e.g. accessing unmapped memory).
During the sprint, we also ran a GDB+Pwndbg session to see the exact instructions that placed the canary value on the stack memory, to see that our input string was located just before it and how the canary was checked just before the function was returned.
I am not going to describe all of this here, but you can see some of it in the below asciinema recording.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#hackerspace-krakow-sprint","title":"Hackerspace Krak\u00f3w sprint","text":"Since the second sprint was an ad-hoc event, I had to organize it myself. As a member of Hackerspace Krak\u00f3w, I was able to reserve the hackerspace's softroom, which is a perfect place for people to hack on things using their computers. Then, I advertised the event on the Hackerspace's mailing list and on a few other mediums.
I did not expect many people to come, especially that I advertised the sprint ~2 days before the event.
But... 8 people (!) showed up (excluding me). I prepared a document with some basic information and tasks, which can be found here (though, it is in Polish and it was modified during and after the sprint).
I won't lie: most people that came were friends of mine, some of which I play CTFs with. However, not all of them had really used or developed Pwndbg before.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#accomplishments-from-the-two-sprints","title":"Accomplishments from the two sprints","text":"On the EP sprint, since we were just a group of four, we focused on small improvements to the codebase. In total, we did the following: * reviewed and merged the fs/gs_base fetching improvement PR, * pinned the project's dependencies, * updated the unicorn dependency version, * added a \"tip of the day\" feature, * improved the UX of using Pwndbg within a Python virtual environment, * and also worked on enhancing the display of arguments when stopping on a call to the printf functions family.
The last item from the list was the hardest to jump on and it still requires enhancements until it is merged. Nonetheless, all of this was a nice outcome from the whole sprint :).
On the second sprint, while we were a bigger group, we had much more limited time (since instead of having ~8 hours, we had just a few). Anyway, we were able to do the following:
- Cleanup some code leftover after dropping Python 2 support,
- Added documentation on how to debug Pwndbg using PyCharm remote debugging,
- Reviewed and merged the PRs that sets
$base_heapvariable and a tip for it, which may be useful for heap exploitation, - Fix the X30 register display on AARCH64 targets,
- Fix
context argsdisplay when PC/IP register pointed to unmapped memory, - Fixed the
xorandmemfrobcommands and added tests for them (! :D), - Worked on adding a way to dump memory that can be copied right away as C or Python code (this needs to be changed to a command flag),
- Investigated a potential parsing issue, even looking at GDB's command parsing source code, implemented potential patch, which only later turned out to be redundant and the issue to be invalid.
Organizing those sprints helped me to get back to develop the Pwndbg project more and and attract more people to contribute to it. I also think that more conferences should have this kind of attractions (similarly as more conferences should have lightning talk sessions, heh).
Regarding the Pwndbg sprints, I am organizing another one this week in Cracow on Tuesday, so if you live nearby and are interested in learning about Pwndbg or contributing to the project, feel invited! :)
PS: Thanks a lot to @arturcygan for reviewing this blog post.
"},{"location":"commands/","title":"Index","text":""},{"location":"commands/#commands","title":"Commands","text":""},{"location":"commands/#breakpoint","title":"Breakpoint","text":"- break-if-not-taken - Breaks on a branch if it is not taken.
- break-if-taken - Breaks on a branch if it is taken.
- breakrva - Break at RVA from PIE base.
- ignore - Set ignore-count of breakpoint number N to COUNT.
- context - Print out the current register, instruction, and stack context.
- contextnext - Select next entry in context history.
- contextoutput - Sets the output of a context section.
- contextprev - Select previous entry in context history.
- contextsearch - Search for a string in the context history and select that entry.
- contextunwatch - Removes an expression previously added to be watched.
- contextwatch - Adds an expression to be shown on context.
- regs - Print out all registers and enhance the information.
- dev-dump-instruction - Dump internal PwndbgInstruction attributes.
- log-level - Set the log level.
- emulate - Like nearpc, but will emulate instructions from the current $PC forward.
- nearpc - Disassemble near a specified address.
- arena - Print the contents of an arena.
- arenas - List this process's arenas.
- bins - Print the contents of all an arena's bins and a thread's tcache.
- fastbins - Print the contents of an arena's fastbins.
- find-fake-fast - Find candidate fake fast or tcache chunks overlapping the specified address.
- heap-config - Shows heap related configuration.
- heap - Iteratively print chunks on a heap.
- hi - Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
- largebins - Print the contents of an arena's largebins.
- malloc-chunk - Print a chunk.
- mp - Print the mp_ struct's contents.
- smallbins - Print the contents of an arena's smallbins.
- tcache - Print a thread's tcache contents.
- tcachebins - Print the contents of a tcache.
- top-chunk - Print relevant information about an arena's top chunk.
- try-free - Check what would happen if free was called with given address.
- unsortedbin - Print the contents of an arena's unsortedbin.
- vis-heap-chunks - Visualize chunks on a heap.
- ai - Ask GPT-3 a question about the current debugging context.
- bn-sync - Synchronize Binary Ninja's cursor with GDB.
- decomp - Use the current integration to decompile code near an address.
- j - Synchronize IDA's cursor with GDB.
- r2 - Launches radare2.
- r2pipe - Execute stateful radare2 commands through r2pipe.
- rop - Dump ROP gadgets with Jon Salwan's ROPgadget tool.
- ropper - ROP gadget search with ropper.
- rz - Launches rizin.
- rzpipe - Execute stateful rizin commands through rzpipe.
- save-ida - Save the ida database.
- binder - Show Android Binder information
- kbase - Finds the kernel virtual base address.
- kchecksec - Checks for kernel hardening configuration options.
- kcmdline - Return the kernel commandline (/proc/cmdline).
- kconfig - Outputs the kernel config (requires CONFIG_IKCONFIG).
- klookup - Lookup kernel symbols
- knft-dump - Dump all nftables: tables, chains, rules, expressions
- knft-list-chains - Dump netfilter chains form a specific table
- knft-list-exprs - Dump only expressions from specific rule
- knft-list-flowtables - Dump netfilter flowtables from a specific table
- knft-list-objects - Dump netfilter objects from a specific table
- knft-list-rules - Dump netfilter rules form a specific chain
- knft-list-sets - Dump netfilter sets from a specific table
- knft-list-tables - Dump netfliter tables from a specific network namespace
- kversion - Outputs the kernel version (/proc/version).
- pcplist - Print Per-CPU page list
- slab - Prints information about the slab allocator
- argc - Prints out the number of arguments.
- argv - Prints out the contents of argv.
- aslr - Check the current ASLR status, or turn it on/off.
- auxv-explore - Explore and print information from the Auxiliary ELF Vector.
- auxv - Print information from the Auxiliary ELF Vector.
- elfsections - Prints the section mappings contained in the ELF header.
- envp - Prints out the contents of the environment.
- errno - Converts errno (or argument) to its string representation.
- got - Show the state of the Global Offset Table.
- gotplt - Prints any symbols found in the .got.plt section if it exists.
- libcinfo - Show libc version and link to its sources
- linkmap - Show the state of the Link Map
- onegadget - Find gadgets which single-handedly give code execution.
- piebase - Calculate VA of RVA from PIE base.
- plt - Prints any symbols found in the .plt section if it exists.
- strings - Extracts and displays ASCII strings from readable memory pages of the debugged process.
- threads - List all threads belonging to the selected inferior.
- tls - Print out base address of the current Thread Local Storage (TLS).
- track-got - Controls GOT tracking
- track-heap - Manages the heap tracker.
- distance - Print the distance between the two arguments, or print the offset to the address's page base.
- gdt - Decode X86-64 GDT entries at address
- go-dump - Dumps a Go value of a given type at a specified address.
- go-type - Dumps a Go runtime reflection type at a specified address.
- hexdump - Hexdumps data at the specified address or module name.
- leakfind - Attempt to find a leak chain given a starting address.
- memfrob - Memfrobs a region of memory (xor with '*').
- mmap - Calls the mmap syscall and prints its resulting address.
- mprotect - Calls the mprotect syscall and prints its result value.
- p2p - Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
- probeleak - Pointer scan for possible offset leaks.
- search - Search memory for byte sequences, strings, pointers, and integer values.
- telescope - Recursively dereferences pointers starting at the specified address.
- telescope - Recursively dereferences pointers starting at the specified address.
- vmmap-add - Add virtual memory map page.
- vmmap-clear - Clear the vmmap cache.
- vmmap-explore - Explore a page, trying to guess permissions.
- vmmap - Print virtual memory map pages.
- xinfo - Shows offsets of the specified address from various useful locations.
- xor - XOR
countbytes ataddresswith the keykey.
- asm - Assemble shellcode into bytes
- checksec - Prints out the binary security settings using
checksec. - comm - Put comments in assembly code.
- cyclic - Cyclic pattern creator/finder.
- cymbol - Add, show, load, edit, or delete custom structures in plain C.
- down - Select and print stack frame called by this one.
- dt - Dump out information on a type (e.g. ucontext_t).
- dumpargs - Prints determined arguments for call instruction.
- getfile - Gets the current file.
- hex2ptr - Converts a space-separated hex string to a little-endian address.
- hijack-fd - Replace a file descriptor of a debugged process.
- ipi - Start an interactive IPython prompt.
- patch-list - List all patches.
- patch-revert - Revert patch at given address.
- patch - Patches given instruction with given code or bytes.
- plist - Dumps the elements of a linked list.
- sigreturn - Display the SigreturnFrame at the specific address
- spray - Spray memory with cyclic() generated values
- tips - Shows tips.
- up - Select and print stack frame that called this one.
- valist - Dumps the arguments of a va_list.
- vmmap-load - Load virtual memory map pages from ELF file.
- killthreads - Kill all or given threads.
- pid - Gets the pid.
- procinfo - Display information about the running process.
- cpsr - Print out ARM CPSR or xPSR register.
- fsbase - Prints out the FS base address. See also $fsbase.
- gsbase - Prints out the GS base address. See also $gsbase.
- setflag - Modify the flags register.
- canary - Print out the current stack canary.
- retaddr - Print out the stack addresses that contain return addresses.
- stack-explore - Explore stack from all threads.
- stack - Dereferences on stack data with specified count and offset.
- stackf - Dereferences on stack data, printing the entire stack frame with specified count and offset .
- attachp - Attaches to a given pid, process name, process found with partial argv match or to a device file.
- entry - Start the debugged program stopping at its entrypoint address.
- sstart - Alias for 'tbreak __libc_start_main; run'.
- start - Start the debugged program stopping at the first convenient location
- nextcall - Breaks at the next call instruction.
- nextjmp - Breaks at the next jump instruction.
- nextproginstr - Breaks at the next instruction that belongs to the running program.
- nextret - Breaks at next return-like instruction.
- nextsyscall - Breaks at the next syscall not taking branches.
- stepover - Breaks on the instruction after this one.
- stepret - Breaks at next return-like instruction by 'stepping' to it.
- stepsyscall - Breaks at the next syscall by taking branches.
- stepuntilasm - Breaks on the next matching instruction.
- xuntil - Continue execution until an address or expression.
- bc - Clear the breakpoint with the specified index.
- bd - Disable the breakpoint with the specified index.
- be - Enable the breakpoint with the specified index.
- bl - List breakpoints.
- bp - Set a breakpoint at the specified address.
- da - Dump a string at the specified address.
- db - Starting at the specified address, dump N bytes.
- dc - Starting at the specified address, hexdump.
- dd - Starting at the specified address, dump N dwords.
- dds - Dump pointers and symbols at the specified address.
- dq - Starting at the specified address, dump N qwords.
- ds - Dump a string at the specified address.
- dw - Starting at the specified address, dump N words.
- eb - Write hex bytes at the specified address.
- ed - Write hex dwords at the specified address.
- eq - Write hex qwords at the specified address.
- ew - Write hex words at the specified address.
- ez - Write a string at the specified address.
- eza - Write a string at the specified address.
- go - Windbg compatibility alias for 'continue' command.
- k - Print a backtrace (alias 'bt').
- ln - List the symbols nearest to the provided value.
- pc - Windbg compatibility alias for 'nextcall' command.
- peb - Not be windows.
- jemalloc-extent-info - Prints extent information for the given address
- jemalloc-find-extent - Returns extent information for pointer address allocated by jemalloc
- jemalloc-heap - Prints all extents information
- bugreport - Generate a bug report.
- config - Shows pwndbg-specific configuration.
- configfile - Generates a configuration file for the current pwndbg options.
- memoize - Toggles memoization (caching).
- profiler - Utilities for profiling pwndbg.
- pwndbg - Prints out a list of all pwndbg commands.
- reinit-pwndbg - Makes pwndbg reinitialize all state.
- reload - Reload pwndbg.
- theme - Shows pwndbg-specific theme configuration.
- themefile - Generates a configuration file for the current pwndbg theme options.
- version - Displays Pwndbg and its important deps versions.
Breaks on a branch if it is not taken.
"},{"location":"commands/breakpoint/break-if-not-taken/#usage","title":"Usage:","text":"
"},{"location":"commands/breakpoint/break-if-not-taken/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: break-if-not-taken [-h] branch\nbranchThe branch instruction to break on."},{"location":"commands/breakpoint/break-if-not-taken/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/breakpoint/break-if-taken/","title":"Break if taken","text":""},{"location":"commands/breakpoint/break-if-taken/#break-if-taken","title":"break-if-taken","text":""},{"location":"commands/breakpoint/break-if-taken/#description","title":"Description","text":"Breaks on a branch if it is taken.
"},{"location":"commands/breakpoint/break-if-taken/#usage","title":"Usage:","text":"
"},{"location":"commands/breakpoint/break-if-taken/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: break-if-taken [-h] branch\nbranchThe branch instruction to break on."},{"location":"commands/breakpoint/break-if-taken/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/breakpoint/breakrva/","title":"Breakrva","text":""},{"location":"commands/breakpoint/breakrva/#breakrva","title":"breakrva","text":""},{"location":"commands/breakpoint/breakrva/#description","title":"Description","text":"Break at RVA from PIE base.
"},{"location":"commands/breakpoint/breakrva/#usage","title":"Usage:","text":"
"},{"location":"commands/breakpoint/breakrva/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: breakrva [-h] [offset] [module]\noffsetOffset to add. (default: %(default)s)moduleModule to choose as base. Defaults to the target executable. (default: %(default)s)"},{"location":"commands/breakpoint/breakrva/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/breakpoint/ignore/","title":"Ignore","text":""},{"location":"commands/breakpoint/ignore/#ignore","title":"ignore","text":""},{"location":"commands/breakpoint/ignore/#description","title":"Description","text":"Set ignore-count of breakpoint number N to COUNT.
While the ignore count is positive, execution will not stop on the breakpoint.
By default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.
"},{"location":"commands/breakpoint/ignore/#usage","title":"Usage:","text":"
"},{"location":"commands/breakpoint/ignore/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ignore [-h] [N] COUNT\nbpnumThe breakpoint number N.countThe number to set COUNT."},{"location":"commands/breakpoint/ignore/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/context/","title":"Context","text":""},{"location":"commands/context/context/#context","title":"context","text":""},{"location":"commands/context/context/#description","title":"Description","text":"Print out the current register, instruction, and stack context.
"},{"location":"commands/context/context/#usage","title":"Usage:","text":"
"},{"location":"commands/context/context/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: context [-h] [--on] [--off] [subcontext ...]\nsubcontextSubmenu to display: 'regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'"},{"location":"commands/context/context/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--onNoneShow the section(s) in subsequent context commands again. The section(s) have to be in the 'context-sections' list.--offNoneDo not show the section(s) in subsequent context commands even though they might be in the 'context-sections' list."},{"location":"commands/context/contextnext/","title":"Contextnext","text":""},{"location":"commands/context/contextnext/#contextnext","title":"contextnext","text":""},{"location":"commands/context/contextnext/#description","title":"Description","text":"Select next entry in context history.
"},{"location":"commands/context/contextnext/#usage","title":"Usage:","text":"
"},{"location":"commands/context/contextnext/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextnext [-h] [count]\ncountThe number of entries to go forward in history (default: %(default)s)"},{"location":"commands/context/contextnext/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/contextoutput/","title":"Contextoutput","text":""},{"location":"commands/context/contextoutput/#contextoutput","title":"contextoutput","text":""},{"location":"commands/context/contextoutput/#description","title":"Description","text":"Sets the output of a context section.
"},{"location":"commands/context/contextoutput/#usage","title":"Usage:","text":"
"},{"location":"commands/context/contextoutput/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextoutput [-h] section path clearing [banner] [width]\nsectionThe section which is to be configured. ('regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal')pathThe path to which the output is writtenclearingIndicates weather to clear the outputbannerWhere a banner should be placed: both, top , bottom, none (default: %(default)s)widthSets a fixed width (used for banner). Set to None for auto"},{"location":"commands/context/contextoutput/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/contextprev/","title":"Contextprev","text":""},{"location":"commands/context/contextprev/#contextprev","title":"contextprev","text":""},{"location":"commands/context/contextprev/#description","title":"Description","text":"Select previous entry in context history.
"},{"location":"commands/context/contextprev/#usage","title":"Usage:","text":"
"},{"location":"commands/context/contextprev/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextprev [-h] [count]\ncountThe number of entries to go back in history (default: %(default)s)"},{"location":"commands/context/contextprev/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/contextsearch/","title":"Contextsearch","text":""},{"location":"commands/context/contextsearch/#contextsearch","title":"contextsearch","text":""},{"location":"commands/context/contextsearch/#description","title":"Description","text":"Search for a string in the context history and select that entry.
"},{"location":"commands/context/contextsearch/#usage","title":"Usage:","text":"
"},{"location":"commands/context/contextsearch/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextsearch [-h] needle [section]\nneedleThe string to search for in the context historysectionThe section to search in. If not provided, search in all sections"},{"location":"commands/context/contextsearch/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/contextunwatch/","title":"Contextunwatch","text":""},{"location":"commands/context/contextunwatch/#contextunwatch","title":"contextunwatch","text":""},{"location":"commands/context/contextunwatch/#description","title":"Description","text":"Removes an expression previously added to be watched.
"},{"location":"commands/context/contextunwatch/#usage","title":"Usage:","text":"
"},{"location":"commands/context/contextunwatch/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextunwatch [-h] num\nnumThe expression number to be removed from context"},{"location":"commands/context/contextunwatch/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/contextwatch/","title":"Contextwatch","text":""},{"location":"commands/context/contextwatch/#contextwatch","title":"contextwatch","text":""},{"location":"commands/context/contextwatch/#description","title":"Description","text":"Adds an expression to be shown on context.
To remove an expression, see
"},{"location":"commands/context/contextwatch/#usage","title":"Usage:","text":"cunwatch.
"},{"location":"commands/context/contextwatch/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextwatch [-h] [{eval,execute}] expression\ncmdCommand to be used with the expression. - eval: the expression is parsed and evaluated as in the debugged language. - execute: the expression is executed as a GDB command. (default: %(default)s)expressionThe expression to be evaluated and shown in context"},{"location":"commands/context/contextwatch/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/regs/","title":"Regs","text":""},{"location":"commands/context/regs/#regs","title":"regs","text":""},{"location":"commands/context/regs/#description","title":"Description","text":"Print out all registers and enhance the information.
"},{"location":"commands/context/regs/#usage","title":"Usage:","text":"
"},{"location":"commands/context/regs/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: regs [-h] [regs ...]\nregsRegisters to be shown"},{"location":"commands/context/regs/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/developer/dev-dump-instruction/","title":"Dev dump instruction","text":""},{"location":"commands/developer/dev-dump-instruction/#dev-dump-instruction","title":"dev-dump-instruction","text":""},{"location":"commands/developer/dev-dump-instruction/#description","title":"Description","text":"Dump internal PwndbgInstruction attributes.
"},{"location":"commands/developer/dev-dump-instruction/#usage","title":"Usage:","text":"
"},{"location":"commands/developer/dev-dump-instruction/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dev-dump-instruction [-h] [-e] [-n] [address]\naddressThe address to get the enhanced instruction from - must be in cache."},{"location":"commands/developer/dev-dump-instruction/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-e--emulateForce the use of emulation when enhancing the instruction, regardless of global 'emulate' setting. (default: %(default)s)-n--no-emulateDisable the use of emulation when enhancing the instruction, regardless of global 'emulate' setting. (default: %(default)s)"},{"location":"commands/developer/log-level/","title":"Log level","text":""},{"location":"commands/developer/log-level/#log-level","title":"log-level","text":""},{"location":"commands/developer/log-level/#description","title":"Description","text":"Set the log level.
"},{"location":"commands/developer/log-level/#usage","title":"Usage:","text":"
"},{"location":"commands/developer/log-level/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: log-level [-h] [{debug,info,warning,error,critical}]\nlevelThe log level to set. (default: %(default)s)"},{"location":"commands/developer/log-level/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/disassemble/emulate/","title":"Emulate","text":""},{"location":"commands/disassemble/emulate/#emulate","title":"emulate","text":""},{"location":"commands/disassemble/emulate/#description","title":"Description","text":"Like nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"commands/disassemble/emulate/#usage","title":"Usage:","text":"
"},{"location":"commands/disassemble/emulate/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: emulate [-h] [pc] [lines]\npcAddress to emulate near.linesNumber of lines to show on either side of the address."},{"location":"commands/disassemble/emulate/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/disassemble/nearpc/","title":"Nearpc","text":""},{"location":"commands/disassemble/nearpc/#nearpc","title":"nearpc","text":""},{"location":"commands/disassemble/nearpc/#description","title":"Description","text":"Disassemble near a specified address.
"},{"location":"commands/disassemble/nearpc/#usage","title":"Usage:","text":"
"},{"location":"commands/disassemble/nearpc/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: nearpc [-h] [-e] [pc] [lines]\npcAddress to disassemble near. If this is the only argument and the value provided is small enough, it is interpreted as lines instead.linesNumber of lines to show on either side of the address."},{"location":"commands/disassemble/nearpc/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-e--emulateWhether to emulate instructions to find the next ones or just linearly disassemble. (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/arena/","title":"Arena","text":""},{"location":"commands/glibc_ptmalloc2_heap/arena/#arena","title":"arena","text":""},{"location":"commands/glibc_ptmalloc2_heap/arena/#description","title":"Description","text":"Print the contents of an arena.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/arena/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/arena/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: arena [-h] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/arena/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/arenas/","title":"Arenas","text":""},{"location":"commands/glibc_ptmalloc2_heap/arenas/#arenas","title":"arenas","text":""},{"location":"commands/glibc_ptmalloc2_heap/arenas/#description","title":"Description","text":"List this process's arenas.
"},{"location":"commands/glibc_ptmalloc2_heap/arenas/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/arenas/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: arenas [-h]\n-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/bins/","title":"Bins","text":""},{"location":"commands/glibc_ptmalloc2_heap/bins/#bins","title":"bins","text":""},{"location":"commands/glibc_ptmalloc2_heap/bins/#description","title":"Description","text":"Print the contents of all an arena's bins and a thread's tcache.
Default to the current thread's arena and tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/bins/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/bins/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: bins [-h] [addr] [tcache_addr]\naddrAddress of the arena.tcache_addrAddress of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/bins/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/","title":"Fastbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#fastbins","title":"fastbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#description","title":"Description","text":"Print the contents of an arena's fastbins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: fastbins [-h] [-v] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verboseShow all fastbins, including empty ones (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/","title":"Find fake fast","text":""},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#find-fake-fast","title":"find-fake-fast","text":""},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#description","title":"Description","text":"Find candidate fake fast or tcache chunks overlapping the specified address.
"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: find-fake-fast [-h] [--align] [--glibc-fastbin-bug]\n [--partial-overwrite]\n target_address [max_candidate_size]\ntarget_addressAddress of the word-sized value to overlap.max_candidate_sizeMaximum size of fake chunks to find."},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-a--alignWhether the fake chunk must be aligned to MALLOC_ALIGNMENT. This is required for tcache chunks and for all chunks when Safe Linking is enabled (default: %(default)s)-b--glibc-fastbin-bugDoes the GLIBC fastbin size field bug affect the candidate size field width? (default: %(default)s)-p--partial-overwriteConsider partial overwrite candidates, default behavior only shows word-size overwrites. (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/heap-config/","title":"Heap config","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap-config/#heap-config","title":"heap-config","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap-config/#description","title":"Description","text":"Shows heap related configuration.
"},{"location":"commands/glibc_ptmalloc2_heap/heap-config/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/heap-config/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: heap-config [-h] [filter_pattern]\nfilter_patternFilter to apply to config parameters names/descriptions"},{"location":"commands/glibc_ptmalloc2_heap/heap-config/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/heap/","title":"Heap","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap/#heap","title":"heap","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap/#description","title":"Description","text":"Iteratively print chunks on a heap.
Default to the current thread's active heap.
"},{"location":"commands/glibc_ptmalloc2_heap/heap/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/heap/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: heap [-h] [-v] [-s] [addr]\naddrAddress of the first chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/heap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verbosePrint all chunk fields, even unused ones. (default: %(default)s)-s--simpleSimply print malloc_chunk struct's contents. (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/hi/","title":"Hi","text":""},{"location":"commands/glibc_ptmalloc2_heap/hi/#hi","title":"hi","text":""},{"location":"commands/glibc_ptmalloc2_heap/hi/#description","title":"Description","text":"Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/hi/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/hi/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: hi [-h] [-v] [-s] [-f] addr\naddrAddress of the interest."},{"location":"commands/glibc_ptmalloc2_heap/hi/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verbosePrint all chunk fields, even unused ones. (default: %(default)s)-s--simpleSimply print malloc_chunk struct's contents. (default: %(default)s)-f--fakeAllow fake chunks. If set, displays any memory as a heap chunk (even if its not a real chunk). (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/largebins/","title":"Largebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/largebins/#largebins","title":"largebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/largebins/#description","title":"Description","text":"Print the contents of an arena's largebins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/largebins/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/largebins/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: largebins [-h] [-v] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/largebins/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verboseShow all largebins, including empty ones (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/","title":"Malloc chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#malloc-chunk","title":"malloc-chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#description","title":"Description","text":"Print a chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: malloc-chunk [-h] [-f] [-v] [-s] [-d] [-n NEXT] addr\naddrAddress of the chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-f--fakeIs this a fake chunk? (default: %(default)s)-v--verbosePrint all chunk fields, even unused ones. (default: %(default)s)-s--simpleSimply print malloc_chunk struct's contents. (default: %(default)s)-d--dumpPrint a hexdump of the chunk. (default: %(default)s)-n--next0Print the next N chunks after the specified address. (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/mp/","title":"Mp","text":""},{"location":"commands/glibc_ptmalloc2_heap/mp/#mp","title":"mp","text":""},{"location":"commands/glibc_ptmalloc2_heap/mp/#description","title":"Description","text":"Print the mp_ struct's contents.
"},{"location":"commands/glibc_ptmalloc2_heap/mp/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/mp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: mp [-h]\n-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/","title":"Smallbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#smallbins","title":"smallbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#description","title":"Description","text":"Print the contents of an arena's smallbins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: smallbins [-h] [-v] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verboseShow all smallbins, including empty ones (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/tcache/","title":"Tcache","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcache/#tcache","title":"tcache","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcache/#description","title":"Description","text":"Print a thread's tcache contents.
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcache/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/tcache/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: tcache [-h] [addr]\naddrAddress of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/tcache/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/","title":"Tcachebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#tcachebins","title":"tcachebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#description","title":"Description","text":"Print the contents of a tcache.
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: tcachebins [-h] [-v] [addr]\naddrThe address of the tcache bins."},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verboseShow all tcachebins, including empty ones (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/","title":"Top chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#top-chunk","title":"top-chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#description","title":"Description","text":"Print relevant information about an arena's top chunk.
Default to current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: top-chunk [-h] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/try-free/","title":"Try free","text":""},{"location":"commands/glibc_ptmalloc2_heap/try-free/#try-free","title":"try-free","text":""},{"location":"commands/glibc_ptmalloc2_heap/try-free/#description","title":"Description","text":"Check what would happen if free was called with given address.
"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: try-free [-h] addr\naddrAddress passed to free"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/","title":"Unsortedbin","text":""},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#unsortedbin","title":"unsortedbin","text":""},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#description","title":"Description","text":"Print the contents of an arena's unsortedbin.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: unsortedbin [-h] [-v] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verboseShow the \"all\" bin even if it's empty (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/","title":"Vis heap chunks","text":""},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#vis-heap-chunks","title":"vis-heap-chunks","text":""},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#description","title":"Description","text":"Visualize chunks on a heap.
Default to the current arena's active heap.
"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: vis-heap-chunks [-h] [--beyond_top] [--no_truncate] [--all_chunks]\n [count] [addr]\ncountNumber of chunks to visualize. If the value is big enough and addr isn't provided, this is interpreted as addr instead. (default: %(default)s)addrAddress of the first chunk."},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-b--beyond_topAttempt to keep printing beyond the top chunk. (default: %(default)s)-n--no_truncateDisplay all the chunk contents (Ignore themax-visualize-chunk-sizeconfiguration). (default: %(default)s)-a--all_chunksDisplay all chunks (Ignore the default-visualize-chunk-number configuration). (default: %(default)s)"},{"location":"commands/integrations/ai/","title":"Ai","text":""},{"location":"commands/integrations/ai/#ai","title":"ai","text":""},{"location":"commands/integrations/ai/#description","title":"Description","text":"Ask GPT-3 a question about the current debugging context.
"},{"location":"commands/integrations/ai/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/ai/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ai [-h] [-M MODEL] [-t TEMPERATURE] [-m MAX_TOKENS] [-v] [-L]\n [-c COMMAND]\n [question ...]\nquestionThe question to ask."},{"location":"commands/integrations/ai/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-M--modelNoneThe OpenAI model to use.-t--temperatureNoneThe temperature to use.-m--max-tokensNoneThe maximum number of tokens to generate.-v--verbosePrint the prompt and response. (default: %(default)s)-L--list-modelsList the available models. (default: %(default)s)-c--commandNoneRun a command in the GDB debugger and ask a question about the output."},{"location":"commands/integrations/bn-sync/","title":"Bn sync","text":""},{"location":"commands/integrations/bn-sync/#bn-sync","title":"bn-sync","text":""},{"location":"commands/integrations/bn-sync/#description","title":"Description","text":"Synchronize Binary Ninja's cursor with GDB.
"},{"location":"commands/integrations/bn-sync/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/bn-sync/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: bn-sync [-h]\n-h--helpshow this help message and exit"},{"location":"commands/integrations/decomp/","title":"Decomp","text":""},{"location":"commands/integrations/decomp/#decomp","title":"decomp","text":""},{"location":"commands/integrations/decomp/#description","title":"Description","text":"Use the current integration to decompile code near an address.
"},{"location":"commands/integrations/decomp/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/decomp/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: decomp [-h] [addr] [lines]\naddrAddress to decompile near.linesNumber of lines of decompilation to show."},{"location":"commands/integrations/decomp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/integrations/j/","title":"J","text":""},{"location":"commands/integrations/j/#j","title":"j","text":""},{"location":"commands/integrations/j/#description","title":"Description","text":"Synchronize IDA's cursor with GDB.
"},{"location":"commands/integrations/j/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/j/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: j [-h]\n-h--helpshow this help message and exit"},{"location":"commands/integrations/r2/","title":"R2","text":""},{"location":"commands/integrations/r2/#r2","title":"r2","text":""},{"location":"commands/integrations/r2/#description","title":"Description","text":"Launches radare2.
"},{"location":"commands/integrations/r2/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/r2/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: r2 [-h] [--no-seek] [--no-rebase] [arguments ...]\nargumentsArguments to pass to radare"},{"location":"commands/integrations/r2/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--no-seekDo not seek to current pc (default: %(default)s)--no-rebaseDo not set the base address for PIE according to the current mapping (default: %(default)s)"},{"location":"commands/integrations/r2pipe/","title":"R2pipe","text":""},{"location":"commands/integrations/r2pipe/#r2pipe","title":"r2pipe","text":""},{"location":"commands/integrations/r2pipe/#description","title":"Description","text":"Execute stateful radare2 commands through r2pipe.
"},{"location":"commands/integrations/r2pipe/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/r2pipe/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: r2pipe [-h] arguments [arguments ...]\nargumentsArguments to pass to r2pipe"},{"location":"commands/integrations/r2pipe/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/integrations/rop/","title":"Rop","text":""},{"location":"commands/integrations/rop/#rop","title":"rop","text":""},{"location":"commands/integrations/rop/#description","title":"Description","text":"Dump ROP gadgets with Jon Salwan's ROPgadget tool.
"},{"location":"commands/integrations/rop/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/rop/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: rop [-h] [--grep GREP] [--memlimit MEMLIMIT] [argument ...]\nargumentArguments to pass to ROPgadget"},{"location":"commands/integrations/rop/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--grepNoneString to grep the output for--memlimit50MBString to grep the output for (default: %(default)s)"},{"location":"commands/integrations/ropper/","title":"Ropper","text":""},{"location":"commands/integrations/ropper/#ropper","title":"ropper","text":""},{"location":"commands/integrations/ropper/#description","title":"Description","text":"ROP gadget search with ropper.
"},{"location":"commands/integrations/ropper/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/ropper/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ropper [-h] [argument ...]\nargumentArguments to pass to ropper"},{"location":"commands/integrations/ropper/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/integrations/rz/","title":"Rz","text":""},{"location":"commands/integrations/rz/#rz","title":"rz","text":""},{"location":"commands/integrations/rz/#description","title":"Description","text":"Launches rizin.
"},{"location":"commands/integrations/rz/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/rz/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: rz [-h] [--no-seek] [--no-rebase] [arguments ...]\nargumentsArguments to pass to rizin"},{"location":"commands/integrations/rz/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--no-seekDo not seek to current pc (default: %(default)s)--no-rebaseDo not set the base address for PIE according to the current mapping (default: %(default)s)"},{"location":"commands/integrations/rzpipe/","title":"Rzpipe","text":""},{"location":"commands/integrations/rzpipe/#rzpipe","title":"rzpipe","text":""},{"location":"commands/integrations/rzpipe/#description","title":"Description","text":"Execute stateful rizin commands through rzpipe.
"},{"location":"commands/integrations/rzpipe/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/rzpipe/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: rzpipe [-h] arguments [arguments ...]\nargumentsArguments to pass to rzpipe"},{"location":"commands/integrations/rzpipe/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/integrations/save-ida/","title":"Save ida","text":""},{"location":"commands/integrations/save-ida/#save-ida","title":"save-ida","text":""},{"location":"commands/integrations/save-ida/#description","title":"Description","text":"Save the ida database.
"},{"location":"commands/integrations/save-ida/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/save-ida/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: save-ida [-h]\n-h--helpshow this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/","title":"Jemalloc extent info","text":""},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#jemalloc-extent-info","title":"jemalloc-extent-info","text":""},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#description","title":"Description","text":"Prints extent information for the given address
"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#usage","title":"Usage:","text":"
"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: jemalloc-extent-info [-h] [-v] addr\naddrAddress of the extent metadata"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verbosePrint all chunk fields, even unused ones. (default: %(default)s)"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/","title":"Jemalloc find extent","text":""},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#jemalloc-find-extent","title":"jemalloc-find-extent","text":""},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#description","title":"Description","text":"Returns extent information for pointer address allocated by jemalloc
"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#usage","title":"Usage:","text":"
"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: jemalloc-find-extent [-h] addr\naddrAddress of the allocated memory location"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-heap/","title":"Jemalloc heap","text":""},{"location":"commands/jemalloc_heap/jemalloc-heap/#jemalloc-heap","title":"jemalloc-heap","text":""},{"location":"commands/jemalloc_heap/jemalloc-heap/#description","title":"Description","text":"Prints all extents information
"},{"location":"commands/jemalloc_heap/jemalloc-heap/#usage","title":"Usage:","text":"
"},{"location":"commands/jemalloc_heap/jemalloc-heap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: jemalloc-heap [-h]\n-h--helpshow this help message and exit"},{"location":"commands/kernel/binder/","title":"Binder","text":""},{"location":"commands/kernel/binder/#binder","title":"binder","text":""},{"location":"commands/kernel/binder/#description","title":"Description","text":"Show Android Binder information
"},{"location":"commands/kernel/binder/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/binder/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: binder [-h]\n-h--helpshow this help message and exit"},{"location":"commands/kernel/kbase/","title":"Kbase","text":""},{"location":"commands/kernel/kbase/#kbase","title":"kbase","text":""},{"location":"commands/kernel/kbase/#description","title":"Description","text":"Finds the kernel virtual base address.
"},{"location":"commands/kernel/kbase/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/kbase/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: kbase [-h] [-r]\n-h--helpshow this help message and exit-r--rebaserebase loaded symbol file (default: %(default)s)"},{"location":"commands/kernel/kchecksec/","title":"Kchecksec","text":""},{"location":"commands/kernel/kchecksec/#kchecksec","title":"kchecksec","text":""},{"location":"commands/kernel/kchecksec/#description","title":"Description","text":"Checks for kernel hardening configuration options.
"},{"location":"commands/kernel/kchecksec/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/kchecksec/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: kchecksec [-h]\n-h--helpshow this help message and exit"},{"location":"commands/kernel/kcmdline/","title":"Kcmdline","text":""},{"location":"commands/kernel/kcmdline/#kcmdline","title":"kcmdline","text":""},{"location":"commands/kernel/kcmdline/#description","title":"Description","text":"Return the kernel commandline (/proc/cmdline).
"},{"location":"commands/kernel/kcmdline/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/kcmdline/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: kcmdline [-h]\n-h--helpshow this help message and exit"},{"location":"commands/kernel/kconfig/","title":"Kconfig","text":""},{"location":"commands/kernel/kconfig/#kconfig","title":"kconfig","text":""},{"location":"commands/kernel/kconfig/#description","title":"Description","text":"Outputs the kernel config (requires CONFIG_IKCONFIG).
"},{"location":"commands/kernel/kconfig/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/kconfig/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: kconfig [-h] [config_name]\nconfig_nameA config name to search for"},{"location":"commands/kernel/kconfig/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/kernel/klookup/","title":"Klookup","text":""},{"location":"commands/kernel/klookup/#klookup","title":"klookup","text":""},{"location":"commands/kernel/klookup/#description","title":"Description","text":"Lookup kernel symbols
"},{"location":"commands/kernel/klookup/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/klookup/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: klookup [-h] symbol\nsymbolAddress or symbol name to lookup"},{"location":"commands/kernel/klookup/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/kernel/knft-dump/","title":"Knft dump","text":""},{"location":"commands/kernel/knft-dump/#knft-dump","title":"knft-dump","text":""},{"location":"commands/kernel/knft-dump/#description","title":"Description","text":"Dump all nftables: tables, chains, rules, expressions
"},{"location":"commands/kernel/knft-dump/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-dump/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-dump [-h] [nsid]\nnsidNetwork Namespace ID"},{"location":"commands/kernel/knft-dump/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/kernel/knft-list-chains/","title":"Knft list chains","text":""},{"location":"commands/kernel/knft-list-chains/#knft-list-chains","title":"knft-list-chains","text":""},{"location":"commands/kernel/knft-list-chains/#description","title":"Description","text":"Dump netfilter chains form a specific table
"},{"location":"commands/kernel/knft-list-chains/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-chains/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-chains [-h] [--nsid NSID] [table_family] [table_name]\ntable_familyNetfilter table family (inet, ip, ip6, netdev, bridge, arp)table_nameTable name"},{"location":"commands/kernel/knft-list-chains/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-exprs/","title":"Knft list exprs","text":""},{"location":"commands/kernel/knft-list-exprs/#knft-list-exprs","title":"knft-list-exprs","text":""},{"location":"commands/kernel/knft-list-exprs/#description","title":"Description","text":"Dump only expressions from specific rule
"},{"location":"commands/kernel/knft-list-exprs/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-exprs/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-exprs [-h] [--nsid NSID]\n [table_family] [table_name] [chain_name] [rule_id]\ntable_familyTable family, eg: inet, ip, ip6, netdev, bridge, arptable_nameTable namechain_nameChain namerule_idRule Handle ID"},{"location":"commands/kernel/knft-list-exprs/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-flowtables/","title":"Knft list flowtables","text":""},{"location":"commands/kernel/knft-list-flowtables/#knft-list-flowtables","title":"knft-list-flowtables","text":""},{"location":"commands/kernel/knft-list-flowtables/#description","title":"Description","text":"Dump netfilter flowtables from a specific table
"},{"location":"commands/kernel/knft-list-flowtables/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-flowtables/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-flowtables [-h] [--nsid NSID] [table_family] [table_name]\ntable_familyNetfilter table family (inet, ip, ip6, netdev, bridge, arp)table_nameTable name"},{"location":"commands/kernel/knft-list-flowtables/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-objects/","title":"Knft list objects","text":""},{"location":"commands/kernel/knft-list-objects/#knft-list-objects","title":"knft-list-objects","text":""},{"location":"commands/kernel/knft-list-objects/#description","title":"Description","text":"Dump netfilter objects from a specific table
"},{"location":"commands/kernel/knft-list-objects/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-objects/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-objects [-h] [--nsid NSID] [table_family] [table_name]\ntable_familyTable family, eg: inet, ip, ip6, netdev, bridge, arptable_nameTable name"},{"location":"commands/kernel/knft-list-objects/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-rules/","title":"Knft list rules","text":""},{"location":"commands/kernel/knft-list-rules/#knft-list-rules","title":"knft-list-rules","text":""},{"location":"commands/kernel/knft-list-rules/#description","title":"Description","text":"Dump netfilter rules form a specific chain
"},{"location":"commands/kernel/knft-list-rules/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-rules/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-rules [-h] [--nsid NSID]\n [table_family] [table_name] [chain_name]\ntable_familyTable family, eg: inet, ip, ip6, netdev, bridge, arptable_nameTable namechain_nameChain name"},{"location":"commands/kernel/knft-list-rules/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-sets/","title":"Knft list sets","text":""},{"location":"commands/kernel/knft-list-sets/#knft-list-sets","title":"knft-list-sets","text":""},{"location":"commands/kernel/knft-list-sets/#description","title":"Description","text":"Dump netfilter sets from a specific table
"},{"location":"commands/kernel/knft-list-sets/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-sets/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-sets [-h] [--nsid NSID] [table_family] [table_name]\ntable_familyTable family, eg: inet, ip, ip6, netdev, bridge, arptable_nameTable name"},{"location":"commands/kernel/knft-list-sets/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-tables/","title":"Knft list tables","text":""},{"location":"commands/kernel/knft-list-tables/#knft-list-tables","title":"knft-list-tables","text":""},{"location":"commands/kernel/knft-list-tables/#description","title":"Description","text":"Dump netfliter tables from a specific network namespace
"},{"location":"commands/kernel/knft-list-tables/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-tables/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: knft-list-tables [-h] [--nsid NSID]\n-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/kversion/","title":"Kversion","text":""},{"location":"commands/kernel/kversion/#kversion","title":"kversion","text":""},{"location":"commands/kernel/kversion/#description","title":"Description","text":"Outputs the kernel version (/proc/version).
"},{"location":"commands/kernel/kversion/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/kversion/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: kversion [-h]\n-h--helpshow this help message and exit"},{"location":"commands/kernel/pcplist/","title":"Pcplist","text":""},{"location":"commands/kernel/pcplist/#pcplist","title":"pcplist","text":""},{"location":"commands/kernel/pcplist/#description","title":"Description","text":"Print Per-CPU page list
"},{"location":"commands/kernel/pcplist/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/pcplist/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: pcplist [-h] [zone]\nzone"},{"location":"commands/kernel/pcplist/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/kernel/slab/","title":"Slab","text":""},{"location":"commands/kernel/slab/#slab","title":"slab","text":""},{"location":"commands/kernel/slab/#description","title":"Description","text":"Prints information about the slab allocator
"},{"location":"commands/kernel/slab/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/slab/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: slab [-h] {list,info,contains} ...\ncommandNone"},{"location":"commands/kernel/slab/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/argc/","title":"Argc","text":""},{"location":"commands/linux_libc_elf/argc/#argc","title":"argc","text":""},{"location":"commands/linux_libc_elf/argc/#description","title":"Description","text":"Prints out the number of arguments.
"},{"location":"commands/linux_libc_elf/argc/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/argc/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: argc [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/argv/","title":"Argv","text":""},{"location":"commands/linux_libc_elf/argv/#argv","title":"argv","text":""},{"location":"commands/linux_libc_elf/argv/#description","title":"Description","text":"Prints out the contents of argv.
"},{"location":"commands/linux_libc_elf/argv/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/argv/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: argv [-h] [i]\niIndex of the argument to print out."},{"location":"commands/linux_libc_elf/argv/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/aslr/","title":"Aslr","text":""},{"location":"commands/linux_libc_elf/aslr/#aslr","title":"aslr","text":""},{"location":"commands/linux_libc_elf/aslr/#description","title":"Description","text":"Check the current ASLR status, or turn it on/off.
Does not take effect until the program is restarted.
"},{"location":"commands/linux_libc_elf/aslr/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/aslr/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: aslr [-h] [{on,off}]\nstateTurn ASLR on or off (takes effect when target is started)"},{"location":"commands/linux_libc_elf/aslr/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/auxv-explore/","title":"Auxv explore","text":""},{"location":"commands/linux_libc_elf/auxv-explore/#auxv-explore","title":"auxv-explore","text":""},{"location":"commands/linux_libc_elf/auxv-explore/#description","title":"Description","text":"Explore and print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv-explore/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/auxv-explore/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: auxv-explore [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/auxv/","title":"Auxv","text":""},{"location":"commands/linux_libc_elf/auxv/#auxv","title":"auxv","text":""},{"location":"commands/linux_libc_elf/auxv/#description","title":"Description","text":"Print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/auxv/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: auxv [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/elfsections/","title":"Elfsections","text":""},{"location":"commands/linux_libc_elf/elfsections/#elfsections","title":"elfsections","text":""},{"location":"commands/linux_libc_elf/elfsections/#description","title":"Description","text":"Prints the section mappings contained in the ELF header.
"},{"location":"commands/linux_libc_elf/elfsections/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/elfsections/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: elfsections [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/envp/","title":"Envp","text":""},{"location":"commands/linux_libc_elf/envp/#envp","title":"envp","text":""},{"location":"commands/linux_libc_elf/envp/#description","title":"Description","text":"Prints out the contents of the environment.
"},{"location":"commands/linux_libc_elf/envp/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/envp/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: envp [-h] [name]\nnameName of the environment variable to see."},{"location":"commands/linux_libc_elf/envp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/errno/","title":"Errno","text":""},{"location":"commands/linux_libc_elf/errno/#errno","title":"errno","text":""},{"location":"commands/linux_libc_elf/errno/#description","title":"Description","text":"Converts errno (or argument) to its string representation.
"},{"location":"commands/linux_libc_elf/errno/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/errno/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: errno [-h] [err]\nerrErrno; if not passed, it is retrieved from __errno_location"},{"location":"commands/linux_libc_elf/errno/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/got/","title":"Got","text":""},{"location":"commands/linux_libc_elf/got/#got","title":"got","text":""},{"location":"commands/linux_libc_elf/got/#description","title":"Description","text":"Show the state of the Global Offset Table.
Examples: got got puts got -p libc got -a
"},{"location":"commands/linux_libc_elf/got/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/got/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: got [-h] [-p PATH_FILTER | -a] [-r] [symbol_filter]\nsymbol_filterFilter results by symbol name. (default: %(default)s)"},{"location":"commands/linux_libc_elf/got/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-p--path`` Filter results by library/objfile path. (default: %(default)s)-a--allProcess all libs/obfjiles including the target executable. (default: %(default)s)-r--show-readonlyAlso display read-only entries (which are filtered out by default). (default: %(default)s)"},{"location":"commands/linux_libc_elf/gotplt/","title":"Gotplt","text":""},{"location":"commands/linux_libc_elf/gotplt/#gotplt","title":"gotplt","text":""},{"location":"commands/linux_libc_elf/gotplt/#description","title":"Description","text":"Prints any symbols found in the .got.plt section if it exists.
"},{"location":"commands/linux_libc_elf/gotplt/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/gotplt/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: gotplt [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/libcinfo/","title":"Libcinfo","text":""},{"location":"commands/linux_libc_elf/libcinfo/#libcinfo","title":"libcinfo","text":""},{"location":"commands/linux_libc_elf/libcinfo/#description","title":"Description","text":"Show libc version and link to its sources
"},{"location":"commands/linux_libc_elf/libcinfo/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/libcinfo/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: libcinfo [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/linkmap/","title":"Linkmap","text":""},{"location":"commands/linux_libc_elf/linkmap/#linkmap","title":"linkmap","text":""},{"location":"commands/linux_libc_elf/linkmap/#description","title":"Description","text":"Show the state of the Link Map
"},{"location":"commands/linux_libc_elf/linkmap/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/linkmap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: linkmap [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/onegadget/","title":"Onegadget","text":""},{"location":"commands/linux_libc_elf/onegadget/#onegadget","title":"onegadget","text":""},{"location":"commands/linux_libc_elf/onegadget/#description","title":"Description","text":"Find gadgets which single-handedly give code execution.
Uses the onegadget tool by david942j.
"},{"location":"commands/linux_libc_elf/onegadget/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/onegadget/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: onegadget [-h] [--show-unsat] [--no-unknown] [-v]\n-h--helpshow this help message and exit--show-unsatShow unsatisfiable gadgets. (default: %(default)s)--no-unknownDo not show unknown gadgets. (default: %(default)s)-v--verboseShow verbose output. (default: %(default)s)"},{"location":"commands/linux_libc_elf/piebase/","title":"Piebase","text":""},{"location":"commands/linux_libc_elf/piebase/#piebase","title":"piebase","text":""},{"location":"commands/linux_libc_elf/piebase/#description","title":"Description","text":"Calculate VA of RVA from PIE base.
"},{"location":"commands/linux_libc_elf/piebase/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/piebase/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: piebase [-h] [offset] [module]\noffsetOffset from PIE base. (default: %(default)s)moduleModule to choose as base. Defaults to the target executable. (default: %(default)s)"},{"location":"commands/linux_libc_elf/piebase/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/plt/","title":"Plt","text":""},{"location":"commands/linux_libc_elf/plt/#plt","title":"plt","text":""},{"location":"commands/linux_libc_elf/plt/#description","title":"Description","text":"Prints any symbols found in the .plt section if it exists.
"},{"location":"commands/linux_libc_elf/plt/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/plt/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: plt [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/strings/","title":"Strings","text":""},{"location":"commands/linux_libc_elf/strings/#strings","title":"strings","text":""},{"location":"commands/linux_libc_elf/strings/#description","title":"Description","text":"Extracts and displays ASCII strings from readable memory pages of the debugged process.
"},{"location":"commands/linux_libc_elf/strings/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/strings/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: strings [-h] [-n N] [--save-as SAVE_AS] [page_names ...]\npage_namesMapping to search [e.g. libc]. Can be used with multiple mappings [e.g libc heap stack] (default: %(default)s)"},{"location":"commands/linux_libc_elf/strings/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n4Minimum length of ASCII strings to include (default: %(default)s)--save-asNoneSets the filename for the output of this command [e.g. --save-as='out.txt']"},{"location":"commands/linux_libc_elf/threads/","title":"Threads","text":""},{"location":"commands/linux_libc_elf/threads/#threads","title":"threads","text":""},{"location":"commands/linux_libc_elf/threads/#description","title":"Description","text":"List all threads belonging to the selected inferior.
"},{"location":"commands/linux_libc_elf/threads/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/threads/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: threads [-h] [-c] [num_threads]\nnum_threadsNumber of threads to display. Omit to display all threads."},{"location":"commands/linux_libc_elf/threads/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-c--configRespect context-max-threads config to limit number of threads displayed. (default: %(default)s)"},{"location":"commands/linux_libc_elf/tls/","title":"Tls","text":""},{"location":"commands/linux_libc_elf/tls/#tls","title":"tls","text":""},{"location":"commands/linux_libc_elf/tls/#description","title":"Description","text":"Print out base address of the current Thread Local Storage (TLS).
"},{"location":"commands/linux_libc_elf/tls/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/tls/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: tls [-h] [-p] [-a]\n-h--helpshow this help message and exit-p--pthread-selfTry to get the address of TLS by calling pthread_self(). (default: %(default)s)-a--allDo not truncate the dump output. (default: %(default)s)"},{"location":"commands/linux_libc_elf/track-got/","title":"Track got","text":""},{"location":"commands/linux_libc_elf/track-got/#track-got","title":"track-got","text":""},{"location":"commands/linux_libc_elf/track-got/#description","title":"Description","text":"Controls GOT tracking
"},{"location":"commands/linux_libc_elf/track-got/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/track-got/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: track-got [-h] {enable,disable,info,query} ...\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/track-heap/","title":"Track heap","text":""},{"location":"commands/linux_libc_elf/track-heap/#track-heap","title":"track-heap","text":""},{"location":"commands/linux_libc_elf/track-heap/#description","title":"Description","text":"Manages the heap tracker.
The heap tracker is a module that tracks usage of the GLibc heap and looks for user errors such as double frees and use after frees.
Currently, the following errors can be detected: - Use After Free
"},{"location":"commands/linux_libc_elf/track-heap/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/track-heap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: track-heap [-h] {enable,disable,toggle-break} ...\n-h--helpshow this help message and exit"},{"location":"commands/memory/distance/","title":"Distance","text":""},{"location":"commands/memory/distance/#distance","title":"distance","text":""},{"location":"commands/memory/distance/#description","title":"Description","text":"Print the distance between the two arguments, or print the offset to the address's page base.
"},{"location":"commands/memory/distance/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/distance/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: distance [-h] a [b]\naThe first address.bThe second address."},{"location":"commands/memory/distance/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/gdt/","title":"Gdt","text":""},{"location":"commands/memory/gdt/#gdt","title":"gdt","text":""},{"location":"commands/memory/gdt/#description","title":"Description","text":"Decode X86-64 GDT entries at address
See also: * https://wiki.osdev.org/Global_Descriptor_Table * https://wiki.osdev.org/GDT_Tutorial
Note: In 64-bit mode, the Base and Limit values are ignored, each descriptor covers the entire linear address space regardless of what they are set to.
"},{"location":"commands/memory/gdt/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/gdt/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: gdt [-h] address [count]\naddressx86-64 GDTR base address (e.g. read from sgdt instruction from [16:79] bits)countNumber of entries to dump (should be (GDTR.size+1)/8) (default: %(default)s)"},{"location":"commands/memory/gdt/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/go-dump/","title":"Go dump","text":""},{"location":"commands/memory/go-dump/#go-dump","title":"go-dump","text":""},{"location":"commands/memory/go-dump/#description","title":"Description","text":"Dumps a Go value of a given type at a specified address.
"},{"location":"commands/memory/go-dump/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/go-dump/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: go-dump [-h] [-x] [-f [DECIMALS]] [-d] [-p] ty address\ntyGo type of value to dump, e.g. map[int]string, or the address of a type to resolve at runtime, e.g. 0x408860addressAddress to dump"},{"location":"commands/memory/go-dump/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-x--hexDisplay non-pointer integers as hex (default: %(default)s)-f--decimalsNoneConfigures the number of decimal places to display for floating points-d--debugShows debug info, like addresses for slice/map elements, slice capacity, etc. (default: %(default)s)-p--prettyEnables pretty printing (default: %(default)s)"},{"location":"commands/memory/go-type/","title":"Go type","text":""},{"location":"commands/memory/go-type/#go-type","title":"go-type","text":""},{"location":"commands/memory/go-type/#description","title":"Description","text":"Dumps a Go runtime reflection type at a specified address.
"},{"location":"commands/memory/go-type/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/go-type/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: go-type [-h] address\naddressAddress to dump"},{"location":"commands/memory/go-type/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/hexdump/","title":"Hexdump","text":""},{"location":"commands/memory/hexdump/#hexdump","title":"hexdump","text":""},{"location":"commands/memory/hexdump/#description","title":"Description","text":"Hexdumps data at the specified address or module name.
"},{"location":"commands/memory/hexdump/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/hexdump/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: hexdump [-h] [address] [count]\naddressAddress or module name to dump (default: %(default)s)countNumber of bytes to dump (default: %(default)s)"},{"location":"commands/memory/hexdump/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/leakfind/","title":"Leakfind","text":""},{"location":"commands/memory/leakfind/#leakfind","title":"leakfind","text":""},{"location":"commands/memory/leakfind/#description","title":"Description","text":"Attempt to find a leak chain given a starting address. Scans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.
Example: leakfind $rsp --page_name=filename --max_offset=0x48 --max_depth=6. This would look for any chains of leaks that point to a section in filename which begin near $rsp, are never 0x48 bytes further from a known pointer, and are a maximum length of 6.
"},{"location":"commands/memory/leakfind/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/leakfind/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: leakfind [-h] [-p [PAGE_NAME]] [-o [MAX_OFFSET]] [-d [MAX_DEPTH]]\n [-s [STEP]] [--negative_offset [NEGATIVE_OFFSET]]\n [address]\naddressStarting address to find a leak chain from (default: %(default)s)"},{"location":"commands/memory/leakfind/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-p--page_nameNoneSubstring required to be part of the name of any found pages-o--max_offset72Max offset to add to addresses when looking for leak (default: %(default)s)-d--max_depth4Maximum depth to follow pointers to (default: %(default)s)-s--step1Step to add between pointers so they are considered. For example, if this is 4 it would only consider pointers at an offset divisible by 4 from the starting pointer (default: %(default)s)--negative_offset0Max negative offset to search before an address when looking for a leak (default: %(default)s)"},{"location":"commands/memory/memfrob/","title":"Memfrob","text":""},{"location":"commands/memory/memfrob/#memfrob","title":"memfrob","text":""},{"location":"commands/memory/memfrob/#description","title":"Description","text":"Memfrobs a region of memory (xor with '*').
"},{"location":"commands/memory/memfrob/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/memfrob/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: memfrob [-h] address count\naddressThe address to start xoring at.countThe number of bytes to xor."},{"location":"commands/memory/memfrob/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/mmap/","title":"Mmap","text":""},{"location":"commands/memory/mmap/#mmap","title":"mmap","text":""},{"location":"commands/memory/mmap/#description","title":"Description","text":"Calls the mmap syscall and prints its resulting address.
Note that the mmap syscall may fail for various reasons (see
man mmap) and, in case of failure, its return value will not be a valid pointer.PROT values: NONE (0), READ (1), WRITE (2), EXEC (4) MAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10), ANONYMOUS (0x20)
Flags and protection values can be either a string containing the names of the flags or permissions or a single number corresponding to the bitwise OR of the protection and flag numbers.
Examples: mmap 0x0 4096 PROT_READ|PROT_WRITE|PROT_EXEC MAP_PRIVATE|MAP_ANONYMOUS -1 0 - Maps a new private+anonymous page with RWX permissions at a location decided by the kernel.
"},{"location":"commands/memory/mmap/#usage","title":"Usage:","text":"mmap 0x0 4096 PROT_READ MAP_PRIVATE 10 0\n - Maps 4096 bytes of the file pointed to by file descriptor number 10 with\n read permission at a location decided by the kernel.\n\nmmap 0xdeadbeef 0x1000\n - Maps a new private+anonymous page with RWX permissions at a page boundary\n near 0xdeadbeef.\n
"},{"location":"commands/memory/mmap/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: mmap [-h] [--quiet] [--force] addr length [prot] [flags] [fd] [offset]\naddrAddress hint to be given to mmap.lengthLength of the mapping, in bytes. Needs to be greater than zero.protProt enum or int as in mmap(2). Eg. \"PROT_READ|PROT_EXEC\" or 7 (for RWX). (default: %(default)s)flagsFlags enum or int as in mmap(2). Eg. \"MAP_PRIVATE|MAP_ANONYMOUS\" or 0x22. (default: %(default)s)fdFile descriptor of the file to be mapped, or -1 if using MAP_ANONYMOUS. (default: %(default)s)offsetOffset from the start of the file, in bytes, if using file based mapping. (default: %(default)s)"},{"location":"commands/memory/mmap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-q--quietDisable address validity warnings and hints (default: %(default)s)-f--forceForce potentially unsafe actions to happen (default: %(default)s)"},{"location":"commands/memory/mprotect/","title":"Mprotect","text":""},{"location":"commands/memory/mprotect/#mprotect","title":"mprotect","text":""},{"location":"commands/memory/mprotect/#description","title":"Description","text":"Calls the mprotect syscall and prints its result value.
Note that the mprotect syscall may fail for various reasons (see
man mprotect) and a non-zero error return value can be decoded with theerrno <value>command.Examples: mprotect $rsp 4096 PROT_READ|PROT_WRITE|PROT_EXEC mprotect $rsp 4096 rwx mprotect $rsp 4096 7 mprotect some_symbol 0x1000 PROT_NONE
"},{"location":"commands/memory/mprotect/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/mprotect/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: mprotect [-h] addr length prot\naddrPage-aligned address to all mprotect on.lengthCount of bytes to call mprotect on. Needs to be multiple of page size.protProt string as in mprotect(2). Eg. \"PROT_READ|PROT_EXEC\", \"rx\", or \"5\""},{"location":"commands/memory/mprotect/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/p2p/","title":"P2p","text":""},{"location":"commands/memory/p2p/#p2p","title":"p2p","text":""},{"location":"commands/memory/p2p/#description","title":"Description","text":"Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
Any chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.
"},{"location":"commands/memory/p2p/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/p2p/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: p2p [-h] mapping_names [mapping_names ...]\nmapping_namesMapping name"},{"location":"commands/memory/p2p/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/probeleak/","title":"Probeleak","text":""},{"location":"commands/memory/probeleak/#probeleak","title":"probeleak","text":""},{"location":"commands/memory/probeleak/#description","title":"Description","text":"Pointer scan for possible offset leaks. Examples: probeleak $rsp 0x64 - leaks 0x64 bytes starting at stack pointer and search for valid pointers probeleak $rsp 0x64 --max-dist 0x10 - as above, but pointers may point 0x10 bytes outside of memory page probeleak $rsp 0x64 --point-to libc --max-ptrs 1 --flags rwx - leaks 0x64 bytes starting at stack pointer and search for one valid pointer which points to a libc rwx page
"},{"location":"commands/memory/probeleak/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/probeleak/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: probeleak [-h] [--max-distance MAX_DISTANCE] [--point-to POINT_TO]\n [--max-ptrs MAX_PTRS] [--flags FLAGS]\n [address] [count]\naddressLeak memory address (default: %(default)s)countLeak size in bytes (default: %(default)s)"},{"location":"commands/memory/probeleak/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--max-distance0Max acceptable distance between memory page boundary and leaked pointer (default: %(default)s)--point-toNoneMapping name of the page that you want the pointers point to--max-ptrs0Stop search after find n pointers, default 0 (default: %(default)s)--flagsNoneflags of the page that you want the pointers point to. [e.g. rwx]"},{"location":"commands/memory/search/","title":"Search","text":""},{"location":"commands/memory/search/#search","title":"search","text":""},{"location":"commands/memory/search/#description","title":"Description","text":"Search memory for byte sequences, strings, pointers, and integer values.
By default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.
"},{"location":"commands/memory/search/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/search/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: search [-h] [-t {byte,short,word,dword,qword,pointer,string,bytes,asm}]\n [-1] [-2] [-4] [-8] [-p] [--asm]\n [--arch {powerpc64,aarch64,powerpc,riscv32,riscv64,sparc64,mips64,msp430,alpha,amd64,sparc,thumb,cris,i386,ia64,m68k,mips,s390,none,avr,arm,vax}]\n [--asmbp] [-x] [-e] [-w] [-s STEP] [-l LIMIT] [-a ALIGNED]\n [--save] [--no-save] [-n] [--trunc-out]\n value [mapping_name]\nvalueValue to search formapping_nameMapping to search [e.g. libc]"},{"location":"commands/memory/search/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-t--typebytesSize of search target (default: %(default)s)-1--byteNoneSearch for a 1-byte integer-2--shortNoneSearch for a 2-byte integer-4--dwordNoneSearch for a 4-byte integer-8--qwordNoneSearch for an 8-byte integer-p--pointerNoneSearch for a pointer-width integer--asmNoneSearch for an assembly instruction--archNoneTarget architecture--asmbpSet breakpoint for found assembly instruction (default: %(default)s)-x--hexTarget is a hex-encoded (for bytes/strings) (default: %(default)s)-e--executableSearch executable segments only (default: %(default)s)-w--writableSearch writable segments only (default: %(default)s)-s--stepNoneStep search address forward to next alignment after each hit (ex: 0x1000)-l--limitNoneMax results before quitting the search. Differs from --trunc-out in that it will not save all search results before quitting-a--alignedNoneResult must be aligned to this byte boundary--saveNoneSave results for further searches with --next. Default comes from config 'auto-save-search'--no-saveNoneInvert --save-n--nextSearch only locations returned by previous search with --save (default: %(default)s)--trunc-outTruncate the output to 20 results. Differs from --limit in that it will first save all search results (default: %(default)s)"},{"location":"commands/memory/telescope/","title":"Telescope","text":""},{"location":"commands/memory/telescope/#telescope","title":"telescope","text":""},{"location":"commands/memory/telescope/#description","title":"Description","text":"Recursively dereferences pointers starting at the specified address.
"},{"location":"commands/memory/telescope/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/telescope/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: telescope [-h] [-r] [-f] [-i] [address] [count]\naddressThe address to telescope at. (default: %(default)s)countThe number of lines to show. (default: %(default)s)"},{"location":"commands/memory/telescope/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-r--reverseShow previous addresses instead of next ones (default: %(default)s)-f--frameShow the stack frame, from rsp to rbp (default: %(default)s)-i--inverseShow the stack reverse growth (default: %(default)s)"},{"location":"commands/memory/vmmap-add/","title":"Vmmap add","text":""},{"location":"commands/memory/vmmap-add/#vmmap-add","title":"vmmap-add","text":""},{"location":"commands/memory/vmmap-add/#description","title":"Description","text":"Add virtual memory map page.
"},{"location":"commands/memory/vmmap-add/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/vmmap-add/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: vmmap-add [-h] start size [flags] [offset]\nstartStarting virtual addresssizeSize of the address space, in bytesflagsFlags set by the ELF file (r - read, w - write, x - executable) (default: %(default)s)offsetOffset into the original ELF file that the data is loaded from (default: %(default)s)"},{"location":"commands/memory/vmmap-add/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/vmmap-clear/","title":"Vmmap clear","text":""},{"location":"commands/memory/vmmap-clear/#vmmap-clear","title":"vmmap-clear","text":""},{"location":"commands/memory/vmmap-clear/#description","title":"Description","text":"Clear the vmmap cache.
"},{"location":"commands/memory/vmmap-clear/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/vmmap-clear/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: vmmap-clear [-h]\n-h--helpshow this help message and exit"},{"location":"commands/memory/vmmap-explore/","title":"Vmmap explore","text":""},{"location":"commands/memory/vmmap-explore/#vmmap-explore","title":"vmmap-explore","text":""},{"location":"commands/memory/vmmap-explore/#description","title":"Description","text":"Explore a page, trying to guess permissions.
"},{"location":"commands/memory/vmmap-explore/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/vmmap-explore/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: vmmap-explore [-h] address\naddressAddress of the page to explore"},{"location":"commands/memory/vmmap-explore/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/vmmap/","title":"Vmmap","text":""},{"location":"commands/memory/vmmap/#vmmap","title":"vmmap","text":""},{"location":"commands/memory/vmmap/#description","title":"Description","text":"Print virtual memory map pages.
Unnamed mappings are named as [anon_%#x] where %#x is high part of their start address. This is useful for filtering with
vmmaporsearchcommands.Known issues with vmmap: For QEMU user targets, the QEMU's gdbstub does not provide memory maps information to GDB until [0] is finished & merged. We try to deal with it without parsing the QEMU process' /proc/$pid/maps file, but if our approach fails, we simply create a [0, 0xffff...] vmmap which is not great and may result in lack of proper colors or inability to search memory with the
searchcommand.For QEMU kernel, we use gdb-pt-dump that parses page tables from the guest by reading /proc/$pid/mem of QEMU process. If this does not work for you, use
set kernel-vmmap-via-page-tables offto refer to our old method of reading vmmap info frommonitor info memcommand exposed by QEMU. Note that the latter may be slower and will not give full vmmaps permission information.For coredump debugging, GDB also lacks all vmmap info but we do our best to get it back by using the
info proc mappingsandmaintenance info sectionscommands.As a last resort, we sometimes try to explore the addresses in CPU registers and if they are readable by GDB, we determine their bounds and create an \"\" vmmap. However, this method is slow and is not used on each GDB stop.
Memory pages can also be added manually with the use of vmmap_add, vmmap_clear and vmmap_load commands. This may be useful for bare metal debugging.
[0] https://lore.kernel.org/all/20220221030910.3203063-1-dominik.b.czarnota@gmail.com/
"},{"location":"commands/memory/vmmap/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/vmmap/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: vmmap [-h] [-w] [-x] [-A LINES_AFTER] [-B LINES_BEFORE] [-C CONTEXT]\n [--gaps]\n [gdbval_or_str]\ngdbval_or_strAddress or module name filter"},{"location":"commands/memory/vmmap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-w--writableDisplay writable maps only (default: %(default)s)-x--executableDisplay executable maps only (default: %(default)s)-A--lines-after1Number of pages to display after result (default: %(default)s)-B--lines-before1Number of pages to display before result (default: %(default)s)-C--contextNoneNumber of pages to display around the result--gapsDisplay unmapped memory gap information in the memory map. (default: %(default)s)"},{"location":"commands/memory/xinfo/","title":"Xinfo","text":""},{"location":"commands/memory/xinfo/#xinfo","title":"xinfo","text":""},{"location":"commands/memory/xinfo/#description","title":"Description","text":"Shows offsets of the specified address from various useful locations.
"},{"location":"commands/memory/xinfo/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/xinfo/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: xinfo [-h] [address]\naddressAddress to inspect (default: %(default)s)"},{"location":"commands/memory/xinfo/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/xor/","title":"Xor","text":""},{"location":"commands/memory/xor/#xor","title":"xor","text":""},{"location":"commands/memory/xor/#description","title":"Description","text":"XOR
"},{"location":"commands/memory/xor/#usage","title":"Usage:","text":"countbytes ataddresswith the keykey.
"},{"location":"commands/memory/xor/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: xor [-h] address key count\naddressThe address to start xoring at.keyThe key to use.countThe number of bytes to xor."},{"location":"commands/memory/xor/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/asm/","title":"Asm","text":""},{"location":"commands/misc/asm/#asm","title":"asm","text":""},{"location":"commands/misc/asm/#description","title":"Description","text":"Assemble shellcode into bytes
"},{"location":"commands/misc/asm/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/asm/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: asm [-h] [-f {hex,string}]\n [--arch {powerpc64,aarch64,powerpc,riscv32,riscv64,sparc64,mips64,msp430,alpha,amd64,sparc,thumb,cris,i386,ia64,m68k,mips,s390,none,avr,arm,vax}]\n [-v AVOID] [-n] [-z] [-i INFILE]\n [shellcode ...]\nshellcodeAssembler code to assemble (default: %(default)s)"},{"location":"commands/misc/asm/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-f--formathexOutput format (default: %(default)s)--archNoneTarget architecture-v--avoidNoneEncode the shellcode to avoid the listed bytes (provided as hex)-n--newlineNoneEncode the shellcode to avoid newlines-z--zeroNoneEncode the shellcode to avoid NULL bytes-i--infileNoneSpecify input file"},{"location":"commands/misc/checksec/","title":"Checksec","text":""},{"location":"commands/misc/checksec/#checksec","title":"checksec","text":""},{"location":"commands/misc/checksec/#description","title":"Description","text":"Prints out the binary security settings using
"},{"location":"commands/misc/checksec/#usage","title":"Usage:","text":"checksec.
"},{"location":"commands/misc/checksec/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: checksec [-h] [-f FILE]\n-h--helpshow this help message and exit-f--fileNoneSpecify the file to runchecksecon."},{"location":"commands/misc/comm/","title":"Comm","text":""},{"location":"commands/misc/comm/#comm","title":"comm","text":""},{"location":"commands/misc/comm/#description","title":"Description","text":"Put comments in assembly code.
"},{"location":"commands/misc/comm/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/comm/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: comm [-h] [--addr address] comment\ncommentThe text you want to comment"},{"location":"commands/misc/comm/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--addrNoneAddress to write comments"},{"location":"commands/misc/cyclic/","title":"Cyclic","text":""},{"location":"commands/misc/cyclic/#cyclic","title":"cyclic","text":""},{"location":"commands/misc/cyclic/#description","title":"Description","text":"Cyclic pattern creator/finder.
"},{"location":"commands/misc/cyclic/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/cyclic/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: cyclic [-h] [-a charset] [-n length] [-l lookup_value]\n [count] [filename]\ncountNumber of characters to print from the sequence (default: print the entire sequence) (default: %(default)s)filenameName (path) of the file to save the cyclic pattern to (default: %(default)s)"},{"location":"commands/misc/cyclic/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-a--alphabetabcdefghijklmnopqrstuvwxyzThe alphabet to use in the cyclic pattern (default: %(default)s)-n--lengthNoneSize of the unique subsequences (defaults to the pointer size for the current arch)-o--lookupNoneDo a lookup instead of printing the sequence (accepts constant values as well as expressions)"},{"location":"commands/misc/cymbol/","title":"Cymbol","text":""},{"location":"commands/misc/cymbol/#cymbol","title":"cymbol","text":""},{"location":"commands/misc/cymbol/#description","title":"Description","text":"Add, show, load, edit, or delete custom structures in plain C.
"},{"location":"commands/misc/cymbol/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/cymbol/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: cymbol [-h] [-a name] [-f filepath] [-r name] [-e name] [-l name]\n [-s name]\n-h--helpshow this help message and exit-a--addNoneAdd a new custom structure-f--fileNoneAdd a new custom structure from header file-r--removeNoneRemove an existing custom structure-e--editNoneEdit an existing custom structure-l--loadNoneLoad an existing custom structure-s--showNoneShow the source code of an existing custom structure"},{"location":"commands/misc/down/","title":"Down","text":""},{"location":"commands/misc/down/#down","title":"down","text":""},{"location":"commands/misc/down/#description","title":"Description","text":"Select and print stack frame called by this one.
"},{"location":"commands/misc/down/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/down/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: down [-h] [n]\nnThe number of stack frames to go down. (default: %(default)s)"},{"location":"commands/misc/down/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/dt/","title":"Dt","text":""},{"location":"commands/misc/dt/#dt","title":"dt","text":""},{"location":"commands/misc/dt/#description","title":"Description","text":"
"},{"location":"commands/misc/dt/#usage","title":"Usage:","text":"Dump out information on a type (e.g. ucontext_t).\n\nOptionally overlay that information at an address.\n
"},{"location":"commands/misc/dt/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dt [-h] typename [address]\ntypenameThe name of the structure being dumped. Use quotes if the type contains spaces (e.g. \"struct malloc_state\").addressThe address of the structure."},{"location":"commands/misc/dt/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/dumpargs/","title":"Dumpargs","text":""},{"location":"commands/misc/dumpargs/#dumpargs","title":"dumpargs","text":""},{"location":"commands/misc/dumpargs/#description","title":"Description","text":"Prints determined arguments for call instruction.
"},{"location":"commands/misc/dumpargs/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/dumpargs/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: dumpargs [-h] [-f]\n-h--helpshow this help message and exit-f--forceForce displaying of all arguments. (default: %(default)s)"},{"location":"commands/misc/getfile/","title":"Getfile","text":""},{"location":"commands/misc/getfile/#getfile","title":"getfile","text":""},{"location":"commands/misc/getfile/#description","title":"Description","text":"Gets the current file.
"},{"location":"commands/misc/getfile/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/getfile/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: getfile [-h]\n-h--helpshow this help message and exit"},{"location":"commands/misc/hex2ptr/","title":"Hex2ptr","text":""},{"location":"commands/misc/hex2ptr/#hex2ptr","title":"hex2ptr","text":""},{"location":"commands/misc/hex2ptr/#description","title":"Description","text":"Converts a space-separated hex string to a little-endian address.
"},{"location":"commands/misc/hex2ptr/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/hex2ptr/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: hex2ptr [-h] hex_string\nhex_stringHexadecimal string to convert (e.g., '00 70 75 c1 cd ef 59 00')."},{"location":"commands/misc/hex2ptr/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/hijack-fd/","title":"Hijack fd","text":""},{"location":"commands/misc/hijack-fd/#hijack-fd","title":"hijack-fd","text":""},{"location":"commands/misc/hijack-fd/#description","title":"Description","text":"Replace a file descriptor of a debugged process.
The new file descriptor can point to: - a file - a pipe - a socket - a device, etc.
Examples: 1. Redirect STDOUT to a file:
hijack-fd 1 /dev/null- Redirect STDERR to a socket:
hijack-fd 2 tcp://localhost:8888
"},{"location":"commands/misc/hijack-fd/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: hijack-fd [-h] fdnum newfile\nfdnumFile descriptor (FD) number to be replaced with the specified new socket or file.newfileSpecify a file or a socket. For files, the filename must start with/(e.g.,/etc/passwd). For sockets, the following formats are allowed: -127.0.0.1:80(default is TCP) -tcp://[::1]:80-udp://example.com:80-tcp+ipv6://example.com:80"},{"location":"commands/misc/hijack-fd/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/ipi/","title":"Ipi","text":""},{"location":"commands/misc/ipi/#ipi","title":"ipi","text":""},{"location":"commands/misc/ipi/#description","title":"Description","text":"Start an interactive IPython prompt.
"},{"location":"commands/misc/ipi/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/ipi/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: ipi [-h]\n-h--helpshow this help message and exit"},{"location":"commands/misc/patch-list/","title":"Patch list","text":""},{"location":"commands/misc/patch-list/#patch-list","title":"patch-list","text":""},{"location":"commands/misc/patch-list/#description","title":"Description","text":"List all patches.
"},{"location":"commands/misc/patch-list/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/patch-list/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: patch-list [-h]\n-h--helpshow this help message and exit"},{"location":"commands/misc/patch-revert/","title":"Patch revert","text":""},{"location":"commands/misc/patch-revert/#patch-revert","title":"patch-revert","text":""},{"location":"commands/misc/patch-revert/#description","title":"Description","text":"Revert patch at given address.
"},{"location":"commands/misc/patch-revert/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/patch-revert/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: patch-revert [-h] address\naddressAddress to revert patch on"},{"location":"commands/misc/patch-revert/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/patch/","title":"Patch","text":""},{"location":"commands/misc/patch/#patch","title":"patch","text":""},{"location":"commands/misc/patch/#description","title":"Description","text":"Patches given instruction with given code or bytes.
"},{"location":"commands/misc/patch/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/patch/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: patch [-h] [-q] address ins\naddressThe address to patchinsinstruction[s]"},{"location":"commands/misc/patch/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-q--quietdon't print anything (default: %(default)s)"},{"location":"commands/misc/plist/","title":"Plist","text":""},{"location":"commands/misc/plist/#plist","title":"plist","text":""},{"location":"commands/misc/plist/#description","title":"Description","text":"Dumps the elements of a linked list.
This command traverses the linked list beginning at a given element, dumping its contents and the contents of all the elements that come after it in the list. Traversal is configurable and can handle multiple types of linked lists, but will always stop when a cycle is detected.
The path to the first element can be any GDB expression that evaluates to either the first element directly, or a to pointer to it. The next element is the name of the field containing the next pointer, in either the structure itself or in the structure given by --inner.
An address value may be given with --sentinel that signals the end of the list. By default, the value used is NULL (0).
If only one field inside each node is desired, it can be printed exclusively by specifying its name with --field.
This command supports traversing three types of linked lists, classified by how the next pointer can be found in the structure and what type it is: 1 - Next pointer is field of structure, type is the same as structure. 2 - Next pointer is field of inner nested structure, pointed to type is the same as outer structure. 3 - Next pointer is field of inner nested structure, pointed to type is the same as inner structure. Types 2 and 3 require --inner to be specified.
Example 1:
struct node {\n int value;\n struct node *next;\n};\nstruct node node_c = { 2, NULL };\nstruct node node_b = { 1, &node_c };\nstruct node node_a = { 0, &node_b };\npwndbg> plist node_a next 0x4000011050 : { value = 0, next = 0x4000011040 } 0x4000011040 : { value = 1, next = 0x4000011010 } 0x4000011010 : { value = 2, next = 0x0 }
Example 2:
struct node_inner_a {\n struct node_inner_a *next;\n};\nstruct inner_a_node {\n int value;\n struct node_inner_a inner;\n};\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\npwndbg> plist inner_a_node_a -i inner next 0x4000011070 : { value = 0, inner = { next = 0x4000011068 } } 0x4000011060 : { value = 1, inner = { next = 0x4000011028 } } 0x4000011020 : { value = 2, inner = { next = 0x0 } }
Example 3:
struct inner_b_node;\nstruct node_inner_b {\n struct inner_b_node *next;\n};\nstruct inner_b_node {\n int value;\n struct node_inner_b inner;\n};\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\npwndbg> plist inner_b_node_a -i inner next 0x4000011090 : { value = 0, inner = { next = 0x4000011080 } } 0x4000011080 : { value = 1, inner = { next = 0x4000011030 } } 0x4000011030 : { value = 2, inner = { next = 0x0 } }"},{"location":"commands/misc/plist/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/plist/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: plist [-h] [-s SENTINEL] [-i INNER_NAME] [-f FIELD_NAME] [-o OFFSET]\n [-c COUNT]\n path next\npathThe first element of the linked listnextThe name of the field pointing to the next element in the list"},{"location":"commands/misc/plist/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-s--sentinel0The address that stands in for an end of list marker in a non-cyclic list (default: %(default)s)-i--innerNoneThe name of the inner nested structure where the next pointer is stored-f--fieldNoneThe name of the field to be displayed, if only one is desired-o--offset0The offset of the first list element to display. Defaults to zero. (default: %(default)s)-c--countNoneThe number of elements to display. Defaults to the value of dereference-limit."},{"location":"commands/misc/sigreturn/","title":"Sigreturn","text":""},{"location":"commands/misc/sigreturn/#sigreturn","title":"sigreturn","text":""},{"location":"commands/misc/sigreturn/#description","title":"Description","text":"Display the SigreturnFrame at the specific address
"},{"location":"commands/misc/sigreturn/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/sigreturn/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: sigreturn [-h] [-a] [-p] [address]\naddressThe address to read the frame from"},{"location":"commands/misc/sigreturn/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-a--allShow all values in the frame in addition to common registers (default: %(default)s)-p--printShow addresses of frame values (default: %(default)s)"},{"location":"commands/misc/spray/","title":"Spray","text":""},{"location":"commands/misc/spray/#spray","title":"spray","text":""},{"location":"commands/misc/spray/#description","title":"Description","text":"Spray memory with cyclic() generated values
"},{"location":"commands/misc/spray/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/spray/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: spray [-h] [--value VALUE] [-x] addr [length]\naddrAddress to spraylengthLength of byte sequence, when unspecified sprays until the end of vmmap which address belongs to (default: %(default)s)"},{"location":"commands/misc/spray/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--valueNoneValue to spray memory with, when prefixed with '0x' treated as hex string encoded big-endian-x--only-funcptrsSpray only addresses whose values points to executable pages (default: %(default)s)"},{"location":"commands/misc/tips/","title":"Tips","text":""},{"location":"commands/misc/tips/#tips","title":"tips","text":""},{"location":"commands/misc/tips/#description","title":"Description","text":"Shows tips.
"},{"location":"commands/misc/tips/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/tips/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: tips [-h] [-a]\n-h--helpshow this help message and exit-a--allShow all tips. (default: %(default)s)"},{"location":"commands/misc/up/","title":"Up","text":""},{"location":"commands/misc/up/#up","title":"up","text":""},{"location":"commands/misc/up/#description","title":"Description","text":"Select and print stack frame that called this one.
"},{"location":"commands/misc/up/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/up/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: up [-h] [n]\nnThe number of stack frames to go up. (default: %(default)s)"},{"location":"commands/misc/up/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/valist/","title":"Valist","text":""},{"location":"commands/misc/valist/#valist","title":"valist","text":""},{"location":"commands/misc/valist/#description","title":"Description","text":"Dumps the arguments of a va_list.
"},{"location":"commands/misc/valist/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/valist/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: valist [-h] addr [count]\naddrAddress of the va_listcountNumber of arguments to dump (default: %(default)s)"},{"location":"commands/misc/valist/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/vmmap-load/","title":"Vmmap load","text":""},{"location":"commands/misc/vmmap-load/#vmmap-load","title":"vmmap-load","text":""},{"location":"commands/misc/vmmap-load/#description","title":"Description","text":"Load virtual memory map pages from ELF file.
"},{"location":"commands/misc/vmmap-load/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/vmmap-load/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: vmmap-load [-h] [filename]\nfilenameELF filename, by default uses current loaded filename."},{"location":"commands/misc/vmmap-load/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/process/killthreads/","title":"Killthreads","text":""},{"location":"commands/process/killthreads/#killthreads","title":"killthreads","text":""},{"location":"commands/process/killthreads/#description","title":"Description","text":"Kill all or given threads.
Switches to given threads and calls pthread_exit(0) on them. This is performed with scheduler-locking to prevent other threads from operating at the same time.
Killing all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).
"},{"location":"commands/process/killthreads/#usage","title":"Usage:","text":"
"},{"location":"commands/process/killthreads/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: killthreads [-h] [-a] [thread_ids ...]\nthread_idsThread IDs to kill."},{"location":"commands/process/killthreads/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-a--allKill all threads except the current one. (default: %(default)s)"},{"location":"commands/process/pid/","title":"Pid","text":""},{"location":"commands/process/pid/#pid","title":"pid","text":""},{"location":"commands/process/pid/#description","title":"Description","text":"Gets the pid.
"},{"location":"commands/process/pid/#usage","title":"Usage:","text":"
"},{"location":"commands/process/pid/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: pid [-h]\n-h--helpshow this help message and exit"},{"location":"commands/process/procinfo/","title":"Procinfo","text":""},{"location":"commands/process/procinfo/#procinfo","title":"procinfo","text":""},{"location":"commands/process/procinfo/#description","title":"Description","text":"Display information about the running process.
"},{"location":"commands/process/procinfo/#usage","title":"Usage:","text":"
"},{"location":"commands/process/procinfo/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: procinfo [-h]\n-h--helpshow this help message and exit"},{"location":"commands/pwndbg/bugreport/","title":"Bugreport","text":""},{"location":"commands/pwndbg/bugreport/#bugreport","title":"bugreport","text":""},{"location":"commands/pwndbg/bugreport/#description","title":"Description","text":"Generate a bug report.
"},{"location":"commands/pwndbg/bugreport/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/bugreport/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: bugreport [-h] [--run-browser | --use-gh]\n-h--helpshow this help message and exit-b--run-browserOpen browser on github/issues/new (default: %(default)s)-g--use-ghCreate issue using Github CLI (default: %(default)s)"},{"location":"commands/pwndbg/config/","title":"Config","text":""},{"location":"commands/pwndbg/config/#config","title":"config","text":""},{"location":"commands/pwndbg/config/#description","title":"Description","text":"Shows pwndbg-specific configuration.
"},{"location":"commands/pwndbg/config/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/config/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: config [-h] [filter_pattern]\nfilter_patternFilter to apply to config parameters names/descriptions"},{"location":"commands/pwndbg/config/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/pwndbg/configfile/","title":"Configfile","text":""},{"location":"commands/pwndbg/configfile/#configfile","title":"configfile","text":""},{"location":"commands/pwndbg/configfile/#description","title":"Description","text":"Generates a configuration file for the current pwndbg options.
"},{"location":"commands/pwndbg/configfile/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/configfile/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: configfile [-h] [--show-all]\n-h--helpshow this help message and exit--show-allDisplay all configuration options. (default: %(default)s)"},{"location":"commands/pwndbg/memoize/","title":"Memoize","text":""},{"location":"commands/pwndbg/memoize/#memoize","title":"memoize","text":""},{"location":"commands/pwndbg/memoize/#description","title":"Description","text":"Toggles memoization (caching).
Useful for diagnosing caching-related bugs. Decreases performance.
"},{"location":"commands/pwndbg/memoize/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/memoize/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: memoize [-h]\n-h--helpshow this help message and exit"},{"location":"commands/pwndbg/profiler/","title":"Profiler","text":""},{"location":"commands/pwndbg/profiler/#profiler","title":"profiler","text":""},{"location":"commands/pwndbg/profiler/#description","title":"Description","text":"Utilities for profiling pwndbg.
"},{"location":"commands/pwndbg/profiler/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/profiler/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: profiler [-h] {start,stop} ...\ncommandNone"},{"location":"commands/pwndbg/profiler/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/pwndbg/pwndbg/","title":"Pwndbg","text":""},{"location":"commands/pwndbg/pwndbg/#pwndbg","title":"pwndbg","text":""},{"location":"commands/pwndbg/pwndbg/#description","title":"Description","text":"Prints out a list of all pwndbg commands.
"},{"location":"commands/pwndbg/pwndbg/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/pwndbg/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: pwndbg [-h] [--shell | --all] [-c CATEGORY_ | --list-categories]\n [filter_pattern]\nfilter_patternFilter to apply to commands names/docs"},{"location":"commands/pwndbg/pwndbg/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--shellOnly display shell commands (default: %(default)s)--allOnly display shell commands (default: %(default)s)-c--categoryNoneFilter commands by category--list-categoriesList command categories (default: %(default)s)"},{"location":"commands/pwndbg/reinit-pwndbg/","title":"Reinit pwndbg","text":""},{"location":"commands/pwndbg/reinit-pwndbg/#reinit-pwndbg","title":"reinit-pwndbg","text":""},{"location":"commands/pwndbg/reinit-pwndbg/#description","title":"Description","text":"Makes pwndbg reinitialize all state.
"},{"location":"commands/pwndbg/reinit-pwndbg/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/reinit-pwndbg/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: reinit-pwndbg [-h]\n-h--helpshow this help message and exit"},{"location":"commands/pwndbg/reload/","title":"Reload","text":""},{"location":"commands/pwndbg/reload/#reload","title":"reload","text":""},{"location":"commands/pwndbg/reload/#description","title":"Description","text":"Reload pwndbg.
"},{"location":"commands/pwndbg/reload/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/reload/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: reload [-h]\n-h--helpshow this help message and exit"},{"location":"commands/pwndbg/theme/","title":"Theme","text":""},{"location":"commands/pwndbg/theme/#theme","title":"theme","text":""},{"location":"commands/pwndbg/theme/#description","title":"Description","text":"Shows pwndbg-specific theme configuration.
"},{"location":"commands/pwndbg/theme/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/theme/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: theme [-h] [filter_pattern]\nfilter_patternFilter to apply to theme parameters names/descriptions"},{"location":"commands/pwndbg/theme/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/pwndbg/themefile/","title":"Themefile","text":""},{"location":"commands/pwndbg/themefile/#themefile","title":"themefile","text":""},{"location":"commands/pwndbg/themefile/#description","title":"Description","text":"Generates a configuration file for the current pwndbg theme options.
"},{"location":"commands/pwndbg/themefile/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/themefile/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: themefile [-h] [--show-all]\n-h--helpshow this help message and exit--show-allForce displaying of all theme options. (default: %(default)s)"},{"location":"commands/pwndbg/version/","title":"Version","text":""},{"location":"commands/pwndbg/version/#version","title":"version","text":""},{"location":"commands/pwndbg/version/#description","title":"Description","text":"Displays Pwndbg and its important deps versions.
"},{"location":"commands/pwndbg/version/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/version/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: version [-h]\n-h--helpshow this help message and exit"},{"location":"commands/register/cpsr/","title":"Cpsr","text":""},{"location":"commands/register/cpsr/#cpsr","title":"cpsr","text":""},{"location":"commands/register/cpsr/#description","title":"Description","text":"Print out ARM CPSR or xPSR register.
"},{"location":"commands/register/cpsr/#usage","title":"Usage:","text":"
"},{"location":"commands/register/cpsr/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: cpsr [-h] [cpsr_value]\ncpsr_valueParse the given CPSR value instead of the actual one."},{"location":"commands/register/cpsr/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/register/fsbase/","title":"Fsbase","text":""},{"location":"commands/register/fsbase/#fsbase","title":"fsbase","text":""},{"location":"commands/register/fsbase/#description","title":"Description","text":"Prints out the FS base address. See also $fsbase.
"},{"location":"commands/register/fsbase/#usage","title":"Usage:","text":"
"},{"location":"commands/register/fsbase/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: fsbase [-h]\n-h--helpshow this help message and exit"},{"location":"commands/register/gsbase/","title":"Gsbase","text":""},{"location":"commands/register/gsbase/#gsbase","title":"gsbase","text":""},{"location":"commands/register/gsbase/#description","title":"Description","text":"Prints out the GS base address. See also $gsbase.
"},{"location":"commands/register/gsbase/#usage","title":"Usage:","text":"
"},{"location":"commands/register/gsbase/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: gsbase [-h]\n-h--helpshow this help message and exit"},{"location":"commands/register/setflag/","title":"Setflag","text":""},{"location":"commands/register/setflag/#setflag","title":"setflag","text":""},{"location":"commands/register/setflag/#description","title":"Description","text":"Modify the flags register.
"},{"location":"commands/register/setflag/#usage","title":"Usage:","text":"
"},{"location":"commands/register/setflag/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: setflag [-h] flag value\nflagFlag for which you want to change the valuevalueValue to which you want to set the flag - only valid options are 0 and 1"},{"location":"commands/register/setflag/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/stack/canary/","title":"Canary","text":""},{"location":"commands/stack/canary/#canary","title":"canary","text":""},{"location":"commands/stack/canary/#description","title":"Description","text":"Print out the current stack canary.
"},{"location":"commands/stack/canary/#usage","title":"Usage:","text":"
"},{"location":"commands/stack/canary/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: canary [-h] [-a]\n-h--helpshow this help message and exit-a--allPrint out stack canaries for all threads instead of the current thread only. (default: %(default)s)"},{"location":"commands/stack/retaddr/","title":"Retaddr","text":""},{"location":"commands/stack/retaddr/#retaddr","title":"retaddr","text":""},{"location":"commands/stack/retaddr/#description","title":"Description","text":"Print out the stack addresses that contain return addresses.
"},{"location":"commands/stack/retaddr/#usage","title":"Usage:","text":"
"},{"location":"commands/stack/retaddr/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: retaddr [-h]\n-h--helpshow this help message and exit"},{"location":"commands/stack/stack-explore/","title":"Stack explore","text":""},{"location":"commands/stack/stack-explore/#stack-explore","title":"stack-explore","text":""},{"location":"commands/stack/stack-explore/#description","title":"Description","text":"Explore stack from all threads.
"},{"location":"commands/stack/stack-explore/#usage","title":"Usage:","text":"
"},{"location":"commands/stack/stack-explore/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: stack-explore [-h]\n-h--helpshow this help message and exit"},{"location":"commands/stack/stack/","title":"Stack","text":""},{"location":"commands/stack/stack/#stack","title":"stack","text":""},{"location":"commands/stack/stack/#description","title":"Description","text":"Dereferences on stack data with specified count and offset.
"},{"location":"commands/stack/stack/#usage","title":"Usage:","text":"
"},{"location":"commands/stack/stack/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: stack [-h] [-f] [-i] [count] [offset]\ncountnumber of element to dump (default: %(default)s)offsetElement offset from $sp (support negative offset) (default: %(default)s)"},{"location":"commands/stack/stack/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-f--frameShow the stack frame, from rsp to rbp (default: %(default)s)-i--inverseShow reverse stack growth (default: %(default)s)"},{"location":"commands/stack/stackf/","title":"Stackf","text":""},{"location":"commands/stack/stackf/#stackf","title":"stackf","text":""},{"location":"commands/stack/stackf/#description","title":"Description","text":"Dereferences on stack data, printing the entire stack frame with specified count and offset .
"},{"location":"commands/stack/stackf/#usage","title":"Usage:","text":"
"},{"location":"commands/stack/stackf/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: stackf [-h] [count] [offset]\ncountnumber of element to dump (default: %(default)s)offsetElement offset from $sp (support negative offset) (default: %(default)s)"},{"location":"commands/stack/stackf/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/start/attachp/","title":"Attachp","text":""},{"location":"commands/start/attachp/#attachp","title":"attachp","text":""},{"location":"commands/start/attachp/#description","title":"Description","text":"Attaches to a given pid, process name, process found with partial argv match or to a device file.
This command wraps the original GDB
attachcommand to add the ability to debug a process with a given name or partial name match. In such cases, the process identifier is fetched via thepidof <name>command first. If no matches are found, then it uses theps -eo pid,argscommand to search for partial name matches.Original GDB attach command help: Attach to a process or file outside of GDB. This command attaches to another target, of the same type as your last \"target\" command (\"info files\" will show your target stack). The command may take as argument a process id or a device file. For a process id, you must have permission to send the process a signal, and it must have the same effective uid as the debugger. When using \"attach\" with a process id, the debugger finds the program running in the process, looking first in the current working directory, or (if not found there) using the source file search path (see the \"directory\" command). You can also use the \"file\" command to specify the program, and to load its symbol table.
"},{"location":"commands/start/attachp/#usage","title":"Usage:","text":"
"},{"location":"commands/start/attachp/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: attachp [-h] [--no-truncate] [--retry] [--user USER] [-e] [-a] [target]\ntargetpid, process name, part of cmdline to be matched or device file to attach to (uses current loaded file name if not provided)"},{"location":"commands/start/attachp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--no-truncatedont truncate command args (default: %(default)s)--retryretry until a target is found (default: %(default)s)--userNoneusername or uid to filter by-e--exactget the pid only for an exact command name match (default: %(default)s)-a--allget pids also for partial cmdline matches etc (default: %(default)s)"},{"location":"commands/start/entry/","title":"Entry","text":""},{"location":"commands/start/entry/#entry","title":"entry","text":""},{"location":"commands/start/entry/#description","title":"Description","text":"Start the debugged program stopping at its entrypoint address.
Note that the entrypoint may not be the first instruction executed by the program. If you want to stop on the first executed instruction, use the GDB's
starticommand.Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable). Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
With no arguments, uses arguments last specified (with \"run\" or \"set args\"). To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
To start the inferior without using a shell, use \"set startup-with-shell off\".
"},{"location":"commands/start/entry/#usage","title":"Usage:","text":"
"},{"location":"commands/start/entry/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: entry [-h] [args ...]\nargsThe arguments to run the binary with."},{"location":"commands/start/entry/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/start/sstart/","title":"Sstart","text":""},{"location":"commands/start/sstart/#sstart","title":"sstart","text":""},{"location":"commands/start/sstart/#description","title":"Description","text":"Alias for 'tbreak __libc_start_main; run'.
"},{"location":"commands/start/sstart/#usage","title":"Usage:","text":"
"},{"location":"commands/start/sstart/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: sstart [-h]\n-h--helpshow this help message and exit"},{"location":"commands/start/start/","title":"Start","text":""},{"location":"commands/start/start/#start","title":"start","text":""},{"location":"commands/start/start/#description","title":"Description","text":"Start the debugged program stopping at the first convenient location from this list: main, _main, start, _start, init or _init. You may specify arguments to give it.
Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable). Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
With no arguments, uses arguments last specified (with \"run\" or \"set args\"). To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
To start the inferior without using a shell, use \"set startup-with-shell off\".
"},{"location":"commands/start/start/#usage","title":"Usage:","text":"
"},{"location":"commands/start/start/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: start [-h] [args ...]\nargsThe arguments to run the binary with."},{"location":"commands/start/start/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/nextcall/","title":"Nextcall","text":""},{"location":"commands/step_next_continue/nextcall/#nextcall","title":"nextcall","text":""},{"location":"commands/step_next_continue/nextcall/#description","title":"Description","text":"Breaks at the next call instruction.
"},{"location":"commands/step_next_continue/nextcall/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/nextcall/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: nextcall [-h] [symbol_regex]\nsymbol_regexA regex matching the name of next symbol to be broken on before calling."},{"location":"commands/step_next_continue/nextcall/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/nextjmp/","title":"Nextjmp","text":""},{"location":"commands/step_next_continue/nextjmp/#nextjmp","title":"nextjmp","text":""},{"location":"commands/step_next_continue/nextjmp/#description","title":"Description","text":"Breaks at the next jump instruction.
"},{"location":"commands/step_next_continue/nextjmp/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/nextjmp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: nextjmp [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/nextproginstr/","title":"Nextproginstr","text":""},{"location":"commands/step_next_continue/nextproginstr/#nextproginstr","title":"nextproginstr","text":""},{"location":"commands/step_next_continue/nextproginstr/#description","title":"Description","text":"Breaks at the next instruction that belongs to the running program.
"},{"location":"commands/step_next_continue/nextproginstr/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/nextproginstr/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: nextproginstr [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/nextret/","title":"Nextret","text":""},{"location":"commands/step_next_continue/nextret/#nextret","title":"nextret","text":""},{"location":"commands/step_next_continue/nextret/#description","title":"Description","text":"Breaks at next return-like instruction.
"},{"location":"commands/step_next_continue/nextret/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/nextret/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: nextret [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/nextsyscall/","title":"Nextsyscall","text":""},{"location":"commands/step_next_continue/nextsyscall/#nextsyscall","title":"nextsyscall","text":""},{"location":"commands/step_next_continue/nextsyscall/#description","title":"Description","text":"Breaks at the next syscall not taking branches.
"},{"location":"commands/step_next_continue/nextsyscall/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/nextsyscall/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: nextsyscall [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/stepover/","title":"Stepover","text":""},{"location":"commands/step_next_continue/stepover/#stepover","title":"stepover","text":""},{"location":"commands/step_next_continue/stepover/#description","title":"Description","text":"Breaks on the instruction after this one.
"},{"location":"commands/step_next_continue/stepover/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/stepover/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: stepover [-h] [addr]\naddrThe address to break after."},{"location":"commands/step_next_continue/stepover/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/stepret/","title":"Stepret","text":""},{"location":"commands/step_next_continue/stepret/#stepret","title":"stepret","text":""},{"location":"commands/step_next_continue/stepret/#description","title":"Description","text":"Breaks at next return-like instruction by 'stepping' to it.
"},{"location":"commands/step_next_continue/stepret/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/stepret/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: stepret [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/stepsyscall/","title":"Stepsyscall","text":""},{"location":"commands/step_next_continue/stepsyscall/#stepsyscall","title":"stepsyscall","text":""},{"location":"commands/step_next_continue/stepsyscall/#description","title":"Description","text":"Breaks at the next syscall by taking branches.
"},{"location":"commands/step_next_continue/stepsyscall/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/stepsyscall/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: stepsyscall [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/stepuntilasm/","title":"Stepuntilasm","text":""},{"location":"commands/step_next_continue/stepuntilasm/#stepuntilasm","title":"stepuntilasm","text":""},{"location":"commands/step_next_continue/stepuntilasm/#description","title":"Description","text":"Breaks on the next matching instruction.
"},{"location":"commands/step_next_continue/stepuntilasm/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/stepuntilasm/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: stepuntilasm [-h] mnemonic [op_str ...]\nmnemonicThe mnemonic of the instructionop_strThe operands of the instruction"},{"location":"commands/step_next_continue/stepuntilasm/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/xuntil/","title":"Xuntil","text":""},{"location":"commands/step_next_continue/xuntil/#xuntil","title":"xuntil","text":""},{"location":"commands/step_next_continue/xuntil/#description","title":"Description","text":"Continue execution until an address or expression.
"},{"location":"commands/step_next_continue/xuntil/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/xuntil/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: xuntil [-h] target\ntargetLocation to stop execution at"},{"location":"commands/step_next_continue/xuntil/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/bc/","title":"Bc","text":""},{"location":"commands/windbg/bc/#bc","title":"bc","text":""},{"location":"commands/windbg/bc/#description","title":"Description","text":"Clear the breakpoint with the specified index.
"},{"location":"commands/windbg/bc/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/bc/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: bc [-h] [which]\nwhichIndex of the breakpoint to clear. (default: %(default)s)"},{"location":"commands/windbg/bc/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/bd/","title":"Bd","text":""},{"location":"commands/windbg/bd/#bd","title":"bd","text":""},{"location":"commands/windbg/bd/#description","title":"Description","text":"Disable the breakpoint with the specified index.
"},{"location":"commands/windbg/bd/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/bd/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: bd [-h] [which]\nwhichIndex of the breakpoint to disable. (default: %(default)s)"},{"location":"commands/windbg/bd/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/be/","title":"Be","text":""},{"location":"commands/windbg/be/#be","title":"be","text":""},{"location":"commands/windbg/be/#description","title":"Description","text":"Enable the breakpoint with the specified index.
"},{"location":"commands/windbg/be/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/be/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: be [-h] [which]\nwhichIndex of the breakpoint to enable. (default: %(default)s)"},{"location":"commands/windbg/be/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/bl/","title":"Bl","text":""},{"location":"commands/windbg/bl/#bl","title":"bl","text":""},{"location":"commands/windbg/bl/#description","title":"Description","text":"List breakpoints.
"},{"location":"commands/windbg/bl/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/bl/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: bl [-h]\n-h--helpshow this help message and exit"},{"location":"commands/windbg/bp/","title":"Bp","text":""},{"location":"commands/windbg/bp/#bp","title":"bp","text":""},{"location":"commands/windbg/bp/#description","title":"Description","text":"Set a breakpoint at the specified address.
"},{"location":"commands/windbg/bp/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/bp/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: bp [-h] where\nwhereThe address to break at."},{"location":"commands/windbg/bp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/da/","title":"Da","text":""},{"location":"commands/windbg/da/#da","title":"da","text":""},{"location":"commands/windbg/da/#description","title":"Description","text":"Dump a string at the specified address.
"},{"location":"commands/windbg/da/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/da/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: da [-h] address [max]\naddressAddress to dumpmaxMaximum string length (default: %(default)s)"},{"location":"commands/windbg/da/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/db/","title":"Db","text":""},{"location":"commands/windbg/db/#db","title":"db","text":""},{"location":"commands/windbg/db/#description","title":"Description","text":"Starting at the specified address, dump N bytes.
"},{"location":"commands/windbg/db/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/db/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: db [-h] address [count]\naddressThe address to dump from.countThe number of bytes to dump. (default: %(default)s)"},{"location":"commands/windbg/db/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/dc/","title":"Dc","text":""},{"location":"commands/windbg/dc/#dc","title":"dc","text":""},{"location":"commands/windbg/dc/#description","title":"Description","text":"Starting at the specified address, hexdump.
"},{"location":"commands/windbg/dc/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/dc/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dc [-h] address [count]\naddressThe address to dump from.countThe number of bytes to hexdump. (default: %(default)s)"},{"location":"commands/windbg/dc/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/dd/","title":"Dd","text":""},{"location":"commands/windbg/dd/#dd","title":"dd","text":""},{"location":"commands/windbg/dd/#description","title":"Description","text":"Starting at the specified address, dump N dwords.
"},{"location":"commands/windbg/dd/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/dd/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dd [-h] address [count]\naddressThe address to dump from.countThe number of dwords to dump. (default: %(default)s)"},{"location":"commands/windbg/dd/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/dds/","title":"Dds","text":""},{"location":"commands/windbg/dds/#dds","title":"dds","text":""},{"location":"commands/windbg/dds/#description","title":"Description","text":"Dump pointers and symbols at the specified address.
"},{"location":"commands/windbg/dds/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/dds/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dds [-h] addr\naddrThe address to dump from."},{"location":"commands/windbg/dds/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/dq/","title":"Dq","text":""},{"location":"commands/windbg/dq/#dq","title":"dq","text":""},{"location":"commands/windbg/dq/#description","title":"Description","text":"Starting at the specified address, dump N qwords.
"},{"location":"commands/windbg/dq/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/dq/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dq [-h] address [count]\naddressThe address to dump from.countThe number of qwords to dump. (default: %(default)s)"},{"location":"commands/windbg/dq/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/ds/","title":"Ds","text":""},{"location":"commands/windbg/ds/#ds","title":"ds","text":""},{"location":"commands/windbg/ds/#description","title":"Description","text":"Dump a string at the specified address.
"},{"location":"commands/windbg/ds/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/ds/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ds [-h] address [max]\naddressAddress to dumpmaxMaximum string length (default: %(default)s)"},{"location":"commands/windbg/ds/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/dw/","title":"Dw","text":""},{"location":"commands/windbg/dw/#dw","title":"dw","text":""},{"location":"commands/windbg/dw/#description","title":"Description","text":"Starting at the specified address, dump N words.
"},{"location":"commands/windbg/dw/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/dw/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dw [-h] address [count]\naddressThe address to dump from.countThe number of words to dump. (default: %(default)s)"},{"location":"commands/windbg/dw/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/eb/","title":"Eb","text":""},{"location":"commands/windbg/eb/#eb","title":"eb","text":""},{"location":"commands/windbg/eb/#description","title":"Description","text":"Write hex bytes at the specified address.
"},{"location":"commands/windbg/eb/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/eb/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: eb [-h] address [data ...]\naddressThe address to write to.dataThe bytes to write."},{"location":"commands/windbg/eb/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/ed/","title":"Ed","text":""},{"location":"commands/windbg/ed/#ed","title":"ed","text":""},{"location":"commands/windbg/ed/#description","title":"Description","text":"Write hex dwords at the specified address.
"},{"location":"commands/windbg/ed/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/ed/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ed [-h] address [data ...]\naddressThe address to write to.dataThe dwords to write."},{"location":"commands/windbg/ed/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/eq/","title":"Eq","text":""},{"location":"commands/windbg/eq/#eq","title":"eq","text":""},{"location":"commands/windbg/eq/#description","title":"Description","text":"Write hex qwords at the specified address.
"},{"location":"commands/windbg/eq/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/eq/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: eq [-h] address [data ...]\naddressThe address to write to.dataThe qwords to write."},{"location":"commands/windbg/eq/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/ew/","title":"Ew","text":""},{"location":"commands/windbg/ew/#ew","title":"ew","text":""},{"location":"commands/windbg/ew/#description","title":"Description","text":"Write hex words at the specified address.
"},{"location":"commands/windbg/ew/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/ew/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ew [-h] address [data ...]\naddressThe address to write to.dataThe words to write."},{"location":"commands/windbg/ew/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/ez/","title":"Ez","text":""},{"location":"commands/windbg/ez/#ez","title":"ez","text":""},{"location":"commands/windbg/ez/#description","title":"Description","text":"Write a string at the specified address.
"},{"location":"commands/windbg/ez/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/ez/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ez [-h] address data\naddressThe address to write to.dataThe string to write."},{"location":"commands/windbg/ez/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/eza/","title":"Eza","text":""},{"location":"commands/windbg/eza/#eza","title":"eza","text":""},{"location":"commands/windbg/eza/#description","title":"Description","text":"Write a string at the specified address.
"},{"location":"commands/windbg/eza/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/eza/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: eza [-h] address data\naddressThe address to write to.dataThe string to write."},{"location":"commands/windbg/eza/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/go/","title":"Go","text":""},{"location":"commands/windbg/go/#go","title":"go","text":""},{"location":"commands/windbg/go/#description","title":"Description","text":"Windbg compatibility alias for 'continue' command.
"},{"location":"commands/windbg/go/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/go/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: go [-h]\n-h--helpshow this help message and exit"},{"location":"commands/windbg/k/","title":"K","text":""},{"location":"commands/windbg/k/#k","title":"k","text":""},{"location":"commands/windbg/k/#description","title":"Description","text":"Print a backtrace (alias 'bt').
"},{"location":"commands/windbg/k/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/k/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: k [-h]\n-h--helpshow this help message and exit"},{"location":"commands/windbg/ln/","title":"Ln","text":""},{"location":"commands/windbg/ln/#ln","title":"ln","text":""},{"location":"commands/windbg/ln/#description","title":"Description","text":"List the symbols nearest to the provided value.
"},{"location":"commands/windbg/ln/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/ln/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ln [-h] [value]\nvalueThe address you want the name of."},{"location":"commands/windbg/ln/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/pc/","title":"Pc","text":""},{"location":"commands/windbg/pc/#pc","title":"pc","text":""},{"location":"commands/windbg/pc/#description","title":"Description","text":"Windbg compatibility alias for 'nextcall' command.
"},{"location":"commands/windbg/pc/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/pc/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: pc [-h]\n-h--helpshow this help message and exit"},{"location":"commands/windbg/peb/","title":"Peb","text":""},{"location":"commands/windbg/peb/#peb","title":"peb","text":""},{"location":"commands/windbg/peb/#description","title":"Description","text":"Not be windows.
"},{"location":"commands/windbg/peb/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/peb/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: peb [-h]\n-h--helpshow this help message and exit"},{"location":"misc/binja_integration/","title":"Integrating Binary Ninja with pwndbg","text":""},{"location":"misc/binja_integration/#requirements","title":"Requirements","text":"You need at least the personal edition of Binary Ninja (only tested on version 4.0+) that runs at least Python 3.10 for plugins.
"},{"location":"misc/binja_integration/#setup","title":"Setup","text":"Copy (or symlink)
"},{"location":"misc/binja_integration/#usage","title":"Usage","text":"binja_script.pyto your plugins directory.To start the Binary Ninja integration, open the binary you want to debug in Binary Ninja, then go to
Plugins > pwndbg > Start integration on current view. This will start the XMLRPC server that pwndbg queries for information.Then, inside GDB, run
"},{"location":"misc/binja_integration/#features","title":"Features","text":"set integration-provider binja, which will start the integration. You can runset integration-provider noneto disable it again.The integration currently syncs symbol names, comments, decompilation, function type signatures, and stack variables.
"},{"location":"misc/binja_integration/#commands","title":"Commands","text":"bn-sync: Navigate the Binary Ninja view to the current instructiondecomp ADDR NLINES: Displays the decompilation forNLINESlines at addressADDR.
bn-autosync: If set toyes, every step will automatically runbn-syncbn-il-level: Sets the IL level to use for decompilation. Valid values are:disasm,llil,mlil,hlilbn-rpc-host/bn-rpc-port: The host and port to connect to for the XMLRPC serverbn-timeout: The amount, in seconds, to wait for the XMLRPC server to connect
Pwndbg relies on several environment variables to customize its behavior. Below is a list of these variables and their purposes:
PATH: Standard systemPATHvariable used to locate executables.EDITOR,VISUAL: Used by thecymbolcommand to open an editor.HOME,XDG_CACHE_HOME: Used bylib.tempfileto determine temporary file locations.PWNDBG_VENV_PATH: Specifies the virtual environment path for Pwndbg.PWNDBG_DISABLE_COLORS: Disables colored output in Pwndbg.PWNDBG_LOGLEVEL: Initial log level to use for log messages.OPENAI_API_KEY,ANTHROPIC_API_KEY: Used by theaicommand for accessing respective AI APIs.GITHUB_ACTIONS,RUN_FLAKY: Used bytests_commands.pyto determine the test environment.PWNDBG_PROFILE: Enables profiling for benchmarking.USE_PDB: Enables Python debugger in tests.PWNDBG_LAUNCH_TEST: Used by tests to configure test launching.PWNDBG_ARCH,PWNDBG_KERNEL_TYPE,PWNDBG_KERNEL_VERSION: Used bygdblibkernel tests to specify kernel parameters.SPHINX: Used bydocs/source/conf.py, likely to be removed.PWNLIB_NOTERM=1: Set by Pwndbg to avoid terminal issues with Pwntools.
The
go-dumpcommand can be used to dump Go values during debugging. It takes the formgo-dump type address_expression, and supports many different types with the same syntax as Go: - Integer types:int,int8,int16,int32,int64,int128, and theiruintcounterparts - Misc types:bool,rune,uintptr,string- Floating point types:float32,float64- Complex numbers:complex64,complex128- Interface types:anyforinterface{}(the empty interface), andinterfacefor all non-empty interfaces - Function types:funcptrfor all function types - Pointers:*ELEM- Slices:[]ELEM- Arrays:[LEN]ELEM- Maps:map[KEY][VAL](note that maps in Go are actually pointers to the map, whereas this map is the inner map, so you may need to use*map[KEY]VALto dump a map)Struct types are also supported, but the syntax is slightly different from Go in order to avoid having to compute offsets (and also to support only having partial field information on structs). Struct types are notated as
OFFSET:FIELD_NAME:TYPEtriples separated by semicolons then enclosed withstruct(SIZE){}, e.g.struct(24){0:foo:string;16:bar:int64}to represent the 24-byte Go structstruct { foo string; bar int64 }.Example:
pwndbg> go-dump map[string]int 0xc0000b20f0\n{\"a\": 1, \"b\": 2, \"c\": 3}\n\npwndbg> go-dump any 0xc0000ace40\n([]struct { a int; b string }) [struct {a: 1, b: \"first\"}, struct {a: 2, b: \"second\"}]\n\npwndbg> go-dump struct(24){0:a:int;8:b:string} 0xc000108120\nstruct {a: 1, b: \"first\"}\nSome notable flags include
"},{"location":"misc/go_debugging/#runtime-type-parsing","title":"Runtime Type Parsing","text":"-pto enable pretty printing,-xto display integers in hex,-f DECIMALSto set the number of decimals used to display floats,-dto enable debug printing, which displays memory addresses of everything shown in the dump.Go's compiler emits type objects for every single type used by the program. This is what enables dumping interface values with
go-dumpwithout having to specify any additional type information, and can also be leveraged to dump non-interface values if the type can be located. A good way to locate types is by finding the type pointer passed into heap allocation functions likeruntime.newobjectorruntime.makeslice.After finding the type pointer, the
go-typecommand can be used to inspect a type:pwndbg> go-type 0x49fbc0\n Name: struct { a int; b string }\n Kind: STRUCT\n Size: 24 (0x18)\nAlign: 8\nParse: struct(24){0:a:int;8:b:string}\nField a:\n Offset: 0 (0x0)\n Type name: int\n Type addr: 0x498ce0\nField b:\n Offset: 8 (0x8)\n Type name: string\n Type addr: 0x498aa0\nThe
go-dumpcommand can also take an address to a type instead of the name of a type:
"},{"location":"misc/pycharm_debugging/","title":"Debugging with PyCharm","text":"pwndbg> go-dump 0x49fbc0 0xc000108120\nstruct {a: 1, b: \"first\"}\nIn order to debug code with PyCharm you need to configure remote debugging.
PyCharm will start a remote debugging server which will listen for connections and pwndbg will then connect to that server, on startup.
"},{"location":"misc/pycharm_debugging/#configuring-the-debugging-server","title":"Configuring the debugging server","text":"Select
Run -> Edit Configurationsand follow the instructions there :)- Create a new server with the
+button. - Put your IP in
IDE host nameand select a port number. - Optionally, add a path mapping:
pycharm/pwndbg/dir=machine/pwndbg/dir - Uncheck
suspend after connect
- Select
Run -> Edit Configurationsand install the packages described in that window. pip install pydevd-pycharm~=<your_pycharm_version>- Add the following code somewhere where it will execute on gdb startup:
import pydevd_pycharm\npydevd_pycharm.settrace('<your_IP>', port=<port>, stdoutToServer=True, stderrToServer=True)\n
- Start the debugging server in PyCharm
- Run pwndbg
In order to debug using WSL2, you need to obtain your Windows IP. The easiest way to do that is to run:
and then to pick the value in thecat /etc/resolv.conf\nnameserverline. Then use that IP in theIDE host namefield, when configuring the server. Afterwards, use the same IP inpydevd_pycharm.settrace(...)"},{"location":"reference/pwndbg/","title":"pwndbg","text":""},{"location":"reference/pwndbg/#pwndbg","title":"pwndbg","text":"Modules:
-
aglib\u2013 -
arguments\u2013Allows describing functions, specifically enumerating arguments which
-
auxv\u2013 -
chain\u2013 -
color\u2013 -
commands\u2013 -
dbg\u2013The abstracted debugger interface.
-
decorators\u2013 -
emu\u2013 -
enhance\u2013Given an address in memory which does not contain a pointer elsewhere
-
exception\u2013 -
gdblib\u2013 -
ghidra\u2013 -
glibc\u2013Get information about the GLibc
-
hexdump\u2013Hexdump implementation, ~= stolen from pwntools.
-
integration\u2013 -
lib\u2013 -
log\u2013 -
profiling\u2013 -
radare2\u2013 -
rizin\u2013 -
search\u2013Search the address space for byte patterns.
-
ui\u2013A few helpers for making things print pretty-like.
-
wrappers\u2013
Attributes:
-
config(Config) \u2013 -
__version__\u2013 -
version\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/#pwndbg.__version__","title":"__version__config: Config = Config()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/#pwndbg.version","title":"version__version__ = __version__\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/","title":"pwndbg.aglib","text":""},{"location":"reference/pwndbg/aglib/#pwndbg.aglib","title":"aglib","text":"version = __version__\nModules:
-
arch\u2013 -
argv\u2013 -
ctypes\u2013On-the-fly endianness switching for ctypes structures.
-
disasm\u2013Functionality for disassmebling code at an address, or at an
-
dt\u2013Prints structures in a manner similar to Windbg's \"dt\" command.
-
dynamic\u2013Dynamic linking interface.
-
elf\u2013This file declares types and methods useful for enumerating
-
file\u2013Retrieve files from the debuggee's filesystem. Useful when
-
godbg\u2013 -
heap\u2013 -
kernel\u2013 -
memory\u2013 -
nearpc\u2013 -
next\u2013Commands for setting temporary breakpoints on the next
-
onegadget\u2013 -
proc\u2013Provides values which would be available from /proc which
-
qemu\u2013Determine whether the target is being run under QEMU.
-
regs\u2013Reading register value from the inferior, and provides a
-
remote\u2013Information about whether the debuggee is local (under GDB) or remote
-
shellcode\u2013Shellcode
-
stack\u2013Helpers for finding address mappings which are used as a stack.
-
strings\u2013Functionality for resolving ASCII printable strings within
-
symbol\u2013Looking up addresses for function names / symbols, and
-
tls\u2013Getting Thread Local Storage (TLS) information.
-
typeinfo\u2013Common types.
-
vmmap\u2013 -
vmmap_custom\u2013
Functions:
-
load_aglib\u2013
"},{"location":"reference/pwndbg/aglib/arch/","title":"pwndbg.aglib.arch","text":""},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch","title":"arch","text":"load_aglib()\nFunctions:
-
read_thumb_bit\u2013Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
-
get_thumb_mode_string\u2013 -
update\u2013
Attributes:
-
arch(Arch) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.read_thumb_bit","title":"read_thumb_bit","text":"arch: Arch = Arch('i386', 4, 'little')\nread_thumb_bit() -> int | None\nReturn 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.get_thumb_mode_string","title":"get_thumb_mode_string","text":"
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.update","title":"update","text":"get_thumb_mode_string() -> Literal['arm', 'thumb'] | None\n
"},{"location":"reference/pwndbg/aglib/argv/","title":"pwndbg.aglib.argv","text":""},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv","title":"argv","text":"update() -> None\nFunctions:
-
update\u2013 -
update_state\u2013 -
argc\u2013 -
argv\u2013 -
envc\u2013 -
envp\u2013 -
environ\u2013
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.update_state","title":"update_state","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argc","title":"argc","text":"update_state() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argv","title":"argv","text":"argc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envc","title":"envc","text":"argv(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envp","title":"envp","text":"envc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.environ","title":"environ","text":"envp(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/ctypes/","title":"pwndbg.aglib.ctypes","text":""},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes","title":"ctypes","text":"environ(name: str) -> Value | None\nOn-the-fly endianness switching for ctypes structures.
We cannot make use of ctypes.LittleEndianStructure and ctypes.BigEndianStructure, since these use metaclass hooks to catch fields being set when the class is declared.
We need to catch on the fly. We do this by swapping out the base classes of the Structure type, and incurring a performance penalty for foreign-endianness targets.
Functions:
-
update\u2013
Attributes:
-
module\u2013 -
Structure\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.Structure","title":"Structuremodule = modules[__name__]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.update","title":"update","text":"Structure = LittleEndianStructure\n
"},{"location":"reference/pwndbg/aglib/disasm/","title":"pwndbg.aglib.disasm","text":""},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm","title":"disasm","text":"update() -> None\nFunctionality for disassmebling code at an address, or at an address \u00b1 a few instructions.
Modules:
-
aarch64\u2013 -
arch\u2013 -
arm\u2013 -
instruction\u2013 -
mips\u2013 -
ppc\u2013 -
riscv\u2013 -
sparc\u2013 -
x86\u2013
Functions:
-
enhance_cache_listener\u2013 -
clear_on_reg_mem_change\u2013 -
get_disassembler_cached\u2013 -
get_disassembler\u2013 -
get_one_instruction\u2013If passed an emulator, this will pass it to the DisassemblyAssistant which will
-
one\u2013 -
one_raw\u2013 -
get\u2013 -
can_run_first_emulate\u2013Disable the emulate config variable if we don't have enough memory to use it
-
no_emulate_one\u2013 -
emulate_one\u2013 -
one_with_config\u2013Returns a single Pwndbg Instruction at the current PC.
-
near\u2013Disasms instructions near given
address. Passingemulatemakes use of
Attributes:
-
CapstoneArch\u2013 -
CapstoneEndian\u2013 -
CapstoneMode\u2013 -
CapstoneSyntax\u2013 -
VariableInstructionSizeMax\u2013 -
next_addresses_cache(set[int]) \u2013 -
backward_cache(DefaultDict[int, int]) \u2013 -
computed_instruction_cache(DefaultDict[int, PwndbgInstruction]) \u2013 -
emulated_arm_mode_cache(DefaultDict[int, int]) \u2013 -
first_time_emulate\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.CapstoneEndian","title":"CapstoneEndianCapstoneArch = {\n \"arm\": CS_ARCH_ARM,\n \"armcm\": CS_ARCH_ARM,\n \"aarch64\": CS_ARCH_ARM64,\n \"i386\": CS_ARCH_X86,\n \"i8086\": CS_ARCH_X86,\n \"x86-64\": CS_ARCH_X86,\n \"powerpc\": CS_ARCH_PPC,\n \"mips\": CS_ARCH_MIPS,\n \"sparc\": CS_ARCH_SPARC,\n \"rv32\": CS_ARCH_RISCV,\n \"rv64\": CS_ARCH_RISCV,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.CapstoneMode","title":"CapstoneModeCapstoneEndian = {'little': CS_MODE_LITTLE_ENDIAN, 'big': CS_MODE_BIG_ENDIAN}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.CapstoneSyntax","title":"CapstoneSyntaxCapstoneMode = {4: CS_MODE_32, 8: CS_MODE_64}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.VariableInstructionSizeMax","title":"VariableInstructionSizeMaxCapstoneSyntax = {'intel': CS_OPT_SYNTAX_INTEL, 'att': CS_OPT_SYNTAX_ATT}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.next_addresses_cache","title":"next_addresses_cacheVariableInstructionSizeMax = {\n \"i386\": 16,\n \"x86-64\": 16,\n \"i8086\": 16,\n \"mips\": 8,\n \"rv32\": 22,\n \"rv64\": 22,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.backward_cache","title":"backward_cachenext_addresses_cache: set[int] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.computed_instruction_cache","title":"computed_instruction_cachebackward_cache: DefaultDict[int, int] = defaultdict(lambda: None)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.emulated_arm_mode_cache","title":"emulated_arm_mode_cachecomputed_instruction_cache: DefaultDict[int, PwndbgInstruction] = defaultdict(\n lambda: None\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.first_time_emulate","title":"first_time_emulateemulated_arm_mode_cache: DefaultDict[int, int] = defaultdict(lambda: None)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.enhance_cache_listener","title":"enhance_cache_listener","text":"first_time_emulate = True\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.clear_on_reg_mem_change","title":"clear_on_reg_mem_change","text":"enhance_cache_listener() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.get_disassembler_cached","title":"get_disassembler_cached","text":"clear_on_reg_mem_change() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.get_disassembler","title":"get_disassembler","text":"get_disassembler_cached(arch, ptrsize: int, endian, extra=None)\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.get_one_instruction","title":"get_one_instruction","text":"get_disassembler(address)\nget_one_instruction(\n address,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n) -> PwndbgInstruction\nIf passed an emulator, this will pass it to the DisassemblyAssistant which will single_step the emulator to determine the operand values before and after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.one","title":"one","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.one_raw","title":"one_raw","text":"one(\n address=None,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n put_backward_cache=True,\n) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.get","title":"get","text":"one_raw(address=None) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.can_run_first_emulate","title":"can_run_first_emulate","text":"get(\n address,\n instructions=1,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n) -> list[PwndbgInstruction]\ncan_run_first_emulate() -> bool\nDisable the emulate config variable if we don't have enough memory to use it See #1534 And unicorn-engine/unicorn!1743
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.no_emulate_one","title":"no_emulate_one","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.emulate_one","title":"emulate_one","text":"no_emulate_one()\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.one_with_config","title":"one_with_config","text":"emulate_one()\none_with_config()\nReturns a single Pwndbg Instruction at the current PC.
Emulation determined by the
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.near","title":"near","text":"pwndbg.config.emulatesetting.near(\n address,\n instructions=1,\n emulate=False,\n show_prev_insns=True,\n use_cache=False,\n linear=False,\n) -> tuple[list[PwndbgInstruction], int]\nDisasms instructions near given
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/","title":"pwndbg.aglib.disasm.aarch64","text":""},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64","title":"aarch64","text":"address. Passingemulatemakes use of unicorn engine to emulate instructions to predict branches that will be taken.show_prev_insnsmakes this show previously cached instructions (this is mostly used by context's disasm display, so user see what was previously)Classes:
-
DisassemblyAssistant\u2013
Functions:
-
resolve_condition\u2013Given a condition and the NZCV flag bits, determine when the condition is satisfied
Attributes:
-
AARCH64_SINGLE_LOAD_INSTRUCTIONS(dict[int, int | None]) \u2013 -
AARCH64_SINGLE_STORE_INSTRUCTIONS(dict[int, int | None]) \u2013 -
AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS\u2013 -
CONDITIONAL_SELECT_INSTRUCTIONS\u2013 -
AARCH64_EMULATED_ANNOTATIONS\u2013 -
AARCH64_BIT_SHIFT_MAP(dict[int, Callable[[int, int, int], int]]) \u2013 -
AARCH64_EXTEND_MAP(dict[int, Callable[[int], int]]) \u2013 -
AARCH64_MATH_INSTRUCTIONS\u2013 -
assistant\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SINGLE_STORE_INSTRUCTIONS","title":"AARCH64_SINGLE_STORE_INSTRUCTIONSAARCH64_SINGLE_LOAD_INSTRUCTIONS: dict[int, int | None] = {\n ARM64_INS_LDRB: 1,\n ARM64_INS_LDURB: 1,\n ARM64_INS_LDRSB: -1,\n ARM64_INS_LDURSB: -1,\n ARM64_INS_LDRH: 2,\n ARM64_INS_LDURH: 2,\n ARM64_INS_LDRSH: -2,\n ARM64_INS_LDURSH: -2,\n ARM64_INS_LDURSW: -4,\n ARM64_INS_LDRSW: -4,\n ARM64_INS_LDUR: None,\n ARM64_INS_LDR: None,\n ARM64_INS_LDTRB: 1,\n ARM64_INS_LDTRSB: -1,\n ARM64_INS_LDTRH: 2,\n ARM64_INS_LDTRSH: -2,\n ARM64_INS_LDTRSW: -4,\n ARM64_INS_LDTR: None,\n ARM64_INS_LDXRB: 1,\n ARM64_INS_LDXRH: 2,\n ARM64_INS_LDXR: None,\n ARM64_INS_LDARB: 1,\n ARM64_INS_LDARH: 2,\n ARM64_INS_LDAR: None,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS","title":"AARCH64_EXCLUSIVE_STORE_INSTRUCTIONSAARCH64_SINGLE_STORE_INSTRUCTIONS: dict[int, int | None] = {\n ARM64_INS_STRB: 1,\n ARM64_INS_STURB: 1,\n ARM64_INS_STRH: 2,\n ARM64_INS_STURH: 2,\n ARM64_INS_STUR: None,\n ARM64_INS_STR: None,\n ARM64_INS_STTRB: 1,\n ARM64_INS_STTRH: 2,\n ARM64_INS_STTR: None,\n ARM64_INS_STLRB: 1,\n ARM64_INS_STLRH: 2,\n ARM64_INS_STLR: None,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.CONDITIONAL_SELECT_INSTRUCTIONS","title":"CONDITIONAL_SELECT_INSTRUCTIONSAARCH64_EXCLUSIVE_STORE_INSTRUCTIONS = {\n ARM64_INS_STXRB: 1,\n ARM64_INS_STXRH: 2,\n ARM64_INS_STXR: None,\n ARM64_INS_STLXRB: 1,\n ARM64_INS_STLXRH: 2,\n ARM64_INS_STLXR: None,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EMULATED_ANNOTATIONS","title":"AARCH64_EMULATED_ANNOTATIONSCONDITIONAL_SELECT_INSTRUCTIONS = {\n ARM64_INS_CSEL,\n ARM64_INS_CSINC,\n ARM64_INS_CSINV,\n ARM64_INS_CSNEG,\n ARM64_INS_CSET,\n ARM64_INS_CSETM,\n ARM64_INS_CINC,\n ARM64_INS_CINV,\n ARM64_INS_CNEG,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_BIT_SHIFT_MAP","title":"AARCH64_BIT_SHIFT_MAPAARCH64_EMULATED_ANNOTATIONS = CONDITIONAL_SELECT_INSTRUCTIONS | {\n ARM64_INS_SXTB,\n ARM64_INS_SXTH,\n ARM64_INS_SXTW,\n ARM64_INS_UXTB,\n ARM64_INS_UXTH,\n ARM64_INS_UXTW,\n ARM64_INS_RBIT,\n ARM64_INS_CLS,\n ARM64_INS_CLZ,\n ARM64_INS_BFXIL,\n ARM64_INS_UBFIZ,\n ARM64_INS_UBFM,\n ARM64_INS_UBFX,\n ARM64_INS_SBFIZ,\n ARM64_INS_SBFM,\n ARM64_INS_SBFX,\n ARM64_INS_BFI,\n ARM64_INS_NEG,\n ARM64_INS_NEGS,\n ARM64_INS_REV,\n ARM64_INS_BIC,\n ARM64_INS_BICS,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXTEND_MAP","title":"AARCH64_EXTEND_MAPAARCH64_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n ARM64_SFT_LSL: logical_shift_left,\n ARM64_SFT_LSR: logical_shift_right,\n ARM64_SFT_ASR: arithmetic_shift_right,\n ARM64_SFT_ROR: rotate_right,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_MATH_INSTRUCTIONS","title":"AARCH64_MATH_INSTRUCTIONSAARCH64_EXTEND_MAP: dict[int, Callable[[int], int]] = {\n ARM64_EXT_UXTB: lambda x: x & 1 << 8 - 1,\n ARM64_EXT_UXTH: lambda x: x & 1 << 16 - 1,\n ARM64_EXT_UXTW: lambda x: x & 1 << 32 - 1,\n ARM64_EXT_UXTX: lambda x: x,\n ARM64_EXT_SXTB: lambda x: to_signed(x, 8),\n ARM64_EXT_SXTH: lambda x: to_signed(x, 16),\n ARM64_EXT_SXTW: lambda x: to_signed(x, 32),\n ARM64_EXT_SXTX: lambda x: to_signed(x, 64),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.assistant","title":"assistantAARCH64_MATH_INSTRUCTIONS = {\n ARM64_INS_ADD: \"+\",\n ARM64_INS_ADDS: \"+\",\n ARM64_INS_SUB: \"-\",\n ARM64_INS_SUBS: \"-\",\n ARM64_INS_AND: \"&\",\n ARM64_INS_ANDS: \"&\",\n ARM64_INS_ORR: \"&\",\n ARM64_INS_ASR: \">>s\",\n ARM64_INS_ASRV: \">>s\",\n ARM64_INS_EOR: \"^\",\n ARM64_INS_LSL: \"<<\",\n ARM64_INS_LSLV: \"<<\",\n ARM64_INS_LSR: \">>\",\n ARM64_INS_LSRV: \">>\",\n ARM64_INS_UDIV: \"/\",\n ARM64_INS_SDIV: \"/\",\n ARM64_INS_SMULH: \"*\",\n ARM64_INS_SMULL: \"*\",\n ARM64_INS_UMULH: \"*\",\n ARM64_INS_UMULL: \"*\",\n ARM64_INS_MUL: \"*\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant","title":"DisassemblyAssistant","text":"assistant = DisassemblyAssistant('aarch64')\nDisassemblyAssistant(architecture: str)\nBases:
DisassemblyAssistantMethods:
-
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
annotation_handlers(dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.assistants","title":"assistantsannotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n ARM64_INS_MOV: _common_move_annotator,\n ARM64_INS_MOVK: _common_generic_register_destination,\n ARM64_INS_ADR: _common_generic_register_destination,\n ARM64_INS_ADRP: _handle_adrp,\n ARM64_INS_CMP: _common_cmp_annotator_builder(\"cpsr\", \"-\"),\n ARM64_INS_CMN: _common_cmp_annotator_builder(\"cpsr\", \"+\"),\n ARM64_INS_TST: _common_cmp_annotator_builder(\"cpsr\", \"&\"),\n ARM64_INS_CCMP: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n ARM64_INS_CCMN: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.for_current_arch","title":"for_current_archop_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.resolve_condition","title":"resolve_condition","text":"resolve_condition(condition: int, cpsr: int) -> InstructionCondition\nGiven a condition and the NZCV flag bits, determine when the condition is satisfied
The condition is a Capstone constant
"},{"location":"reference/pwndbg/aglib/disasm/arch/","title":"pwndbg.aglib.disasm.arch","text":""},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch","title":"arch","text":"Classes:
-
DisassemblyAssistant\u2013
Functions:
-
syntax_highlight\u2013 -
register_assign\u2013 -
memory_assign\u2013 -
memory_or_register_assign\u2013Used when we don't know until runtime whether a codepath will annotate a register or memory location.
Attributes:
-
DEBUG_ENHANCEMENT\u2013 -
groups\u2013 -
ops\u2013 -
access\u2013 -
DO_NOT_EMULATE\u2013 -
generic_assistant\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.groups","title":"groupsDEBUG_ENHANCEMENT = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.ops","title":"opsgroups = {v: _cfor (k, v) in items() if startswith('CS_GRP_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.access","title":"accessops = {v: _Sfor (k, v) in items() if startswith('CS_OP_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DO_NOT_EMULATE","title":"DO_NOT_EMULATEaccess = {v: _Kfor (k, v) in items() if startswith('CS_AC_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.generic_assistant","title":"generic_assistantDO_NOT_EMULATE = {CS_GRP_INT, CS_GRP_INVALID, CS_GRP_IRET}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant","title":"DisassemblyAssistant","text":"generic_assistant = DisassemblyAssistant(None)\nDisassemblyAssistant(architecture: str)\nMethods:
-
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.for_current_arch","title":"for_current_archop_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.syntax_highlight","title":"syntax_highlight","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.register_assign","title":"register_assign","text":"syntax_highlight(ins)\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_assign","title":"memory_assign","text":"register_assign(left: str, right: str) -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_or_register_assign","title":"memory_or_register_assign","text":"memory_assign(left: str, right: str) -> str\nmemory_or_register_assign(left: str, right: str, mem_assign: bool) -> str\nUsed when we don't know until runtime whether a codepath will annotate a register or memory location.
"},{"location":"reference/pwndbg/aglib/disasm/arm/","title":"pwndbg.aglib.disasm.arm","text":""},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm","title":"arm","text":"Classes:
-
DisassemblyAssistant\u2013
Functions:
-
first_op_is_pc\u2013 -
ops_contain_pc\u2013
Attributes:
-
ARM_BIT_SHIFT_MAP(dict[int, Callable[[int, int, int], int]]) \u2013 -
ARM_SINGLE_LOAD_INSTRUCTIONS\u2013 -
ARM_SINGLE_STORE_INSTRUCTIONS\u2013 -
ARM_EXCLUSIVE_STORE_INSTRUCTIONS\u2013 -
ARM_MATH_INSTRUCTIONS\u2013 -
ARM_SHIFT_INSTRUCTIONS\u2013 -
ARM_CAN_WRITE_TO_PC(dict[int, Callable[[PwndbgInstruction], bool]]) \u2013 -
assistant\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_LOAD_INSTRUCTIONS","title":"ARM_SINGLE_LOAD_INSTRUCTIONSARM_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n ARM_SFT_ASR: arithmetic_shift_right,\n ARM_SFT_LSL: logical_shift_left,\n ARM_SFT_LSR: logical_shift_right,\n ARM_SFT_ROR: rotate_right,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_STORE_INSTRUCTIONS","title":"ARM_SINGLE_STORE_INSTRUCTIONSARM_SINGLE_LOAD_INSTRUCTIONS = {\n ARM_INS_LDRB: 1,\n ARM_INS_LDRSB: -1,\n ARM_INS_LDRH: 2,\n ARM_INS_LDRSH: -2,\n ARM_INS_LDR: 4,\n ARM_INS_LDRBT: 1,\n ARM_INS_LDRSBT: -1,\n ARM_INS_LDRHT: 2,\n ARM_INS_LDRSHT: -2,\n ARM_INS_LDRT: 4,\n ARM_INS_LDREXB: 1,\n ARM_INS_LDREXH: 2,\n ARM_INS_LDREX: 4,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_EXCLUSIVE_STORE_INSTRUCTIONS","title":"ARM_EXCLUSIVE_STORE_INSTRUCTIONSARM_SINGLE_STORE_INSTRUCTIONS = {\n ARM_INS_STRB: 1,\n ARM_INS_STRH: 2,\n ARM_INS_STR: 4,\n ARM_INS_STRBT: 1,\n ARM_INS_STRHT: 2,\n ARM_INS_STRT: 4,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_MATH_INSTRUCTIONS","title":"ARM_MATH_INSTRUCTIONSARM_EXCLUSIVE_STORE_INSTRUCTIONS = {\n ARM_INS_STREXB: 1,\n ARM_INS_STREXH: 2,\n ARM_INS_STREX: 4,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SHIFT_INSTRUCTIONS","title":"ARM_SHIFT_INSTRUCTIONSARM_MATH_INSTRUCTIONS = {\n ARM_INS_ADD: \"+\",\n ARM_INS_ADDW: \"+\",\n ARM_INS_SUB: \"-\",\n ARM_INS_ORR: \"|\",\n ARM_INS_AND: \"&\",\n ARM_INS_EOR: \"^\",\n ARM_INS_UDIV: \"/\",\n ARM_INS_SDIV: \"/\",\n ARM_INS_MUL: \"*\",\n ARM_INS_UMULL: \"*\",\n ARM_INS_SMULL: \"*\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_CAN_WRITE_TO_PC","title":"ARM_CAN_WRITE_TO_PCARM_SHIFT_INSTRUCTIONS = {\n ARM_INS_ASR: \">>s\",\n ARM_INS_LSR: \">>\",\n ARM_INS_LSL: \"<<\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.assistant","title":"assistantARM_CAN_WRITE_TO_PC: dict[int, Callable[[PwndbgInstruction], bool]] = {\n ARM_INS_ADD: first_op_is_pc,\n ARM_INS_SUB: first_op_is_pc,\n ARM_INS_SUBS: first_op_is_pc,\n ARM_INS_MOV: first_op_is_pc,\n ARM_INS_LDR: first_op_is_pc,\n ARM_INS_POP: ops_contain_pc,\n ARM_INS_LDM: ops_contain_pc,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant","title":"DisassemblyAssistant","text":"assistant = DisassemblyAssistant('armcm', 'xpsr')\nDisassemblyAssistant(architecture: str, flags_reg: Literal['cpsr', 'xpsr'])\nBases:
DisassemblyAssistantMethods:
-
read_thumb_bit\u2013 -
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
flags_reg\u2013 -
annotation_handlers(dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.annotation_handlers","title":"annotation_handlersflags_reg = flags_reg\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.assistants","title":"assistantsannotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n ARM_INS_MOV: _common_move_annotator,\n ARM_INS_MOVW: _common_move_annotator,\n ARM_INS_MOVT: _common_generic_register_destination,\n ARM_INS_MVN: _common_generic_register_destination,\n ARM_INS_CMP: _common_cmp_annotator_builder(flags_reg, \"-\"),\n ARM_INS_CMN: _common_cmp_annotator_builder(flags_reg, \"+\"),\n ARM_INS_TST: _common_cmp_annotator_builder(flags_reg, \"&\"),\n ARM_INS_TEQ: _common_cmp_annotator_builder(flags_reg, \"^\"),\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.read_thumb_bit","title":"read_thumb_bit","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.for_current_arch","title":"for_current_archread_thumb_bit(instruction: PwndbgInstruction, emu: Emulator) -> int | None\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.first_op_is_pc","title":"first_op_is_pc","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ops_contain_pc","title":"ops_contain_pc","text":"first_op_is_pc(i: PwndbgInstruction) -> bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/","title":"pwndbg.aglib.disasm.instruction","text":""},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction","title":"instruction","text":"ops_contain_pc(i: PwndbgInstruction) -> bool\nClasses:
-
InstructionCondition\u2013 -
SplitType\u2013 -
PwndbgInstruction\u2013 -
PwndbgInstructionImpl\u2013 -
EnhancedOperand\u2013 -
ManualPwndbgInstruction\u2013
Functions:
-
boolean_to_instruction_condition\u2013
Attributes:
-
UNCONDITIONAL_JUMP_INSTRUCTIONS(dict[int, set[int]]) \u2013 -
BRANCH_AND_LINK_INSTRUCTIONS(dict[int, set[int]]) \u2013 -
GENERIC_UNCONDITIONAL_JUMP_GROUPS\u2013 -
GENERIC_JUMP_GROUPS\u2013 -
ALL_JUMP_GROUPS\u2013 -
FORWARD_JUMP_GROUP\u2013 -
CAPSTONE_ARCH_MAPPING_STRING\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.BRANCH_AND_LINK_INSTRUCTIONS","title":"BRANCH_AND_LINK_INSTRUCTIONSUNCONDITIONAL_JUMP_INSTRUCTIONS: dict[int, set[int]] = {\n CS_ARCH_X86: {X86_INS_JMP},\n CS_ARCH_MIPS: {\n MIPS_INS_J,\n MIPS_INS_JR,\n MIPS_INS_JAL,\n MIPS_INS_JALR,\n MIPS_INS_BAL,\n MIPS_INS_B,\n },\n CS_ARCH_SPARC: {SPARC_INS_JMP, SPARC_INS_JMPL},\n CS_ARCH_ARM: {ARM_INS_TBB, ARM_INS_TBH},\n CS_ARCH_ARM64: {ARM64_INS_BL, ARM64_INS_BLR, ARM64_INS_BR},\n CS_ARCH_RISCV: {\n RISCV_INS_JAL,\n RISCV_INS_JALR,\n RISCV_INS_C_JAL,\n RISCV_INS_C_JALR,\n RISCV_INS_C_J,\n RISCV_INS_C_JR,\n },\n CS_ARCH_PPC: {PPC_INS_B, PPC_INS_BA, PPC_INS_BL, PPC_INS_BLA},\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.GENERIC_UNCONDITIONAL_JUMP_GROUPS","title":"GENERIC_UNCONDITIONAL_JUMP_GROUPSBRANCH_AND_LINK_INSTRUCTIONS: dict[int, set[int]] = defaultdict(set)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.GENERIC_JUMP_GROUPS","title":"GENERIC_JUMP_GROUPSGENERIC_UNCONDITIONAL_JUMP_GROUPS = {CS_GRP_CALL, CS_GRP_RET, CS_GRP_IRET}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ALL_JUMP_GROUPS","title":"ALL_JUMP_GROUPSGENERIC_JUMP_GROUPS = {CS_GRP_JUMP, CS_GRP_BRANCH_RELATIVE}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.FORWARD_JUMP_GROUP","title":"FORWARD_JUMP_GROUPALL_JUMP_GROUPS = GENERIC_JUMP_GROUPS | GENERIC_UNCONDITIONAL_JUMP_GROUPS\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.CAPSTONE_ARCH_MAPPING_STRING","title":"CAPSTONE_ARCH_MAPPING_STRINGFORWARD_JUMP_GROUP = {CS_GRP_CALL} | GENERIC_JUMP_GROUPS\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition","title":"InstructionCondition","text":"CAPSTONE_ARCH_MAPPING_STRING = {\n CS_ARCH_ARM: \"arm\",\n CS_ARCH_ARM64: \"aarch64\",\n CS_ARCH_X86: \"x86\",\n CS_ARCH_PPC: \"powerpc\",\n CS_ARCH_MIPS: \"mips\",\n CS_ARCH_SPARC: \"sparc\",\n CS_ARCH_RISCV: \"RISCV\",\n}\nBases:
EnumAttributes:
-
TRUE\u2013 -
FALSE\u2013 -
UNDETERMINED\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.FALSE","title":"FALSETRUE = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.UNDETERMINED","title":"UNDETERMINEDFALSE = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType","title":"SplitType","text":"UNDETERMINED = 3\nBases:
EnumAttributes:
-
NO_SPLIT\u2013 -
BRANCH_TAKEN\u2013 -
BRANCH_NOT_TAKEN\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_TAKEN","title":"BRANCH_TAKENNO_SPLIT = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_NOT_TAKEN","title":"BRANCH_NOT_TAKENBRANCH_TAKEN = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction","title":"PwndbgInstruction","text":"BRANCH_NOT_TAKEN = 3\nBases:
ProtocolMethods:
-
op_find\u2013 -
op_count\u2013
Attributes:
-
cs_insn(CsInsn) \u2013 -
address(int) \u2013 -
size(int) \u2013 -
mnemonic(str) \u2013 -
op_str(str) \u2013 -
groups(set[int]) \u2013 -
id(int) \u2013 -
operands(list[EnhancedOperand]) \u2013 -
asm_string(str) \u2013 -
next(int) \u2013 -
target(int) \u2013 -
target_string(str | None) \u2013 -
target_const(bool | None) \u2013 -
condition(InstructionCondition) \u2013 -
declare_conditional(bool | None) \u2013 -
declare_is_unconditional_jump(bool) \u2013 -
force_unconditional_jump_target(bool) \u2013 -
annotation(str | None) \u2013 -
annotation_padding(int | None) \u2013 -
syscall(int | None) \u2013 -
syscall_name(str | None) \u2013 -
causes_branch_delay(bool) \u2013 -
split(SplitType) \u2013 -
emulated(bool) \u2013 -
call_like(bool) \u2013 -
jump_like(bool) \u2013 -
has_jump_target(bool) \u2013 -
is_conditional_jump(bool) \u2013 -
is_unconditional_jump(bool) \u2013 -
is_conditional_jump_taken(bool) \u2013 -
bytes(bytearray) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.address","title":"addresscs_insn: CsInsn\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.size","title":"sizeaddress: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.mnemonic","title":"mnemonicsize: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_str","title":"op_strmnemonic: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.groups","title":"groupsop_str: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.id","title":"idgroups: set[int]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.operands","title":"operandsid: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.asm_string","title":"asm_stringoperands: list[EnhancedOperand]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.next","title":"nextasm_string: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target","title":"targetnext: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_string","title":"target_stringtarget: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_const","title":"target_consttarget_string: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.condition","title":"conditiontarget_const: bool | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.declare_conditional","title":"declare_conditionalcondition: InstructionCondition\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jumpdeclare_conditional: bool | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_targetdeclare_is_unconditional_jump: bool\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation","title":"annotationforce_unconditional_jump_target: bool\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation_padding","title":"annotation_paddingannotation: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall","title":"syscallannotation_padding: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall_name","title":"syscall_namesyscall: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.causes_branch_delay","title":"causes_branch_delaysyscall_name: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.split","title":"splitcauses_branch_delay: bool\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.emulated","title":"emulatedsplit: SplitType\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.call_like","title":"call_likeemulated: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.jump_like","title":"jump_likecall_like: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.has_jump_target","title":"has_jump_targetjump_like: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump","title":"is_conditional_jumphas_jump_target: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jumpis_conditional_jump: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_takenis_unconditional_jump: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.bytes","title":"bytesis_conditional_jump_taken: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_find","title":"op_find","text":"bytes: bytearray\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_count","title":"op_count","text":"op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl","title":"PwndbgInstructionImpl","text":"op_count(op_type: int) -> int\nPwndbgInstructionImpl(cs_insn: CsInsn)\nBases:
PwndbgInstructionMethods:
-
op_find\u2013Get the operand at position @position of all operands having the same type @op_type
-
op_count\u2013Return number of operands having same operand Capstone type 'op_type'
-
__repr__\u2013
Attributes:
-
cs_insn(CsInsn) \u2013The underlying Capstone instruction object.
-
address(int) \u2013 -
size(int) \u2013Length of the instruction
-
mnemonic(str) \u2013Ex: 'MOV'
-
op_str(str) \u2013Ex: 'RAX, RDX'
-
groups(set[int]) \u2013Capstone instruction groups that we belong to.
-
id(int) \u2013The underlying Capstone ID for the instruction
-
operands(list[EnhancedOperand]) \u2013 -
asm_string(str) \u2013The full string representing the instruction -
mov rdi, rspwith appropriate padding. -
next(int) \u2013This is the address that the instruction pointer will be set to after using the \"nexti\" GDB command.
-
target(int) \u2013This is target of instructions that change the PC, regardless of if it's conditional or not,
-
target_string(str | None) \u2013String representation of the target address.
-
target_const(bool | None) \u2013Whether the target is a constant expression
-
condition(InstructionCondition) \u2013Does the condition that the instruction checks for pass?
-
declare_conditional(bool | None) \u2013This field is used to declare if the instruction is a conditional instruction.
-
declare_is_unconditional_jump(bool) \u2013This field is used to declare that this instruction is an unconditional jump.
-
force_unconditional_jump_target(bool) \u2013This asserts that the .target attribute is the real target of the instruction.
-
annotation(str | None) \u2013The string is set in the \"DisassemblyAssistant.enhance\" function.
-
annotation_padding(int | None) \u2013The left adjustment padding that was used to previously print this.
-
syscall(int | None) \u2013The syscall number for this instruction, if it is a syscall. Otherwise None.
-
syscall_name(str | None) \u2013The syscall name as a string
-
causes_branch_delay(bool) \u2013Whether or not this instruction has a single branch delay slot
-
split(SplitType) \u2013The type of split in the disasm display this instruction causes:
-
emulated(bool) \u2013If the enhancement successfully used emulation for this instruction
-
call_like(bool) \u2013True if this is a call-like instruction, meaning either it's a CALL or a branch and link.
-
jump_like(bool) \u2013True if this instruction is \"jump-like\", such as a JUMP, CALL, or RET.
-
has_jump_target(bool) \u2013True if we have determined that this instruction can explicitly change the program counter, and
-
is_conditional_jump(bool) \u2013True if this instruction can change the program counter conditionally.
-
is_unconditional_jump(bool) \u2013True if we know the instruction can change the program counter, and does so unconditionally.
-
is_conditional_jump_taken(bool) \u2013True if this is a conditional jump, and we predicted that we will take the jump
-
bytes(bytearray) \u2013Raw machine instruction bytes
instance-attribute","text":"cs_insn: CsInsn = cs_insn\nThe underlying Capstone instruction object. Only the enhancement code should access the 'cs_insn' property
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.address","title":"addressinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.size","title":"sizeaddress: int = address\ninstance-attribute","text":"size: int = size\nLength of the instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.mnemonic","title":"mnemonicinstance-attribute","text":"mnemonic: str = mnemonic\nEx: 'MOV'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_str","title":"op_strinstance-attribute","text":"op_str: str = op_str\nEx: 'RAX, RDX'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.groups","title":"groupsinstance-attribute","text":"groups: set[int] = set(groups)\nCapstone instruction groups that we belong to. Groups that apply to all architectures: CS_GRP_INVALID | CS_GRP_JUMP | CS_GRP_CALL | CS_GRP_RET | CS_GRP_INT | CS_GRP_IRET | CS_GRP_PRIVILEGE | CS_GRP_BRANCH_RELATIVE
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.id","title":"idinstance-attribute","text":"id: int = id\nThe underlying Capstone ID for the instruction Examples: X86_INS_JMP, X86_INS_CALL, RISCV_INS_C_JAL
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.operands","title":"operandsinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.asm_string","title":"asm_stringoperands: list[EnhancedOperand] = [EnhancedOperand(op) for op in operands]\ninstance-attribute","text":"asm_string: str = f'{mnemonic} {op_str}'\nThe full string representing the instruction -
mov rdi, rspwith appropriate padding.This is syntax highlighted during enhancement.
This is additionally modified during enhancement for the purposes of replacing immediate values with their corresponding symbols
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.next","title":"nextinstance-attribute","text":"next: int = address + size\nThis is the address that the instruction pointer will be set to after using the \"nexti\" GDB command. This means it is the address of the next instruction to be executed in all cases except \"call\" instructions.
Typically, it is
self.address + self.size(the next instruction in memory)If it is a jump and we know it is taken, then it is the value of the jump target.
Not set to \"call\" instruction targets, to indicate we will eventually (probably) return to this address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target","title":"targetinstance-attribute","text":"target: int = None\nThis is target of instructions that change the PC, regardless of if it's conditional or not, and whether or not we take the jump. This includes \"call\" and all other instructions that set the PC
If the instruction is not one that changes the PC, target is set to \"next\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_string","title":"target_stringinstance-attribute","text":"target_string: str | None = None\nString representation of the target address.
Colorized symbol if a symbol exists at address, else colorized address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_const","title":"target_constinstance-attribute","text":"target_const: bool | None = None\nWhether the target is a constant expression
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.condition","title":"conditioninstance-attribute","text":"condition: InstructionCondition = UNDETERMINED\nDoes the condition that the instruction checks for pass?
For example, \"JNE\" jumps if Zero Flag is 0, else it does nothing. \"CMOVA\" conditionally performs a move depending on a flag. See 'condition' function in pwndbg.aglib.disasm.x86 for example on setting this.
UNDETERMINED if we cannot reason about the condition, or if the instruction always executes unconditionally (most instructions).
TRUE if the instruction has a conditional action, and we determine it is taken.
FALSE if the instruction has a conditional action, and we know it is not taken.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.declare_conditional","title":"declare_conditionalinstance-attribute","text":"declare_conditional: bool | None = None\nThis field is used to declare if the instruction is a conditional instruction. In most cases, we can determine this purely based on the instruction ID, and this field is irrelevent. However, in some arches, like Arm, the same instruction can be made conditional by certain instruction attributes. Ex: Arm,
blsinstruction. This is encoded as ab(Capstone ID 11) under the code, with an additional condition code field. In this case, sometimes abinstruction (ID 11) is unconditional (always branches), in other cases it is conditional. We use this field to disambiguate these cases.True if we manually determine this instruction is a conditional instruction False if it's not a conditional instruction None if we don't have a determination (most cases)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.declare_is_unconditional_jump","title":"declare_is_unconditional_jumpinstance-attribute","text":"declare_is_unconditional_jump: bool = False\nThis field is used to declare that this instruction is an unconditional jump. Most of the type, we depend on Capstone groups to check for jump instructions, but sometimes these are lacking, such as in the case of general-purpose instructions where the PC is the destination register, such as Arm
add,sub,ldr, andpopinstructions.In these cases, we want to forcefully state that this instruction mutates the PC, so we set this attribute to True.
This helps in two cases: 1. Disassembly splits 2. Instructions like
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.force_unconditional_jump_target","title":"force_unconditional_jump_targetstepuntilasmwork better, as they detect these as branches to stop at.instance-attribute","text":"force_unconditional_jump_target: bool = False\nThis asserts that the .target attribute is the real target of the instruction. This is only relevent in the edge case that the target is the next instruction in memory (address + size). The normal check for \"target\" checks that the target is NOT the next address in memory, and here we can assert that even if that is the case, we know that the jump really does just go to where self.target is.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation","title":"annotationinstance-attribute","text":"annotation: str | None = None\nThe string is set in the \"DisassemblyAssistant.enhance\" function. It is used in the disasm print view to add context to the instruction, mostly operand value. This string is not used for all cases - if the instruction is a call or a jump, the 'target'. variables is used instead. See 'pwndbg.color.disasm.instruction()' for specific usage.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation_padding","title":"annotation_paddinginstance-attribute","text":"annotation_padding: int | None = None\nThe left adjustment padding that was used to previously print this. We retain it so the output is consistent between prints
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall","title":"syscallinstance-attribute","text":"syscall: int | None = None\nThe syscall number for this instruction, if it is a syscall. Otherwise None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall_name","title":"syscall_nameinstance-attribute","text":"syscall_name: str | None = None\nThe syscall name as a string
Ex: \"openat\", \"read\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.causes_branch_delay","title":"causes_branch_delayinstance-attribute","text":"causes_branch_delay: bool = False\nWhether or not this instruction has a single branch delay slot
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.split","title":"splitinstance-attribute","text":"split: SplitType = NO_SPLIT\nThe type of split in the disasm display this instruction causes:
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.emulated","title":"emulatedNO_SPLIT - no extra spacing between this and the next instruction\nBRANCH_TAKEN - a newline with an arrow pointing down\nBRANCH_NOT_TAKEN - an empty newline\ninstance-attribute","text":"emulated: bool = False\nIf the enhancement successfully used emulation for this instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.call_like","title":"call_likeproperty","text":"call_like: bool\nTrue if this is a call-like instruction, meaning either it's a CALL or a branch and link.
Checking for the CS_GRP_CALL is insufficient, as there are many \"branch and link\" instructions that are not labeled as a call
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.jump_like","title":"jump_likeproperty","text":"jump_like: bool\nTrue if this instruction is \"jump-like\", such as a JUMP, CALL, or RET. Basically, the PC is set to some target by means of this instruction.
It may still be a conditional jump - this property does not indicate whether the jump is taken or not.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.has_jump_target","title":"has_jump_targetproperty","text":"has_jump_target: bool\nTrue if we have determined that this instruction can explicitly change the program counter, and we have determined the jump target.
Edge case - the jump target MAY be the next address in memory - so we check force_unconditional_jump_target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump","title":"is_conditional_jumpproperty","text":"is_conditional_jump: bool\nTrue if this instruction can change the program counter conditionally.
This is used, in part, to determine if the instruction deserves a \"checkmark\" in the disasm view.
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_unconditional_jump","title":"is_unconditional_jumpproperty","text":"is_unconditional_jump: bool\nTrue if we know the instruction can change the program counter, and does so unconditionally.
This includes things like RET, CALL, and JMP (in x86).
This property is used in enhancement to determine certain codepaths when resolving .next for this instruction.
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump_taken","title":"is_conditional_jump_takenproperty","text":"is_conditional_jump_taken: bool\nTrue if this is a conditional jump, and we predicted that we will take the jump
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.bytes","title":"bytesproperty","text":"bytes: bytearray\nRaw machine instruction bytes
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_find","title":"op_find","text":"op_find(op_type: int, position: int) -> EnhancedOperand\nGet the operand at position @position of all operands having the same type @op_type
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_count","title":"op_count","text":"op_count(op_type: int) -> int\nReturn number of operands having same operand Capstone type 'op_type'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.__repr__","title":"__repr__","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand","title":"EnhancedOperand","text":"__repr__() -> str\nEnhancedOperand(cs_op)\nMethods:
-
__repr__\u2013
Attributes:
-
cs_op(Any) \u2013Underlying Capstone operand. Takes on a different value depending on the architecture.
-
before_value(int | None) \u2013The value of the operand before the instruction executes.
-
after_value(int | None) \u2013The value of the operand after the instruction executes.
-
before_value_resolved(int | None) \u2013The 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes.
-
before_value_no_modifiers(int | None) \u2013This is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm.
-
after_value_resolved(int | None) \u2013The 'resolved' value of the operand after the instruction executes.
-
str(str | None) \u2013String representing the operand
-
symbol(str | None) \u2013Colorized symbol name for this operand, if .before_value is set and symbol exists, else None.
-
type(int) \u2013CS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
-
reg(int) \u2013The underlying Capstone ID for the register
-
imm(int) \u2013The immediate value of the operand (if applicable)
-
mem(Any) \u2013Return the underlying Capstone mem object (if applicable)
instance-attribute","text":"cs_op: Any = cs_op\nUnderlying Capstone operand. Takes on a different value depending on the architecture.
x86 = capstone.x86.X86Op, arm = capstone.arm.ArmOp, mips = capstone.mips.MipsOp
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value","title":"before_valueinstance-attribute","text":"before_value: int | None = None\nThe value of the operand before the instruction executes. This is set only if the operand value can be reasoned about.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value","title":"after_valueinstance-attribute","text":"after_value: int | None = None\nThe value of the operand after the instruction executes. Only set when using emulation.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_resolved","title":"before_value_resolvedinstance-attribute","text":"before_value_resolved: int | None = None\nThe 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes. This is the same as before_value if it's not a memory operand, in which cases it's the dereferenced value.
Helpful for cases like
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_no_modifiers","title":"before_value_no_modifierscmp byte ptr [rip + 0x166669], 0, where first operand could be a register or a memory value to dereference, and we want the actual value used.instance-attribute","text":"before_value_no_modifiers: int | None = None\nThis is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm. Capstone bundles the modifier with the operand, and when we are resolving concrete operand values, we apply the modifier. However, in some annotations we need to un-modified raw register value, which is what this field is for.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value_resolved","title":"after_value_resolvedinstance-attribute","text":"after_value_resolved: int | None = None\nThe 'resolved' value of the operand after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.str","title":"strinstance-attribute","text":"str: str | None = ''\nString representing the operand
Ex: \"RAX\", or \"[0x7fffffffd9e8]\". None if value cannot be determined.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.symbol","title":"symbolinstance-attribute","text":"symbol: str | None = None\nColorized symbol name for this operand, if .before_value is set and symbol exists, else None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.type","title":"typeproperty","text":"type: int\nCS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.reg","title":"regproperty","text":"reg: int\nThe underlying Capstone ID for the register
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.imm","title":"immproperty","text":"imm: int\nThe immediate value of the operand (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.mem","title":"memproperty","text":"mem: Any\nReturn the underlying Capstone mem object (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.__repr__","title":"__repr__","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction","title":"ManualPwndbgInstruction","text":"__repr__() -> str\nManualPwndbgInstruction(address: int)\nBases:
PwndbgInstructionGDB/LLDB's built-in disassemblers.
Instances of this class do not go through the 'enhancement' process due to lacking important information provided by Capstone. As a result of this, some of the methods raise NotImplementedError, because if they are called it indicates a bug elsewhere in the codebase.
Methods:
-
op_find\u2013 -
op_count\u2013
Attributes:
-
cs_insn(CsInsn) \u2013 -
address\u2013 -
size\u2013 -
mnemonic\u2013 -
op_str\u2013 -
groups\u2013 -
id\u2013 -
operands\u2013 -
asm_string\u2013 -
next\u2013 -
target\u2013 -
target_string\u2013 -
target_const\u2013 -
condition\u2013 -
declare_conditional\u2013 -
declare_is_unconditional_jump\u2013 -
force_unconditional_jump_target\u2013 -
annotation\u2013 -
annotation_padding\u2013 -
syscall\u2013 -
syscall_name\u2013 -
causes_branch_delay\u2013 -
split\u2013 -
emulated\u2013 -
bytes(bytearray) \u2013 -
call_like(bool) \u2013 -
jump_like(bool) \u2013 -
has_jump_target(bool) \u2013 -
is_conditional_jump(bool) \u2013 -
is_unconditional_jump(bool) \u2013 -
is_conditional_jump_taken(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.address","title":"addresscs_insn: CsInsn = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.size","title":"sizeaddress = address\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.mnemonic","title":"mnemonicsize = ins['length']\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_str","title":"op_strmnemonic = strip()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.groups","title":"groupsop_str = strip() if len(asm) > 1 else ''\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.id","title":"idgroups = set()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.operands","title":"operandsid = -1\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.asm_string","title":"asm_stringoperands = []\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.next","title":"nextasm_string = f'{mnemonic} {op_str}'\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target","title":"targetnext = address + size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_string","title":"target_stringtarget = next\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_const","title":"target_consttarget_string = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.condition","title":"conditiontarget_const = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.declare_conditional","title":"declare_conditionalcondition = UNDETERMINED\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jumpdeclare_conditional = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_targetdeclare_is_unconditional_jump = False\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation","title":"annotationforce_unconditional_jump_target = False\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation_padding","title":"annotation_paddingannotation = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall","title":"syscallannotation_padding = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall_name","title":"syscall_namesyscall = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.causes_branch_delay","title":"causes_branch_delaysyscall_name = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.split","title":"splitcauses_branch_delay = False\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.emulated","title":"emulatedsplit = NO_SPLIT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.bytes","title":"bytesemulated = False\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.call_like","title":"call_likebytes: bytearray\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.jump_like","title":"jump_likecall_like: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.has_jump_target","title":"has_jump_targetjump_like: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump","title":"is_conditional_jumphas_jump_target: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jumpis_conditional_jump: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_takenis_unconditional_jump: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_find","title":"op_find","text":"is_conditional_jump_taken: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_count","title":"op_count","text":"op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.boolean_to_instruction_condition","title":"boolean_to_instruction_condition","text":"op_count(op_type: int) -> int\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/","title":"pwndbg.aglib.disasm.mips","text":""},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips","title":"mips","text":"boolean_to_instruction_condition(condition: bool) -> InstructionCondition\nClasses:
-
DisassemblyAssistant\u2013
Attributes:
-
BRANCH_LIKELY_INSTRUCTIONS\u2013 -
CONDITION_RESOLVERS(dict[int, Callable[[list[int]], bool]]) \u2013 -
MIPS_SIMPLE_DESTINATION_INSTRUCTIONS\u2013 -
MIPS_LOAD_INSTRUCTIONS\u2013 -
MIPS_STORE_INSTRUCTIONS\u2013 -
MIPS_BINARY_OPERATIONS\u2013 -
assistant\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.CONDITION_RESOLVERS","title":"CONDITION_RESOLVERSBRANCH_LIKELY_INSTRUCTIONS = {\n MIPS_INS_BC0TL,\n MIPS_INS_BC1TL,\n MIPS_INS_BC0FL,\n MIPS_INS_BC1FL,\n MIPS_INS_BEQL,\n MIPS_INS_BGEZALL,\n MIPS_INS_BGEZL,\n MIPS_INS_BGTZL,\n MIPS_INS_BLEZL,\n MIPS_INS_BLTZALL,\n MIPS_INS_BLTZL,\n MIPS_INS_BNEL,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_SIMPLE_DESTINATION_INSTRUCTIONS","title":"MIPS_SIMPLE_DESTINATION_INSTRUCTIONSCONDITION_RESOLVERS: dict[int, Callable[[list[int]], bool]] = {\n MIPS_INS_BEQZ: lambda ops: ops[0] == 0,\n MIPS_INS_BNEZ: lambda ops: ops[0] != 0,\n MIPS_INS_BEQ: lambda ops: ops[0] == ops[1],\n MIPS_INS_BNE: lambda ops: ops[0] != ops[1],\n MIPS_INS_BGEZ: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n MIPS_INS_BGEZAL: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n MIPS_INS_BGTZ: lambda ops: to_signed(ops[0], ptrsize * 8) > 0,\n MIPS_INS_BLEZ: lambda ops: to_signed(ops[0], ptrsize * 8) <= 0,\n MIPS_INS_BLTZAL: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n MIPS_INS_BLTZ: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_LOAD_INSTRUCTIONS","title":"MIPS_LOAD_INSTRUCTIONSMIPS_SIMPLE_DESTINATION_INSTRUCTIONS = {\n MIPS_INS_CLO,\n MIPS_INS_CLZ,\n MIPS_INS_DCLO,\n MIPS_INS_DCLZ,\n MIPS_INS_LSA,\n MIPS_INS_DLSA,\n MIPS_INS_MFHI,\n MIPS_INS_MFLO,\n MIPS_INS_SEB,\n MIPS_INS_SEH,\n MIPS_INS_WSBH,\n MIPS_INS_SLT,\n MIPS_INS_SLTI,\n MIPS_INS_SLTIU,\n MIPS_INS_SLTU,\n MIPS_INS_MOVN,\n MIPS_INS_LDL,\n MIPS_INS_LDR,\n MIPS_INS_LWL,\n MIPS_INS_LWR,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_STORE_INSTRUCTIONS","title":"MIPS_STORE_INSTRUCTIONSMIPS_LOAD_INSTRUCTIONS = {\n MIPS_INS_LB: -1,\n MIPS_INS_LBU: 1,\n MIPS_INS_LH: -2,\n MIPS_INS_LHU: 2,\n MIPS_INS_LW: -4,\n MIPS_INS_LWU: 4,\n MIPS_INS_LWPC: -4,\n MIPS_INS_LWUPC: 4,\n MIPS_INS_LD: -8,\n MIPS_INS_LDPC: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_BINARY_OPERATIONS","title":"MIPS_BINARY_OPERATIONSMIPS_STORE_INSTRUCTIONS = {\n MIPS_INS_SB: 1,\n MIPS_INS_SH: 2,\n MIPS_INS_SW: 4,\n MIPS_INS_SD: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.assistant","title":"assistantMIPS_BINARY_OPERATIONS = {\n MIPS_INS_ADD: \"+\",\n MIPS_INS_ADDI: \"+\",\n MIPS_INS_ADDIU: \"+\",\n MIPS_INS_ADDU: \"+\",\n MIPS_INS_DADD: \"+\",\n MIPS_INS_DADDI: \"+\",\n MIPS_INS_DADDIU: \"+\",\n MIPS_INS_DADDU: \"+\",\n MIPS_INS_SUB: \"-\",\n MIPS_INS_SUBU: \"-\",\n MIPS_INS_DSUB: \"-\",\n MIPS_INS_DSUBU: \"-\",\n MIPS_INS_ANDI: \"&\",\n MIPS_INS_AND: \"&\",\n MIPS_INS_ORI: \"|\",\n MIPS_INS_OR: \"|\",\n MIPS_INS_XOR: \"^\",\n MIPS_INS_XORI: \"^\",\n MIPS_INS_SLL: \"<<\",\n MIPS_INS_SLLV: \"<<\",\n MIPS_INS_DSLL: \"<<\",\n MIPS_INS_DSLLV: \"<<\",\n MIPS_INS_SRL: \">>\",\n MIPS_INS_SRLV: \">>\",\n MIPS_INS_DSRL: \">>\",\n MIPS_INS_DSRLV: \">>\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant","title":"DisassemblyAssistant","text":"assistant = DisassemblyAssistant('mips')\nDisassemblyAssistant(architecture: str)\nBases:
DisassemblyAssistantMethods:
-
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
annotation_handlers(dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.assistants","title":"assistantsannotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n MIPS_INS_MOVE: _common_move_annotator,\n MIPS_INS_LI: _common_move_annotator,\n MIPS_INS_LUI: _lui_annotator,\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.for_current_arch","title":"for_current_archop_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/ppc/","title":"pwndbg.aglib.disasm.ppc","text":""},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc","title":"ppc","text":""},{"location":"reference/pwndbg/aglib/disasm/riscv/","title":"pwndbg.aglib.disasm.riscv","text":""},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv","title":"riscv","text":"Classes:
-
DisassemblyAssistant\u2013
Attributes:
-
RISCV_LOAD_INSTRUCTIONS\u2013 -
RISCV_COMPRESSED_LOAD_INSTRUCTIONS\u2013 -
RISCV_STORE_INSTRUCTIONS\u2013 -
RISCV_COMPRESSED_STORE_INSTRUCTIONS\u2013 -
RISCV_MATH_INSTRUCTIONS\u2013 -
RISCV_EMULATED_ANNOTATIONS\u2013 -
assistant_rv32\u2013 -
assistant_rv64\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_COMPRESSED_LOAD_INSTRUCTIONS","title":"RISCV_COMPRESSED_LOAD_INSTRUCTIONSRISCV_LOAD_INSTRUCTIONS = {\n RISCV_INS_LB: -1,\n RISCV_INS_LH: -2,\n RISCV_INS_LW: -4,\n RISCV_INS_LBU: 1,\n RISCV_INS_LHU: 2,\n RISCV_INS_LWU: 4,\n RISCV_INS_LD: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_STORE_INSTRUCTIONS","title":"RISCV_STORE_INSTRUCTIONSRISCV_COMPRESSED_LOAD_INSTRUCTIONS = {\n RISCV_INS_C_LW: -4,\n RISCV_INS_C_LD: 8,\n RISCV_INS_C_LDSP: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_COMPRESSED_STORE_INSTRUCTIONS","title":"RISCV_COMPRESSED_STORE_INSTRUCTIONSRISCV_STORE_INSTRUCTIONS = {\n RISCV_INS_SB: 1,\n RISCV_INS_SH: 2,\n RISCV_INS_SW: 4,\n RISCV_INS_SD: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_MATH_INSTRUCTIONS","title":"RISCV_MATH_INSTRUCTIONSRISCV_COMPRESSED_STORE_INSTRUCTIONS = {\n RISCV_INS_C_SW: 4,\n RISCV_INS_C_SWSP: 4,\n RISCV_INS_C_SD: 8,\n RISCV_INS_C_SDSP: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_EMULATED_ANNOTATIONS","title":"RISCV_EMULATED_ANNOTATIONSRISCV_MATH_INSTRUCTIONS = {\n RISCV_INS_ADDI: \"+\",\n RISCV_INS_ADD: \"+\",\n RISCV_INS_C_ADDI: \"+\",\n RISCV_INS_C_ADD: \"+\",\n RISCV_INS_SUB: \"-\",\n RISCV_INS_C_SUB: \"-\",\n RISCV_INS_XORI: \"^\",\n RISCV_INS_XOR: \"^\",\n RISCV_INS_C_XOR: \"^\",\n RISCV_INS_ORI: \"|\",\n RISCV_INS_OR: \"|\",\n RISCV_INS_C_OR: \"|\",\n RISCV_INS_ANDI: \"&\",\n RISCV_INS_C_ANDI: \"&\",\n RISCV_INS_AND: \"&\",\n RISCV_INS_C_AND: \"&\",\n RISCV_INS_SLLI: \"<<\",\n RISCV_INS_C_SLLI: \"<<\",\n RISCV_INS_SLL: \"<<\",\n RISCV_INS_SRLI: \">>\",\n RISCV_INS_C_SRLI: \">>\",\n RISCV_INS_SRL: \">>\",\n RISCV_INS_SRAI: \">>s\",\n RISCV_INS_C_SRAI: \">>s\",\n RISCV_INS_SRA: \">>s\",\n RISCV_INS_MUL: \"*\",\n RISCV_INS_MULH: \"*\",\n RISCV_INS_MULHSU: \"*\",\n RISCV_INS_MULHU: \"*\",\n RISCV_INS_DIV: \"/\",\n RISCV_INS_DIVU: \"/\",\n RISCV_INS_REM: \"%\",\n RISCV_INS_REMU: \"%\",\n RISCV_INS_C_ADDI4SPN: \"+\",\n RISCV_INS_C_ADDI16SP: \"+\",\n RISCV_INS_ADDIW: \"+\",\n RISCV_INS_ADDW: \"+\",\n RISCV_INS_SUBW: \"-\",\n RISCV_INS_SLLIW: \"<<\",\n RISCV_INS_SLLW: \"<<\",\n RISCV_INS_SRLIW: \">>\",\n RISCV_INS_SRLW: \">>\",\n RISCV_INS_SRAIW: \">>s\",\n RISCV_INS_SRAW: \">>s\",\n RISCV_INS_MULW: \"*\",\n RISCV_INS_DIVW: \"/\",\n RISCV_INS_DIVUW: \"/\",\n RISCV_INS_REMW: \"%\",\n RISCV_INS_REMUW: \"%\",\n RISCV_INS_C_ADDIW: \"+\",\n RISCV_INS_C_ADDW: \"+\",\n RISCV_INS_C_SUBW: \"-\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.assistant_rv32","title":"assistant_rv32RISCV_EMULATED_ANNOTATIONS = {\n RISCV_INS_SLT,\n RISCV_INS_SLTU,\n RISCV_INS_SLTI,\n RISCV_INS_SLTIU,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.assistant_rv64","title":"assistant_rv64assistant_rv32 = DisassemblyAssistant('rv32')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant","title":"DisassemblyAssistant","text":"assistant_rv64 = DisassemblyAssistant('rv64')\nDisassemblyAssistant(architecture)\nBases:
DisassemblyAssistantMethods:
-
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
architecture\u2013 -
annotation_handlers(Dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.annotation_handlers","title":"annotation_handlersarchitecture = architecture\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.assistants","title":"assistantsannotation_handlers: Dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n RISCV_INS_AUIPC: _auipc_annotator,\n RISCV_INS_C_MV: _common_move_annotator,\n RISCV_INS_C_LI: _common_move_annotator,\n RISCV_INS_LUI: _lui_annotator,\n RISCV_INS_C_LUI: _lui_annotator,\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.for_current_arch","title":"for_current_archop_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/sparc/","title":"pwndbg.aglib.disasm.sparc","text":""},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc","title":"sparc","text":"Attributes:
-
SPARC_LOAD_INSTRUCTIONS\u2013 -
SPARC_STORE_INSTRUCTIONS\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc.SPARC_STORE_INSTRUCTIONS","title":"SPARC_STORE_INSTRUCTIONSSPARC_LOAD_INSTRUCTIONS = {\n SPARC_INS_LDUB: 1,\n SPARC_INS_LDSB: 1,\n SPARC_INS_LDUH: 2,\n SPARC_INS_LDSH: 2,\n SPARC_INS_LD: 4,\n SPARC_INS_LDD: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/","title":"pwndbg.aglib.disasm.x86","text":""},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86","title":"x86","text":"SPARC_STORE_INSTRUCTIONS = {\n SPARC_INS_STB: 1,\n SPARC_INS_STH: 2,\n SPARC_INS_ST: 4,\n SPARC_INS_STD: 8,\n}\nClasses:
-
DisassemblyAssistant\u2013
Attributes:
-
groups\u2013 -
ops\u2013 -
regs\u2013 -
access\u2013 -
X86_MATH_INSTRUCTIONS\u2013 -
assistant\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.ops","title":"opsgroups = {v: _mfor (k, v) in items() if startswith('X86_GRP_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.regs","title":"regsops = {v: _5for (k, v) in items() if startswith('X86_OP_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.access","title":"accessregs = {v: _ofor (k, v) in items() if startswith('X86_REG_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86_MATH_INSTRUCTIONS","title":"X86_MATH_INSTRUCTIONSaccess = {v: _Hfor (k, v) in items() if startswith('CS_AC_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.assistant","title":"assistantX86_MATH_INSTRUCTIONS = {\n X86_INS_ADD: \"+\",\n X86_INS_SUB: \"-\",\n X86_INS_AND: \"&\",\n X86_INS_OR: \"|\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant","title":"DisassemblyAssistant","text":"assistant = DisassemblyAssistant('x86-64')\nDisassemblyAssistant(architecture: str)\nBases:
DisassemblyAssistantMethods:
-
handle_mov\u2013 -
handle_vmovaps\u2013 -
handle_lea\u2013 -
handle_xchg\u2013 -
handle_pop\u2013 -
handle_xor\u2013 -
handle_inc\u2013 -
handle_dec\u2013 -
memory_string_with_components_resolved\u2013 -
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
annotation_handlers(dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.assistants","title":"assistantsannotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n X86_INS_MOV: handle_mov,\n X86_INS_MOVABS: handle_mov,\n X86_INS_MOVZX: handle_mov,\n X86_INS_MOVD: handle_mov,\n X86_INS_MOVQ: handle_mov,\n X86_INS_MOVSXD: handle_mov,\n X86_INS_MOVSX: handle_mov,\n X86_INS_MOVAPS: handle_vmovaps,\n X86_INS_VMOVAPS: handle_vmovaps,\n X86_INS_LEA: handle_lea,\n X86_INS_XCHG: handle_xchg,\n X86_INS_POP: handle_pop,\n X86_INS_CMP: _common_cmp_annotator_builder(\"eflags\", \"-\"),\n X86_INS_TEST: _common_cmp_annotator_builder(\"eflags\", \"&\"),\n X86_INS_XOR: handle_xor,\n X86_INS_INC: handle_inc,\n X86_INS_DEC: handle_dec,\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_mov","title":"handle_mov","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_vmovaps","title":"handle_vmovaps","text":"handle_mov(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_lea","title":"handle_lea","text":"handle_vmovaps(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_xchg","title":"handle_xchg","text":"handle_lea(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_pop","title":"handle_pop","text":"handle_xchg(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_xor","title":"handle_xor","text":"handle_pop(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_inc","title":"handle_inc","text":"handle_xor(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_dec","title":"handle_dec","text":"handle_inc(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.memory_string_with_components_resolved","title":"memory_string_with_components_resolved","text":"handle_dec(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.for_current_arch","title":"for_current_archmemory_string_with_components_resolved(\n instruction: PwndbgInstruction, op: EnhancedOperand\n)\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/dt/","title":"pwndbg.aglib.dt","text":""},{"location":"reference/pwndbg/aglib/dt/#pwndbg.aglib.dt","title":"dt","text":"Prints structures in a manner similar to Windbg's \"dt\" command.
Functions:
-
dt\u2013Dump out a structure type Windbg style.
dt(\n name: str = \"\", addr: int | Value | None = None, obj: Value | None = None\n) -> str\nDump out a structure type Windbg style.
"},{"location":"reference/pwndbg/aglib/dynamic/","title":"pwndbg.aglib.dynamic","text":""},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic","title":"dynamic","text":"Dynamic linking interface.
This module provides an interface to analyze various aspects of dynamically linked programs.
It also defines a hook that watches for changes to the link map communicated by ld.so, and exposes an event that other parts of pwndbg can tap into, but one that may have a somewhat obtuse beahvior, due to limitations in GDB. See
r_debug_install_link_map_changed_hookfor more information.Classes:
-
LinkMapEntry\u2013An entry in the link map.
-
DynamicSegment\u2013Parser for the DYNAMIC segment present in a binary image.
-
CStruct\u2013Utility class for reading fields off of C structs.
Functions:
-
is_dynamic\u2013Returns whether the current inferior is dynamic.
-
r_debug_link_map_changed_hook\u2013Hook that gets activated whenever the link map changes.
-
r_debug_install_link_map_changed_hook\u2013Installs the r_debug-based hook to the change event of the link map.
-
r_debug_link_map_changed_add_listener\u2013Install a callback to be called whenever r_debug signal of there being a
-
r_debug_link_map_changed_remove_listener\u2013Removes a listener previously installed with
-
link_map_head\u2013Acquires a reference to the head entry of the link map.
-
link_map\u2013Iterator over all the entries in the link map.
-
elf32_r_sym\u2013Returns the r_sym portion of the r_info relocation field for ELF32.
-
elf32_r_type\u2013Returns the r_type portion of the r_info relocation field for ELF32.
-
elf64_r_sym\u2013Returns the r_sym portion of the r_info relocation field for ELF64.
-
elf64_r_type\u2013Returns the r_type portion of the r_info relocation field for ELF64.
Attributes:
-
R_DEBUG_LINK_MAP_CHANGED_HOOK\u2013 -
R_DEBUG_LINK_MAP_CHANGED_LISTENERS(set[Callable[..., Any]]) \u2013 -
DYNAMIC_SECTION_ALLOW_MULTIPLE\u2013 -
DYNAMIC_SECTION_REQUIRED_TAGS\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.R_DEBUG_LINK_MAP_CHANGED_LISTENERS","title":"R_DEBUG_LINK_MAP_CHANGED_LISTENERSR_DEBUG_LINK_MAP_CHANGED_HOOK = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_ALLOW_MULTIPLE","title":"DYNAMIC_SECTION_ALLOW_MULTIPLER_DEBUG_LINK_MAP_CHANGED_LISTENERS: set[Callable[..., Any]] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_REQUIRED_TAGS","title":"DYNAMIC_SECTION_REQUIRED_TAGSDYNAMIC_SECTION_ALLOW_MULTIPLE = {DT_NEEDED}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry","title":"LinkMapEntry","text":"DYNAMIC_SECTION_REQUIRED_TAGS = {DT_STRTAB, DT_STRSZ, DT_SYMTAB, DT_SYMENT}\nLinkMapEntry(address)\nAn entry in the link map.
Methods:
-
name\u2013The name of the binary image this entry describes.
-
dynamic\u2013The pointer to the memory mapped dynamic segment of the binary image.
-
load_bias\u2013The difference between the addresses in the data structures of the
-
next\u2013The next entry in the chain, if any.
-
prev\u2013The previous entry in the chain, if any.
-
__repr__\u2013
Attributes:
-
link_map\u2013 -
link_map_address\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.link_map_address","title":"link_map_addresslink_map = link_map()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.name","title":"name","text":"link_map_address = address\nname()\nThe name of the binary image this entry describes.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.dynamic","title":"dynamic","text":"dynamic()\nThe pointer to the memory mapped dynamic segment of the binary image.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.load_bias","title":"load_bias","text":"load_bias()\nThe difference between the addresses in the data structures of the binary image and the actual location of the data being pointed to by them in the address space of the inferior. This number will never be negative.
Aditionally, for DYN images, such as PIE executables and shared libraries, this value is the same as the base load address of the image.
The term \"load bias\" comes from the ELF binary format loading procedure in the Linux Kernel.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.next","title":"next","text":"next()\nThe next entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.prev","title":"prev","text":"prev()\nThe previous entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.__repr__","title":"__repr__","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment","title":"DynamicSegment","text":"__repr__() -> str\nDynamicSegment(address, load_bias)\nParser for the DYNAMIC segment present in a binary image.
Methods:
-
jmprel_has_addend\u2013Returns whether the
r_addendfield is available in entries of JMPREL. -
rela_read\u2013Reads the requested field from the entry of the given index in RELA.
-
rel_read\u2013Reads the requested field from the entry of the given index in REL.
-
jmprel_read\u2013Reads the requested field from the entry of the given index in JMPREL.
-
rela_entry_count\u2013Returns the number of RELA entries.
-
rel_entry_count\u2013Returns the number of REL entries.
-
jmprel_entry_count\u2013Returns the number of JMPREL entries.
-
string\u2013Reads the string at index i from the string table.
-
symtab_read\u2013Reads the requested field from the entry of given index in the symbol
-
dyn_array_read\u2013Reads the requested field from the entry of given index in the dynamic
-
dyn_array_read_tag_val\u2013Reads the
d_unfield from the entry of given tag in the dynamic
Attributes:
-
symtab_elem\u2013 -
jmprel_addr\u2013 -
rela_addr\u2013 -
rel_addr\u2013 -
jmprel_elem\u2013 -
rela_elem\u2013 -
rel_elem\u2013 -
jmprel_r_sym_fn\u2013 -
jmprel_r_info_fn\u2013 -
rela_r_sym_fn\u2013 -
rela_r_info_fn\u2013 -
rel_r_sym_fn\u2013 -
rel_r_info_fn\u2013 -
entries\u2013 -
address\u2013 -
load_bias\u2013 -
elf_dyn\u2013 -
entries_by_tag(dict[Any, Any]) \u2013 -
strtab_addr\u2013 -
strtab_size\u2013 -
symtab_addr\u2013 -
has_jmprel\u2013 -
has_rela\u2013 -
has_rel\u2013 -
rela_r_sym\u2013 -
rela_r_type\u2013 -
rel_r_sym\u2013 -
rel_r_type\u2013 -
jmprel_r_sym\u2013 -
jmprel_r_type\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_addr","title":"jmprel_addrsymtab_elem = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_addr","title":"rela_addrjmprel_addr = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_addr","title":"rel_addrrela_addr = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_elem","title":"jmprel_elemrel_addr = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_elem","title":"rela_elemjmprel_elem = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_elem","title":"rel_elemrela_elem = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym_fn","title":"jmprel_r_sym_fnrel_elem = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_info_fn","title":"jmprel_r_info_fnjmprel_r_sym_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym_fn","title":"rela_r_sym_fnjmprel_r_info_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_info_fn","title":"rela_r_info_fnrela_r_sym_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym_fn","title":"rel_r_sym_fnrela_r_info_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_info_fn","title":"rel_r_info_fnrel_r_sym_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries","title":"entriesrel_r_info_fn = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.address","title":"addressentries = count\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.load_bias","title":"load_biasaddress = address\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.elf_dyn","title":"elf_dynload_bias = load_bias\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries_by_tag","title":"entries_by_tagelf_dyn = elf_dyn\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_addr","title":"strtab_addrentries_by_tag: dict[Any, Any] = sections\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_size","title":"strtab_sizestrtab_addr = dyn_array_read_tag_val(DT_STRTAB)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_addr","title":"symtab_addrstrtab_size = dyn_array_read_tag_val(DT_STRSZ)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_jmprel","title":"has_jmprelsymtab_addr = dyn_array_read_tag_val(DT_SYMTAB)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rela","title":"has_relahas_jmprel = (\n DT_JMPREL in sections and DT_PLTREL in sections and DT_PLTRELSZ in sections\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rel","title":"has_relhas_rela = (\n DT_RELA in sections and DT_RELASZ in sections and DT_RELAENT in sections\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym","title":"rela_r_symhas_rel = DT_REL in sections and DT_RELSZ in sections and DT_RELENT in sections\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_type","title":"rela_r_typerela_r_sym = elf32_r_sym\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym","title":"rel_r_symrela_r_type = elf32_r_type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_type","title":"rel_r_typerel_r_sym = elf32_r_sym\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym","title":"jmprel_r_symrel_r_type = elf32_r_type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_type","title":"jmprel_r_typejmprel_r_sym = elf32_r_sym\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_has_addend","title":"jmprel_has_addend","text":"jmprel_r_type = elf32_r_type\njmprel_has_addend()\nReturns whether the
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_read","title":"rela_read","text":"r_addendfield is available in entries of JMPREL.rela_read(i, field)\nReads the requested field from the entry of the given index in RELA.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_read","title":"rel_read","text":"rel_read(i, field)\nReads the requested field from the entry of the given index in REL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_read","title":"jmprel_read","text":"jmprel_read(i, field)\nReads the requested field from the entry of the given index in JMPREL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_entry_count","title":"rela_entry_count","text":"rela_entry_count()\nReturns the number of RELA entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_entry_count","title":"rel_entry_count","text":"rel_entry_count()\nReturns the number of REL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_entry_count","title":"jmprel_entry_count","text":"jmprel_entry_count()\nReturns the number of JMPREL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.string","title":"string","text":"string(i)\nReads the string at index i from the string table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_read","title":"symtab_read","text":"symtab_read(i, field)\nReads the requested field from the entry of given index in the symbol table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read","title":"dyn_array_read","text":"dyn_array_read(i, field)\nReads the requested field from the entry of given index in the dynamic array.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read_tag_val","title":"dyn_array_read_tag_val","text":"dyn_array_read_tag_val(tag)\nReads the
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct","title":"CStruct","text":"d_unfield from the entry of given tag in the dynamic array. Must not be a tag that allows multiple entries.CStruct(fields: list[tuple[str, Type, type]])\nUtility class for reading fields off of C structs.
Without proper debug information it cannot be guaranteed that the calculated field offsets are correct, therefore, reasonable caution should be exercised when using this class. The assumptions made are: - Padding is added between fields so that all internal members are correctly aligned, as long as the struct itself is correctly aligned. - The alignment of the struct is the same as the alignment of its most strictly aligned member. - Padding is added to the end of the struct so that sequentially laid out instances are always correctly aligned. - Stuct sizes must be greater than or equal to 1 byte.
While these assumptions do not apply in all cases, they should be good enough for the structs in ld.so and in the ELF program images.
Methods:
-
link_map\u2013Creates a new instance describing the ABI-stable part of the link_map
-
r_debug\u2013Creates a new instance describing the ABI-stable part of the r_debug
-
elfNN_dyn\u2013Creates a new instance describing the ElfNN_Dyn structure, suitable for
-
elfNN_rel\u2013Creates a new instance describing the ElfNN_Rel structure, suitable for
-
elfNN_rela\u2013Creates a new instance describing the ElfNN_Rela structure, suitable for
-
elf32_sym\u2013Creates a new instance describing the Elf32_Sym srtucture.
-
elf64_sym\u2013Creates a new instance describing the Elf64_Sym structure.
-
read\u2013Reads the field with the given name from the struct instance located at
-
has_field\u2013Returns whether a field with the given name exists in this struct.
Attributes:
-
types(dict[str, Type]) \u2013 -
offsets(dict[str, int]) \u2013 -
converters(dict[str, type]) \u2013 -
size\u2013 -
align\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.offsets","title":"offsetstypes: dict[str, Type] = {}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.converters","title":"convertersoffsets: dict[str, int] = {}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.size","title":"sizeconverters: dict[str, type] = {}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.align","title":"alignsize = current_offset\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.link_map","title":"link_mapalign = alignment\nstaticmethod","text":"link_map()\nCreates a new instance describing the ABI-stable part of the link_map struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.r_debug","title":"r_debugstaticmethod","text":"r_debug()\nCreates a new instance describing the ABI-stable part of the r_debug struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_dyn","title":"elfNN_dynstaticmethod","text":"elfNN_dyn()\nCreates a new instance describing the ElfNN_Dyn structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rel","title":"elfNN_relstaticmethod","text":"elfNN_rel()\nCreates a new instance describing the ElfNN_Rel structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rela","title":"elfNN_relastaticmethod","text":"elfNN_rela()\nCreates a new instance describing the ElfNN_Rela structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf32_sym","title":"elf32_symstaticmethod","text":"elf32_sym()\nCreates a new instance describing the Elf32_Sym srtucture.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf64_sym","title":"elf64_symstaticmethod","text":"elf64_sym()\nCreates a new instance describing the Elf64_Sym structure.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.read","title":"read","text":"read(address, name)\nReads the field with the given name from the struct instance located at the given address.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.has_field","title":"has_field","text":"has_field(name) -> bool\nReturns whether a field with the given name exists in this struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.is_dynamic","title":"is_dynamic","text":"is_dynamic() -> bool\nReturns whether the current inferior is dynamic.
Not all programs are dynamically linked, or even need the dynamic loader at all. Since this module is entirely reliant on at least the presence of the dynamic loader, and really only makes sense for dynamic programs, it should not be used at all with programs that don't participate in dynamic linkage, or when there is a dynamic linker, but we have no way to talk to it.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_hook","title":"r_debug_link_map_changed_hook","text":"r_debug_link_map_changed_hook() -> Callable[[StopPoint], bool]\nHook that gets activated whenever the link map changes.
The r_debug structure, in addition to having a refence to the head of the link map, also has, in its ABI-stable part, a reference to an address that can have a breakpoint attached to it, such that whenever the contents of the link map change, that breakpoint will be triggered1.
We take advantage of that here, by installing our own breakpoint in that location, and watching for trigger events, so that we can notify other bits of pwndbg that the contents of the
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_install_link_map_changed_hook","title":"r_debug_install_link_map_changed_hook","text":"link_map()function will be different.r_debug_install_link_map_changed_hook() -> None\nInstalls the r_debug-based hook to the change event of the link map.
This function is a bit tricky, because ideally we want it to be run as soon as possible, before even the dynamic linker runs, but after both it and the main binary have been mapped into the address space of the inferior. While doing this manually would be trivial - seeing as there is a command in GDB that gives the user control at the exact place we would like -, there does not seem to be a way of easily doing this from inside Python.
Because of this, parts of the code that rely on the hook should try calling this function and firing their own listeners manually at least once.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_add_listener","title":"r_debug_link_map_changed_add_listener","text":"r_debug_link_map_changed_add_listener(handler: Callable[..., Any]) -> None\nInstall a callback to be called whenever r_debug signal of there being a change in the link map link map is triggered.
Keep in mind this function may be called before the hook that calls the listeners is installed, and, until it is installed, no listener callbacks will actually be triggered. See
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_remove_listener","title":"r_debug_link_map_changed_remove_listener","text":"r_debug_install_link_map_changed_hook.r_debug_link_map_changed_remove_listener(handler: Callable[..., Any]) -> None\nRemoves a listener previously installed with r_debug_link_map_changed_add_listener().
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map_head","title":"link_map_head","text":"link_map_head()\nAcquires a reference to the head entry of the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map","title":"link_map","text":"link_map()\nIterator over all the entries in the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_sym","title":"elf32_r_sym","text":"elf32_r_sym(r_info)\nReturns the r_sym portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_type","title":"elf32_r_type","text":"elf32_r_type(r_info)\nReturns the r_type portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_sym","title":"elf64_r_sym","text":"elf64_r_sym(r_info)\nReturns the r_sym portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_type","title":"elf64_r_type","text":"elf64_r_type(r_info)\nReturns the r_type portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/elf/","title":"pwndbg.aglib.elf","text":""},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf","title":"elf","text":"This file declares types and methods useful for enumerating all of the address spaces and permissions of an ELF file in memory.
This is necessary for when access to /proc is restricted, or when working on a BSD system which simply does not have /proc.
Classes:
-
ELFInfo\u2013ELF metadata and structures.
Functions:
-
update\u2013 -
read\u2013 -
get_elf_info\u2013Parse and return ELFInfo.
-
get_elf_info_rebased\u2013Parse and return ELFInfo with all virtual addresses rebased to vaddr
-
get_containing_segments\u2013 -
get_containing_sections\u2013 -
dump_section_by_name\u2013Dump the content of a section from an ELF file, return the start address, size and content.
-
dump_relocations_by_section_name\u2013Dump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
-
exe\u2013Return a loaded ELF header object pointing to the Ehdr of the
-
entry\u2013Return the address of the entry point for the main executable.
-
load\u2013 -
reset_ehdr_type_loaded\u2013 -
get_ehdr\u2013Returns an ehdr object for the ELF pointer points into.
-
get_phdrs\u2013Returns a tuple containing (phnum, phentsize, gdb.Value),
-
iter_phdrs\u2013 -
map\u2013Given a pointer into an ELF module, return a list of all loaded
-
map_inner\u2013
Attributes:
-
module\u2013 -
Ehdr\u2013 -
Phdr\u2013 -
T\u2013 -
ehdr_type_loaded\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Ehdr","title":"Ehdrmodule = modules[__name__]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Phdr","title":"PhdrEhdr = Union[Elf32_Ehdr, Elf64_Ehdr]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.T","title":"TPhdr = Union[Elf32_Phdr, Elf64_Phdr]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ehdr_type_loaded","title":"ehdr_type_loadedT = TypeVar('T', Union[Elf32_Ehdr, Elf64_Ehdr], Union[Elf32_Phdr, Elf64_Phdr])\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo","title":"ELFInfo","text":"ehdr_type_loaded = 0\nBases:
NamedTupleELF metadata and structures.
Attributes:
-
header(dict[str, int | str]) \u2013 -
sections(list[dict[str, int | str]]) \u2013 -
segments(list[dict[str, int | str]]) \u2013 -
is_pic(bool) \u2013 -
is_pie(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.sections","title":"sectionsheader: dict[str, int | str]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.segments","title":"segmentssections: list[dict[str, int | str]]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pic","title":"is_picsegments: list[dict[str, int | str]]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pie","title":"is_pieis_pic: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.update","title":"update","text":"is_pie: bool\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.read","title":"read","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info","title":"get_elf_info","text":"read(typ: T, address: int, blob: bytearray | None = None) -> T\nget_elf_info(filepath: str) -> ELFInfo\nParse and return ELFInfo.
Adds various calculated properties to the ELF header, segments and sections. Such added properties are those with prefix 'x_' in the returned dicts.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info_rebased","title":"get_elf_info_rebased","text":"get_elf_info_rebased(filepath: str, vaddr: int) -> ELFInfo\nParse and return ELFInfo with all virtual addresses rebased to vaddr
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_segments","title":"get_containing_segments","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_sections","title":"get_containing_sections","text":"get_containing_segments(elf_filepath: str, elf_loadaddr: int, vaddr: int)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_section_by_name","title":"dump_section_by_name","text":"get_containing_sections(elf_filepath: str, elf_loadaddr: int, vaddr: int)\ndump_section_by_name(\n filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[int, int, bytes] | None\nDump the content of a section from an ELF file, return the start address, size and content.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[Relocation, ...] | None\nDump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.exe","title":"exe","text":"exe() -> Ehdr | None\nReturn a loaded ELF header object pointing to the Ehdr of the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.entry","title":"entry","text":"entry() -> int\nReturn the address of the entry point for the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.load","title":"load","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.reset_ehdr_type_loaded","title":"reset_ehdr_type_loaded","text":"load(pointer: int) -> Ehdr | None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_ehdr","title":"get_ehdr","text":"reset_ehdr_type_loaded() -> None\nget_ehdr(pointer: int) -> tuple[int | None, Ehdr | None]\nReturns an ehdr object for the ELF pointer points into.
We expect the
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_phdrs","title":"get_phdrs","text":"pointerto be an address from the binary.get_phdrs(pointer: int)\nReturns a tuple containing (phnum, phentsize, gdb.Value), where the gdb.Value object is an ELF Program Header with the architecture-appropriate structure type.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.iter_phdrs","title":"iter_phdrs","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map","title":"map","text":"iter_phdrs(ehdr: Ehdr)\nmap(pointer: int, objfile: str = '') -> tuple[Page, ...]\nGiven a pointer into an ELF module, return a list of all loaded sections in the ELF.
Returns:
-
tuple[Page, ...]\u2013A sorted list of pwndbg.lib.memory.Page objects
Example:
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map_inner","title":"map_inner","text":">>> pwndbg.aglib.elf.load(pwndbg.aglib.regs.pc)\n[Page('400000-4ef000 r-xp 0'),\n Page('6ef000-6f0000 r--p ef000'),\n Page('6f0000-6ff000 rw-p f0000')]\n>>> pwndbg.aglib.elf.load(0x7ffff77a2000)\n[Page('7ffff75e7000-7ffff77a2000 r-xp 0x1bb000 0'),\n Page('7ffff77a2000-7ffff79a2000 ---p 0x200000 1bb000'),\n Page('7ffff79a2000-7ffff79a6000 r--p 0x4000 1bb000'),\n Page('7ffff79a6000-7ffff79ad000 rw-p 0x7000 1bf000')]\n
"},{"location":"reference/pwndbg/aglib/file/","title":"pwndbg.aglib.file","text":""},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file","title":"file","text":"map_inner(ei_class: int, ehdr: Ehdr, objfile: str) -> tuple[Page, ...]\nRetrieve files from the debuggee's filesystem. Useful when debugging a remote process over SSH or similar, where e.g. /proc/FOO/maps is needed from the remote system.
Functions:
-
reset_remote_files\u2013 -
remote_files_dir\u2013 -
get_proc_exe_file\u2013Returns the local path to the debugged file name.
-
can_download_remote_file\u2013 -
get_file\u2013Downloads the specified file from the system where the current process is
-
get\u2013Retrieves the contents of the specified file on the system
-
readlink\u2013readlink(path) -> str
-
is_vfile_qemu_user_bug\u2013 -
vfile_readlink\u2013Reads the target of a symbolic link on the remote system.
-
vfile_readfile\u2013Reads the entire content of a file on the remote system.
-
vfile_open\u2013Opens a file on the remote system and returns the file descriptor.
-
gdb_memtox_inverse\u2013 -
vfile_pread\u2013Reads data from a file descriptor.
-
vfile_close\u2013Closes a previously opened file descriptor.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.remote_files_dir","title":"remote_files_dir","text":"reset_remote_files() -> None\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_proc_exe_file","title":"get_proc_exe_file","text":"remote_files_dir()\nget_proc_exe_file() -> str\nReturns the local path to the debugged file name.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.can_download_remote_file","title":"can_download_remote_file","text":"
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_file","title":"get_file","text":"can_download_remote_file() -> bool\nget_file(path: str, try_local_path: bool = False) -> str\nDownloads the specified file from the system where the current process is being debugged.
If the
pathis prefixed with \"target:\" the prefix is stripped (to support remote target paths properly).If the
try_local_pathis set toTrueand thepathexists locally and \"target:\" prefix is not present, it will return the local path instead of downloading the file.Returns:
-
str\u2013The local path to the file
get(path: str) -> bytes\nRetrieves the contents of the specified file on the system where the current process is being debugged.
Returns:
-
bytes\u2013A byte array, or None.
readlink(path: str) -> str\nreadlink(path) -> str
Read the link specified by 'path' on the system being debugged.
Handles local, qemu-usermode, and remote debugging cases.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.is_vfile_qemu_user_bug","title":"is_vfile_qemu_user_bug","text":"
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readlink","title":"vfile_readlink","text":"is_vfile_qemu_user_bug() -> bool\nvfile_readlink(pathname: str | bytes) -> bytes\nReads the target of a symbolic link on the remote system.
:param pathname: The path to the symbolic link (string). :param buffer_size: The size of the buffer to read into (integer). :return: The target of the symbolic link as a string.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readfile","title":"vfile_readfile","text":"vfile_readfile(filename: str, chunk_size=1000) -> Iterator[bytes]\nReads the entire content of a file on the remote system.
:param filename: The path to the file (string). :param chunk_size: The number of bytes to read in each iteration (integer). :return: The complete content of the file as bytes.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_open","title":"vfile_open","text":"vfile_open(filename: str, flags: int, mode: int) -> int\nOpens a file on the remote system and returns the file descriptor.
:param filename: The path to the file (string). :param flags: Flags passed to the open call (integer, base 16). These correspond to the constant values in the enum
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.gdb_memtox_inverse","title":"gdb_memtox_inverse","text":"OpenOptionsfrom LLDB\u2019sFile.h, not the traditionalopen(2)flags. :param mode: Mode bits for the file (integer, base 16). :return: File descriptor (integer), or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_pread","title":"vfile_pread","text":"gdb_memtox_inverse(data: bytes) -> bytes\nvfile_pread(fd: int, size: int, offset: int) -> tuple[int, bytes]\nReads data from a file descriptor.
:param fd: File descriptor (integer). :param size: Number of bytes to read (integer, base 16). :param offset: Offset in the file to start reading from (integer, base 16). :return: Tuple of (bytes_read, data) where bytes_read is an integer and data is the binary data.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_close","title":"vfile_close","text":"vfile_close(fd)\nCloses a previously opened file descriptor.
:param fd: File descriptor (integer). :return: None, or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/godbg/","title":"pwndbg.aglib.godbg","text":""},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg","title":"godbg","text":"Classes:
-
FormatOpts\u2013 -
Type\u2013 -
GoTypeKind\u2013 -
GoTypeMeta\u2013 -
BackrefType\u2013A temporary placeholder type used when dumping recursive types, e.g. type a []a
-
BasicType\u2013A primitive Go type.
-
SliceType\u2013A slice type in Go, notated as []inner.
-
PointerType\u2013A pointer type in Go, notated as *inner.
-
ArrayType\u2013An array type in Go, notated as [count]inner.
-
MapType\u2013A map type in Go, notated as map[key]val.
-
StructType\u2013A struct type in Go, notated as struct(SIZE){FIELDS},
-
RuntimeType\u2013A value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS,
Functions:
-
word_size\u2013Gets the Go word size for the current architecture.
-
compute_offsets\u2013Given a list of (size, alignment) for struct field types,
-
compute_named_offsets\u2013Like compute_offsets, but takes in field names and returns a dictionary
-
load_uint\u2013 -
load_int\u2013 -
load_float\u2013 -
emit_warning\u2013 -
get_elf\u2013 -
read_buildversion\u2013Reads a Go runtime.buildVersion string to extract the version.
-
get_go_version\u2013Try to determine the Go version used to compile the binary.
-
get_type_start\u2013Given the address to a type, try to find the moduledata types section containing it.
-
read_varint_str\u2013Read a length-prefix string encoded with Go's variable length encoding.
-
read_type_name\u2013Reads a Go type name given the address to the name.
-
decode_runtime_type\u2013Decodes a runtime reflection type from memory, returning a (meta, type) tuplee.
-
parse_type\u2013
Attributes:
-
line_width\u2013 -
indent_amount\u2013 -
debug_color\u2013 -
hex_digits\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.indent_amount","title":"indent_amountline_width = add_param(\n \"go-dump-line-width\", 80, \"the soft line width for go-dump pretty printing\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.debug_color","title":"debug_colorindent_amount = add_param(\n \"go-dump-indent-amount\", 4, \"the indent amount for go-dump pretty printing\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.hex_digits","title":"hex_digitsdebug_color = add_color_param(\n \"go-dump-debug\",\n \"blue\",\n \"color for 'go-dump' command's debug info when --debug is specified\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts","title":"FormatOptshex_digits = set('0123456789abcdefABCDEFxX')\ndataclass","text":"FormatOpts(\n int_hex: bool = False,\n debug: bool = False,\n pretty: bool = False,\n float_decimals: int | None = None,\n)\nMethods:
-
fmt_int\u2013 -
fmt_float\u2013 -
fmt_str\u2013 -
fmt_bytes\u2013 -
fmt_debug\u2013 -
fmt_elems\u2013 -
fmt_ptr\u2013
Attributes:
-
int_hex(bool) \u2013 -
debug(bool) \u2013 -
pretty(bool) \u2013 -
float_decimals(int | None) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.debug","title":"debugint_hex: bool = False\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.pretty","title":"prettydebug: bool = False\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.float_decimals","title":"float_decimalspretty: bool = False\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_int","title":"fmt_int","text":"float_decimals: int | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_float","title":"fmt_float","text":"fmt_int(val: int) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_str","title":"fmt_str","text":"fmt_float(val: float) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_bytes","title":"fmt_bytes","text":"fmt_str(val: str) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_debug","title":"fmt_debug","text":"fmt_bytes(val: bytes) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_elems","title":"fmt_elems","text":"fmt_debug(val: str, default: str = '') -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_ptr","title":"fmt_ptr","text":"fmt_elems(elems: Iterable[str]) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type","title":"Typefmt_ptr(val: int) -> str\ndataclass","text":"Type(meta: GoTypeMeta | None)\nBases:
ABCMethods:
-
dump\u2013Dump a type from memory given an address and format.
-
size\u2013Returns the size of a type in bytes.
-
get_typename\u2013Returns the typename of a type. Should be reparsable via _parse_ty.
-
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata\u2013Returns a list of lines of additional metadata to dump from the
go-typecommand. -
__str__\u2013
Attributes:
-
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.dump","title":"dumpmeta: GoTypeMeta | None\nabstractmethod","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\nDump a type from memory given an address and format.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.size","title":"sizeabstractmethod","text":"size() -> int\nReturns the size of a type in bytes.
Used for computing array and struct layouts.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.get_typename","title":"get_typenameabstractmethod","text":"get_typename() -> str\nReturns the typename of a type. Should be reparsable via _parse_ty.
Also used to get the string representation.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\nReturns a list of lines of additional metadata to dump from the
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.__str__","title":"__str__","text":"go-typecommand.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind","title":"GoTypeKind","text":"__str__() -> str\nBases:
IntEnumMethods:
-
get_simple_name\u2013
Attributes:
-
INVALID\u2013 -
BOOL\u2013 -
INT\u2013 -
INT8\u2013 -
INT16\u2013 -
INT32\u2013 -
INT64\u2013 -
UINT\u2013 -
UINT8\u2013 -
UINT16\u2013 -
UINT32\u2013 -
UINT64\u2013 -
UINTPTR\u2013 -
FLOAT32\u2013 -
FLOAT64\u2013 -
COMPLEX64\u2013 -
COMPLEX128\u2013 -
ARRAY\u2013 -
CHAN\u2013 -
FUNC\u2013 -
INTERFACE\u2013 -
MAP\u2013 -
POINTER\u2013 -
SLICE\u2013 -
STRING\u2013 -
STRUCT\u2013 -
UNSAFEPOINTER\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.BOOL","title":"BOOLINVALID = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT","title":"INTBOOL = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT8","title":"INT8INT = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT16","title":"INT16INT8 = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT32","title":"INT32INT16 = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT64","title":"INT64INT32 = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT","title":"UINTINT64 = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT8","title":"UINT8UINT = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT16","title":"UINT16UINT8 = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT32","title":"UINT32UINT16 = 9\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT64","title":"UINT64UINT32 = 10\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINTPTR","title":"UINTPTRUINT64 = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT32","title":"FLOAT32UINTPTR = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT64","title":"FLOAT64FLOAT32 = 13\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX64","title":"COMPLEX64FLOAT64 = 14\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX128","title":"COMPLEX128COMPLEX64 = 15\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.ARRAY","title":"ARRAYCOMPLEX128 = 16\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.CHAN","title":"CHANARRAY = 17\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FUNC","title":"FUNCCHAN = 18\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INTERFACE","title":"INTERFACEFUNC = 19\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.MAP","title":"MAPINTERFACE = 20\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.POINTER","title":"POINTERMAP = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.SLICE","title":"SLICEPOINTER = 22\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRING","title":"STRINGSLICE = 23\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRUCT","title":"STRUCTSTRING = 24\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UNSAFEPOINTER","title":"UNSAFEPOINTERSTRUCT = 25\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.get_simple_name","title":"get_simple_name","text":"UNSAFEPOINTER = 26\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta","title":"GoTypeMetaget_simple_name() -> str | None\ndataclass","text":"GoTypeMeta(\n name: str,\n kind: GoTypeKind,\n addr: int,\n size: int = 0,\n align: int = 1,\n direct_iface: bool = False,\n)\nAttributes:
-
name(str) \u2013 -
kind(GoTypeKind) \u2013 -
addr(int) \u2013 -
size(int) \u2013 -
align(int) \u2013 -
direct_iface(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.kind","title":"kindname: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.addr","title":"addrkind: GoTypeKind\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.size","title":"sizeaddr: int\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.align","title":"alignsize: int = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.direct_iface","title":"direct_ifacealign: int = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType","title":"BackrefTypedirect_iface: bool = False\ndataclass","text":"BackrefType(meta: GoTypeMeta | None, key: int)\nBases:
TypeA temporary placeholder type used when dumping recursive types, e.g. type a []a
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata\u2013Returns a list of lines of additional metadata to dump from the
go-typecommand. -
__str__\u2013
Attributes:
-
key(int) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.meta","title":"metakey: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts())\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.is_cyclic","title":"is_cyclic","text":"get_typename() -> str\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\nReturns a list of lines of additional metadata to dump from the
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.__str__","title":"__str__","text":"go-typecommand.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType","title":"BasicType__str__() -> str\ndataclass","text":"BasicType(meta: GoTypeMeta | None, name: str, extra_meta: list[str] = list())\nBases:
TypeA primitive Go type.
Complex numbers are laid out as a real and imaginary part (both floats). Strings are laid out as a pointer and a length.
Methodless interfaces (the interface{} type) are denoted as any, and interfaces with methods are denoted as interface.
Function pointers are denoted as funcptr.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
__post_init__\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
name(str) \u2013 -
sz(int) \u2013 -
extra_meta(list[str]) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.sz","title":"szname: str\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.extra_meta","title":"extra_metasz: int = field(init=False)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.meta","title":"metaextra_meta: list[str] = field(default_factory=list)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__post_init__","title":"__post_init__","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.is_cyclic","title":"is_cyclic","text":"__post_init__() -> None\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType","title":"SliceType__str__() -> str\ndataclass","text":"SliceType(meta: GoTypeMeta | None, inner: Type)\nBases:
TypeA slice type in Go, notated as []inner.
Slices are laid out as a pointer, length, and capacity.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
inner(Type) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.meta","title":"metainner: Type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.is_cyclic","title":"is_cyclic","text":"additional_metadata() -> list[str]\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType","title":"PointerType__str__() -> str\ndataclass","text":"PointerType(meta: GoTypeMeta | None, inner: Type)\nBases:
TypeA pointer type in Go, notated as *inner.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
inner(Type) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.meta","title":"metainner: Type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.is_cyclic","title":"is_cyclic","text":"additional_metadata() -> list[str]\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType","title":"ArrayType__str__() -> str\ndataclass","text":"ArrayType(meta: GoTypeMeta | None, inner: Type, count: int)\nBases:
TypeAn array type in Go, notated as [count]inner.
Arrays are laid out as contiguous data.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
inner(Type) \u2013 -
count(int) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.count","title":"countinner: Type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.meta","title":"metacount: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.is_cyclic","title":"is_cyclic","text":"additional_metadata() -> list[str]\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType","title":"MapType__str__() -> str\ndataclass","text":"MapType(meta: GoTypeMeta | None, key: Type, val: Type)\nBases:
TypeA map type in Go, notated as map[key]val.
Note that maps in Go are actually pointers to the inner map, but the map type printer here directly prints the inner map.
Maps don't have a simple layout, and may reasonably change, but the last change was in 2017, so it probably won't.
The layout assumed is as follows (taken from src/runtime/map.go commit 1b4f1dc):
type hmap struct { count int flags uint8 B uint8 noverflow uint16 hash0 uint32 buckets unsafe.Pointer oldbuckets unsafe.Pointer nevacuate uintptr extra *mapextra }
Methods:
-
field_offsets\u2013 -
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
key(Type) \u2013 -
val(Type) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.val","title":"valkey: Type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.meta","title":"metaval: Type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets","title":"field_offsetsmeta: GoTypeMeta | None\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.dump","title":"dump","text":"field_offsets() -> dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.is_cyclic","title":"is_cyclic","text":"additional_metadata() -> list[str]\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType","title":"StructType__str__() -> str\ndataclass","text":"StructType(\n meta: GoTypeMeta | None,\n fields: list[tuple[str, str | Type, int]],\n sz: int,\n name: str | None = None,\n)\nBases:
TypeA struct type in Go, notated as struct(SIZE){FIELDS}, where SIZE is the size of the struct in bytes, and FIELDS is a semicolon-separated list of OFFSET:NAME:TYPE fields.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
fields(list[tuple[str, str | Type, int]]) \u2013 -
sz(int) \u2013 -
name(str | None) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.sz","title":"szfields: list[tuple[str, str | Type, int]]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.name","title":"namesz: int\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.meta","title":"metaname: str | None = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.is_cyclic","title":"is_cyclic","text":"additional_metadata() -> list[str]\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType","title":"RuntimeType__str__() -> str\ndataclass","text":"RuntimeType(meta: GoTypeMeta | None, sz: int, addr: int)\nBases:
TypeA value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS, where SIZE is the size of the type's value in bytes, and ADDRESS is the address of the type.
This type is useful for serializing cyclic types.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata\u2013Returns a list of lines of additional metadata to dump from the
go-typecommand. -
__str__\u2013
Attributes:
-
sz(int) \u2013 -
addr(int) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.addr","title":"addrsz: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.meta","title":"metaaddr: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.is_cyclic","title":"is_cyclic","text":"get_typename() -> str\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\nReturns a list of lines of additional metadata to dump from the
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.__str__","title":"__str__","text":"go-typecommand.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.word_size","title":"word_size","text":"__str__() -> str\nword_size() -> int\nGets the Go word size for the current architecture.
Values taken from https://github.com/golang/go/blob/20b79fd5775c39061d949569743912ad5e58b0e7/src/go/types/sizes.go#L233-L252
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_offsets","title":"compute_offsets","text":"compute_offsets(fields: Iterable[tuple[int, int]]) -> list[int]\nGiven a list of (size, alignment) for struct field types, returns a list of field offsets for the struct. The last element will be the offset of the struct's end (the struct size).
Layout computation taken from src/go/types/sizes.go commit 1b4f1dc
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_named_offsets","title":"compute_named_offsets","text":"compute_named_offsets(fields: Iterable[tuple[str, int, int]]) -> dict[str, int]\nLike compute_offsets, but takes in field names and returns a dictionary mapping field name to offset instead.
Also maps in a special $size field with the size of the struct.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_uint","title":"load_uint","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_int","title":"load_int","text":"load_uint(data: bytes, endian: Literal['little', 'big'] | None = None) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_float","title":"load_float","text":"load_int(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.emit_warning","title":"emit_warning","text":"load_float(data: bytes) -> float\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_elf","title":"get_elf","text":"emit_warning(msg: str)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_buildversion","title":"read_buildversion","text":"get_elf() -> ELFInfo | None\nread_buildversion(addr: int) -> str\nReads a Go runtime.buildVersion string to extract the version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_go_version","title":"get_go_version","text":"get_go_version() -> tuple[int, ...] | None\nTry to determine the Go version used to compile the binary.
None can be returned if the version couldn't be inferred, at which point it's probably best to assume latest version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_type_start","title":"get_type_start","text":"get_type_start(addr: int | None = None) -> int | None\nGiven the address to a type, try to find the moduledata types section containing it.
Necessary to determine the base address that the type name is offset by.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_varint_str","title":"read_varint_str","text":"read_varint_str(addr: int) -> bytes\nRead a length-prefix string encoded with Go's variable length encoding.
Implementation taken from https://github.com/golang/go/blob/9d33956503c0d96c0c5666d374173f7ac9756d98/src/internal/abi/type.go#L640-L649
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_type_name","title":"read_type_name","text":"read_type_name(addr: int) -> bytes\nReads a Go type name given the address to the name.
Go type names are stored as a 1 byte bitfield followed by a varint length prefixed string after 1.17.
Prior to 1.17, they were stored as a 1 byte bitfield followed by a 2 byte length prefixed string.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.decode_runtime_type","title":"decode_runtime_type","text":"decode_runtime_type(\n addr: int, keep_backrefs: bool = False\n) -> tuple[GoTypeMeta, Type | None]\nDecodes a runtime reflection type from memory, returning a (meta, type) tuplee.
The layout assumed is as follows (taken from src/internal/abi/type.go commit 1b4f1dc):
type Type struct { Size_ uintptr PtrBytes uintptr Hash uint32 TFlag TFlag Align_ uint8 FieldAlign_ uint8 Kind_ Kind Equal func(unsafe.Pointer, unsafe.Pointer) bool GCData *byte Str NameOff PtrToThis TypeOff }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.parse_type","title":"parse_type","text":"
"},{"location":"reference/pwndbg/aglib/heap/","title":"pwndbg.aglib.heap","text":""},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap","title":"heap","text":"parse_type(ty: str) -> Type\nModules:
-
heap\u2013 -
jemalloc\u2013 -
ptmalloc\u2013 -
structs\u2013
Functions:
-
add_heap_param\u2013 -
update\u2013 -
reset\u2013 -
resolve_heap\u2013
Attributes:
-
current(MemoryAllocator | None) \u2013 -
main_arena\u2013 -
thread_arena\u2013 -
mp_\u2013 -
tcache\u2013 -
global_max_fast\u2013 -
symbol_list\u2013 -
heap_chain_limit\u2013 -
heap_corruption_check_limit\u2013 -
resolve_heap_via_heuristic\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.main_arena","title":"main_arenacurrent: MemoryAllocator | None = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.thread_arena","title":"thread_arenamain_arena = add_heap_param('main-arena', '0', 'the address of main_arena')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.mp_","title":"mp_thread_arena = add_heap_param(\n \"thread-arena\", \"0\", \"the address pointed by thread_arena\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.tcache","title":"tcachemp_ = add_heap_param('mp', '0', 'the address of mp_')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.global_max_fast","title":"global_max_fasttcache = add_heap_param('tcache', '0', 'the address pointed by tcache')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.symbol_list","title":"symbol_listglobal_max_fast = add_heap_param(\n \"global-max-fast\", \"0\", \"the address of global_max_fast\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_chain_limit","title":"heap_chain_limitsymbol_list = [main_arena, thread_arena, mp_, tcache, global_max_fast]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_corruption_check_limit","title":"heap_corruption_check_limitheap_chain_limit = add_heap_param(\n \"heap-dereference-limit\",\n 8,\n \"number of chunks to dereference in each bin\",\n param_class=PARAM_UINTEGER,\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap_via_heuristic","title":"resolve_heap_via_heuristicheap_corruption_check_limit = add_heap_param(\n \"heap-corruption-check-limit\",\n 64,\n \"amount of chunks to traverse for the bin corruption check\",\n param_class=PARAM_UINTEGER,\n help_docstring=\"\\nThe bins are traversed both forwards and backwards.\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.add_heap_param","title":"add_heap_param","text":"resolve_heap_via_heuristic = add_heap_param(\n \"resolve-heap-via-heuristic\",\n \"auto\",\n \"the strategy to resolve heap via heuristic\",\n help_docstring=\"resolve-heap-via-heuristic can be:\\nauto - pwndbg will try to use heuristics if debug symbols are missing\\nforce - pwndbg will always try to use heuristics, even if debug symbols are available\\nnever - pwndbg will never use heuristics to resolve the heap\\n\\nIf the output of the heap related command produces errors with heuristics, you can try manually setting the libc symbol addresses.\\nFor this, see the `heap_config` command output and set the `main_arena`, `mp_`, `global_max_fast`, `tcache` and `thread_arena` addresses.\\n\\nNote: pwndbg will generate more reliable results with proper debug symbols.\\nTherefore, when debug symbols are missing, you should try to install them first if you haven't already.\\n\\nThey can probably be installed via the package manager of your choice.\\nSee also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html\\n\\nE.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and 32-bit binaries):\\nsudo apt-get install libc6-dbg\\nsudo dpkg --add-architecture i386\\nsudo apt-get install libc-dbg:i386\\n\\nIf you used setup.sh on Arch based distro you'll need to do a power cycle or set environment variable manually like this: export DEBUGINFOD_URLS=https://debuginfod.archlinux.org\\n\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"auto\", \"force\", \"never\"],\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.update","title":"update","text":"add_heap_param(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.reset","title":"reset","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap","title":"resolve_heap","text":"reset() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/heap/","title":"pwndbg.aglib.heap.heap","text":""},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap","title":"heap","text":"resolve_heap(is_first_run: bool = False) -> None\nClasses:
-
MemoryAllocator\u2013Heap abstraction layer.
Heap abstraction layer.
Methods:
-
summarize\u2013Returns a textual summary of the specified address.
-
containing\u2013Returns the address of the allocation which contains 'address'.
-
is_initialized\u2013Returns whether the allocator is initialized or not.
-
libc_has_debug_syms\u2013Returns whether the libc has debug symbols or not.
summarize(address: int, **kwargs: Any) -> str\nReturns a textual summary of the specified address.
Parameters:
-
address(int) \u2013Address of the heap block to summarize.
Returns:
-
str\u2013A string.
containing(address: int) -> int\nReturns the address of the allocation which contains 'address'.
Parameters:
-
address(int) \u2013Address to look up.
Returns:
-
int\u2013An integer.
is_initialized() -> bool\nReturns whether the allocator is initialized or not.
Returns:
-
bool\u2013A boolean.
libc_has_debug_syms() -> bool\nReturns whether the libc has debug symbols or not.
Returns:
-
bool\u2013A boolean.
Classes:
-
RTree\u2013RTree is used by jemalloc to keep track of extents that are allocated by jemalloc.
-
Extent\u2013Concept of extent (edata) is similar to chunk in glibc malloc but allocation algorithm differs a lot.
Functions:
-
mask\u2013 -
lg_floor_1\u2013 -
lg_floor_2\u2013 -
lg_floor_4\u2013 -
lg_floor_8\u2013 -
lg_floor_16\u2013 -
lg_floor_32\u2013 -
lg_floor_64\u2013 -
lg_floor\u2013 -
lg_ceil\u2013
Attributes:
-
LG_VADDR\u2013 -
LG_PAGE\u2013 -
MALLOCX_ARENA_BITS\u2013 -
LG_SIZEOF_PTR\u2013 -
RTREE_NHIB\u2013 -
RTREE_NLIB\u2013 -
RTREE_NSB\u2013 -
RTREE_HEIGHT\u2013 -
LG_QUANTUM\u2013 -
SC_LG_TINY_MIN\u2013 -
SC_NTINY\u2013 -
SC_LG_NGROUP\u2013 -
SC_NGROUP\u2013 -
SC_NPSEUDO\u2013 -
SC_PTR_BITS\u2013 -
SC_LG_BASE_MAX\u2013 -
SC_LG_FIRST_REGULAR_BASE\u2013 -
SC_NREGULAR\u2013 -
SC_NSIZES\u2013 -
SC_LG_SLAB_MAXREGS\u2013 -
EDATA_BITS_ARENA_WIDTH\u2013 -
EDATA_BITS_ARENA_SHIFT\u2013 -
EDATA_BITS_ARENA_MASK\u2013 -
EDATA_BITS_SLAB_WIDTH\u2013 -
EDATA_BITS_SLAB_SHIFT\u2013 -
EDATA_BITS_SLAB_MASK\u2013 -
EDATA_BITS_COMMITTED_WIDTH\u2013 -
EDATA_BITS_COMMITTED_SHIFT\u2013 -
EDATA_BITS_COMMITTED_MASK\u2013 -
EDATA_BITS_PAI_WIDTH\u2013 -
EDATA_BITS_PAI_SHIFT\u2013 -
EDATA_BITS_PAI_MASK\u2013 -
EDATA_BITS_ZEROED_WIDTH\u2013 -
EDATA_BITS_ZEROED_SHIFT\u2013 -
EDATA_BITS_ZEROED_MASK\u2013 -
EDATA_BITS_GUARDED_WIDTH\u2013 -
EDATA_BITS_GUARDED_SHIFT\u2013 -
EDATA_BITS_GUARDED_MASK\u2013 -
EDATA_BITS_STATE_WIDTH\u2013 -
EDATA_BITS_STATE_SHIFT\u2013 -
EDATA_BITS_STATE_MASK\u2013 -
EDATA_BITS_SZIND_WIDTH\u2013 -
EDATA_BITS_SZIND_SHIFT\u2013 -
EDATA_BITS_SZIND_MASK\u2013 -
EDATA_BITS_NFREE_WIDTH\u2013 -
EDATA_BITS_NFREE_SHIFT\u2013 -
EDATA_BITS_NFREE_MASK\u2013 -
EDATA_BITS_BINSHARD_WIDTH\u2013 -
EDATA_BITS_BINSHARD_SHIFT\u2013 -
EDATA_BITS_BINSHARD_MASK\u2013 -
EDATA_BITS_IS_HEAD_WIDTH\u2013 -
EDATA_BITS_IS_HEAD_SHIFT\u2013 -
EDATA_BITS_IS_HEAD_MASK\u2013 -
rtree_levels\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_PAGE","title":"LG_PAGELG_VADDR = 48\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.MALLOCX_ARENA_BITS","title":"MALLOCX_ARENA_BITSLG_PAGE = 12\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_SIZEOF_PTR","title":"LG_SIZEOF_PTRMALLOCX_ARENA_BITS = 12\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NHIB","title":"RTREE_NHIBLG_SIZEOF_PTR = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NLIB","title":"RTREE_NLIBRTREE_NHIB = 1 << LG_SIZEOF_PTR + 3 - LG_VADDR\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NSB","title":"RTREE_NSBRTREE_NLIB = LG_PAGE\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_HEIGHT","title":"RTREE_HEIGHTRTREE_NSB = LG_VADDR - RTREE_NLIB\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_QUANTUM","title":"LG_QUANTUMRTREE_HEIGHT = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_TINY_MIN","title":"SC_LG_TINY_MINLG_QUANTUM = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NTINY","title":"SC_NTINYSC_LG_TINY_MIN = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_NGROUP","title":"SC_LG_NGROUPSC_NTINY = LG_QUANTUM - SC_LG_TINY_MIN\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NGROUP","title":"SC_NGROUPSC_LG_NGROUP = 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NPSEUDO","title":"SC_NPSEUDOSC_NGROUP = 1 << SC_LG_NGROUP\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_PTR_BITS","title":"SC_PTR_BITSSC_NPSEUDO = SC_NGROUP\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_BASE_MAX","title":"SC_LG_BASE_MAXSC_PTR_BITS = 1 << LG_SIZEOF_PTR * 8\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_FIRST_REGULAR_BASE","title":"SC_LG_FIRST_REGULAR_BASESC_LG_BASE_MAX = SC_PTR_BITS - 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NREGULAR","title":"SC_NREGULARSC_LG_FIRST_REGULAR_BASE = LG_QUANTUM + SC_LG_NGROUP\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NSIZES","title":"SC_NSIZESSC_NREGULAR = SC_NGROUP * SC_LG_BASE_MAX - SC_LG_FIRST_REGULAR_BASE + 1 - 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_SLAB_MAXREGS","title":"SC_LG_SLAB_MAXREGSSC_NSIZES = SC_NTINY + SC_NPSEUDO + SC_NREGULAR\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_WIDTH","title":"EDATA_BITS_ARENA_WIDTHSC_LG_SLAB_MAXREGS = LG_PAGE - SC_LG_TINY_MIN\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_SHIFT","title":"EDATA_BITS_ARENA_SHIFTEDATA_BITS_ARENA_WIDTH = MALLOCX_ARENA_BITS\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_MASK","title":"EDATA_BITS_ARENA_MASKEDATA_BITS_ARENA_SHIFT = 0\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_WIDTH","title":"EDATA_BITS_SLAB_WIDTHEDATA_BITS_ARENA_MASK = mask(EDATA_BITS_ARENA_WIDTH, EDATA_BITS_ARENA_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_SHIFT","title":"EDATA_BITS_SLAB_SHIFTEDATA_BITS_SLAB_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_MASK","title":"EDATA_BITS_SLAB_MASKEDATA_BITS_SLAB_SHIFT = EDATA_BITS_ARENA_WIDTH + EDATA_BITS_ARENA_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_WIDTH","title":"EDATA_BITS_COMMITTED_WIDTHEDATA_BITS_SLAB_MASK = mask(EDATA_BITS_SLAB_WIDTH, EDATA_BITS_SLAB_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_SHIFT","title":"EDATA_BITS_COMMITTED_SHIFTEDATA_BITS_COMMITTED_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_MASK","title":"EDATA_BITS_COMMITTED_MASKEDATA_BITS_COMMITTED_SHIFT = EDATA_BITS_SLAB_WIDTH + EDATA_BITS_SLAB_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_WIDTH","title":"EDATA_BITS_PAI_WIDTHEDATA_BITS_COMMITTED_MASK = mask(\n EDATA_BITS_COMMITTED_WIDTH, EDATA_BITS_COMMITTED_SHIFT\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_SHIFT","title":"EDATA_BITS_PAI_SHIFTEDATA_BITS_PAI_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_MASK","title":"EDATA_BITS_PAI_MASKEDATA_BITS_PAI_SHIFT = EDATA_BITS_COMMITTED_WIDTH + EDATA_BITS_COMMITTED_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_WIDTH","title":"EDATA_BITS_ZEROED_WIDTHEDATA_BITS_PAI_MASK = mask(EDATA_BITS_PAI_WIDTH, EDATA_BITS_PAI_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_SHIFT","title":"EDATA_BITS_ZEROED_SHIFTEDATA_BITS_ZEROED_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_MASK","title":"EDATA_BITS_ZEROED_MASKEDATA_BITS_ZEROED_SHIFT = EDATA_BITS_PAI_WIDTH + EDATA_BITS_PAI_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_WIDTH","title":"EDATA_BITS_GUARDED_WIDTHEDATA_BITS_ZEROED_MASK = mask(EDATA_BITS_ZEROED_WIDTH, EDATA_BITS_ZEROED_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_SHIFT","title":"EDATA_BITS_GUARDED_SHIFTEDATA_BITS_GUARDED_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_MASK","title":"EDATA_BITS_GUARDED_MASKEDATA_BITS_GUARDED_SHIFT = EDATA_BITS_ZEROED_WIDTH + EDATA_BITS_ZEROED_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_WIDTH","title":"EDATA_BITS_STATE_WIDTHEDATA_BITS_GUARDED_MASK = mask(\n EDATA_BITS_GUARDED_WIDTH, EDATA_BITS_GUARDED_SHIFT\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_SHIFT","title":"EDATA_BITS_STATE_SHIFTEDATA_BITS_STATE_WIDTH = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_MASK","title":"EDATA_BITS_STATE_MASKEDATA_BITS_STATE_SHIFT = EDATA_BITS_GUARDED_WIDTH + EDATA_BITS_GUARDED_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_WIDTH","title":"EDATA_BITS_SZIND_WIDTHEDATA_BITS_STATE_MASK = mask(EDATA_BITS_STATE_WIDTH, EDATA_BITS_STATE_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_SHIFT","title":"EDATA_BITS_SZIND_SHIFTEDATA_BITS_SZIND_WIDTH = lg_ceil(SC_NSIZES)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_MASK","title":"EDATA_BITS_SZIND_MASKEDATA_BITS_SZIND_SHIFT = EDATA_BITS_STATE_WIDTH + EDATA_BITS_STATE_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_WIDTH","title":"EDATA_BITS_NFREE_WIDTHEDATA_BITS_SZIND_MASK = mask(EDATA_BITS_SZIND_WIDTH, EDATA_BITS_SZIND_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_SHIFT","title":"EDATA_BITS_NFREE_SHIFTEDATA_BITS_NFREE_WIDTH = SC_LG_SLAB_MAXREGS + 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_MASK","title":"EDATA_BITS_NFREE_MASKEDATA_BITS_NFREE_SHIFT = EDATA_BITS_SZIND_WIDTH + EDATA_BITS_SZIND_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_WIDTH","title":"EDATA_BITS_BINSHARD_WIDTHEDATA_BITS_NFREE_MASK = mask(EDATA_BITS_NFREE_WIDTH, EDATA_BITS_NFREE_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_SHIFT","title":"EDATA_BITS_BINSHARD_SHIFTEDATA_BITS_BINSHARD_WIDTH = 6\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_MASK","title":"EDATA_BITS_BINSHARD_MASKEDATA_BITS_BINSHARD_SHIFT = EDATA_BITS_NFREE_WIDTH + EDATA_BITS_NFREE_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_WIDTH","title":"EDATA_BITS_IS_HEAD_WIDTHEDATA_BITS_BINSHARD_MASK = mask(\n EDATA_BITS_BINSHARD_WIDTH, EDATA_BITS_BINSHARD_SHIFT\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_SHIFT","title":"EDATA_BITS_IS_HEAD_SHIFTEDATA_BITS_IS_HEAD_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_MASK","title":"EDATA_BITS_IS_HEAD_MASKEDATA_BITS_IS_HEAD_SHIFT = EDATA_BITS_BINSHARD_WIDTH + EDATA_BITS_BINSHARD_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.rtree_levels","title":"rtree_levelsEDATA_BITS_IS_HEAD_MASK = mask(\n EDATA_BITS_IS_HEAD_WIDTH, EDATA_BITS_IS_HEAD_SHIFT\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree","title":"RTree","text":"rtree_levels = [\n [{\"bits\": RTREE_NSB, \"cumbits\": RTREE_NHIB + RTREE_NSB}],\n [\n {\"bits\": RTREE_NSB // 2, \"cumbits\": RTREE_NHIB + RTREE_NSB // 2},\n {\n \"bits\": RTREE_NSB // 2 + RTREE_NSB % 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB,\n },\n ],\n [\n {\"bits\": RTREE_NSB // 3, \"cumbits\": RTREE_NHIB + RTREE_NSB // 3},\n {\n \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 // 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB // 3 * 2 + RTREE_NSB % 3 // 2,\n },\n {\n \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 - RTREE_NSB % 3 // 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB,\n },\n ],\n]\nRTree(addr: int)\nRTree is used by jemalloc to keep track of extents that are allocated by jemalloc. Since extent data is not stored in a doubly linked list, rtree is used to find the extent belonging to a pointer that is being freed. Implementation of rtree is similar to Linux Radix tree: https://lwn.net/Articles/175432/
Methods:
-
get_rtree\u2013 -
lookup_hard\u2013Lookup the key in the rtree and return the value.
Attributes:
-
root\u2013 -
extents\u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.extents","title":"extentsroot\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.get_rtree","title":"get_rtreeextents\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leaf_maskbits","title":"__rtree_leaf_maskbits","text":"get_rtree() -> RTree\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leafkey","title":"__rtree_leafkey","text":"__rtree_leaf_maskbits(level)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__subkey","title":"__subkey","text":"__rtree_leafkey(key: int, level: int) -> int\n__subkey(key: int, level: int) -> int\nReturn a portion of the key that is used to find the node/leaf in the rtree at a specific level. Source: https://github.com/jemalloc/jemalloc/blob/5b72ac098abce464add567869d082f2097bd59a2/include/jemalloc/internal/rtree.h#L161
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__alignment_addr2base","title":"__alignment_addr2basestaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.lookup_hard","title":"lookup_hard","text":"__alignment_addr2base(addr, alignment=64)\nlookup_hard(key: int)\nLookup the key in the rtree and return the value.
How it works: - Jemalloc stores the extent address in the rtree as a node and to find a specific node we need a address key.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent","title":"Extent","text":"Extent(addr: int)\nConcept of extent (edata) is similar to chunk in glibc malloc but allocation algorithm differs a lot. - Extents are used to manage memory blocks (including jemalloc metadata) where extents sizes can vary but each block is always a multiple of the page size. - jemalloc will either allocate one large class request or multiple small class request (called slab) depending on request size. - Unlike chunks in glibc malloc, extents are not doubly linked list but are managed using rtree. - This tree is mostly used during deallocation to find the extent belonging to a pointer that is being freed. - Extents are also not stored as a header structure but externally (therefore extent metadata and actually mapped data may be very far apart).
Attributes:
-
size\u2013May be larger in case of large size class allocation when cache_oblivious is enabled.
-
extent_address(int) \u2013Address of the extent data structure (not the actual memory).
-
allocated_address(int) \u2013Starting address of allocated memory
-
bsize(int) \u2013 -
bits(int) \u2013 -
bitfields(dict[str, int]) \u2013Extract bitfields
-
state_name(str) \u2013 -
has_slab(bool) \u2013Returns True if the extent is used for small size classes.
-
is_free(bool) \u2013Returns True if the extent is free.
-
pai(str) \u2013Page Allocator Interface
property","text":"size\nMay be larger in case of large size class allocation when cache_oblivious is enabled.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.extent_address","title":"extent_addressproperty","text":"extent_address: int\nAddress of the extent data structure (not the actual memory).
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.allocated_address","title":"allocated_addressproperty","text":"allocated_address: int\nStarting address of allocated memory cache-oblivious large allocation alignment: When a large class allocation is made, jemalloc selects the closest size class that can fit the request and allocates that size + 4 KiB (0x1000). However, the pointer returned to user is randomized between the 'base' and 'base + 4 KiB' (0x1000) range. Source code: https://github.com/jemalloc/jemalloc/blob/a25b9b8ba91881964be3083db349991bbbbf1661/include/jemalloc/internal/arena_inlines_b.h#L505
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bsize","title":"bsizeproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bits","title":"bitsbsize: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bitfields","title":"bitfieldsbits: int\nproperty","text":"bitfields: dict[str, int]\nExtract bitfields
arena_ind: Arena from which this extent came, or all 1 bits if unassociated. slab: The slab flag indicates whether the extent is used for a slab of small regions. This helps differentiate small size classes, and it indicates whether interior pointers can be looked up via iealloc(). committed: The committed flag indicates whether physical memory is committed to the extent, whether explicitly or implicitly as on a system that overcommits and satisfies physical memory needs on demand via soft page faults. pai: The pai flag is an extent_pai_t. zeroed: The zeroed flag is used by extent recycling code to track whether memory is zero-filled. guarded: The guarded flag is used by the sanitizer to track whether the extent has page guards around it. state: The state flag is an extent_state_t. szind: The szind flag indicates usable size class index for allocations residing in this extent, regardless of whether the extent is a slab. Extent size and usable size often differ even for non-slabs, either due to sz_large_pad or promotion of sampled small regions. nfree: Number of free regions in slab. bin_shard: The shard of the bin from which this extent came.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.state_name","title":"state_nameproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.has_slab","title":"has_slabstate_name: str\nproperty","text":"has_slab: bool\nReturns True if the extent is used for small size classes. Reference for size in Table 1 at https://jemalloc.net/jemalloc.3.html At time of writing, allocations <= 0x3800 are considered as small allocations and has slabs.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.is_free","title":"is_freeproperty","text":"is_free: bool\nReturns True if the extent is free.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.pai","title":"paiproperty","text":"pai: str\nPage Allocator Interface
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.mask","title":"mask","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_1","title":"lg_floor_1","text":"mask(current_field_width, current_field_shift)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_2","title":"lg_floor_2","text":"lg_floor_1(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_4","title":"lg_floor_4","text":"lg_floor_2(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_8","title":"lg_floor_8","text":"lg_floor_4(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_16","title":"lg_floor_16","text":"lg_floor_8(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_32","title":"lg_floor_32","text":"lg_floor_16(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_64","title":"lg_floor_64","text":"lg_floor_32(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor","title":"lg_floor","text":"lg_floor_64(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_ceil","title":"lg_ceil","text":"lg_floor(x)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/","title":"pwndbg.aglib.heap.ptmalloc","text":""},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc","title":"ptmalloc","text":"lg_ceil(x)\nClasses:
-
BinType\u2013 -
Bin\u2013 -
Bins\u2013 -
ChunkField\u2013 -
Chunk\u2013 -
Heap\u2013 -
Arena\u2013 -
GlibcMemoryAllocator\u2013 -
DebugSymsHeap\u2013 -
SymbolUnresolvableError\u2013 -
HeuristicHeap\u2013
Functions:
-
heap_for_ptr\u2013Round a pointer to a chunk down to find its corresponding heap_info
-
fetch_chunk_metadata\u2013
Attributes:
-
PREV_INUSE\u2013 -
IS_MMAPPED\u2013 -
NON_MAIN_ARENA\u2013 -
SIZE_BITS\u2013 -
NONCONTIGUOUS_BIT\u2013 -
TheType\u2013 -
TheValue\u2013 -
HEAP_MAX_SIZE(int) \u2013 -
NBINS\u2013 -
BINMAPSIZE\u2013 -
TCACHE_MAX_BINS\u2013 -
NFASTBINS\u2013 -
NSMALLBINS\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.IS_MMAPPED","title":"IS_MMAPPEDPREV_INUSE = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NON_MAIN_ARENA","title":"NON_MAIN_ARENAIS_MMAPPED = 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SIZE_BITS","title":"SIZE_BITSNON_MAIN_ARENA = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NONCONTIGUOUS_BIT","title":"NONCONTIGUOUS_BITSIZE_BITS = PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheType","title":"TheTypeNONCONTIGUOUS_BIT = 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheValue","title":"TheValueTheType = TypeVar('TheType', Type, Type[CStruct2GDB])\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HEAP_MAX_SIZE","title":"HEAP_MAX_SIZETheValue = TypeVar('TheValue', Value, CStruct2GDB)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NBINS","title":"NBINSHEAP_MAX_SIZE: int = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BINMAPSIZE","title":"BINMAPSIZENBINS = 128\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TCACHE_MAX_BINS","title":"TCACHE_MAX_BINSBINMAPSIZE = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NFASTBINS","title":"NFASTBINSTCACHE_MAX_BINS = 64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NSMALLBINS","title":"NSMALLBINSNFASTBINS = 10\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType","title":"BinType","text":"NSMALLBINS = 64\nBases:
str,EnumMethods:
-
valid_fields\u2013
Attributes:
-
TCACHE\u2013 -
FAST\u2013 -
SMALL\u2013 -
LARGE\u2013 -
UNSORTED\u2013 -
NOT_IN_BIN\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.FAST","title":"FASTTCACHE = 'tcachebins'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.SMALL","title":"SMALLFAST = 'fastbins'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.LARGE","title":"LARGESMALL = 'smallbins'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.UNSORTED","title":"UNSORTEDLARGE = 'largebins'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.NOT_IN_BIN","title":"NOT_IN_BINUNSORTED = 'unsortedbin'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.valid_fields","title":"valid_fields","text":"NOT_IN_BIN = 'not_in_bin'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin","title":"Bin","text":"valid_fields() -> list[str]\nBin(\n fd_chain: list[int],\n bk_chain: list[int] | None = None,\n count: int | None = None,\n is_corrupted: bool = False,\n)\nMethods:
-
contains_chunk\u2013 -
size_to_display_name\u2013
Attributes:
-
fd_chain\u2013 -
bk_chain\u2013 -
count\u2013 -
is_corrupted\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.bk_chain","title":"bk_chainfd_chain = fd_chain\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.count","title":"countbk_chain = bk_chain\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.is_corrupted","title":"is_corruptedcount = count\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.contains_chunk","title":"contains_chunk","text":"is_corrupted = is_corrupted\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.size_to_display_name","title":"size_to_display_namecontains_chunk(chunk: int) -> bool\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins","title":"Bins","text":"size_to_display_name(size: int | str) -> str\nBins(bin_type: BinType)\nMethods:
-
contains_chunk\u2013
Attributes:
-
bins(OrderedDict[int | str, Bin]) \u2013 -
bin_type\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.bin_type","title":"bin_typebins: OrderedDict[int | str, Bin] = OrderedDict()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.contains_chunk","title":"contains_chunk","text":"bin_type = bin_type\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField","title":"ChunkField","text":"contains_chunk(size: int, chunk: int)\nBases:
int,EnumAttributes:
-
PREV_SIZE\u2013 -
SIZE\u2013 -
FD\u2013 -
BK\u2013 -
FD_NEXTSIZE\u2013 -
BK_NEXTSIZE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.SIZE","title":"SIZEPREV_SIZE = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD","title":"FDSIZE = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK","title":"BKFD = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD_NEXTSIZE","title":"FD_NEXTSIZEBK = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK_NEXTSIZE","title":"BK_NEXTSIZEFD_NEXTSIZE = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk","title":"Chunk","text":"BK_NEXTSIZE = 6\nChunk(addr: int, heap: Heap | None = None, arena: Arena | None = None)\nMethods:
-
next_chunk\u2013 -
__contains__\u2013This allow us to avoid extra constructions like 'if start_addr <= ptr < end_addr', etc.
Attributes:
-
__slots__\u2013 -
address\u2013 -
prev_size(int | None) \u2013 -
size(int | None) \u2013 -
real_size(int | None) \u2013 -
flags(dict[str, bool] | None) \u2013 -
non_main_arena(bool | None) \u2013 -
is_mmapped(bool | None) \u2013 -
prev_inuse(bool | None) \u2013 -
fd\u2013 -
bk\u2013 -
fd_nextsize\u2013 -
bk_nextsize\u2013 -
heap(Heap) \u2013 -
arena(Arena | None) \u2013 -
is_top_chunk\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.address","title":"address__slots__ = (\n \"_gdbValue\",\n \"address\",\n \"_prev_size\",\n \"_size\",\n \"_real_size\",\n \"_flags\",\n \"_non_main_arena\",\n \"_is_mmapped\",\n \"_prev_inuse\",\n \"_fd\",\n \"_bk\",\n \"_fd_nextsize\",\n \"_bk_nextsize\",\n \"_heap\",\n \"_arena\",\n \"_is_top_chunk\",\n)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_size","title":"prev_sizeaddress = int(address)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.size","title":"sizeprev_size: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.real_size","title":"real_sizesize: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.flags","title":"flagsreal_size: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.non_main_arena","title":"non_main_arenaflags: dict[str, bool] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_mmapped","title":"is_mmappednon_main_arena: bool | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_inuse","title":"prev_inuseis_mmapped: bool | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd","title":"fdprev_inuse: bool | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk","title":"bkfd\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd_nextsize","title":"fd_nextsizebk\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk_nextsize","title":"bk_nextsizefd_nextsize\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.heap","title":"heapbk_nextsize\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.arena","title":"arenaheap: Heap\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_top_chunk","title":"is_top_chunkarena: Arena | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__match_renamed_field","title":"__match_renamed_field","text":"is_top_chunk\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.next_chunk","title":"next_chunk","text":"__match_renamed_field(field: str)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__contains__","title":"__contains__","text":"next_chunk()\n__contains__(addr: int) -> bool\nThis allow us to avoid extra constructions like 'if start_addr <= ptr < end_addr', etc.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap","title":"Heap","text":"Heap(addr: int, arena: Arena | None = None)\n1) main_arena - uses the sbrk heap 2) non-main arena - heap starts after its heap_info struct (and possibly an arena) 3) non-contiguous main_arena - just a memory region 4) no arena - for fake/mmapped chunks
Methods:
-
__iter__\u2013 -
__contains__\u2013 -
__str__\u2013
Attributes:
-
__slots__\u2013 -
arena\u2013 -
start(int) \u2013 -
end(int) \u2013 -
first_chunk\u2013 -
prev\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.arena","title":"arena__slots__ = (\n \"_gdbValue\",\n \"arena\",\n \"_memory_region\",\n \"start\",\n \"end\",\n \"_prev\",\n \"first_chunk\",\n)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.start","title":"startarena = main_arena if arena is None else arena\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.end","title":"endstart: int = start\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.first_chunk","title":"first_chunkend: int = end\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.prev","title":"prevfirst_chunk = Chunk(start)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__iter__","title":"__iter__","text":"prev\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__contains__","title":"__contains__","text":"__iter__()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__str__","title":"__str__","text":"__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena","title":"Arena","text":"__str__() -> str\nArena(addr: int)\nMethods:
-
fastbins\u2013 -
__str__\u2013
Attributes:
-
__slots__\u2013 -
address\u2013 -
is_main_arena(bool) \u2013 -
mutex(int | None) \u2013 -
flags(int | None) \u2013 -
non_contiguous(bool | None) \u2013 -
have_fastchunks(int | None) \u2013 -
top(int | None) \u2013 -
fastbinsY(list[int]) \u2013 -
bins(list[int]) \u2013 -
binmap(list[int]) \u2013 -
next(int | None) \u2013 -
next_free(int | None) \u2013 -
system_mem(int | None) \u2013 -
active_heap(Heap) \u2013 -
heaps\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.address","title":"address__slots__ = (\n \"_gdbValue\",\n \"address\",\n \"_is_main_arena\",\n \"_top\",\n \"_active_heap\",\n \"_heaps\",\n \"_mutex\",\n \"_flags\",\n \"_non_contiguous\",\n \"_have_fastchunks\",\n \"_fastbinsY\",\n \"_bins\",\n \"_binmap\",\n \"_next\",\n \"_next_free\",\n \"_system_mem\",\n)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.is_main_arena","title":"is_main_arenaaddress = int(address)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.mutex","title":"mutexis_main_arena: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.flags","title":"flagsmutex: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.non_contiguous","title":"non_contiguousflags: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.have_fastchunks","title":"have_fastchunksnon_contiguous: bool | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.top","title":"tophave_fastchunks: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbinsY","title":"fastbinsYtop: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.bins","title":"binsfastbinsY: list[int]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.binmap","title":"binmapbins: list[int]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next","title":"nextbinmap: list[int]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next_free","title":"next_freenext: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.system_mem","title":"system_memnext_free: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.active_heap","title":"active_heapsystem_mem: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.heaps","title":"heapsactive_heap: Heap\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbins","title":"fastbins","text":"heaps\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.__str__","title":"__str__","text":"fastbins() -> Bins\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator","title":"GlibcMemoryAllocator","text":"__str__() -> str\nGlibcMemoryAllocator()\nBases:
MemoryAllocator,Generic[TheType, TheValue]Methods:
-
largebin_reverse_lookup\u2013Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index\u2013 -
can_be_resolved\u2013 -
has_tcache\u2013 -
chunk_flags\u2013 -
chunk_key_offset\u2013Find the index of a field in the malloc_chunk struct.
-
get_heap\u2013 -
get_tcache\u2013 -
get_sbrk_heap_region\u2013 -
get_region\u2013Find the memory map containing 'addr'.
-
get_bins\u2013 -
fastbin_index\u2013 -
fastbins\u2013Returns: chain or None
-
tcachebins\u2013Returns: tuple(chain, count) or None
-
check_chain_corrupted\u2013Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at\u2013Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin\u2013 -
smallbins\u2013 -
largebins\u2013 -
largebin_index_32\u2013Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big\u2013Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64\u2013Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index\u2013Pick the appropriate largebin_index_ function for this architecture.
-
is_initialized\u2013 -
is_statically_linked\u2013 -
libc_has_debug_syms\u2013The
struct malloc_chunkcomes from debugging symbols and it will not be there -
summarize\u2013Returns a textual summary of the specified address.
-
containing\u2013Returns the address of the allocation which contains 'address'.
Attributes:
-
largebin_reverse_lookup_32\u2013 -
largebin_reverse_lookup_32_big\u2013 -
largebin_reverse_lookup_64\u2013 -
main_arena(Arena | None) \u2013 -
arenas(tuple[Arena, ...]) \u2013Return a tuple of all current arenas.
-
thread_arena(Arena | None) \u2013 -
thread_cache(TheValue | None) \u2013 -
mp(TheValue | None) \u2013 -
global_max_fast(int | None) \u2013 -
heap_info(TheType | None) \u2013 -
malloc_chunk(TheType | None) \u2013 -
malloc_state(TheType | None) \u2013 -
tcache_perthread_struct(TheType | None) \u2013 -
tcache_entry(TheType | None) \u2013 -
mallinfo(TheType | None) \u2013 -
malloc_par(TheType | None) \u2013 -
malloc_alignment(int) \u2013Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz(int) \u2013Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask(int) \u2013Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize(int) \u2013Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size(int) \u2013Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded(bool) \u2013Is malloc operating within a multithreaded environment.
-
tcache_next_offset(int) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_biglargebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.main_arena","title":"main_arenalargebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.arenas","title":"arenasmain_arena: Arena | None\nproperty","text":"arenas: tuple[Arena, ...]\nReturn a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_arena","title":"thread_arenaproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_cache","title":"thread_cachethread_arena: Arena | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mp","title":"mpthread_cache: TheValue | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.global_max_fast","title":"global_max_fastmp: TheValue | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.heap_info","title":"heap_infoglobal_max_fast: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_chunk","title":"malloc_chunkheap_info: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_state","title":"malloc_statemalloc_chunk: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_perthread_struct","title":"tcache_perthread_structmalloc_state: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_entry","title":"tcache_entrytcache_perthread_struct: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mallinfo","title":"mallinfotcache_entry: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_par","title":"malloc_parmallinfo: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_alignment","title":"malloc_alignmentmalloc_par: TheType | None\nproperty","text":"malloc_alignment: int\nCorresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.size_sz","title":"size_szproperty","text":"size_sz: int\nCorresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_align_mask","title":"malloc_align_maskproperty","text":"malloc_align_mask: int\nCorresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.minsize","title":"minsizeproperty","text":"minsize: int\nCorresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.min_chunk_size","title":"min_chunk_sizeproperty","text":"min_chunk_size: int\nCorresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.multithreaded","title":"multithreadedproperty","text":"multithreaded: bool\nIs malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_next_offset","title":"tcache_next_offsetproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"tcache_next_offset: int\nlargebin_reverse_lookup(index: int) -> int\nPick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.can_be_resolved","title":"can_be_resolved","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.has_tcache","title":"has_tcache","text":"can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_flags","title":"chunk_flags","text":"has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_key_offset","title":"chunk_key_offset","text":"chunk_flags(size: int) -> tuple[int, int, int]\nchunk_key_offset(key: str) -> int | None\nFind the index of a field in the malloc_chunk struct.
64bit exampleprev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_heap","title":"get_heap","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_tcache","title":"get_tcache","text":"get_heap(addr: int) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_tcache(tcache_addr: int | None = None) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_region","title":"get_region","text":"get_sbrk_heap_region() -> Page | None\nget_region(addr: int | Value | None) -> Page | None\nFind the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_bins","title":"get_bins","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbin_index","title":"fastbin_index","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbins","title":"fastbins","text":"fastbin_index(size: int)\nfastbins(arena_addr: int | None = None) -> Bins | None\nReturns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\nReturns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\nChecks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\nModeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.unsortedbin","title":"unsortedbin","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.smallbins","title":"smallbins","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebins","title":"largebins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32","title":"largebin_index_32","text":"largebins(arena_addr: int | None = None) -> Bins | None\nlargebin_index_32(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\nPick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_initialized","title":"is_initialized","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_statically_linked","title":"is_statically_linked","text":"is_initialized()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.libc_has_debug_syms","title":"libc_has_debug_syms","text":"is_statically_linked() -> bool\nlibc_has_debug_syms() -> bool\nThe
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.summarize","title":"summarize","text":"struct malloc_chunkcomes from debugging symbols and it will not be there for statically linked binariessummarize(address: int, **kwargs: Any) -> str\nReturns a textual summary of the specified address.
Parameters:
-
address(int) \u2013Address of the heap block to summarize.
Returns:
-
str\u2013A string.
containing(address: int) -> int\nReturns the address of the allocation which contains 'address'.
Parameters:
-
address(int) \u2013Address to look up.
Returns:
-
int\u2013An integer.
DebugSymsHeap()\nBases:
GlibcMemoryAllocator[Type, Value]Methods:
-
has_tcache\u2013 -
get_heap\u2013Find & read the heap_info struct belonging to the chunk at 'addr'.
-
get_tcache\u2013 -
get_sbrk_heap_region\u2013Return a Page object representing the sbrk heap region.
-
is_initialized\u2013 -
summarize\u2013Returns a textual summary of the specified address.
-
containing\u2013Returns the address of the allocation which contains 'address'.
-
libc_has_debug_syms\u2013The
struct malloc_chunkcomes from debugging symbols and it will not be there -
largebin_reverse_lookup\u2013Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index\u2013 -
chunk_flags\u2013 -
chunk_key_offset\u2013Find the index of a field in the malloc_chunk struct.
-
get_region\u2013Find the memory map containing 'addr'.
-
get_bins\u2013 -
fastbin_index\u2013 -
fastbins\u2013Returns: chain or None
-
tcachebins\u2013Returns: tuple(chain, count) or None
-
check_chain_corrupted\u2013Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at\u2013Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin\u2013 -
smallbins\u2013 -
largebins\u2013 -
largebin_index_32\u2013Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big\u2013Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64\u2013Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index\u2013Pick the appropriate largebin_index_ function for this architecture.
-
is_statically_linked\u2013
Attributes:
-
can_be_resolved\u2013 -
main_arena(Arena | None) \u2013 -
thread_arena(Arena | None) \u2013 -
thread_cache(Value | None) \u2013Locate a thread's tcache struct. If it doesn't have one, use the main
-
mp(Value | None) \u2013 -
global_max_fast(int | None) \u2013 -
heap_info(Type | None) \u2013 -
malloc_chunk(Type | None) \u2013 -
malloc_state(Type | None) \u2013 -
tcache_perthread_struct(Type | None) \u2013 -
tcache_entry(Type | None) \u2013 -
mallinfo(Type | None) \u2013 -
malloc_par(Type | None) \u2013 -
largebin_reverse_lookup_32\u2013 -
largebin_reverse_lookup_32_big\u2013 -
largebin_reverse_lookup_64\u2013 -
arenas(tuple[Arena, ...]) \u2013Return a tuple of all current arenas.
-
malloc_alignment(int) \u2013Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz(int) \u2013Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask(int) \u2013Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize(int) \u2013Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size(int) \u2013Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded(bool) \u2013Is malloc operating within a multithreaded environment.
-
tcache_next_offset(int) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.main_arena","title":"main_arenacan_be_resolved = libc_has_debug_syms\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_arena","title":"thread_arenamain_arena: Arena | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_cache","title":"thread_cachethread_arena: Arena | None\nproperty","text":"thread_cache: Value | None\nLocate a thread's tcache struct. If it doesn't have one, use the main thread's tcache.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mp","title":"mpproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.global_max_fast","title":"global_max_fastmp: Value | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.heap_info","title":"heap_infoglobal_max_fast: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_chunk","title":"malloc_chunkheap_info: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_state","title":"malloc_statemalloc_chunk: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_perthread_struct","title":"tcache_perthread_structmalloc_state: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_entry","title":"tcache_entrytcache_perthread_struct: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mallinfo","title":"mallinfotcache_entry: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_par","title":"malloc_parmallinfo: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32malloc_par: Type | None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_biglargebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.arenas","title":"arenaslargebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nproperty","text":"arenas: tuple[Arena, ...]\nReturn a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_alignment","title":"malloc_alignmentproperty","text":"malloc_alignment: int\nCorresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.size_sz","title":"size_szproperty","text":"size_sz: int\nCorresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_align_mask","title":"malloc_align_maskproperty","text":"malloc_align_mask: int\nCorresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.minsize","title":"minsizeproperty","text":"minsize: int\nCorresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.min_chunk_size","title":"min_chunk_sizeproperty","text":"min_chunk_size: int\nCorresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.multithreaded","title":"multithreadedproperty","text":"multithreaded: bool\nIs malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_next_offset","title":"tcache_next_offsetproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.has_tcache","title":"has_tcache","text":"tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_heap","title":"get_heap","text":"has_tcache() -> bool\nget_heap(addr: int) -> Value | None\nFind & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_tcache","title":"get_tcache","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_tcache(tcache_addr: int | Value | None = None) -> Value | None\nget_sbrk_heap_region() -> Page | None\nReturn a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_initialized","title":"is_initialized","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.summarize","title":"summarize","text":"is_initialized() -> bool\nsummarize(address: int, **kwargs: Any) -> str\nReturns a textual summary of the specified address.
Parameters:
-
address(int) \u2013Address of the heap block to summarize.
Returns:
-
str\u2013A string.
containing(address: int) -> int\nReturns the address of the allocation which contains 'address'.
Parameters:
-
address(int) \u2013Address to look up.
Returns:
-
int\u2013An integer.
libc_has_debug_syms() -> bool\nThe
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"struct malloc_chunkcomes from debugging symbols and it will not be there for statically linked binarieslargebin_reverse_lookup(index: int) -> int\nPick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_flags","title":"chunk_flags","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_key_offset","title":"chunk_key_offset","text":"chunk_flags(size: int) -> tuple[int, int, int]\nchunk_key_offset(key: str) -> int | None\nFind the index of a field in the malloc_chunk struct.
64bit exampleprev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_region","title":"get_region","text":"get_region(addr: int | Value | None) -> Page | None\nFind the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_bins","title":"get_bins","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbin_index","title":"fastbin_index","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbins","title":"fastbins","text":"fastbin_index(size: int)\nfastbins(arena_addr: int | None = None) -> Bins | None\nReturns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\nReturns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\nChecks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\nModeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.unsortedbin","title":"unsortedbin","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.smallbins","title":"smallbins","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebins","title":"largebins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32","title":"largebin_index_32","text":"largebins(arena_addr: int | None = None) -> Bins | None\nlargebin_index_32(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\nPick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_statically_linked","title":"is_statically_linked","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SymbolUnresolvableError","title":"SymbolUnresolvableError","text":"is_statically_linked() -> bool\nSymbolUnresolvableError(symbol: str)\nBases:
ExceptionAttributes:
-
symbol\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap","title":"HeuristicHeap","text":"symbol = symbol\nHeuristicHeap()\nBases:
GlibcMemoryAllocator[Type['pwndbg.aglib.heap.structs.CStruct2GDB'], 'pwndbg.aglib.heap.structs.CStruct2GDB']Methods:
-
can_be_resolved\u2013 -
has_tcache\u2013 -
prompt_for_brute_force_thread_arena_permission\u2013Check if the user wants to brute force the thread_arena's value.
-
prompt_for_brute_force_thread_cache_permission\u2013Check if the user wants to brute force the tcache's value.
-
prompt_for_tls_address\u2013Check if we can determine the TLS address and return it.
-
brute_force_tls_reference_in_got_section\u2013Brute force the TLS-reference in the .got section to that can pass the validator.
-
brute_force_thread_local_variable_near_tls_base\u2013Brute force the thread-local variable near the TLS base address that can pass the validator.
-
get_heap\u2013Find & read the heap_info struct belonging to the chunk at 'addr'.
-
get_tcache\u2013 -
get_sbrk_heap_region\u2013Return a Page object representing the sbrk heap region.
-
is_initialized\u2013 -
summarize\u2013Returns a textual summary of the specified address.
-
containing\u2013Returns the address of the allocation which contains 'address'.
-
libc_has_debug_syms\u2013The
struct malloc_chunkcomes from debugging symbols and it will not be there -
largebin_reverse_lookup\u2013Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index\u2013 -
chunk_flags\u2013 -
chunk_key_offset\u2013Find the index of a field in the malloc_chunk struct.
-
get_region\u2013Find the memory map containing 'addr'.
-
get_bins\u2013 -
fastbin_index\u2013 -
fastbins\u2013Returns: chain or None
-
tcachebins\u2013Returns: tuple(chain, count) or None
-
check_chain_corrupted\u2013Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at\u2013Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin\u2013 -
smallbins\u2013 -
largebins\u2013 -
largebin_index_32\u2013Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big\u2013Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64\u2013Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index\u2013Pick the appropriate largebin_index_ function for this architecture.
-
is_statically_linked\u2013
Attributes:
-
struct_module(ModuleType | None) \u2013 -
main_arena(Arena | None) \u2013 -
thread_arena(Arena | None) \u2013 -
thread_cache('pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None) \u2013Locate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first,
-
mp('pwndbg.aglib.heap.structs.CStruct2GDB') \u2013 -
global_max_fast(int) \u2013 -
heap_info(type['pwndbg.aglib.heap.structs.HeapInfo'] | None) \u2013 -
malloc_chunk(type['pwndbg.aglib.heap.structs.MallocChunk'] | None) \u2013 -
malloc_state(type['pwndbg.aglib.heap.structs.MallocState'] | None) \u2013 -
tcache_perthread_struct(type['pwndbg.aglib.heap.structs.TcachePerthreadStruct'] | None) \u2013 -
tcache_entry(type['pwndbg.aglib.heap.structs.TcacheEntry'] | None) \u2013 -
mallinfo(type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None) \u2013 -
malloc_par(type['pwndbg.aglib.heap.structs.MallocPar'] | None) \u2013 -
largebin_reverse_lookup_32\u2013 -
largebin_reverse_lookup_32_big\u2013 -
largebin_reverse_lookup_64\u2013 -
arenas(tuple[Arena, ...]) \u2013Return a tuple of all current arenas.
-
malloc_alignment(int) \u2013Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz(int) \u2013Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask(int) \u2013Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize(int) \u2013Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size(int) \u2013Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded(bool) \u2013Is malloc operating within a multithreaded environment.
-
tcache_next_offset(int) \u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.main_arena","title":"main_arenastruct_module: ModuleType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_arena","title":"thread_arenamain_arena: Arena | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_cache","title":"thread_cachethread_arena: Arena | None\nproperty","text":"thread_cache: 'pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None\nLocate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first, and if that fails, we guess it's at the first chunk of the heap.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mp","title":"mpproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.global_max_fast","title":"global_max_fastmp: 'pwndbg.aglib.heap.structs.CStruct2GDB'\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.heap_info","title":"heap_infoglobal_max_fast: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_chunk","title":"malloc_chunkheap_info: type['pwndbg.aglib.heap.structs.HeapInfo'] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_state","title":"malloc_statemalloc_chunk: type['pwndbg.aglib.heap.structs.MallocChunk'] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_perthread_struct","title":"tcache_perthread_structmalloc_state: type['pwndbg.aglib.heap.structs.MallocState'] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_entry","title":"tcache_entrytcache_perthread_struct: (\n type[\"pwndbg.aglib.heap.structs.TcachePerthreadStruct\"] | None\n)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mallinfo","title":"mallinfotcache_entry: type['pwndbg.aglib.heap.structs.TcacheEntry'] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_par","title":"malloc_parmallinfo: type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32malloc_par: type['pwndbg.aglib.heap.structs.MallocPar'] | None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_biglargebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.arenas","title":"arenaslargebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nproperty","text":"arenas: tuple[Arena, ...]\nReturn a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_alignment","title":"malloc_alignmentproperty","text":"malloc_alignment: int\nCorresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.size_sz","title":"size_szproperty","text":"size_sz: int\nCorresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_align_mask","title":"malloc_align_maskproperty","text":"malloc_align_mask: int\nCorresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.minsize","title":"minsizeproperty","text":"minsize: int\nCorresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.min_chunk_size","title":"min_chunk_sizeproperty","text":"min_chunk_size: int\nCorresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.multithreaded","title":"multithreadedproperty","text":"multithreaded: bool\nIs malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_next_offset","title":"tcache_next_offsetproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.can_be_resolved","title":"can_be_resolved","text":"tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.has_tcache","title":"has_tcache","text":"can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_arena_permission","title":"prompt_for_brute_force_thread_arena_permission","text":"has_tcache() -> bool\nprompt_for_brute_force_thread_arena_permission() -> bool\nCheck if the user wants to brute force the thread_arena's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_cache_permission","title":"prompt_for_brute_force_thread_cache_permission","text":"prompt_for_brute_force_thread_cache_permission() -> bool\nCheck if the user wants to brute force the tcache's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_tls_address","title":"prompt_for_tls_address","text":"prompt_for_tls_address() -> int\nCheck if we can determine the TLS address and return it.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_tls_reference_in_got_section","title":"brute_force_tls_reference_in_got_section","text":"brute_force_tls_reference_in_got_section(\n tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\nBrute force the TLS-reference in the .got section to that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_thread_local_variable_near_tls_base","title":"brute_force_thread_local_variable_near_tls_base","text":"brute_force_thread_local_variable_near_tls_base(\n tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\nBrute force the thread-local variable near the TLS base address that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_heap","title":"get_heap","text":"get_heap(addr: int) -> 'pwndbg.aglib.heap.structs.HeapInfo' | None\nFind & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_tcache","title":"get_tcache","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_tcache(\n tcache_addr: int | None = None,\n) -> \"pwndbg.aglib.heap.structs.TcachePerthreadStruct\" | None\nget_sbrk_heap_region() -> Page\nReturn a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES. This heuristic version requires some sanity checks and may raise SymbolUnresolvableError if malloc's
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_initialized","title":"is_initialized","text":"mp_struct can't be resolved.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.summarize","title":"summarize","text":"is_initialized() -> bool\nsummarize(address: int, **kwargs: Any) -> str\nReturns a textual summary of the specified address.
Parameters:
-
address(int) \u2013Address of the heap block to summarize.
Returns:
-
str\u2013A string.
containing(address: int) -> int\nReturns the address of the allocation which contains 'address'.
Parameters:
-
address(int) \u2013Address to look up.
Returns:
-
int\u2013An integer.
libc_has_debug_syms() -> bool\nThe
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"struct malloc_chunkcomes from debugging symbols and it will not be there for statically linked binarieslargebin_reverse_lookup(index: int) -> int\nPick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_flags","title":"chunk_flags","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_key_offset","title":"chunk_key_offset","text":"chunk_flags(size: int) -> tuple[int, int, int]\nchunk_key_offset(key: str) -> int | None\nFind the index of a field in the malloc_chunk struct.
64bit exampleprev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_region","title":"get_region","text":"get_region(addr: int | Value | None) -> Page | None\nFind the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_bins","title":"get_bins","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbin_index","title":"fastbin_index","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbins","title":"fastbins","text":"fastbin_index(size: int)\nfastbins(arena_addr: int | None = None) -> Bins | None\nReturns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\nReturns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\nChecks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\nModeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.unsortedbin","title":"unsortedbin","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.smallbins","title":"smallbins","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebins","title":"largebins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32","title":"largebin_index_32","text":"largebins(arena_addr: int | None = None) -> Bins | None\nlargebin_index_32(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\nPick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_statically_linked","title":"is_statically_linked","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.heap_for_ptr","title":"heap_for_ptr","text":"is_statically_linked() -> bool\nheap_for_ptr(ptr: int) -> int\nRound a pointer to a chunk down to find its corresponding heap_info struct, the pointer must point inside a heap which does not belong to the main arena.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.fetch_chunk_metadata","title":"fetch_chunk_metadata","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/","title":"pwndbg.aglib.heap.structs","text":""},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs","title":"structs","text":"fetch_chunk_metadata(\n address: int, include_only_fields: set[ChunkField] | None = None\n)\nClasses:
-
c_pvoid\u2013Represents a pointer.
-
c_size_t\u2013Represents a size_t.
-
FakeGDBField\u2013Fake gdb.Field for compatibility
-
CStruct2GDB\u2013 -
c_malloc_state_2_26\u2013This class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
-
c_malloc_state_2_12\u2013This class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
-
c_malloc_state_2_27\u2013This class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
-
MallocState\u2013This class represents malloc_state struct with interface compatible with
pwndbg.dbg_mod.Value. -
c_heap_info\u2013This class represents heap_info struct as a ctypes struct.
-
HeapInfo\u2013This class represents heap_info struct with interface compatible with
pwndbg.dbg_mod.Value. -
c_malloc_chunk\u2013This class represents malloc_chunk struct as a ctypes struct.
-
MallocChunk\u2013This class represents malloc_chunk struct with interface compatible with
pwndbg.dbg_mod.Value. -
c_tcache_perthread_struct_2_29\u2013This class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
-
c_tcache_perthread_struct_2_30\u2013This class represents the tcache_perthread_struct for GLIBC >= 2.30 as a ctypes struct.
-
TcachePerthreadStruct\u2013This class represents tcache_perthread_struct with interface compatible with
pwndbg.dbg_mod.Value. -
c_tcache_entry_2_28\u2013This class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
-
c_tcache_entry_2_29\u2013This class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
-
TcacheEntry\u2013This class represents the tcache_entry struct with interface compatible with
pwndbg.dbg_mod.Value. -
c_malloc_par_2_23\u2013This class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
-
c_malloc_par_2_12\u2013This class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
-
c_malloc_par_2_24\u2013This class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
-
c_malloc_par_2_26\u2013This class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
-
c_malloc_par_2_35\u2013This class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
-
MallocPar\u2013This class represents the malloc_par struct with interface compatible with
pwndbg.dbg_mod.Value.
Functions:
-
request2size\u2013 -
fastbin_index\u2013
Attributes:
-
GLIBC_VERSION\u2013 -
SIZE_SZ\u2013 -
MINSIZE\u2013 -
MALLOC_ALIGN\u2013 -
long_double_alignment\u2013 -
MALLOC_ALIGN_MASK\u2013 -
MAX_FAST_SIZE\u2013 -
NBINS\u2013 -
BINMAPSIZE\u2013 -
TCACHE_MAX_BINS\u2013 -
NFASTBINS\u2013 -
PTR\u2013 -
SIZE_T\u2013 -
DEFAULT_TOP_PAD\u2013 -
DEFAULT_MMAP_MAX\u2013 -
DEFAULT_MMAP_THRESHOLD\u2013 -
DEFAULT_TRIM_THRESHOLD\u2013 -
DEFAULT_PAGE_SIZE\u2013 -
TCACHE_FILL_COUNT\u2013 -
C2GDB_MAPPING\u2013 -
DEFAULT_MP_\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_SZ","title":"SIZE_SZGLIBC_VERSION = get_version()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MINSIZE","title":"MINSIZESIZE_SZ = ptrsize\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN","title":"MALLOC_ALIGNMINSIZE = ptrsize * 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.long_double_alignment","title":"long_double_alignmentMALLOC_ALIGN = 16\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN_MASK","title":"MALLOC_ALIGN_MASKlong_double_alignment = alignof\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MAX_FAST_SIZE","title":"MAX_FAST_SIZEMALLOC_ALIGN_MASK = MALLOC_ALIGN - 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NBINS","title":"NBINSMAX_FAST_SIZE = 80 * SIZE_SZ // 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.BINMAPSIZE","title":"BINMAPSIZENBINS = 128\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_MAX_BINS","title":"TCACHE_MAX_BINSBINMAPSIZE = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NFASTBINS","title":"NFASTBINSTCACHE_MAX_BINS = 64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.PTR","title":"PTRNFASTBINS = fastbin_index(request2size(MAX_FAST_SIZE)) + 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_T","title":"SIZE_TPTR = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TOP_PAD","title":"DEFAULT_TOP_PADSIZE_T = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_MAX","title":"DEFAULT_MMAP_MAXDEFAULT_TOP_PAD = 131072\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_THRESHOLD","title":"DEFAULT_MMAP_THRESHOLDDEFAULT_MMAP_MAX = 65536\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TRIM_THRESHOLD","title":"DEFAULT_TRIM_THRESHOLDDEFAULT_MMAP_THRESHOLD = 128 * 1024\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_PAGE_SIZE","title":"DEFAULT_PAGE_SIZEDEFAULT_TRIM_THRESHOLD = 128 * 1024\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_FILL_COUNT","title":"TCACHE_FILL_COUNTDEFAULT_PAGE_SIZE = 4096\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.C2GDB_MAPPING","title":"C2GDB_MAPPINGTCACHE_FILL_COUNT = 7\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MP_","title":"DEFAULT_MP_C2GDB_MAPPING = {\n c_char: char,\n c_int8: int8,\n c_int16: int16,\n c_int32: int32,\n c_int64: int64,\n c_uint8: uint8,\n c_uint16: uint16,\n c_uint32: uint32,\n c_uint64: uint64,\n c_pvoid: pvoid,\n c_size_t: size_t,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_pvoid","title":"c_pvoid","text":"DEFAULT_MP_ = _c_struct()\nBases:
PTRRepresents a pointer.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_size_t","title":"c_size_t","text":"Bases:
SIZE_TRepresents a size_t.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField","title":"FakeGDBField","text":"FakeGDBField(\n bitpos: int,\n name: str | None,\n type,\n parent_type,\n enumval: int | None = None,\n artificial: bool = False,\n is_base_class: bool = False,\n bitsize: int = 0,\n)\nFake gdb.Field for compatibility
Attributes:
-
bitpos\u2013 -
name\u2013 -
type\u2013 -
parent_type\u2013 -
enumval\u2013 -
artificial\u2013 -
is_base_class\u2013 -
bitsize\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.name","title":"namebitpos = bitpos\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.type","title":"typename = name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.parent_type","title":"parent_typetype = type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.enumval","title":"enumvalparent_type = parent_type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.artificial","title":"artificialenumval = enumval\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.is_base_class","title":"is_base_classartificial = artificial\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.bitsize","title":"bitsizeis_base_class = is_base_class\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB","title":"CStruct2GDB","text":"bitsize = bitsize\nCStruct2GDB(address: int)\nMethods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_26","title":"c_malloc_state_2_26","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
https://github.com/bminor/glibc/blob/1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369/malloc/malloc.c#L1678-L1716
struct malloc_state { /* Serialize access. */ __libc_lock_define (, mutex);
/* Flags (formerly in max_fast). */\nint flags;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas. Access to this field is serialized\n by free_list_lock in arena.c. */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena. 0 if the arena is on\n the free list. Access to this field is serialized by\n free_list_lock in arena.c. */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena. */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12","title":"c_malloc_state_2_12","text":"Bases:
StructureThis class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2362-L2400
struct malloc_state { /* Serialize access. */ mutex_t mutex;
/* Flags (formerly in max_fast). */ int flags;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--if-thread_stats","title":"if THREAD_STATS","text":"/* Statistics for locking. Only used if THREAD_STATS is defined. */ long stat_lock_direct, stat_lock_loop, stat_lock_wait;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif","title":"endif","text":"/* Fastbins */ mfastbinptr fastbinsY[NFASTBINS];
/* Base of the topmost chunk -- not otherwise kept in a bin */ mchunkptr top;
/* The remainder from the most recent split of a small request */ mchunkptr last_remainder;
/* Normal bins packed as described above */ mchunkptr bins[NBINS * 2 - 2];
/* Bitmap of bins */ unsigned int binmap[BINMAPSIZE];
/* Linked list */ struct malloc_state *next;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"/* Linked list for free arenas. */ struct malloc_state *next_free;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif_1","title":"endif","text":"/* Memory allocated from the system in this arena. */ INTERNAL_SIZE_T system_mem; INTERNAL_SIZE_T max_system_mem; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_27","title":"c_malloc_state_2_27","text":"Bases:
StructureThis class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1831
struct malloc_state { /* Serialize access. */ __libc_lock_define (, mutex);
/* Flags (formerly in max_fast). */\nint flags;\n\n/* Set if the fastbin chunks contain recently inserted free blocks. */\n/* Note this is a bool but not all targets support atomics on booleans. */\nint have_fastchunks;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas. Access to this field is serialized\n by free_list_lock in arena.c. */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena. 0 if the arena is on\n the free list. Access to this field is serialized by\n free_list_lock in arena.c. */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena. */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState","title":"MallocState","text":"MallocState(address: int)\nBases:
CStruct2GDBThis class represents malloc_state struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_heap_info","title":"c_heap_info","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents heap_info struct as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/arena.c#L53
typedef struct _heap_info { mstate ar_ptr; /* Arena for this heap. / struct _heap_info *prev; / Previous heap. / size_t size; / Current size in bytes. / size_t mprotect_size; / Size in bytes that has been mprotected PROT_READ|PROT_WRITE. / / Make sure the following data is properly aligned, particularly that sizeof (heap_info) + 2 * SIZE_SZ is a multiple of MALLOC_ALIGNMENT. */ char pad[-6 * SIZE_SZ & MALLOC_ALIGN_MASK]; } heap_info;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo","title":"HeapInfo","text":"HeapInfo(address: int)\nBases:
CStruct2GDBThis class represents heap_info struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_chunk","title":"c_malloc_chunk","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents malloc_chunk struct as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1154
struct malloc_chunk {
INTERNAL_SIZE_T mchunk_prev_size; /* Size of previous chunk (if free). */\nINTERNAL_SIZE_T mchunk_size; /* Size in bytes, including overhead. */\n\nstruct malloc_chunk* fd; /* double links -- used only if free. */\nstruct malloc_chunk* bk;\n\n/* Only used for large blocks: pointer to next larger size. */\nstruct malloc_chunk* fd_nextsize; /* double links -- used only if free. */\nstruct malloc_chunk* bk_nextsize;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk","title":"MallocChunk","text":"MallocChunk(address: int)\nBases:
CStruct2GDBThis class represents malloc_chunk struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_29","title":"c_tcache_perthread_struct_2_29","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.29/malloc/malloc.c#L2916
typedef struct tcache_perthread_struct { char counts[TCACHE_MAX_BINS]; tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_30","title":"c_tcache_perthread_struct_2_30","text":"Bases:
StructureThis class represents the tcache_perthread_struct for GLIBC >= 2.30 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3025
typedef struct tcache_perthread_struct { uint16_t counts[TCACHE_MAX_BINS]; tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct","title":"TcachePerthreadStruct","text":"TcachePerthreadStruct(address: int)\nBases:
CStruct2GDBThis class represents tcache_perthread_struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_28","title":"c_tcache_entry_2_28","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.28/malloc/malloc.c#L2888
typedef struct tcache_entry { struct tcache_entry *next; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_29","title":"c_tcache_entry_2_29","text":"Bases:
StructureThis class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3013
typedef struct tcache_entry { struct tcache_entry next; / This field exists to detect double frees. */ uintptr_t key; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry","title":"TcacheEntry","text":"TcacheEntry(address: int)\nBases:
CStruct2GDBThis class represents the tcache_entry struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_23","title":"c_malloc_par_2_23","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.23/malloc/malloc.c#L1726
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets it manually, at which point we need to disable any dynamic behavior. */ int no_dyn_threshold;
/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T sbrked_mem;/ /INTERNAL_SIZE_T max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem; /* only kept for NO_THREADS */
/* First address handed out by MORECORE/sbrk. */ char *sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12","title":"c_malloc_par_2_12","text":"Bases:
StructureThis class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2402-L2433
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--endif","title":"endif","text":"/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets it manually, at which point we need to disable any dynamic behavior. */ int no_dyn_threshold;
/* Cache malloc_getpagesize */ unsigned int pagesize;
/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T sbrked_mem;/ /INTERNAL_SIZE_T max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem; /* only kept for NO_THREADS */
/* First address handed out by MORECORE/sbrk. / char sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_24","title":"c_malloc_par_2_24","text":"Bases:
StructureThis class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.25/malloc/malloc.c#L1690 https://github.com/bminor/glibc/blob/glibc-2.24/malloc/malloc.c#L1719
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26","title":"c_malloc_par_2_26","text":"Bases:
StructureThis class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1875
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--if-use_tcache","title":"if USE_TCACHE","text":"/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--endif","title":"endif","text":"/* Maximum number of buckets to use. */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket. */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n aren't used to prefill the cache. */\nsize_t tcache_unsorted_limit;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35","title":"c_malloc_par_2_35","text":"Bases:
StructureThis class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.35/malloc/malloc.c#L1874
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-have_tunables","title":"if HAVE_TUNABLES","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif","title":"endif","text":"/* Transparent Large Page support. */\nINTERNAL_SIZE_T thp_pagesize;\n/* A value different than 0 means to align mmap allocation to hp_pagesize\n add hp_flags on flags. */\nINTERNAL_SIZE_T hp_pagesize;\nint hp_flags;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-use_tcache","title":"if USE_TCACHE","text":"/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif_1","title":"endif","text":"/* Maximum number of buckets to use. */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket. */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n aren't used to prefill the cache. */\nsize_t tcache_unsorted_limit;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar","title":"MallocPar","text":"MallocPar(address: int)\nBases:
CStruct2GDBThis class represents the malloc_par struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.request2size","title":"request2size","text":"pwndbg.dbg_mod.Typeinterface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.fastbin_index","title":"fastbin_index","text":"request2size(req: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/","title":"pwndbg.aglib.kernel","text":""},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel","title":"kernel","text":"fastbin_index(size: int) -> int\nModules:
-
kallsyms\u2013 -
macros\u2013 -
nftables\u2013 -
rbtree\u2013 -
slab\u2013 -
vmmap\u2013
Classes:
-
ArchOps\u2013 -
x86Ops\u2013 -
i386Ops\u2013 -
x86_64Ops\u2013 -
Aarch64Ops\u2013
Functions:
-
BIT\u2013 -
has_debug_syms\u2013 -
requires_kconfig\u2013 -
requires_debug_syms\u2013 -
nproc\u2013Returns the number of processing units available, similar to nproc(1)
-
get_first_kernel_ro\u2013Returns the first kernel mapping which contains the linux_banner
-
load_kconfig\u2013 -
kconfig\u2013 -
kcmdline\u2013 -
kversion\u2013 -
krelease\u2013 -
is_kaslr_enabled\u2013 -
kbase\u2013 -
get_idt_entries\u2013Retrieves the IDT entries from memory.
-
arch_ops\u2013 -
page_size\u2013 -
per_cpu\u2013 -
virt_to_phys\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013 -
pfn_to_virt\u2013 -
virt_to_pfn\u2013 -
paging_enabled\u2013 -
num_numa_nodes\u2013Returns the number of NUMA nodes that are online on the system
Attributes:
-
P\u2013 -
D\u2013 -
T\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.D","title":"DP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.T","title":"TD = TypeVar('D')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps","title":"ArchOps","text":"T = TypeVar('T')\nBases:
ABCMethods:
-
page_size\u2013 -
per_cpu\u2013 -
virt_to_phys\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
virt_to_pfn\u2013 -
pfn_to_virt\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013
abstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.per_cpu","title":"per_cpupage_size() -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_phys","title":"virt_to_physper_cpu(addr: Value, cpu=None) -> Value\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_virt","title":"phys_to_virtvirt_to_phys(virt: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_pfn","title":"phys_to_pfnphys_to_virt(phys: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_phys","title":"pfn_to_physphys_to_pfn(phys: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_page","title":"pfn_to_pagepfn_to_phys(pfn: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_pfn","title":"page_to_pfnpfn_to_page(phys: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_pfn","title":"virt_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_virt","title":"pfn_to_virt","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_page","title":"phys_to_page","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops","title":"x86Ops","text":"page_to_virt(page: int) -> int\nBases:
ArchOpsMethods:
-
page_size\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
paging_enabled\u2013 -
per_cpu\u2013 -
virt_to_phys\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
virt_to_pfn\u2013 -
pfn_to_virt\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013
Attributes:
-
ptr_size(int) \u2013 -
page_shift(int) \u2013 -
page_offset(int) \u2013
abstractmethodproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_shift","title":"page_shiftptr_size: int\nabstractmethodproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_offset","title":"page_offsetpage_shift: int\nabstractmethodproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_size","title":"page_size","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_virt","title":"phys_to_virt","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_phys","title":"pfn_to_phys","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.paging_enabled","title":"paging_enabledpfn_to_phys(pfn: int) -> int\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.per_cpu","title":"per_cpupaging_enabled() -> bool\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_phys","title":"virt_to_physper_cpu(addr: Value, cpu=None) -> Value\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_page","title":"pfn_to_pagevirt_to_phys(virt: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_pfn","title":"page_to_pfnpfn_to_page(phys: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_pfn","title":"virt_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_virt","title":"pfn_to_virt","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_page","title":"phys_to_page","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops","title":"i386Ops","text":"page_to_virt(page: int) -> int\ni386Ops()\nBases:
x86OpsMethods:
-
virt_to_phys\u2013 -
per_cpu\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
page_size\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
virt_to_pfn\u2013 -
pfn_to_virt\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013 -
paging_enabled\u2013
Attributes:
-
START_KERNEL_map\u2013 -
ptr_size(int) \u2013 -
page_offset(int) \u2013 -
page_shift(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.ptr_size","title":"ptr_sizeSTART_KERNEL_map = _PAGE_OFFSET\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_offset","title":"page_offsetptr_size: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_shift","title":"page_shiftpage_offset: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_phys","title":"virt_to_phys","text":"page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.per_cpu","title":"per_cpu","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_page","title":"pfn_to_page","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_pfn","title":"page_to_pfn","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_size","title":"page_size","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_virt","title":"phys_to_virt","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_phys","title":"pfn_to_phys","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_pfn","title":"virt_to_pfn","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_virt","title":"pfn_to_virt","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_page","title":"phys_to_page","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.paging_enabled","title":"paging_enabledpage_to_virt(page: int) -> int\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops","title":"x86_64Ops","text":"paging_enabled() -> bool\nx86_64Ops()\nBases:
x86OpsMethods:
-
per_cpu\u2013 -
virt_to_phys\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
cpu_feature_capability\u2013 -
uses_5lvl_paging\u2013 -
page_size\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
virt_to_pfn\u2013 -
pfn_to_virt\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013 -
paging_enabled\u2013
Attributes:
-
VMEMMAP_START\u2013 -
STRUCT_PAGE_SIZE\u2013 -
STRUCT_PAGE_SHIFT\u2013 -
START_KERNEL_map\u2013 -
phys_base\u2013 -
ptr_size(int) \u2013 -
page_offset(int) \u2013 -
page_shift(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZEVMEMMAP_START = 18434359174734282752\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFTSTRUCT_PAGE_SIZE = sizeof\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.START_KERNEL_map","title":"START_KERNEL_mapSTRUCT_PAGE_SHIFT = int(log2(STRUCT_PAGE_SIZE))\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_base","title":"phys_baseSTART_KERNEL_map = 18446744071562067968\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.ptr_size","title":"ptr_sizephys_base = 16777216\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_offset","title":"page_offsetptr_size: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_shift","title":"page_shiftpage_offset: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.per_cpu","title":"per_cpu","text":"page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_phys","title":"virt_to_phys","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_page","title":"pfn_to_page","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_pfn","title":"page_to_pfn","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.cpu_feature_capability","title":"cpu_feature_capabilitypage_to_pfn(page: int) -> int\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.uses_5lvl_paging","title":"uses_5lvl_pagingcpu_feature_capability(feature: int) -> bool\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_size","title":"page_size","text":"uses_5lvl_paging() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_virt","title":"phys_to_virt","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_phys","title":"pfn_to_phys","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_pfn","title":"virt_to_pfn","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_virt","title":"pfn_to_virt","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_page","title":"phys_to_page","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.paging_enabled","title":"paging_enabledpage_to_virt(page: int) -> int\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops","title":"Aarch64Ops","text":"paging_enabled() -> bool\nAarch64Ops()\nBases:
ArchOpsMethods:
-
page_size\u2013 -
per_cpu\u2013 -
virt_to_phys\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
paging_enabled\u2013 -
virt_to_pfn\u2013 -
pfn_to_virt\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013
Attributes:
-
STRUCT_PAGE_SIZE\u2013 -
STRUCT_PAGE_SHIFT\u2013 -
VA_BITS\u2013 -
PAGE_SHIFT\u2013 -
PHYS_OFFSET\u2013 -
PAGE_OFFSET\u2013 -
VMEMMAP_SHIFT\u2013 -
VMEMMAP_START\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFTSTRUCT_PAGE_SIZE = sizeof\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VA_BITS","title":"VA_BITSSTRUCT_PAGE_SHIFT = int(log2(STRUCT_PAGE_SIZE))\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PAGE_SHIFT","title":"PAGE_SHIFTVA_BITS = int(kconfig()['ARM64_VA_BITS'])\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PHYS_OFFSET","title":"PHYS_OFFSETPAGE_SHIFT = int(kconfig()['CONFIG_ARM64_PAGE_SHIFT'])\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PAGE_OFFSET","title":"PAGE_OFFSETPHYS_OFFSET = u(addr)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VMEMMAP_SHIFT","title":"VMEMMAP_SHIFTPAGE_OFFSET = -1 << VA_BITS + 2 ** 64\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VMEMMAP_START","title":"VMEMMAP_STARTVMEMMAP_SHIFT = PAGE_SHIFT - STRUCT_PAGE_SHIFT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_size","title":"page_size","text":"VMEMMAP_START = -1 << VA_BITS - VMEMMAP_SHIFT % 1 << 64\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.per_cpu","title":"per_cpu","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_phys","title":"virt_to_phys","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_virt","title":"phys_to_virt","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_phys","title":"pfn_to_phys","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_page","title":"pfn_to_page","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_pfn","title":"page_to_pfn","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.paging_enabled","title":"paging_enabledpage_to_pfn(page: int) -> int\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_pfn","title":"virt_to_pfn","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_virt","title":"pfn_to_virt","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_page","title":"phys_to_page","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.BIT","title":"BIT","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.has_debug_syms","title":"has_debug_syms","text":"BIT(shift: int)\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_kconfig","title":"requires_kconfig","text":"has_debug_syms() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_debug_syms","title":"requires_debug_syms","text":"requires_kconfig(\n default: D = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.nproc","title":"nproc","text":"requires_debug_syms(\n default: D = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\nnproc() -> int\nReturns the number of processing units available, similar to nproc(1)
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.get_first_kernel_ro","title":"get_first_kernel_ro","text":"get_first_kernel_ro() -> Page | None\nReturns the first kernel mapping which contains the linux_banner
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.load_kconfig","title":"load_kconfig","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kconfig","title":"kconfig","text":"load_kconfig() -> Kconfig | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kcmdline","title":"kcmdline","text":"kconfig() -> Kconfig | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kversion","title":"kversion","text":"kcmdline() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.krelease","title":"krelease","text":"kversion() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.is_kaslr_enabled","title":"is_kaslr_enabled","text":"krelease() -> tuple[int, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kbase","title":"kbase","text":"is_kaslr_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.get_idt_entries","title":"get_idt_entries","text":"kbase() -> int | None\nget_idt_entries() -> list[IDTEntry]\nRetrieves the IDT entries from memory.
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.arch_ops","title":"arch_ops","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_size","title":"page_size","text":"arch_ops() -> ArchOps\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.per_cpu","title":"per_cpu","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_phys","title":"virt_to_phys","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_virt","title":"phys_to_virt","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_phys","title":"pfn_to_phys","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_page","title":"pfn_to_page","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_pfn","title":"page_to_pfn","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_page","title":"phys_to_page","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_virt","title":"pfn_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_pfn","title":"virt_to_pfn","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.paging_enabled","title":"paging_enabled","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.num_numa_nodes","title":"num_numa_nodes","text":"paging_enabled() -> bool\nnum_numa_nodes() -> int\nReturns the number of NUMA nodes that are online on the system
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/","title":"pwndbg.aglib.kernel.kallsyms","text":""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms","title":"kallsyms","text":"Classes:
-
Kallsyms\u2013- linux_banner >= 6.4
Functions:
-
get\u2013
Kallsyms()\n- linux_banner >= 6.4
- ... <= 6.4
- kallsyms_offsets
- kallsyms_relative_base
- kallsyms_num_syms
- kallsyms_names
- kallsyms_markers
- kallsyms_token_table
- kallsyms_token_index
- kallsyms_offsets >= 6.4
- kallsyms_relative_base >= 6.4
Methods:
-
find_token_table\u2013This function searches for the kallsyms_token_table structure in the kernel memory.
-
find_token_index\u2013This function searches for the kallsyms_token_index structure in the kernel memory
-
find_markers\u2013This function searches for the kallsyms_markers structure in the kernel memory
-
find_num_syms\u2013This function searches for the kallsyms_num_syms variable in the kernel memory
-
find_offsets\u2013This function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory
-
find_relative_base\u2013This function searches for the kallsyms_relative_base variable in the kernel memory.
-
find_names\u2013 -
get_kernel_addresses\u2013 -
parse_symbol_table\u2013 -
get_token_table\u2013 -
find_names_uncompressed\u2013 -
find_markers_uncompressed\u2013This function searches for the kallsyms_markers structure in the kernel memory
Attributes:
-
kallsyms(dict[str, tuple[int, str]]) \u2013 -
kbase\u2013 -
r_base\u2013 -
kernel_ro_mem\u2013 -
kernel_version\u2013 -
is_offsets\u2013 -
rbase_offset\u2013 -
is_big_endian\u2013 -
token_table\u2013 -
is_uncompressed\u2013 -
markers\u2013 -
token_index\u2013 -
num_syms\u2013 -
offsets\u2013 -
names\u2013 -
kernel_addresses\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kbase","title":"kbasekallsyms: dict[str, tuple[int, str]] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.r_base","title":"r_basekbase = kbase()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_ro_mem","title":"kernel_ro_memr_base = vaddr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_version","title":"kernel_versionkernel_ro_mem = read(vaddr, memsz)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_offsets","title":"is_offsetskernel_version = krelease()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.rbase_offset","title":"rbase_offsetis_offsets = False\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_big_endian","title":"is_big_endianrbase_offset = 0\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_table","title":"token_tableis_big_endian = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_uncompressed","title":"is_uncompressedtoken_table = find_token_table()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.markers","title":"markersis_uncompressed = False\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_index","title":"token_indexmarkers = find_markers_uncompressed()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.num_syms","title":"num_symstoken_index = find_token_index()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.offsets","title":"offsetsnum_syms = find_num_syms()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.names","title":"namesoffsets = find_offsets()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_addresses","title":"kernel_addressesnames = find_names()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_table","title":"find_token_table","text":"kernel_addresses = get_kernel_addresses()\nfind_token_table() -> int\nThis function searches for the kallsyms_token_table structure in the kernel memory. The kallsyms_token_table contains 256 zero-terminated tokens from which symbol names are built. Example structure: 0xffffffff827b2f00: \"mm\" 0xffffffff827b2f03: \"tim\" 0xffffffff827b2f07: \"bu\" 0xffffffff827b2f0a: \"ode_\" 0xffffffff827b2f0f: \"robestub\" 0xffffffff827b2fdb: \"0\" 0xffffffff827b2fdd: \"1\" 0xffffffff827b2fdf: \"2\" 0xffffffff827b2fe1: \"3\" 0xffffffff827b2fe3: \"4\" 0xffffffff827b2fe5: \"5\" 0xffffffff827b2fe7: \"6\" 0xffffffff827b2fe9: \"7\" 0xffffffff827b2feb: \"8\" 0xffffffff827b2fed: \"9\""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_index","title":"find_token_index","text":"
find_token_index() -> int | None\nThis function searches for the kallsyms_token_index structure in the kernel memory starting at kallsyms_token_table. The token index table provides offsets into the kallsyms_token_table for each 256 byte-valued sub-table. The kallsyms_token_index is typically located immediately after the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b3288: 0x0000 0x0003 0x0007 0x000a 0x000f 0x0018 0x001f 0x0023 0xffffffff827b3298: 0x0027 0x0031 0x0035 0x0038 0x003b 0x0043 0x0047 0x004a 0xffffffff827b32a8: 0x004f 0x0053 0x0056 0x0059 0x005d 0x0061 0x0067 0x006b 0xffffffff827b32b8: 0x006e 0x0071 0x0076 0x007c 0x0080 0x0088 0x008b 0x008f 0xffffffff827b32c8: 0x0094 0x0098 0x009b 0x009f 0x00a3 0x00a8 0x00ab 0x00b0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers","title":"find_markers","text":"find_markers() -> int | None\nThis function searches for the kallsyms_markers structure in the kernel memory starting at kallsyms_token_table and search backwards. The markers table contains offsets to the corresponding symbol name for each kernel symbol. The kallsyms_markers table is typically located immediately before the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b2430: 0x00000000 0x00000b2a 0x00001762 0x000023f6 0xffffffff827b2440: 0x00002fe4 0x00003c9d 0x0000487c 0x000056fd 0xffffffff827b2450: 0x00006597 0x000073b9 0x000081be 0x00008f21 0xffffffff827b2460: 0x00009c94 0x0000a958 0x0000b632 0x0000c193 0xffffffff827b2470: 0x0000ce0b 0x0000db98 0x0000ea3e 0x0000f80a 0xffffffff827b2480: 0x000105be 0x000112d3 0x00011f8c 0x00012d75 0xffffffff827b2490: 0x0001384d 0x0001446e 0x00015138 0x00015d8c
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_num_syms","title":"find_num_syms","text":"find_num_syms()\nThis function searches for the kallsyms_num_syms variable in the kernel memory starting at kallsyms_markers. The kallsyms_num_syms holds the number of kernel symbols in the symbol table. The kallsyms_num_syms variable is typically located before the kallsyms_names table in the kernel's read-only data section. In newer kernel versions the kallsyms_num_syms is immediately behind the linux_banner and in older version its behind kallsyms_base_relative or kallsyms_addresses (it depends on CONFIG_KALLSYMS_BASE_RELATIVE y/n)
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_offsets","title":"find_offsets","text":"find_offsets()\nThis function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory starting at kallsyms_token_index. The offsets/addresses table containts offsets / addresses of each symbol in the kernel. The kallsyms_addresses is typically located before the kallsyms_num_syms variable in the kernel's read-only data section. Example structure: 0xffffffff827b3488: 0x00000000 0x00000000 0x00001000 0x00002000 0xffffffff827b3498: 0x00006000 0x0000b000 0x0000c000 0x0000d000 0xffffffff827b34a8: 0x00015000 0x00015008 0x00015010 0x00015018 0xffffffff827b34b8: 0x00015020 0x00015022 0x00015030 0x00015050 0xffffffff827b34c8: 0x00015450 0x00015460 0x00015860 0x00015888 0xffffffff827b34d8: 0x00015890 0x00015898 0x000158a0 0x000159c0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_relative_base","title":"find_relative_base","text":"find_relative_base()\nThis function searches for the kallsyms_relative_base variable in the kernel memory. The relative base is used to calculate the actual virtual addresses of symbols from their offsets in the kallsyms_offsets table. The kallsyms_relative_base variable is typically located after the kallsyms_offsets table in the kernel's read-only data section.
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names","title":"find_names","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_kernel_addresses","title":"get_kernel_addresses","text":"find_names()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.parse_symbol_table","title":"parse_symbol_table","text":"get_kernel_addresses()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_token_table","title":"get_token_table","text":"parse_symbol_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names_uncompressed","title":"find_names_uncompressed","text":"get_token_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers_uncompressed","title":"find_markers_uncompressed","text":"find_names_uncompressed()\nfind_markers_uncompressed()\nThis function searches for the kallsyms_markers structure in the kernel memory Original Source: https://github.com/marin-m/vmlinux-to-elf/blob/master/vmlinux_to_elf/kallsyms_finder.py
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.get","title":"get","text":"
"},{"location":"reference/pwndbg/aglib/kernel/macros/","title":"pwndbg.aglib.kernel.macros","text":""},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros","title":"macros","text":"get() -> dict[str, tuple[int, str]]\nFunctions:
-
container_of\u2013 -
for_each_entry\u2013 -
swab\u2013 -
compound_head\u2013returns the head page of compound pages
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.for_each_entry","title":"for_each_entry","text":"container_of(ptr: int, typename: str, fieldname: str) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.swab","title":"swab","text":"for_each_entry(head: Value, typename: str, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.compound_head","title":"compound_head","text":"swab(x: int) -> int\ncompound_head(page: Value) -> Value\nreturns the head page of compound pages
"},{"location":"reference/pwndbg/aglib/kernel/nftables/","title":"pwndbg.aglib.kernel.nftables","text":""},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables","title":"nftables","text":"Classes:
-
NftFields\u2013 -
Expr\u2013 -
Rule\u2013 -
ChainHook\u2013 -
Chain\u2013 -
Set\u2013 -
Object\u2013 -
FlowtableHook\u2013 -
Flowtable\u2013 -
Table\u2013 -
Nftables\u2013
Functions:
-
catch_error\u2013 -
get_init_net_namespace\u2013
Attributes:
-
NFPROTO_INET\u2013 -
NFPROTO_IPV4\u2013 -
NFPROTO_ARP\u2013 -
NFPROTO_NETDEV\u2013 -
NFPROTO_BRIDGE\u2013 -
NFPROTO_IPV6\u2013 -
nftables_table_family\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV4","title":"NFPROTO_IPV4NFPROTO_INET = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_ARP","title":"NFPROTO_ARPNFPROTO_IPV4 = 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_NETDEV","title":"NFPROTO_NETDEVNFPROTO_ARP = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_BRIDGE","title":"NFPROTO_BRIDGENFPROTO_NETDEV = 5\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV6","title":"NFPROTO_IPV6NFPROTO_BRIDGE = 7\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.nftables_table_family","title":"nftables_table_familyNFPROTO_IPV6 = 10\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields","title":"NftFields","text":"nftables_table_family = {\n \"inet\": NFPROTO_INET,\n \"ip\": NFPROTO_IPV4,\n \"arp\": NFPROTO_ARP,\n \"netdev\": NFPROTO_NETDEV,\n \"bridge\": NFPROTO_BRIDGE,\n \"ip6\": NFPROTO_IPV6,\n}\nBases:
objectMethods:
-
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr","title":"Expr","text":"print_fields(nested: int = 0, keys: list[str] = None)\nExpr(addr: Value)\nMethods:
-
print_expr_iptables\u2013 -
print_expr_nftables\u2013 -
print\u2013
Attributes:
-
expr_name(str) \u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_iptables","title":"print_expr_iptables","text":"expr_name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_nftables","title":"print_expr_nftables","text":"print_expr_iptables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print","title":"print","text":"print_expr_nftables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule","title":"Rule","text":"print(print_nested: bool = True)\nRule(addr: Value, chain: 'Chain')\nBases:
NftFieldsMethods:
-
find\u2013 -
iter_exprs\u2013 -
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
handle(int) \u2013 -
userdata(bytearray) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.userdata","title":"userdatahandle: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.find","title":"finduserdata: bytearray\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.iter_exprs","title":"iter_exprs","text":"find(\n table_name: str,\n table_family: int,\n chain_name: str,\n rule_id: int,\n nsid: int | None = None,\n) -> Iterator[\"Rule\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print","title":"print","text":"iter_exprs() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook","title":"ChainHook","text":"print_fields(nested: int = 0, keys: list[str] = None)\nChainHook(parent: 'Chain')\nBases:
NftFieldsMethods:
-
is_netdev\u2013 -
get_netdevs\u2013 -
nested_print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
hooknum(int) \u2013 -
priority(int) \u2013 -
dev(str) \u2013 -
devs(list[str]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.priority","title":"priorityhooknum: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.dev","title":"devpriority: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.devs","title":"devsdev: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.is_netdev","title":"is_netdev","text":"devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_netdevs","title":"get_netdevs","text":"is_netdev() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.nested_print","title":"nested_print","text":"get_netdevs() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.__getattr__","title":"__getattr__","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain","title":"Chain","text":"print_fields(nested: int = 0, keys: list[str] = None)\nChain(addr: Value)\nBases:
NftFieldsMethods:
-
find\u2013 -
iter_rules\u2013 -
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
bound(int) \u2013 -
genmask(int) \u2013 -
handle(int) \u2013 -
use(int) \u2013 -
flags(int) \u2013 -
name(str) \u2013 -
hook(ChainHook) \u2013 -
userdata(bytearray) \u2013 -
policy(int) \u2013 -
type(str) \u2013 -
table('Table') \u2013 -
basechain(Value | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.genmask","title":"genmaskbound: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.handle","title":"handlegenmask: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.use","title":"usehandle: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.flags","title":"flagsuse: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.name","title":"nameflags: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.hook","title":"hookname: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.userdata","title":"userdatahook: ChainHook = ChainHook(self)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.policy","title":"policyuserdata: bytearray\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.type","title":"typepolicy: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.table","title":"tabletype: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.basechain","title":"basechaintable: 'Table'\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.find","title":"findbasechain: Value | None\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.iter_rules","title":"iter_rules","text":"find(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n nsid: int | None = None,\n) -> Iterator[\"Chain\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print","title":"print","text":"iter_rules() -> Iterator[Rule]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set","title":"Set","text":"print_fields(nested: int = 0, keys: list[str] = None)\nSet(addr: Value)\nBases:
NftFieldsMethods:
-
iter_expr\u2013 -
iter_elems\u2013 -
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
use(int) \u2013 -
dead(int) \u2013 -
genmask(int) \u2013 -
field_count(int) \u2013 -
num_exprs(int) \u2013 -
name(str) \u2013 -
flags(int) \u2013 -
ktype(int) \u2013 -
klen(int) \u2013 -
dtype(int) \u2013 -
dlen(int) \u2013 -
policy(int) \u2013 -
timeout(int) \u2013 -
gc_int(int) \u2013 -
objtype(int) \u2013 -
handle(int) \u2013 -
nelems(int) \u2013 -
desc_size(int) \u2013 -
desc_concat(list[int]) \u2013 -
table('Table') \u2013 -
userdata(bytearray) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dead","title":"deaduse: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.genmask","title":"genmaskdead: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.field_count","title":"field_countgenmask: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.num_exprs","title":"num_exprsfield_count: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.name","title":"namenum_exprs: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.flags","title":"flagsname: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.ktype","title":"ktypeflags: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.klen","title":"klenktype: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dtype","title":"dtypeklen: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dlen","title":"dlendtype: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.policy","title":"policydlen: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.timeout","title":"timeoutpolicy: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.gc_int","title":"gc_inttimeout: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.objtype","title":"objtypegc_int: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.handle","title":"handleobjtype: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.nelems","title":"nelemshandle: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_size","title":"desc_sizenelems: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_concat","title":"desc_concatdesc_size: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.table","title":"tabledesc_concat: list[int]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.userdata","title":"userdatatable: 'Table'\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_expr","title":"iter_expr","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_elems","title":"iter_elems","text":"iter_expr() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print","title":"print","text":"iter_elems() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object","title":"Object","text":"print_fields(nested: int = 0, keys: list[str] = None)\nObject(addr: Value)\nBases:
NftFieldsMethods:
-
iter_data\u2013 -
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
genmask(int) \u2013 -
use(int) \u2013 -
handle(int) \u2013 -
type(int) \u2013 -
name(str) \u2013 -
table('Table') \u2013 -
userdata(bytearray) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.use","title":"usegenmask: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.handle","title":"handleuse: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.type","title":"typehandle: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.name","title":"nametype: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.table","title":"tablename: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.userdata","title":"userdatatable: 'Table'\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.iter_data","title":"iter_data","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print","title":"print","text":"iter_data() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook","title":"FlowtableHook","text":"print_fields(nested: int = 0, keys: list[str] = None)\nFlowtableHook(parent: 'Flowtable')\nBases:
NftFieldsMethods:
-
nested_print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
hooknum(int) \u2013 -
priority(int) \u2013 -
devs(list[str]) \u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.priority","title":"priorityhooknum: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.devs","title":"devspriority: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.nested_print","title":"nested_print","text":"devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.__getattr__","title":"__getattr__","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable","title":"Flowtable","text":"print_fields(nested: int = 0, keys: list[str] = None)\nFlowtable(addr: Value)\nBases:
NftFieldsMethods:
-
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
genmask(int) \u2013 -
name(str) \u2013 -
use(int) \u2013 -
handle(int) \u2013 -
hook(FlowtableHook) \u2013 -
table('Table') \u2013 -
flags(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.name","title":"namegenmask: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.use","title":"usename: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.handle","title":"handleuse: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.hook","title":"hookhandle: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.table","title":"tablehook: FlowtableHook = FlowtableHook(self)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.flags","title":"flagstable: 'Table'\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print","title":"print","text":"flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table","title":"Table","text":"print_fields(nested: int = 0, keys: list[str] = None)\nTable(addr: Value)\nBases:
NftFieldsMethods:
-
find\u2013 -
iter_chains\u2013 -
iter_sets\u2013 -
iter_flowtables\u2013 -
iter_objects\u2013 -
nested_print\u2013 -
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
family(int) \u2013 -
genmask(int) \u2013 -
name(str) \u2013 -
handle(int) \u2013 -
use(int) \u2013 -
flags(int) \u2013 -
nlpid(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.genmask","title":"genmaskfamily: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.name","title":"namegenmask: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.handle","title":"handlename: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.use","title":"usehandle: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.flags","title":"flagsuse: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nlpid","title":"nlpidflags: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.find","title":"findnlpid: int\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_chains","title":"iter_chains","text":"find(\n table_name: str | None = None,\n table_family: int | None = None,\n nsid: int | None = None,\n) -> Iterator[\"Table\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_sets","title":"iter_sets","text":"iter_chains() -> Iterator[Chain]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_flowtables","title":"iter_flowtables","text":"iter_sets() -> Iterator[Set]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_objects","title":"iter_objects","text":"iter_flowtables() -> Iterator[Flowtable]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nested_print","title":"nested_print","text":"iter_objects() -> Iterator[Object]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print","title":"print","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables","title":"Nftables","text":"print_fields(nested: int = 0, keys: list[str] = None)\nNftables(addr: Value)\nMethods:
-
find\u2013 -
iter_tables\u2013 -
print\u2013
classmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.iter_tables","title":"iter_tables","text":"find(nsid: int | None = None) -> 'Nftables' | None\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.print","title":"print","text":"iter_tables() -> Iterator[Table]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.catch_error","title":"catch_error","text":"print()\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.get_init_net_namespace","title":"get_init_net_namespace","text":"catch_error(func)\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/","title":"pwndbg.aglib.kernel.rbtree","text":""},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree","title":"rbtree","text":"get_init_net_namespace() -> Value\nFunctions:
-
init\u2013 -
for_each_rb_entry\u2013 -
rb_first\u2013 -
rb_last\u2013 -
rb_parent\u2013 -
rb_empty_node\u2013 -
rb_next\u2013 -
rb_prev\u2013
Attributes:
-
rb_root_type(Type) \u2013 -
rb_node_type(Type) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_node_type","title":"rb_node_typerb_root_type: Type = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.init","title":"init","text":"rb_node_type: Type = None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.for_each_rb_entry","title":"for_each_rb_entry","text":"init()\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_first","title":"rb_first","text":"for_each_rb_entry(\n root: Value, typename: str, fieldname: str\n) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_last","title":"rb_last","text":"rb_first(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_parent","title":"rb_parent","text":"rb_last(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_empty_node","title":"rb_empty_node","text":"rb_parent(node: Value) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_next","title":"rb_next","text":"rb_empty_node(node: Value) -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_prev","title":"rb_prev","text":"rb_next(node: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/","title":"pwndbg.aglib.kernel.slab","text":""},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab","title":"slab","text":"rb_prev(node: Value) -> Value | None\nClasses:
-
Freelist\u2013 -
SlabCache\u2013 -
CpuCache\u2013 -
NodeCache\u2013 -
Slab\u2013
Functions:
-
caches\u2013 -
get_cache\u2013 -
slab_struct_type\u2013 -
oo_order\u2013 -
oo_objects\u2013 -
get_flags_list\u2013 -
find_containing_slab_cache\u2013Find the slab cache associated with the provided address.
Attributes:
-
OO_SHIFT\u2013 -
OO_MASK\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.OO_MASK","title":"OO_MASKOO_SHIFT = 16\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist","title":"Freelist","text":"OO_MASK = 1 << OO_SHIFT - 1\nFreelist(start_addr: int, offset: int, random: int = 0)\nMethods:
-
__iter__\u2013 -
__int__\u2013 -
__len__\u2013 -
find_next\u2013
Attributes:
-
start_addr\u2013 -
offset\u2013 -
random\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.offset","title":"offsetstart_addr = start_addr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.random","title":"randomoffset = offset\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__iter__","title":"__iter__","text":"random = random\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__int__","title":"__int__","text":"__iter__() -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__len__","title":"__len__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.find_next","title":"find_next","text":"__len__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache","title":"SlabCache","text":"find_next(addr: int) -> int\nSlabCache(slab_cache: Value)\nAttributes:
-
address(int) \u2013 -
name(str) \u2013 -
offset(int) \u2013 -
random(int) \u2013 -
size(int) \u2013 -
object_size(int) \u2013 -
align(int) \u2013 -
flags(list[str]) \u2013 -
cpu_cache(CpuCache) \u2013returns cpu cache associated to current thread
-
cpu_caches(Generator[CpuCache, None, None]) \u2013returns cpu caches for all cpus
-
node_caches(Generator[NodeCache, None, None]) \u2013returns node caches for all NUMA nodes
-
cpu_partial(int) \u2013 -
inuse(int) \u2013 -
oo_order\u2013 -
oo_objects\u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.name","title":"nameaddress: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.offset","title":"offsetname: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.random","title":"randomoffset: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.size","title":"sizerandom: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.object_size","title":"object_sizesize: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.align","title":"alignobject_size: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.flags","title":"flagsalign: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_cache","title":"cpu_cacheflags: list[str]\nproperty","text":"cpu_cache: CpuCache\nreturns cpu cache associated to current thread
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_caches","title":"cpu_cachesproperty","text":"cpu_caches: Generator[CpuCache, None, None]\nreturns cpu caches for all cpus
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.node_caches","title":"node_cachesproperty","text":"node_caches: Generator[NodeCache, None, None]\nreturns node caches for all NUMA nodes
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_partial","title":"cpu_partialproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.inuse","title":"inusecpu_partial: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.__oo_x","title":"__oo_xinuse: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_order","title":"oo_order__oo_x: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_objects","title":"oo_objectsoo_order\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache","title":"CpuCache","text":"oo_objects\nCpuCache(cpu_cache: Value, slab_cache: SlabCache, cpu: int)\nAttributes:
-
slab_cache\u2013 -
cpu\u2013 -
address(int) \u2013 -
freelist(Freelist) \u2013 -
active_slab(Slab | None) \u2013 -
partial_slabs(list[Slab]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.cpu","title":"cpuslab_cache = slab_cache\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.address","title":"addresscpu = cpu\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.freelist","title":"freelistaddress: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.active_slab","title":"active_slabfreelist: Freelist\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.partial_slabs","title":"partial_slabsactive_slab: Slab | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache","title":"NodeCache","text":"partial_slabs: list[Slab]\nNodeCache(node_cache: Value, slab_cache: SlabCache, node: int)\nAttributes:
-
slab_cache\u2013 -
node\u2013 -
address(int) \u2013 -
partial_slabs(list[Slab]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.node","title":"nodeslab_cache = slab_cache\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.address","title":"addressnode = node\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.partial_slabs","title":"partial_slabsaddress: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab","title":"Slab","text":"partial_slabs: list[Slab]\nSlab(\n slab: Value,\n cpu_cache: CpuCache | None,\n slab_cache: SlabCache,\n is_partial: bool = False,\n)\nAttributes:
-
cpu_cache\u2013 -
slab_cache\u2013 -
is_partial\u2013 -
slab_address(int) \u2013 -
virt_address(int) \u2013 -
object_count(int) \u2013 -
objects(Generator[int, None, None]) \u2013 -
frozen(int) \u2013 -
inuse(int) \u2013 -
slabs(int) \u2013 -
pobjects(int) \u2013 -
freelist(Freelist) \u2013 -
freelists(list[Freelist]) \u2013 -
free_objects(set[int]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_cache","title":"slab_cachecpu_cache = cpu_cache\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.is_partial","title":"is_partialslab_cache = slab_cache\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_address","title":"slab_addressis_partial = is_partial\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.virt_address","title":"virt_addressslab_address: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.object_count","title":"object_countvirt_address: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.objects","title":"objectsobject_count: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.frozen","title":"frozenobjects: Generator[int, None, None]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.inuse","title":"inusefrozen: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slabs","title":"slabsinuse: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.pobjects","title":"pobjectsslabs: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.freelist","title":"freelistpobjects: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.freelists","title":"freelistsfreelist: Freelist\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.free_objects","title":"free_objectsfreelists: list[Freelist]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.caches","title":"caches","text":"free_objects: set[int]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_cache","title":"get_cache","text":"caches() -> Generator[SlabCache, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.slab_struct_type","title":"slab_struct_type","text":"get_cache(target_name: str) -> SlabCache | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_order","title":"oo_order","text":"slab_struct_type() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_objects","title":"oo_objects","text":"oo_order(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_flags_list","title":"get_flags_list","text":"oo_objects(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.find_containing_slab_cache","title":"find_containing_slab_cache","text":"get_flags_list(flags: int) -> list[str]\nfind_containing_slab_cache(addr: int) -> SlabCache | None\nFind the slab cache associated with the provided address.
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/","title":"pwndbg.aglib.kernel.vmmap","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap","title":"vmmap","text":"Classes:
-
QemuMachine\u2013
Functions:
-
kernel_vmmap_via_page_tables\u2013 -
kernel_vmmap_via_monitor_info_mem\u2013Returns Linux memory maps information by parsing
monitor info memoutput -
kernel_vmmap\u2013
Attributes:
-
monitor_info_mem_not_warned\u2013 -
kernel_vmmap_mode\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_mode","title":"kernel_vmmap_modemonitor_info_mem_not_warned = True\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine","title":"QemuMachine","text":"kernel_vmmap_mode = add_param(\n \"kernel-vmmap\",\n \"page-tables\",\n \"the method to get vmmap information when debugging via QEMU kernel\",\n help_docstring=\"kernel-vmmap can be:\\npage-tables - read /proc/$qemu-pid/mem to parse kernel page tables to render vmmap\\nmonitor - use QEMU's `monitor info mem` to render vmmap\\nnone - disable vmmap rendering; useful if rendering is particularly slow\\n\\nNote that the page-tables method will require the QEMU kernel process to be on the same machine and within the same PID namespace. Running QEMU kernel and GDB in different Docker containers will not work. Consider running both containers with --pid=host (meaning they will see and so be able to interact with all processes on the machine).\\n\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"page-tables\", \"monitor\", \"none\"],\n)\nQemuMachine()\nBases:
MachineMethods:
-
__del__\u2013 -
search_pids_for_file\u2013 -
get_qemu_pid\u2013 -
read_physical_memory\u2013 -
read_register\u2013
Attributes:
-
pid\u2013 -
file\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.file","title":"filepid = get_qemu_pid()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.__del__","title":"__del__","text":"file = open(f'/proc/{pid}/mem', O_RDONLY)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.search_pids_for_file","title":"search_pids_for_file__del__()\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.get_qemu_pid","title":"get_qemu_pidsearch_pids_for_file(pids: list[str], filename: str) -> str | None\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_physical_memory","title":"read_physical_memory","text":"get_qemu_pid()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_register","title":"read_register","text":"read_physical_memory(physical_address: int, length: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_page_tables","title":"kernel_vmmap_via_page_tables","text":"read_register(register_name: str) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem","title":"kernel_vmmap_via_monitor_info_mem","text":"kernel_vmmap_via_page_tables() -> tuple[Page, ...]\nkernel_vmmap_via_monitor_info_mem() -> tuple[Page, ...]\nReturns Linux memory maps information by parsing
monitor info memoutput from QEMU kernel GDB stub. Works only on X86/X64/RISC-V as this is what QEMU supports.Consider using the
kernel_vmmap_via_page_tablesmethod as it is probably more reliable/better.See also: !685 (TODO: revisit with future QEMU versions)
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--example-output-from-the-command","title":"Example output from the command:","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--pwndbg-monitor-info-mem","title":"pwndbg> monitor info mem","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903580000000-ffff903580099000-0000000000099000-rw","title":"ffff903580000000-ffff903580099000 0000000000099000 -rw","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903580099000-ffff90358009b000-0000000000002000-r-","title":"ffff903580099000-ffff90358009b000 0000000000002000 -r-","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff90358009b000-ffff903582200000-0000000002165000-rw","title":"ffff90358009b000-ffff903582200000 0000000002165000 -rw","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903582200000-ffff903582803000-0000000000603000-r-","title":"ffff903582200000-ffff903582803000 0000000000603000 -r-","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap","title":"kernel_vmmap","text":"
"},{"location":"reference/pwndbg/aglib/memory/","title":"pwndbg.aglib.memory","text":""},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory","title":"memory","text":"kernel_vmmap() -> tuple[Page, ...]\nFunctions:
-
read\u2013read(addr, count, partial=False) -> bytearray
-
readtype\u2013readtype(type, addr) -> int
-
write\u2013write(addr, data)
-
peek\u2013peek(address) -> bytearray
-
is_readable_address\u2013is_readable_address(address) -> bool
-
poke\u2013poke(address)
-
string\u2013Reads a null-terminated string from memory.
-
byte\u2013byte(addr) -> int
-
uchar\u2013uchar(addr) -> int
-
ushort\u2013ushort(addr) -> int
-
uint\u2013uint(addr) -> int
-
pvoid\u2013pvoid(addr) -> int
-
u8\u2013u8(addr) -> int
-
u16\u2013u16(addr) -> int
-
u32\u2013u32(addr) -> int
-
u64\u2013u64(addr) -> int
-
u\u2013u(addr, size=None) -> int
-
s8\u2013s8(addr) -> int
-
s16\u2013s16(addr) -> int
-
s32\u2013s32(addr) -> int
-
s64\u2013s64(addr) -> int
-
cast_pointer\u2013Create a Value containing given address and cast it to the pointer of specified type
-
get_typed_pointer\u2013Look up a type by name if necessary and return a Value of addr cast to that type
-
get_typed_pointer_value\u2013Read the pointer value of addr cast to type specified by type_name
-
find_upper_boundary\u2013find_upper_boundary(addr, max_pages=1024) -> int
-
find_lower_boundary\u2013find_lower_boundary(addr, max_pages=1024) -> int
-
update_min_addr\u2013 -
fetch_struct_as_dictionary\u2013 -
pack_struct_into_dictionary\u2013 -
convert_pwndbg_value_to_python_value\u2013 -
resolve_renamed_struct_field\u2013
Attributes:
-
GdbDict\u2013 -
MMAP_MIN_ADDR\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.MMAP_MIN_ADDR","title":"MMAP_MIN_ADDRGdbDict = Dict[str, Union['GdbDict', int]]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.read","title":"read","text":"MMAP_MIN_ADDR = 32768\nread(addr: int, count: int, partial: bool = False) -> bytearray\nread(addr, count, partial=False) -> bytearray
Read memory from the program being debugged.
Parameters:
-
addr(int) \u2013Address to read
-
count(int) \u2013Number of bytes to read
-
partial(bool, default:False) \u2013Whether less than
countbytes can be returned
Returns:
-
bytearray\u2013bytearrayThe memory at the specified address, -
bytearray\u2013or
None.
readtype(type: Type, addr: int) -> int\nreadtype(type, addr) -> int
Reads an integer-type (e.g.
uint64) and returns a Python native integer representation of the same.Parameters:
-
type(Type) \u2013GDB type to read
-
addr(int) \u2013Address at which the value to be read resides
Returns:
-
int\u2013int
write(addr: int, data: str | bytes | bytearray) -> None\nwrite(addr, data)
Writes data into the memory of the process being debugged.
Parameters:
-
addr(int) \u2013Address to write
-
data(str | bytes | bytearray) \u2013Data to write
peek(address: int) -> bytearray | None\npeek(address) -> bytearray
Read one byte from the specified address.
Parameters:
-
address(int) \u2013Address to read
Returns:
-
bytearray | None\u2013bytearrayA single byte of data, orNoneif the -
bytearray | None\u2013address cannot be read.
is_readable_address(address: int) -> bool\nis_readable_address(address) -> bool
Check if the address can be read by GDB.
Parameters:
-
address(int) \u2013Address to read
Returns:
-
bool\u2013bool: Whether the address is readable.
poke(address: int) -> bool\npoke(address)
Checks whether an address is writable.
Parameters:
-
address(int) \u2013Address to check
Returns:
-
bool\u2013bool: Whether the address is writable.
string(addr: int, max: int = 4096) -> bytearray\nReads a null-terminated string from memory.
Parameters:
-
addr(int) \u2013Address to read from
-
max(int, default:4096) \u2013Maximum string length (default 4096)
Returns:
-
bytearray\u2013An empty bytearray, or a NULL-terminated bytearray.
byte(addr: int) -> int\nbyte(addr) -> int
Read one byte at the specified address
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uchar","title":"uchar","text":"uchar(addr: int) -> int\nuchar(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.ushort","title":"ushort","text":"unsigned charat the specified address.ushort(addr: int) -> int\nushort(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uint","title":"uint","text":"unisgned shortat the specified address.uint(addr: int) -> int\nuint(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.pvoid","title":"pvoid","text":"unsigned intat the specified address.pvoid(addr: int) -> int\npvoid(addr) -> int
Read one pointer from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u8","title":"u8","text":"u8(addr: int) -> int\nu8(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u16","title":"u16","text":"uint8_tfrom the specified address.u16(addr: int) -> int\nu16(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u32","title":"u32","text":"uint16_tfrom the specified address.u32(addr: int) -> int\nu32(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u64","title":"u64","text":"uint32_tfrom the specified address.u64(addr: int) -> int\nu64(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u","title":"u","text":"uint64_tfrom the specified address.u(addr: int, size: int | None = None) -> int\nu(addr, size=None) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s8","title":"s8","text":"unsignedinteger from the specified address, with the bit-width specified bysize, which defaults to the pointer width.s8(addr: int) -> int\ns8(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s16","title":"s16","text":"int8_tfrom the specified addresss16(addr: int) -> int\ns16(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s32","title":"s32","text":"int16_tfrom the specified address.s32(addr: int) -> int\ns32(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s64","title":"s64","text":"int32_tfrom the specified address.s64(addr: int) -> int\ns64(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.cast_pointer","title":"cast_pointer","text":"int64_tfrom the specified address.cast_pointer(type: Type, addr: int | Value) -> Value\nCreate a Value containing given address and cast it to the pointer of specified type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer","title":"get_typed_pointer","text":"get_typed_pointer(type: str | Type, addr: int | Value) -> Value\nLook up a type by name if necessary and return a Value of addr cast to that type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer_value","title":"get_typed_pointer_value","text":"get_typed_pointer_value(type_name: str | Type, addr: int | Value) -> Value\nRead the pointer value of addr cast to type specified by type_name
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_upper_boundary","title":"find_upper_boundary","text":"find_upper_boundary(addr: int, max_pages: int = 1024) -> int\nfind_upper_boundary(addr, max_pages=1024) -> int
Brute-force search the upper boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_lower_boundary","title":"find_lower_boundary","text":"find_lower_boundary(addr: int, max_pages: int = 1024) -> int\nfind_lower_boundary(addr, max_pages=1024) -> int
Brute-force search the lower boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.update_min_addr","title":"update_min_addr","text":"
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.fetch_struct_as_dictionary","title":"fetch_struct_as_dictionary","text":"update_min_addr() -> None\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.pack_struct_into_dictionary","title":"pack_struct_into_dictionary","text":"fetch_struct_as_dictionary(\n struct_name: str,\n struct_address: int | Value,\n include_only_fields: set[str] | None = None,\n exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.convert_pwndbg_value_to_python_value","title":"convert_pwndbg_value_to_python_value","text":"pack_struct_into_dictionary(\n fetched_struct: Value,\n include_only_fields: set[str] | None = None,\n exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.resolve_renamed_struct_field","title":"resolve_renamed_struct_field","text":"convert_pwndbg_value_to_python_value(dbg_value: Value) -> int | GdbDict\n
"},{"location":"reference/pwndbg/aglib/nearpc/","title":"pwndbg.aglib.nearpc","text":""},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc","title":"nearpc","text":"resolve_renamed_struct_field(\n struct_name: str, possible_field_names: set[str]\n) -> str\nFunctions:
-
ljust_padding\u2013 -
nearpc\u2013Disassemble near a specified address.
Attributes:
-
c\u2013 -
nearpc_branch_marker\u2013 -
nearpc_branch_marker_contiguous\u2013 -
nearpc_lines\u2013 -
show_args\u2013 -
show_comments\u2013 -
show_opcode_bytes\u2013 -
opcode_separator_bytes\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker","title":"nearpc_branch_markerc = ColorConfig(\n \"nearpc\",\n [\n ColorParamSpec(\"symbol\", \"normal\", \"color for nearpc command (symbol)\"),\n ColorParamSpec(\n \"address\", \"normal\", \"color for nearpc command (address)\"\n ),\n ColorParamSpec(\n \"prefix\", \"none\", \"color for nearpc command (prefix marker)\"\n ),\n ColorParamSpec(\n \"breakpoint\", \"red\", \"color for nearpc command (breakpoint marker)\"\n ),\n ColorParamSpec(\n \"syscall-name\",\n \"red\",\n \"color for nearpc command (resolved syscall name)\",\n ),\n ColorParamSpec(\n \"argument\", \"bold\", \"color for nearpc command (target argument)\"\n ),\n ColorParamSpec(\n \"integration-comments\",\n \"bold\",\n \"color for nearpc command (integration comments)\",\n ),\n ColorParamSpec(\n \"branch-marker\",\n \"normal\",\n \"color for nearpc command (branch marker line)\",\n ),\n ],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker_contiguous","title":"nearpc_branch_marker_contiguousnearpc_branch_marker = add_param(\n \"nearpc-branch-marker\", \" \u2193\", \"branch marker line for nearpc command\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_lines","title":"nearpc_linesnearpc_branch_marker_contiguous = add_param(\n \"nearpc-branch-marker-contiguous\",\n \" \",\n \"contiguous branch marker line for nearpc command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_args","title":"show_argsnearpc_lines = add_param(\n \"nearpc-lines\",\n 10,\n \"number of additional lines to print for the nearpc command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_comments","title":"show_commentsshow_args = add_param(\n \"nearpc-show-args\", True, \"whether to show call arguments below instruction\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_opcode_bytes","title":"show_opcode_bytesshow_comments = add_param(\n \"nearpc-integration-comments\",\n True,\n \"whether to show comments from integration provider\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.opcode_separator_bytes","title":"opcode_separator_bytesshow_opcode_bytes = add_param(\n \"nearpc-num-opcode-bytes\",\n 0,\n \"number of opcode bytes to print for each instruction\",\n param_class=PARAM_ZUINTEGER,\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.ljust_padding","title":"ljust_padding","text":"opcode_separator_bytes = add_param(\n \"nearpc-opcode-separator-bytes\",\n 1,\n \"number of spaces between opcode bytes\",\n param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc","title":"nearpc","text":"ljust_padding(lst)\nnearpc(\n pc: int = None,\n lines: int = None,\n emulate=False,\n repeat=False,\n use_cache=False,\n linear=False,\n) -> list[str]\nDisassemble near a specified address.
The
"},{"location":"reference/pwndbg/aglib/next/","title":"pwndbg.aglib.next","text":""},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next","title":"next","text":"linearargument specifies if we should disassemble linearly in memory, or take jumps into accountCommands for setting temporary breakpoints on the next instruction of some type (call, branch, etc.)
Functions:
-
next_int\u2013If there is a syscall in the current basic black,
-
next_branch\u2013 -
next_matching_until_branch\u2013Finds the next instruction that matches the arguments between the given
-
break_next_branch\u2013 -
break_next_interrupt\u2013 -
break_next_call\u2013 -
break_next_ret\u2013 -
break_on_next_matching_instruction\u2013Breaks on next instuction that matches the arguments.
-
break_on_program_code\u2013Breaks on next instruction that belongs to process' objfile code
-
break_on_next\u2013
Attributes:
-
interrupts\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_int","title":"next_int","text":"interrupts = {CS_GRP_INT}\nnext_int(address=None)\nIf there is a syscall in the current basic black, return the instruction of the one closest to $PC.
Otherwise, return None.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_branch","title":"next_branch","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_matching_until_branch","title":"next_matching_until_branch","text":"next_branch(address=None)\nnext_matching_until_branch(address=None, mnemonic=None, op_str=None)\nFinds the next instruction that matches the arguments between the given address and the branch closest to it.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_branch","title":"break_next_branchasync","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_interrupt","title":"break_next_interruptbreak_next_branch(ec: ExecutionController, address=None)\nasync","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_call","title":"break_next_callbreak_next_interrupt(ec: ExecutionController, address=None)\nasync","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_ret","title":"break_next_retbreak_next_call(ec: ExecutionController, symbol_regex=None)\nasync","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next_matching_instruction","title":"break_on_next_matching_instructionbreak_next_ret(ec: ExecutionController, address=None)\nasync","text":"break_on_next_matching_instruction(\n ec: ExecutionController, mnemonic=None, op_str=None\n) -> bool\nBreaks on next instuction that matches the arguments.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_program_code","title":"break_on_program_codeasync","text":"break_on_program_code(ec: ExecutionController) -> bool\nBreaks on next instruction that belongs to process' objfile code
:return: True for success, False when process ended or when pc is not at the code or if a signal occurred
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next","title":"break_on_nextasync","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/","title":"pwndbg.aglib.onegadget","text":""},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget","title":"onegadget","text":"break_on_next(ec: ExecutionController, address=None) -> None\nClasses:
-
CheckSatResult\u2013 -
Lambda\u2013Modified from onegadget's Lambda class
Functions:
-
colorize_reg\u2013 -
colorize_integer\u2013 -
colorize_psuedo_code\u2013Colorize the pseudo code of onegadget
-
compute_file_hash\u2013Compute the MD5 hash of the file, return the hash
-
run_onegadget\u2013Run onegadget and return the output
-
parse_expression\u2013Parse expression, return the result, colorized string and error message
-
check_stack_argv\u2013Check argv that's on the stack, return the result and the message
-
check_non_stack_argv\u2013Check argv that's not on the stack, return the result and the message
-
check_argv\u2013Check argv, return the result and the message
-
check_envp\u2013Check envp, return the result and the message
-
check_constraint\u2013Parse constraint, return the result and the message
-
check_gadget\u2013Check status of each gadget, return the gadget's status
-
find_gadgets\u2013Find gadgets by parsing the output of onegadget, return there's any valid gadget
Attributes:
-
ADDRESS_WRITABLE_PATTERN\u2013 -
WRITABLE_COLON_PATTERN\u2013 -
EQUAL_NULL_PATTERN\u2013 -
VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN\u2013 -
VALID_ARGV_PATTERN\u2013 -
VALID_ENVP_PATTERN\u2013 -
IS_ALIGNED_PATTERN\u2013 -
IS_GOT_ADDRESS_PATTERN\u2013 -
CAST_PATTERN\u2013 -
XMM_SHIFT\u2013 -
CONSTRAINT_SEPARATOR\u2013 -
CAST_DEREF_MAPPING\u2013 -
CAST_MAPPING\u2013 -
ONEGADGET_COLOR\u2013 -
ONEGADGET_CACHEDIR\u2013 -
SAT\u2013 -
UNSAT\u2013 -
UNKNOWN\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.WRITABLE_COLON_PATTERN","title":"WRITABLE_COLON_PATTERNADDRESS_WRITABLE_PATTERN = compile('address(?:es)? (.*) (?:is|are) writable')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.EQUAL_NULL_PATTERN","title":"EQUAL_NULL_PATTERNWRITABLE_COLON_PATTERN = compile('writable: (.*)')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN","title":"VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERNEQUAL_NULL_PATTERN = compile('(.*) == NULL')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ARGV_PATTERN","title":"VALID_ARGV_PATTERNVALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN = compile('(.*) <= 0')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ENVP_PATTERN","title":"VALID_ENVP_PATTERNVALID_ARGV_PATTERN = compile('(.+) is a valid argv')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_ALIGNED_PATTERN","title":"IS_ALIGNED_PATTERNVALID_ENVP_PATTERN = compile('(.+) is a valid envp')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_GOT_ADDRESS_PATTERN","title":"IS_GOT_ADDRESS_PATTERNIS_ALIGNED_PATTERN = compile('(.+) & 0xf == (\\\\d+)')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_PATTERN","title":"CAST_PATTERNIS_GOT_ADDRESS_PATTERN = compile('(.+) is the GOT address of libc')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.XMM_SHIFT","title":"XMM_SHIFTCAST_PATTERN = compile('^\\\\([s|u]\\\\d+\\\\)')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CONSTRAINT_SEPARATOR","title":"CONSTRAINT_SEPARATORXMM_SHIFT = ' >> '\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_DEREF_MAPPING","title":"CAST_DEREF_MAPPINGCONSTRAINT_SEPARATOR = ' || '\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_MAPPING","title":"CAST_MAPPINGCAST_DEREF_MAPPING = {\n \"(u16)\": u16,\n \"(s16)\": s16,\n \"(u32)\": u32,\n \"(s32)\": s32,\n \"(u64)\": u64,\n \"(s64)\": s64,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_COLOR","title":"ONEGADGET_COLORCAST_MAPPING = {\n \"(u16)\": lambda x: value,\n \"(s16)\": lambda x: value,\n \"(u32)\": lambda x: value,\n \"(s32)\": lambda x: value,\n \"(u64)\": lambda x: value,\n \"(s64)\": lambda x: value,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_CACHEDIR","title":"ONEGADGET_CACHEDIRONEGADGET_COLOR = {\n \"light_green\": lambda x: colorize(x, \"\\x1b[38;5;82m\"),\n \"light_purple\": lambda x: colorize(x, \"\\x1b[38;5;153m\"),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.SAT","title":"SATONEGADGET_CACHEDIR = cachedir('onegadget')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNSAT","title":"UNSATSAT = SAT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNKNOWN","title":"UNKNOWNUNSAT = UNSAT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult","title":"CheckSatResult","text":"UNKNOWN = UNKNOWN\nBases:
EnumMethods:
-
__str__\u2013 -
__and__\u2013 -
__or__\u2013
Attributes:
-
SAT\u2013 -
UNSAT\u2013 -
UNKNOWN\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNSAT","title":"UNSATSAT = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNKNOWN","title":"UNKNOWNUNSAT = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__str__","title":"__str__","text":"UNKNOWN = -1\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__and__","title":"__and__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__or__","title":"__or__","text":"__and__(other: CheckSatResult) -> CheckSatResult\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda","title":"Lambda","text":"__or__(other: CheckSatResult) -> CheckSatResult\nLambda(obj: str | Lambda)\nModified from onegadget's Lambda class
https://github.com/david942j/one_gadget/blob/65ce1dade70bf89e7496346ccf452ce5b2d139b3/lib/one_gadget/emulators/lambda.rb#L13
Methods:
-
__add__\u2013 -
__sub__\u2013 -
__str__\u2013 -
__repr__\u2013 -
deref\u2013 -
deref_\u2013 -
ref\u2013 -
evaluate\u2013 -
parse\u2013 -
mem_obj\u2013
Attributes:
-
immi\u2013 -
obj\u2013 -
deref_count\u2013 -
gdb_expr(str) \u2013 -
color_str(str) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.obj","title":"objimmi = 0\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_count","title":"deref_countobj = obj\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.gdb_expr","title":"gdb_exprderef_count = 0\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.color_str","title":"color_strgdb_expr: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__add__","title":"__add__","text":"color_str: str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__sub__","title":"__sub__","text":"__add__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__str__","title":"__str__","text":"__sub__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__repr__","title":"__repr__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref","title":"deref","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_","title":"deref_","text":"deref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.ref","title":"ref","text":"deref_() -> None\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.evaluate","title":"evaluate","text":"ref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.parse","title":"parseevaluate(context: dict[Any, Any]) -> int | Lambda\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.mem_obj","title":"mem_objparse(argument: str, predefined: dict[Any, Any] = {}) -> int | Lambda\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_reg","title":"colorize_reg","text":"mem_obj(arg: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_integer","title":"colorize_integer","text":"colorize_reg(x: object) -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_psuedo_code","title":"colorize_psuedo_code","text":"colorize_integer(x: object) -> str\ncolorize_psuedo_code(code: str) -> str\nColorize the pseudo code of onegadget
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.compute_file_hash","title":"compute_file_hash","text":"compute_file_hash(filename: str) -> str\nCompute the MD5 hash of the file, return the hash
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.run_onegadget","title":"run_onegadget","text":"run_onegadget() -> str\nRun onegadget and return the output
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.parse_expression","title":"parse_expression","text":"parse_expression(expr: str) -> tuple[int | None, str, str | None]\nParse expression, return the result, colorized string and error message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_stack_argv","title":"check_stack_argv","text":"check_stack_argv(expr: str) -> tuple[CheckSatResult, str]\nCheck argv that's on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_non_stack_argv","title":"check_non_stack_argv","text":"check_non_stack_argv(expr: str) -> tuple[CheckSatResult, str]\nCheck argv that's not on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_argv","title":"check_argv","text":"check_argv(expr: str) -> tuple[CheckSatResult, str]\nCheck argv, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_envp","title":"check_envp","text":"check_envp(expr: str) -> tuple[bool, str]\nCheck envp, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_constraint","title":"check_constraint","text":"check_constraint(constraint: str) -> tuple[CheckSatResult, str]\nParse constraint, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_gadget","title":"check_gadget","text":"check_gadget(\n gadget: str,\n show_unsat: bool = False,\n no_unknown: bool = False,\n verbose: bool = False,\n) -> CheckSatResult\nCheck status of each gadget, return the gadget's status
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.find_gadgets","title":"find_gadgets","text":"find_gadgets(\n show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> dict[CheckSatResult, int]\nFind gadgets by parsing the output of onegadget, return there's any valid gadget
"},{"location":"reference/pwndbg/aglib/proc/","title":"pwndbg.aglib.proc","text":""},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc","title":"proc","text":"Provides values which would be available from /proc which are not fulfilled by other modules and some process/gdb flow related information.
Classes:
-
module\u2013
Functions:
-
OnlyWhenRunning\u2013 -
OnlyWhenQemuKernel\u2013 -
OnlyWithArch\u2013
Attributes:
-
P\u2013 -
T\u2013 -
pid(int) \u2013 -
tid(int) \u2013 -
thread_id(int) \u2013 -
alive(bool) \u2013 -
stopped_with_signal(bool) \u2013 -
exe(str | None) \u2013 -
binary_base_addr(int) \u2013 -
binary_vmmap(tuple[Page, ...]) \u2013 -
tether\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.pid","title":"pidT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tid","title":"tidpid: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.thread_id","title":"thread_idtid: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.alive","title":"alivethread_id: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.stopped_with_signal","title":"stopped_with_signalalive: bool\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.exe","title":"exestopped_with_signal: bool\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_base_addr","title":"binary_base_addrexe: str | None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_vmmap","title":"binary_vmmapbinary_base_addr: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tether","title":"tetherbinary_vmmap: tuple[Page, ...]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module","title":"module","text":"tether = modules[__name__]\nBases:
ModuleTypeMethods:
-
dump_elf_data_section\u2013Dump .data section of current process's ELF file
-
dump_relocations_by_section_name\u2013Dump relocations of a section by section name of current process's ELF file
-
get_section_address_by_name\u2013Find section address of current process by section name
-
OnlyWhenRunning\u2013 -
OnlyWhenQemuKernel\u2013 -
OnlyWithArch\u2013Decorates function to work only with the specified archictectures.
Attributes:
-
pid(int) \u2013 -
tid(int) \u2013 -
thread_id(int) \u2013 -
alive(bool) \u2013Informs whether the process has a thread. However, note that it will
-
stopped_with_signal(bool) \u2013Returns whether the program has stopped with a signal
-
exe(str | None) \u2013Returns the executed file path.
-
binary_base_addr(int) \u2013 -
binary_vmmap(tuple[Page, ...]) \u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.tid","title":"tidpid: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.thread_id","title":"thread_idtid: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.alive","title":"alivethread_id: int\nproperty","text":"alive: bool\nInforms whether the process has a thread. However, note that it will still return True for a segfaulted thread. To detect that, consider using the
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.stopped_with_signal","title":"stopped_with_signalstopped_with_signalmethod.property","text":"stopped_with_signal: bool\nReturns whether the program has stopped with a signal
Can be used to detect segfaults (but will also detect other signals)
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.exe","title":"exeproperty","text":"exe: str | None\nReturns the executed file path.
On remote targets, this path may not exist locally.
If you need the locally referenced file use
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_base_addr","title":"binary_base_addrgdb.current_process().filenameproperty","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_vmmap","title":"binary_vmmapbinary_base_addr: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_elf_data_section","title":"dump_elf_data_section","text":"binary_vmmap: tuple[Page, ...]\ndump_elf_data_section() -> tuple[int, int, bytes] | None\nDump .data section of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n section_name: str,\n) -> tuple[Relocation, ...] | None\nDump relocations of a section by section name of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.get_section_address_by_name","title":"get_section_address_by_name","text":"get_section_address_by_name(section_name: str) -> int\nFind section address of current process by section name
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenRunning","title":"OnlyWhenRunning","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWithArch","title":"OnlyWithArch","text":"OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T | None]\nOnlyWithArch(\n arch_names: list[str],\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\nDecorates function to work only with the specified archictectures.
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenRunning","title":"OnlyWhenRunning","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWithArch","title":"OnlyWithArch","text":"OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/aglib/qemu/","title":"pwndbg.aglib.qemu","text":""},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu","title":"qemu","text":"OnlyWithArch(\n arch_names: list[str],\n) -> Callable[[Callable[..., T]], Callable[..., T | None]]\nDetermine whether the target is being run under QEMU.
Functions:
-
is_qemu\u2013 -
is_usermode\u2013 -
is_qemu_usermode\u2013Returns
Trueif the target remote is being run under -
is_qemu_kernel\u2013 -
is_old_qemu_user\u2013 -
exec_file_supported\u2013Returns
Trueif the remote target understands the 'qXfer:exec-file:read' packet.
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_usermode","title":"is_usermode","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_usermode","title":"is_qemu_usermode","text":"is_usermode() -> bool\nis_qemu_usermode() -> bool\nReturns
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_kernel","title":"is_qemu_kernel","text":"Trueif the target remote is being run under QEMU usermode emulation.
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_old_qemu_user","title":"is_old_qemu_user","text":"is_qemu_kernel() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.exec_file_supported","title":"exec_file_supported","text":"is_old_qemu_user() -> bool\nexec_file_supported() -> bool\nReturns
"},{"location":"reference/pwndbg/aglib/regs/","title":"pwndbg.aglib.regs","text":""},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs","title":"regs","text":"Trueif the remote target understands the 'qXfer:exec-file:read' packet. A check for this feature is done in vmmap code, to warn against running legacy Qemu versions.Reading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
Classes:
-
module\u2013
Functions:
-
regs_in_frame\u2013 -
get_register\u2013 -
get_qemu_register\u2013 -
update_last\u2013
Attributes:
-
PTRACE_ARCH_PRCTL\u2013 -
ARCH_GET_FS\u2013 -
ARCH_GET_GS\u2013 -
gpr(tuple[str, ...]) \u2013 -
common(list[str]) \u2013 -
frame(str | None) \u2013 -
retaddr(tuple[str, ...]) \u2013 -
flags(dict[str, BitFlags]) \u2013 -
extra_flags(dict[str, BitFlags]) \u2013 -
stack(str) \u2013 -
retval(str | None) \u2013 -
all(list[str]) \u2013 -
changed(list[str]) \u2013 -
fsbase(int) \u2013 -
gsbase(int) \u2013 -
current(RegisterSet) \u2013 -
fix(Callable[[str], str]) \u2013 -
items(Callable[[], Generator[tuple[str, Any], None, None]]) \u2013 -
previous(dict[str, int]) \u2013 -
last(dict[str, int]) \u2013 -
pc(int | None) \u2013 -
tether\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_FS","title":"ARCH_GET_FSPTRACE_ARCH_PRCTL = 30\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_GS","title":"ARCH_GET_GSARCH_GET_FS = 4099\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gpr","title":"gprARCH_GET_GS = 4100\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.common","title":"commongpr: tuple[str, ...]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.frame","title":"framecommon: list[str]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retaddr","title":"retaddrframe: str | None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.flags","title":"flagsretaddr: tuple[str, ...]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.extra_flags","title":"extra_flagsflags: dict[str, BitFlags]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.stack","title":"stackextra_flags: dict[str, BitFlags]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retval","title":"retvalstack: str\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.all","title":"allretval: str | None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.changed","title":"changedall: list[str]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fsbase","title":"fsbasechanged: list[str]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gsbase","title":"gsbasefsbase: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.current","title":"currentgsbase: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fix","title":"fixcurrent: RegisterSet\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.items","title":"itemsfix: Callable[[str], str]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.previous","title":"previousitems: Callable[[], Generator[tuple[str, Any], None, None]]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.last","title":"lastprevious: dict[str, int]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.pc","title":"pclast: dict[str, int]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.tether","title":"tetherpc: int | None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module","title":"module","text":"tether = modules[__name__]\nBases:
ModuleTypeMethods:
-
read_reg\u2013 -
__getattr__\u2013 -
__setattr__\u2013 -
__getitem__\u2013 -
__contains__\u2013 -
__iter__\u2013 -
fix\u2013 -
items\u2013 -
__repr__\u2013
Attributes:
-
previous(dict[str, int]) \u2013 -
last(dict[str, int]) \u2013 -
current(RegisterSet) \u2013 -
gpr(tuple[str, ...]) \u2013 -
common(list[str]) \u2013 -
frame(str | None) \u2013 -
retaddr(tuple[str, ...]) \u2013 -
flags(dict[str, BitFlags]) \u2013 -
extra_flags(dict[str, BitFlags]) \u2013 -
stack(str) \u2013 -
retval(str | None) \u2013 -
all(set[str]) \u2013 -
reg_sets\u2013 -
changed(list[str]) \u2013 -
idt(int) \u2013 -
idt_limit(int) \u2013 -
fsbase(int) \u2013 -
gsbase(int) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.last","title":"lastprevious: dict[str, int] = {}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.current","title":"currentlast: dict[str, int] = {}\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gpr","title":"gprcurrent: RegisterSet\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.common","title":"commongpr: tuple[str, ...]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.frame","title":"framecommon: list[str]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retaddr","title":"retaddrframe: str | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.flags","title":"flagsretaddr: tuple[str, ...]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.extra_flags","title":"extra_flagsflags: dict[str, BitFlags]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.stack","title":"stackextra_flags: dict[str, BitFlags]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retval","title":"retvalstack: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.all","title":"allretval: str | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.reg_sets","title":"reg_setsall: set[str]\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.changed","title":"changedreg_sets = reg_sets\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt","title":"idtchanged: list[str]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt_limit","title":"idt_limitidt: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fsbase","title":"fsbaseidt_limit: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gsbase","title":"gsbasefsbase: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.read_reg","title":"read_reg","text":"gsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__getattr__","title":"__getattr__","text":"read_reg(reg: str, frame: Frame | None = None) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__setattr__","title":"__setattr__","text":"__getattr__(attr: str) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__getitem__","title":"__getitem__","text":"__setattr__(attr: str, val: Any) -> None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__contains__","title":"__contains__","text":"__getitem__(item: Any) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__iter__","title":"__iter__","text":"__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fix","title":"fix","text":"__iter__() -> Iterator[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.items","title":"items","text":"fix(expression: str) -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__repr__","title":"__repr__","text":"items() -> Generator[tuple[str, Any], None, None]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.regs_in_frame","title":"regs_in_frame","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_register","title":"get_register","text":"regs_in_frame(frame: Frame) -> Registers\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_qemu_register","title":"get_qemu_register","text":"get_register(name: str, frame: Frame | None = None) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.update_last","title":"update_last","text":"get_qemu_register(name: str) -> int | None\n
"},{"location":"reference/pwndbg/aglib/remote/","title":"pwndbg.aglib.remote","text":""},{"location":"reference/pwndbg/aglib/remote/#pwndbg.aglib.remote","title":"remote","text":"update_last() -> None\nInformation about whether the debuggee is local (under GDB) or remote (under GDBSERVER or QEMU stub).
Functions:
-
is_remote\u2013
"},{"location":"reference/pwndbg/aglib/shellcode/","title":"pwndbg.aglib.shellcode","text":""},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode","title":"shellcode","text":"is_remote() -> bool\nShellcode
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
Functions:
-
exec_syscall\u2013Tries executing the given syscall in the context of the inferior.
-
exec_shellcode\u2013Tries executing the given blob of machine code in the current context of the
async","text":"exec_syscall(\n ec: ExecutionController,\n syscall,\n arg0=None,\n arg1=None,\n arg2=None,\n arg3=None,\n arg4=None,\n arg5=None,\n disable_breakpoints=False,\n)\nTries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode","title":"exec_shellcodeasync","text":"exec_shellcode(\n ec: ExecutionController,\n blob,\n restore_context=True,\n disable_breakpoints=False,\n)\nTries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode--safety","title":"Safety","text":"Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/aglib/stack/","title":"pwndbg.aglib.stack","text":""},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack","title":"stack","text":"Helpers for finding address mappings which are used as a stack.
Generally not needed, except under qemu-user and for when binaries do things to remap the stack (e.g. pwnies' postit).
Functions:
-
find\u2013Returns a pwndbg.lib.memory.Page object which corresponds to given address stack
-
find_upper_stack_boundary\u2013 -
get\u2013For each running thread, return the known address range for its stack
-
current\u2013Returns the bounds for the stack for the current thread.
-
is_executable\u2013 -
callstack\u2013Return the address of the return address for the current frame.
Attributes:
-
auto_explore\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find","title":"find","text":"auto_explore = add_param(\n \"auto-explore-stack\",\n \"warn\",\n \"stack exploration; it may be really slow.\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\nfind(address: int) -> Page | None\nReturns a pwndbg.lib.memory.Page object which corresponds to given address stack or None if it does not exist
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find_upper_stack_boundary","title":"find_upper_stack_boundary","text":"
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.get","title":"get","text":"find_upper_stack_boundary(stack_ptr: int, max_pages: int = 1024) -> int\nget() -> dict[int, Page]\nFor each running thread, return the known address range for its stack Returns a dict which should never be modified (since its cached)
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.current","title":"current","text":"current() -> Page | None\nReturns the bounds for the stack for the current thread.
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.is_executable","title":"is_executable","text":"
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.callstack","title":"callstack","text":"is_executable() -> bool\ncallstack() -> list[int]\nReturn the address of the return address for the current frame.
"},{"location":"reference/pwndbg/aglib/strings/","title":"pwndbg.aglib.strings","text":""},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings","title":"strings","text":"Functionality for resolving ASCII printable strings within the debuggee's address space.
Functions:
-
update_length\u2013Unfortunately there's not a better way to get at this info.
-
get\u2013Returns a printable C-string from address.
-
yield_in_page\u2013Yields strings of length >= n found in a given vmmap page
Attributes:
-
length\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.update_length","title":"update_length","text":"length = 15\nupdate_length() -> None\nUnfortunately there's not a better way to get at this info.
gdb.execute('show print elements', from_tty=False, to_string=True) 'Limit on string chars or array elements to print is 21.\\n'
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.get","title":"get","text":"get(\n address: int, maxlen: int | None = None, maxread: int | None = None\n) -> str | None\nReturns a printable C-string from address.
Returns
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.yield_in_page","title":"yield_in_page","text":"Noneif string contains non-printable chars or if themaxlenlength data does not end up with a null byte.yield_in_page(page: Page, n=4) -> Iterator[str]\nYields strings of length >= n found in a given vmmap page
"},{"location":"reference/pwndbg/aglib/symbol/","title":"pwndbg.aglib.symbol","text":""},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol","title":"symbol","text":"Looking up addresses for function names / symbols, and vice-versa.
Functions:
-
lookup_symbol_addr\u2013 -
lookup_symbol_value\u2013 -
lookup_symbol\u2013Returns the address of the given
symbol, cast-ed to the appropriate symbol type. -
lookup_frame_symbol\u2013Returns the address of the given
symbol, cast-ed to the appropriate symbol type. -
resolve_addr\u2013Resolves an address to its corresponding symbol name, if available.
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol_value","title":"lookup_symbol_value","text":"lookup_symbol_addr(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> int | None\n
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol_value(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> int | None\nlookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\nReturns the address of the given
symbol, cast-ed to the appropriate symbol type.This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only) Typedef names (if you need please use aglib.typeinfo.load) - (gdb only) Enum values (if you need please use aglib.typeinfo.enum_member)
The lookup order is as follows (default): 1. Global scope within the current module 2. Global static scope within the current module 3. Global scope in other modules 4. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"lookup_frame_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\nReturns the address of the given
symbol, cast-ed to the appropriate symbol type.This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only, please don't use) Typedef names - (gdb only, please don't use) Enum values
The lookup order is as follows: 1. Local scope 2. Global scope within the current module 3. Global static scope within the current module 4. Global scope in other modules 5. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.resolve_addr","title":"resolve_addr","text":"resolve_addr(addr: int) -> str | None\nResolves an address to its corresponding symbol name, if available.
Note: - This function does not resolve TLS (Thread-Local Storage) addresses or addresses with local scope.
Resolution is performed in the following order: - Global scope symbols.
"},{"location":"reference/pwndbg/aglib/tls/","title":"pwndbg.aglib.tls","text":""},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls","title":"tls","text":"Getting Thread Local Storage (TLS) information.
Functions:
-
find_address_with_pthread_self\u2013Get the base address of the Thread Local Storage (TLS) for the current thread using
-
find_address_with_register\u2013Get the base address of the Thread Local Storage (TLS) for the current thread using
__call_pthread_self() -> int\nRetrieve the address of the
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_pthread_self","title":"find_address_with_pthread_self","text":"struct pthread_tfor the current thread by calling pthread_self(). This address can be used to locate the base address of the Thread Local Storage (TLS).find_address_with_pthread_self() -> int\nGet the base address of the Thread Local Storage (TLS) for the current thread using the pthread_self() function. The returned address points to the
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_register","title":"find_address_with_register","text":"struct tcbhead_t, which serves as the header for TLS and thread-specific metadata.find_address_with_register() -> int\nGet the base address of the Thread Local Storage (TLS) for the current thread using a CPU register. The returned address points to the
"},{"location":"reference/pwndbg/aglib/typeinfo/","title":"pwndbg.aglib.typeinfo","text":""},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo","title":"typeinfo","text":"struct tcbhead_t, which is the entry point for TLS and thread-specific metadata.Common types.
Functions:
-
lookup_types\u2013 -
update\u2013 -
load\u2013Load a symbol; note that new symbols can be added with
add-symbol-filefunctionality -
get_type\u2013
Attributes:
-
module\u2013 -
char(Type) \u2013 -
ulong(Type) \u2013 -
long(Type) \u2013 -
uchar(Type) \u2013 -
ushort(Type) \u2013 -
uint(Type) \u2013 -
void(Type) \u2013 -
uint8(Type) \u2013 -
uint16(Type) \u2013 -
uint32(Type) \u2013 -
uint64(Type) \u2013 -
unsigned(dict[int, Type]) \u2013 -
int8(Type) \u2013 -
int16(Type) \u2013 -
int32(Type) \u2013 -
int64(Type) \u2013 -
signed(dict[int, Type]) \u2013 -
pvoid(Type) \u2013 -
ppvoid(Type) \u2013 -
pchar(Type) \u2013 -
ptrsize(int) \u2013 -
ptrdiff(Type) \u2013 -
size_t(Type) \u2013 -
ssize_t(Type) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.char","title":"charmodule = modules[__name__]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ulong","title":"ulongchar: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.long","title":"longulong: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uchar","title":"ucharlong: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ushort","title":"ushortuchar: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint","title":"uintushort: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.void","title":"voiduint: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint8","title":"uint8void: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint16","title":"uint16uint8: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint32","title":"uint32uint16: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint64","title":"uint64uint32: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.unsigned","title":"unsigneduint64: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int8","title":"int8unsigned: dict[int, Type]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int16","title":"int16int8: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int32","title":"int32int16: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int64","title":"int64int32: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.signed","title":"signedint64: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pvoid","title":"pvoidsigned: dict[int, Type]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ppvoid","title":"ppvoidpvoid: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pchar","title":"pcharppvoid: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrsize","title":"ptrsizepchar: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrdiff","title":"ptrdiffptrsize: int = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.size_t","title":"size_tptrdiff: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ssize_t","title":"ssize_tsize_t: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.lookup_types","title":"lookup_types","text":"ssize_t: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.update","title":"update","text":"lookup_types(*types: str) -> Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.load","title":"load","text":"update() -> None\nload(name: str) -> Type | None\nLoad a symbol; note that new symbols can be added with
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.get_type","title":"get_type","text":"add-symbol-filefunctionality
"},{"location":"reference/pwndbg/aglib/vmmap/","title":"pwndbg.aglib.vmmap","text":""},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap","title":"vmmap","text":"get_type(size: int) -> Type\nFunctions:
-
get\u2013 -
find\u2013
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.find","title":"find","text":"get() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/","title":"pwndbg.aglib.vmmap_custom","text":""},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom","title":"vmmap_custom","text":"find(address: int | Value | None) -> Page | None\nFunctions:
-
clear_warn_cache\u2013 -
get_custom_pages\u2013Returns a tuple of
Pageobjects representing the memory mappings of the -
add_custom_page\u2013 -
clear_custom_page\u2013 -
explore\u2013Given a potential address, check to see what permissions it has.
-
get_memory_flags\u2013 -
find_boundaries\u2013Given a single address, find all contiguous pages
Attributes:
-
explored_pages(list[Page]) \u2013 -
custom_pages(list[Page]) \u2013 -
auto_explore\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.custom_pages","title":"custom_pagesexplored_pages: list[Page] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.auto_explore","title":"auto_explorecustom_pages: list[Page] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_warn_cache","title":"clear_warn_cache","text":"auto_explore = add_param(\n \"auto-explore-pages\",\n \"warn\",\n \"whether to try to infer page permissions when memory maps are missing\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"yes\", \"warn\", \"no\"],\n help_docstring=\"\\nThis command can cause errors.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_custom_pages","title":"get_custom_pages","text":"clear_warn_cache()\nget_custom_pages() -> tuple[Page, ...]\nReturns a tuple of
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.add_custom_page","title":"add_custom_page","text":"Pageobjects representing the memory mappings of the target, sorted by virtual address ascending.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_custom_page","title":"clear_custom_page","text":"add_custom_page(page: Page) -> None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.explore","title":"explore","text":"clear_custom_page() -> None\nexplore(address_maybe: int) -> Page | None\nGiven a potential address, check to see what permissions it has.
Returns:
-
Page | None\u2013Page object
Adds the Page object to a persistent list of pages which are only reset when the process dies. This means pages which are added this way will not be removed when unmapped.
Also assumes the entire contiguous section has the same permission.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_memory_flags","title":"get_memory_flags","text":"
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.find_boundaries","title":"find_boundaries","text":"get_memory_flags(address_maybe: int) -> int | None\nfind_boundaries(addr: int, name: str = '', min: int = 0) -> Page\nGiven a single address, find all contiguous pages which are mapped.
"},{"location":"reference/pwndbg/arguments/","title":"pwndbg.arguments","text":""},{"location":"reference/pwndbg/arguments/#pwndbg.arguments","title":"arguments","text":"Allows describing functions, specifically enumerating arguments which may be passed in a combination of registers and stack values.
Functions:
-
get\u2013Returns an array containing the arguments to the current function,
-
argname\u2013 -
argument\u2013Returns the nth argument, as if $pc were a 'call' or 'bl' type
-
arguments\u2013Yields (arg_name, arg_value) tuples for arguments from a given ABI.
-
format_args\u2013
get(instruction: PwndbgInstruction) -> list[tuple[Argument, int]]\nReturns an array containing the arguments to the current function, if $pc is a 'call', 'bl', or 'jalr' type instruction.
Otherwise, returns None.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argname","title":"argname","text":"
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argument","title":"argument","text":"argname(n: int, abi: ABI | None = None) -> str\nargument(n: int, abi: ABI | None = None) -> int\nReturns the nth argument, as if $pc were a 'call' or 'bl' type instruction. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.arguments","title":"arguments","text":"arguments(abi: ABI | None = None)\nYields (arg_name, arg_value) tuples for arguments from a given ABI. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.format_args","title":"format_args","text":"
"},{"location":"reference/pwndbg/auxv/","title":"pwndbg.auxv","text":""},{"location":"reference/pwndbg/auxv/#pwndbg.auxv","title":"auxv","text":"format_args(instruction: PwndbgInstruction) -> list[str]\nFunctions:
-
get\u2013 -
procfs_auxv\u2013 -
use_info_auxv\u2013 -
explore_stack_auxv\u2013 -
walk_stack2\u2013
Attributes:
-
auto_explore\u2013 -
example_info_auxv_linux\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.example_info_auxv_linux","title":"example_info_auxv_linuxauto_explore = add_param(\n \"auto-explore-auxv\",\n \"warn\",\n \"stack exploration for AUXV information; it may be really slow.\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.get","title":"get","text":"example_info_auxv_linux = '\\n33 AT_SYSINFO_EHDR System-supplied DSO\\'s ELF header 0x7ffff7ffa000\\n16 AT_HWCAP Machine-dependent CPU capability hints 0xfabfbff\\n6 AT_PAGESZ System page size 4096\\n17 AT_CLKTCK Frequency of times() 100\\n3 AT_PHDR Program headers for program 0x400040\\n4 AT_PHENT Size of program header entry 56\\n5 AT_PHNUM Number of program headers 9\\n7 AT_BASE Base address of interpreter 0x7ffff7dda000\\n8 AT_FLAGS Flags 0x0\\n9 AT_ENTRY Entry point of program 0x42020b\\n11 AT_UID Real user ID 1000\\n12 AT_EUID Effective user ID 1000\\n13 AT_GID Real group ID 1000\\n14 AT_EGID Effective group ID 1000\\n23 AT_SECURE Boolean, was exec setuid-like? 0\\n25 AT_RANDOM Address of 16 random bytes 0x7fffffffdb39\\n31 AT_EXECFN File name of executable 0x7fffffffefee \"/bin/bash\"\\n15 AT_PLATFORM String identifying platform 0x7fffffffdb49 \"x86_64\"\\n0 AT_NULL End of vector 0x0\\n'\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.procfs_auxv","title":"procfs_auxv","text":"get() -> AUXV\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.use_info_auxv","title":"use_info_auxv","text":"procfs_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.explore_stack_auxv","title":"explore_stack_auxv","text":"use_info_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.walk_stack2","title":"walk_stack2","text":"explore_stack_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/chain/","title":"pwndbg.chain","text":""},{"location":"reference/pwndbg/chain/#pwndbg.chain","title":"chain","text":"walk_stack2(offset: int = 0) -> AUXV\nFunctions:
-
get\u2013Recursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
-
format\u2013Recursively dereferences an address into string representation, or convert the list representation
Attributes:
-
LIMIT\u2013 -
c\u2013 -
config_arrow_left\u2013 -
config_arrow_right\u2013 -
config_contiguous\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.c","title":"cLIMIT = add_param(\n \"dereference-limit\", 5, \"max number of pointers to dereference in a chain\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_left","title":"config_arrow_leftc = ColorConfig(\n \"chain\",\n [\n ColorParamSpec(\"arrow\", \"normal\", \"color of chain formatting (arrow)\"),\n ColorParamSpec(\n \"contiguous-marker\",\n \"normal\",\n \"color of chain formatting (contiguous marker)\",\n ),\n ],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_right","title":"config_arrow_rightconfig_arrow_left = add_param(\n \"chain-arrow-left\", \"\u25c2\u2014\", \"left arrow of chain formatting\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_contiguous","title":"config_contiguousconfig_arrow_right = add_param(\n \"chain-arrow-right\", \"\u2014\u25b8\", \"right arrow of chain formatting\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.get","title":"get","text":"config_contiguous = add_param(\n \"chain-contiguous-marker\", \"...\", \"contiguous marker of chain formatting\"\n)\nget(\n address: int | None,\n limit: int = LIMIT,\n offset: int = 0,\n hard_stop: int | None = None,\n hard_end: int = 0,\n include_start: bool = True,\n safe_linking: bool = False,\n) -> list[int] | None\nRecursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
Parameters:
-
address(int | None) \u2013the first address to begin dereferencing
-
limit(int, default:LIMIT) \u2013number of valid pointers
-
offset(int, default:0) \u2013offset into the address to get the next pointer
-
hard_stop(int | None, default:None) \u2013address to stop at
-
hard_end(int, default:0) \u2013value to append when hard_stop is reached
-
include_start(bool, default:True) \u2013whether to include starting address or not
-
safe_linking(bool, default:False) \u2013whether this chain use safe-linking
Returns:
-
list[int] | None\u2013A list representing pointers of each
addressand reference
format(\n value: int | list[int] | None,\n limit: int = LIMIT,\n code: bool = True,\n offset: int = 0,\n hard_stop: int | None = None,\n hard_end: int = 0,\n safe_linking: bool = False,\n enhance_string_len: int | None = None,\n) -> str\nRecursively dereferences an address into string representation, or convert the list representation of address dereferences into string representation.
Parameters:
-
value(int | list[int] | None) \u2013Either the starting address to be sent to get, or the result of get (a list)
-
limit(int, default:LIMIT) \u2013Number of valid pointers
-
code(bool, default:True) \u2013Hint that indicates the value may be an instruction
-
offset(int, default:0) \u2013Offset into the address to get the next pointer
-
hard_stop(int | None, default:None) \u2013Value to stop on
-
hard_end(int, default:0) \u2013Value to append when hard_stop is reached: null, value of hard stop, a string.
-
safe_linking(bool, default:False) \u2013whether this chain use safe-linking
-
enhance_string_len(int | None, default:None) \u2013The length of string to display for enhancement of the last pointer
Returns: A string representing pointers of each address and reference Strings format: 0x0804a10 \u2014\u25b8 0x08061000 \u25c2\u2014 0x41414141
"},{"location":"reference/pwndbg/color/","title":"pwndbg.color","text":""},{"location":"reference/pwndbg/color/#pwndbg.color","title":"color","text":"Modules:
-
context\u2013 -
disasm\u2013 -
enhance\u2013 -
hexdump\u2013 -
memory\u2013 -
message\u2013 -
syntax_highlight\u2013 -
telescope\u2013 -
theme\u2013
Classes:
-
ColorParamSpec\u2013 -
ColorConfig\u2013
Functions:
-
normal\u2013 -
black\u2013 -
red\u2013 -
green\u2013 -
yellow\u2013 -
blue\u2013 -
purple\u2013 -
cyan\u2013 -
light_gray\u2013 -
foreground\u2013 -
gray\u2013 -
light_red\u2013 -
light_green\u2013 -
light_yellow\u2013 -
light_blue\u2013 -
light_purple\u2013 -
light_cyan\u2013 -
white\u2013 -
bold\u2013 -
underline\u2013 -
colorize\u2013 -
unstylize\u2013 -
generateColorFunctionInner\u2013 -
generateColorFunction\u2013 -
strip\u2013 -
terminateWith\u2013 -
ljust_colored\u2013 -
rjust_colored\u2013
Attributes:
-
NORMAL\u2013 -
BLACK\u2013 -
RED\u2013 -
GREEN\u2013 -
YELLOW\u2013 -
BLUE\u2013 -
PURPLE\u2013 -
CYAN\u2013 -
LIGHT_GREY\u2013 -
LIGHT_GRAY\u2013 -
FOREGROUND\u2013 -
GREY\u2013 -
GRAY\u2013 -
LIGHT_RED\u2013 -
LIGHT_GREEN\u2013 -
LIGHT_YELLOW\u2013 -
LIGHT_BLUE\u2013 -
LIGHT_PURPLE\u2013 -
LIGHT_CYAN\u2013 -
WHITE\u2013 -
BOLD\u2013 -
UNDERLINE\u2013 -
none\u2013 -
ansi_escape_8bit\u2013 -
disable_colors\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLACK","title":"BLACKNORMAL = '\\x1b[0m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.RED","title":"REDBLACK = '\\x1b[30m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREEN","title":"GREENRED = '\\x1b[31m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.YELLOW","title":"YELLOWGREEN = '\\x1b[32m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLUE","title":"BLUEYELLOW = '\\x1b[33m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.PURPLE","title":"PURPLEBLUE = '\\x1b[34m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.CYAN","title":"CYANPURPLE = '\\x1b[35m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREY","title":"LIGHT_GREYCYAN = '\\x1b[36m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GRAY","title":"LIGHT_GRAYLIGHT_GREY = '\\x1b[37m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.FOREGROUND","title":"FOREGROUNDLIGHT_GRAY = '\\x1b[37m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREY","title":"GREYFOREGROUND = '\\x1b[39m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.GRAY","title":"GRAYGREY = '\\x1b[90m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_RED","title":"LIGHT_REDGRAY = '\\x1b[90m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREEN","title":"LIGHT_GREENLIGHT_RED = '\\x1b[91m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_YELLOW","title":"LIGHT_YELLOWLIGHT_GREEN = '\\x1b[92m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_BLUE","title":"LIGHT_BLUELIGHT_YELLOW = '\\x1b[93m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_PURPLE","title":"LIGHT_PURPLELIGHT_BLUE = '\\x1b[94m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_CYAN","title":"LIGHT_CYANLIGHT_PURPLE = '\\x1b[95m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.WHITE","title":"WHITELIGHT_CYAN = '\\x1b[96m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.BOLD","title":"BOLDWHITE = '\\x1b[97m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.UNDERLINE","title":"UNDERLINEBOLD = '\\x1b[1m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.none","title":"noneUNDERLINE = '\\x1b[4m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.ansi_escape_8bit","title":"ansi_escape_8bitnone = str\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.disable_colors","title":"disable_colorsansi_escape_8bit = compile(\n \"(?:\\\\x1B[@-Z\\\\\\\\-_]|[\\\\x80-\\\\x9A\\\\x9C-\\\\x9F]|(?:\\\\x1B\\\\[|\\\\x9B)[0-?]*[ -/]*[@-~])\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec","title":"ColorParamSpec","text":"disable_colors = add_param(\n \"disable-colors\",\n bool(get(\"PWNDBG_DISABLE_COLORS\")),\n \"whether to color the output or not\",\n)\nBases:
NamedTupleAttributes:
-
name(str) \u2013 -
default(str) \u2013 -
doc(str) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.default","title":"defaultname: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.doc","title":"docdefault: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorConfig","title":"ColorConfig","text":"doc: str\nColorConfig(namespace: str, params: list[ColorParamSpec])\nMethods:
-
__getattr__\u2013
"},{"location":"reference/pwndbg/color/#pwndbg.color.normal","title":"normal","text":"__getattr__(attr: str) -> Callable[[str], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.black","title":"black","text":"normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.red","title":"red","text":"black(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.green","title":"green","text":"red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.yellow","title":"yellow","text":"green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.blue","title":"blue","text":"yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.purple","title":"purple","text":"blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.cyan","title":"cyan","text":"purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_gray","title":"light_gray","text":"cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.foreground","title":"foreground","text":"light_gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.gray","title":"gray","text":"foreground(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_red","title":"light_red","text":"gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_green","title":"light_green","text":"light_red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_yellow","title":"light_yellow","text":"light_green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_blue","title":"light_blue","text":"light_yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_purple","title":"light_purple","text":"light_blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_cyan","title":"light_cyan","text":"light_purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.white","title":"white","text":"light_cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.bold","title":"bold","text":"white(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.underline","title":"underline","text":"bold(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.colorize","title":"colorize","text":"underline(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.unstylize","title":"unstylize","text":"colorize(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunctionInner","title":"generateColorFunctionInner","text":"unstylize(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunction","title":"generateColorFunction","text":"generateColorFunctionInner(\n old: Callable[[object], str], new: Callable[[str], str]\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.strip","title":"strip","text":"generateColorFunction(\n config: str | Parameter,\n _globals: dict[str, Callable[[str], str]] = globals(),\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.terminateWith","title":"terminateWith","text":"strip(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ljust_colored","title":"ljust_colored","text":"terminateWith(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.rjust_colored","title":"rjust_colored","text":"ljust_colored(x: str, length: int, char: str = ' ') -> str\n
"},{"location":"reference/pwndbg/color/context/","title":"pwndbg.color.context","text":""},{"location":"reference/pwndbg/color/context/#pwndbg.color.context","title":"context","text":"rjust_colored(x: str, length: int, char: str = ' ')\nFunctions:
-
prefix\u2013 -
highlight\u2013 -
register\u2013 -
register_changed\u2013 -
flag_bracket\u2013 -
flag_value\u2013 -
flag_set\u2013 -
flag_unset\u2013 -
flag_changed\u2013 -
banner\u2013 -
banner_title\u2013 -
comment\u2013 -
format_flags\u2013
Attributes:
-
config_prefix_color\u2013 -
config_highlight_color\u2013 -
config_register_color\u2013 -
config_flag_value_color\u2013 -
config_flag_bracket_color\u2013 -
config_flag_set_color\u2013 -
config_flag_unset_color\u2013 -
config_flag_changed_color\u2013 -
config_banner_color\u2013 -
config_banner_title\u2013 -
config_register_changed_color\u2013 -
config_register_changed_marker\u2013 -
config_comment\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_highlight_color","title":"config_highlight_colorconfig_prefix_color = add_color_param(\n \"code-prefix-color\",\n \"none\",\n \"color for 'context code' command (prefix marker)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_color","title":"config_register_colorconfig_highlight_color = add_color_param(\n \"highlight-color\", \"green,bold\", \"color added to highlights like source/pc\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_value_color","title":"config_flag_value_colorconfig_register_color = add_color_param(\n \"context-register-color\", \"bold\", \"color for registers label\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_bracket_color","title":"config_flag_bracket_colorconfig_flag_value_color = add_color_param(\n \"context-flag-value-color\",\n \"none\",\n \"color for flags register (register value)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_set_color","title":"config_flag_set_colorconfig_flag_bracket_color = add_color_param(\n \"context-flag-bracket-color\", \"none\", \"color for flags register (bracket)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_unset_color","title":"config_flag_unset_colorconfig_flag_set_color = add_color_param(\n \"context-flag-set-color\",\n \"green,bold\",\n \"color for flags register (flag set)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_changed_color","title":"config_flag_changed_colorconfig_flag_unset_color = add_color_param(\n \"context-flag-unset-color\", \"red\", \"color for flags register (flag unset)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_color","title":"config_banner_colorconfig_flag_changed_color = add_color_param(\n \"context-flag-changed-color\",\n \"underline\",\n \"color for flags register (flag changed)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_title","title":"config_banner_titleconfig_banner_color = add_color_param(\n \"banner-color\", \"blue\", \"color for banner line\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_color","title":"config_register_changed_colorconfig_banner_title = add_color_param(\n \"banner-title-color\", \"none\", \"color for banner title\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_marker","title":"config_register_changed_markerconfig_register_changed_color = add_color_param(\n \"context-register-changed-color\",\n \"red\",\n \"color for registers label (change marker)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_comment","title":"config_commentconfig_register_changed_marker = add_param(\n \"context-register-changed-marker\", \"*\", \"change marker for registers label\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.prefix","title":"prefix","text":"config_comment = add_color_param('comment-color', 'gray', 'color for comment')\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.highlight","title":"highlight","text":"prefix(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register","title":"register","text":"highlight(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register_changed","title":"register_changed","text":"register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_bracket","title":"flag_bracket","text":"register_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_value","title":"flag_value","text":"flag_bracket(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_set","title":"flag_set","text":"flag_value(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_unset","title":"flag_unset","text":"flag_set(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_changed","title":"flag_changed","text":"flag_unset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner","title":"banner","text":"flag_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner_title","title":"banner_title","text":"banner(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.comment","title":"comment","text":"banner_title(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.format_flags","title":"format_flags","text":"comment(x: object) -> str\n
"},{"location":"reference/pwndbg/color/disasm/","title":"pwndbg.color.disasm","text":""},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm","title":"disasm","text":"format_flags(value: int | None, flags: BitFlags, last: int | None = None)\nFunctions:
-
one_instruction\u2013 -
instructions_and_padding\u2013
Attributes:
-
c\u2013 -
MIN_SPACING\u2013 -
WHITESPACE_LIMIT\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.MIN_SPACING","title":"MIN_SPACINGc = ColorConfig(\n \"disasm\",\n [\n ColorParamSpec(\n \"branch\", \"bold\", \"color for disasm (branch/call instruction)\"\n )\n ],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.WHITESPACE_LIMIT","title":"WHITESPACE_LIMITMIN_SPACING = 5\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.one_instruction","title":"one_instruction","text":"WHITESPACE_LIMIT = 20\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.instructions_and_padding","title":"instructions_and_padding","text":"one_instruction(ins: PwndbgInstruction) -> str\n
"},{"location":"reference/pwndbg/color/enhance/","title":"pwndbg.color.enhance","text":""},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance","title":"enhance","text":"instructions_and_padding(instructions: list[PwndbgInstruction]) -> list[str]\nFunctions:
-
integer\u2013 -
string\u2013 -
comment\u2013 -
unknown\u2013
Attributes:
-
config_integer_color\u2013 -
config_string_color\u2013 -
config_comment_color\u2013 -
config_unknown_color\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_string_color","title":"config_string_colorconfig_integer_color = add_color_param(\n \"enhance-integer-value-color\", \"none\", \"color of value enhance (integer)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_comment_color","title":"config_comment_colorconfig_string_color = add_color_param(\n \"enhance-string-value-color\", \"none\", \"color of value enhance (string)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_unknown_color","title":"config_unknown_colorconfig_comment_color = add_color_param(\n \"enhance-comment-color\", \"none\", \"color of value enhance (comment)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.integer","title":"integer","text":"config_unknown_color = add_color_param(\n \"enhance-unknown-color\", \"none\", \"color of value enhance (unknown value)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.string","title":"string","text":"integer(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.comment","title":"comment","text":"string(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.unknown","title":"unknown","text":"comment(x)\n
"},{"location":"reference/pwndbg/color/hexdump/","title":"pwndbg.color.hexdump","text":""},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump","title":"hexdump","text":"unknown(x)\nFunctions:
-
normal\u2013 -
printable\u2013 -
zero\u2013 -
special\u2013 -
offset\u2013 -
address\u2013 -
separator\u2013 -
highlight_group_lsb\u2013
Attributes:
-
config_normal\u2013 -
config_printable\u2013 -
config_zero\u2013 -
config_special\u2013 -
config_offset\u2013 -
config_address\u2013 -
config_separator\u2013 -
config_highlight_group_lsb\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_printable","title":"config_printableconfig_normal = add_color_param(\n \"hexdump-normal-color\", \"none\", \"color for hexdump command (normal bytes)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_zero","title":"config_zeroconfig_printable = add_color_param(\n \"hexdump-printable-color\",\n \"bold\",\n \"color for hexdump command (printable characters)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_special","title":"config_specialconfig_zero = add_color_param(\n \"hexdump-zero-color\", \"red\", \"color for hexdump command (zero bytes)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_offset","title":"config_offsetconfig_special = add_color_param(\n \"hexdump-special-color\",\n \"yellow\",\n \"color for hexdump command (special bytes)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_address","title":"config_addressconfig_offset = add_color_param(\n \"hexdump-offset-color\", \"none\", \"color for hexdump command (offset label)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_separator","title":"config_separatorconfig_address = add_color_param(\n \"hexdump-address-color\", \"none\", \"color for hexdump command (address label)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_highlight_group_lsb","title":"config_highlight_group_lsbconfig_separator = add_color_param(\n \"hexdump-separator-color\",\n \"none\",\n \"color for hexdump command (group separator)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.normal","title":"normal","text":"config_highlight_group_lsb = add_param(\n \"hexdump-highlight-group-lsb\",\n \"underline\",\n \"highlight LSB of each group\",\n help_docstring=\"Applies only if hexdump-use-big-endian actually changes byte order.\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.printable","title":"printable","text":"normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.zero","title":"zero","text":"printable(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.special","title":"special","text":"zero(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.offset","title":"offset","text":"special(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.address","title":"address","text":"offset(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.separator","title":"separator","text":"address(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.highlight_group_lsb","title":"highlight_group_lsb","text":"separator(x: str) -> str\n
"},{"location":"reference/pwndbg/color/memory/","title":"pwndbg.color.memory","text":""},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory","title":"memory","text":"highlight_group_lsb(x: str) -> str\nFunctions:
-
get_address_and_symbol\u2013Convert and colorize address 0x7ffff7fcecd0 to string
0x7ffff7fcecd0 (_dl_fini) -
get_address_or_symbol\u2013Convert and colorize address to symbol if it can be resolved, else return colorized address
-
attempt_colorized_symbol\u2013Convert address to colorized symbol (if symbol is there), else None
-
get\u2013Returns a colorized string representing the provided address.
-
legend\u2013
Attributes:
-
ColorFunction\u2013 -
c\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.c","title":"cColorFunction = Callable[[str], str]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_and_symbol","title":"get_address_and_symbol","text":"c = ColorConfig(\n \"memory\",\n [\n ColorParamSpec(\"stack\", \"yellow\", \"color for stack memory\"),\n ColorParamSpec(\"heap\", \"blue\", \"color for heap memory\"),\n ColorParamSpec(\"code\", \"red\", \"color for executable memory\"),\n ColorParamSpec(\"data\", \"purple\", \"color for all other writable memory\"),\n ColorParamSpec(\"rodata\", \"normal\", \"color for all read only memory\"),\n ColorParamSpec(\"wx\", \"underline\", \"color added to all WX memory\"),\n ColorParamSpec(\n \"guard\", \"cyan\", \"color added to all guard pages (no perms)\"\n ),\n ],\n)\nget_address_and_symbol(address: int) -> str\nConvert and colorize address 0x7ffff7fcecd0 to string
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_or_symbol","title":"get_address_or_symbol","text":"0x7ffff7fcecd0 (_dl_fini)If no symbol exists for the address, return colorized addressget_address_or_symbol(address: int) -> str\nConvert and colorize address to symbol if it can be resolved, else return colorized address
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.attempt_colorized_symbol","title":"attempt_colorized_symbol","text":"attempt_colorized_symbol(address: int) -> str | None\nConvert address to colorized symbol (if symbol is there), else None
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get","title":"get","text":"get(\n address: int | Value | Any,\n text: str | None = None,\n prefix: str | None = None,\n) -> str\nReturns a colorized string representing the provided address.
Parameters:
-
address(int | Value | Any) \u2013Address to look up
-
text(str | None, default:None) \u2013Optional text to use in place of the address in the return value string.
-
prefix(str | None, default:None) \u2013Optional text to set at beginning in the return value string.
"},{"location":"reference/pwndbg/color/message/","title":"pwndbg.color.message","text":""},{"location":"reference/pwndbg/color/message/#pwndbg.color.message","title":"message","text":"legend()\nFunctions:
-
on\u2013 -
off\u2013 -
notice\u2013 -
hint\u2013 -
success\u2013 -
debug\u2013 -
info\u2013 -
warn\u2013 -
error\u2013 -
system\u2013 -
exit\u2013 -
breakpoint\u2013 -
signal\u2013 -
prompt\u2013 -
alive_prompt\u2013 -
readline_escape\u2013
Attributes:
-
config_status_on_color\u2013 -
config_status_off_color\u2013 -
config_notice_color\u2013 -
config_hint_color\u2013 -
config_success_color\u2013 -
config_debug_color\u2013 -
config_info_color\u2013 -
config_warning_color\u2013 -
config_error_color\u2013 -
config_system_color\u2013 -
config_exit_color\u2013 -
config_breakpoint_color\u2013 -
config_signal_color\u2013 -
config_prompt_color(Parameter) \u2013 -
config_prompt_alive_color(Parameter) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_status_off_color","title":"config_status_off_colorconfig_status_on_color = add_color_param(\n \"message-status-on-color\", \"green\", \"color of on status messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_notice_color","title":"config_notice_colorconfig_status_off_color = add_color_param(\n \"message-status-off-color\", \"red\", \"color of off status messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_hint_color","title":"config_hint_colorconfig_notice_color = add_color_param(\n \"message-notice-color\", \"purple\", \"color of notice messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_success_color","title":"config_success_colorconfig_hint_color = add_color_param(\n \"message-hint-color\", \"yellow\", \"color of hint and marker messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_debug_color","title":"config_debug_colorconfig_success_color = add_color_param(\n \"message-success-color\", \"green\", \"color of success messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_info_color","title":"config_info_colorconfig_debug_color = add_color_param(\n \"message-debug-color\", \"blue\", \"color of debug messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_warning_color","title":"config_warning_colorconfig_info_color = add_color_param(\n \"message-info-color\", \"white\", \"color of info messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_error_color","title":"config_error_colorconfig_warning_color = add_color_param(\n \"message-warning-color\", \"yellow\", \"color of warning messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_system_color","title":"config_system_colorconfig_error_color = add_color_param(\n \"message-error-color\", \"red\", \"color of error messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_exit_color","title":"config_exit_colorconfig_system_color = add_color_param(\n \"message-system-color\", \"light-red\", \"color of system messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_breakpoint_color","title":"config_breakpoint_colorconfig_exit_color = add_color_param(\n \"message-exit-color\", \"red\", \"color of exit messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_signal_color","title":"config_signal_colorconfig_breakpoint_color = add_color_param(\n \"message-breakpoint-color\", \"yellow\", \"color of breakpoint messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_color","title":"config_prompt_colorconfig_signal_color = add_color_param(\n \"message-signal-color\", \"bold,red\", \"color of signal messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_alive_color","title":"config_prompt_alive_colorconfig_prompt_color: Parameter = add_color_param(\n \"prompt-color\", \"bold,red\", \"prompt color\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.on","title":"on","text":"config_prompt_alive_color: Parameter = add_color_param(\n \"prompt-alive-color\", \"bold,green\", \"prompt alive color\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.off","title":"off","text":"on(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.notice","title":"notice","text":"off(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.hint","title":"hint","text":"notice(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.success","title":"success","text":"hint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.debug","title":"debug","text":"success(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.info","title":"info","text":"debug(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.warn","title":"warn","text":"info(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.error","title":"error","text":"warn(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.system","title":"system","text":"error(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.exit","title":"exit","text":"system(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.breakpoint","title":"breakpoint","text":"exit(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.signal","title":"signal","text":"breakpoint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.prompt","title":"prompt","text":"signal(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.alive_prompt","title":"alive_prompt","text":"prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.readline_escape","title":"readline_escape","text":"alive_prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/syntax_highlight/","title":"pwndbg.color.syntax_highlight","text":""},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight","title":"syntax_highlight","text":"readline_escape(func_message: Callable[[str], str], text: str) -> str\nFunctions:
-
check_style\u2013 -
syntax_highlight\u2013
Attributes:
-
style\u2013 -
formatter\u2013 -
pwntools_lexer\u2013 -
lexer_cache(dict[str, Any]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.formatter","title":"formatterstyle = add_param(\n \"syntax-highlight-style\",\n \"monokai\",\n \"source code / assembly syntax highlight stylename of pygments module\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.pwntools_lexer","title":"pwntools_lexerformatter = Terminal256Formatter(style=str(style))\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.lexer_cache","title":"lexer_cachepwntools_lexer = PwntoolsLexer()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.check_style","title":"check_style","text":"lexer_cache: dict[str, Any] = {}\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.syntax_highlight","title":"syntax_highlight","text":"check_style() -> None\n
"},{"location":"reference/pwndbg/color/telescope/","title":"pwndbg.color.telescope","text":""},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope","title":"telescope","text":"syntax_highlight(code: str, filename: str = '.asm') -> str\nFunctions:
-
offset\u2013 -
register\u2013 -
separator\u2013 -
delimiter\u2013 -
repeating_marker\u2013
Attributes:
-
offset_color\u2013 -
register_color\u2013 -
offset_separator_color\u2013 -
offset_delimiter_color\u2013 -
repeating_marker_color\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register_color","title":"register_coloroffset_color = add_color_param(\n \"telescope-offset-color\",\n \"normal\",\n \"color of the telescope command (offset prefix)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_separator_color","title":"offset_separator_colorregister_color = add_color_param(\n \"telescope-register-color\",\n \"bold\",\n \"color of the telescope command (register)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_delimiter_color","title":"offset_delimiter_coloroffset_separator_color = add_color_param(\n \"telescope-offset-separator-color\",\n \"normal\",\n \"color of the telescope command (offset separator)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker_color","title":"repeating_marker_coloroffset_delimiter_color = add_color_param(\n \"telescope-offset-delimiter-color\",\n \"normal\",\n \"color of the telescope command (offset delimiter)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset","title":"offset","text":"repeating_marker_color = add_color_param(\n \"telescope-repeating-marker-color\",\n \"normal\",\n \"color of the telescope command (repeating values marker)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register","title":"register","text":"offset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.separator","title":"separator","text":"register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.delimiter","title":"delimiter","text":"separator(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker","title":"repeating_marker","text":"delimiter(x: object) -> str\n
"},{"location":"reference/pwndbg/color/theme/","title":"pwndbg.color.theme","text":""},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme","title":"theme","text":"repeating_marker(x: object) -> str\nClasses:
-
ColorParameter\u2013
Functions:
-
add_param\u2013 -
add_color_param\u2013
ColorParameter(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: str = \"config\",\n)\nBases:
ParameterMethods:
-
add_update_listener\u2013 -
revert_default\u2013 -
attr_name\u2013Returns the attribute name associated with this config option,
-
__getattr__\u2013 -
pretty_val\u2013Convert a value this object could contain to its pretty string representation.
-
pretty\u2013 -
pretty_default\u2013 -
__int__\u2013 -
__str__\u2013 -
__bool__\u2013 -
__eq__\u2013 -
__lt__\u2013 -
__add__\u2013 -
__radd__\u2013 -
__sub__\u2013 -
__rsub__\u2013 -
__mul__\u2013 -
__rmul__\u2013 -
__div__\u2013 -
__floordiv__\u2013 -
__pow__\u2013 -
__mod__\u2013 -
__len__\u2013
Attributes:
-
name\u2013 -
default\u2013 -
param_class\u2013 -
set_show_doc\u2013 -
help_docstring\u2013 -
enum_sequence\u2013 -
scope\u2013 -
update_listeners(list[Callable[[Any], None]]) \u2013 -
value(Any) \u2013 -
is_changed(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.default","title":"defaultname = name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.param_class","title":"param_classdefault = default\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.set_show_doc","title":"set_show_docparam_class = param_class or PARAM_CLASSES[type(default)]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.help_docstring","title":"help_docstringset_show_doc = strip()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.enum_sequence","title":"enum_sequencehelp_docstring = strip()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.scope","title":"scopeenum_sequence = enum_sequence\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.update_listeners","title":"update_listenersscope = scope\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.value","title":"valueupdate_listeners: list[Callable[[Any], None]] = []\npropertywritable","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.is_changed","title":"is_changedvalue: Any\nproperty","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.add_update_listener","title":"add_update_listener","text":"is_changed: bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.revert_default","title":"revert_default","text":"add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.attr_name","title":"attr_name","text":"revert_default() -> None\nattr_name() -> str\nReturns the attribute name associated with this config option, i.e.
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__getattr__","title":"__getattr__","text":"my-confighas the attribute namemy_config
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_val","title":"pretty_val","text":"__getattr__(name: str)\npretty_val(val: Any) -> str\nConvert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty","title":"pretty","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_default","title":"pretty_default","text":"pretty() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__int__","title":"__int__","text":"pretty_default() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__str__","title":"__str__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__bool__","title":"__bool__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__eq__","title":"__eq__","text":"__bool__() -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__lt__","title":"__lt__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__add__","title":"__add__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__radd__","title":"__radd__","text":"__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__sub__","title":"__sub__","text":"__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rsub__","title":"__rsub__","text":"__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mul__","title":"__mul__","text":"__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rmul__","title":"__rmul__","text":"__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__div__","title":"__div__","text":"__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__floordiv__","title":"__floordiv__","text":"__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__pow__","title":"__pow__","text":"__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mod__","title":"__mod__","text":"__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__len__","title":"__len__","text":"__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_param","title":"add_param","text":"__len__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_color_param","title":"add_color_param","text":"add_param(\n name: str,\n default: Any,\n set_show_doc: str,\n color_param: bool = False,\n *,\n help_docstring: str = \"\",\n) -> Parameter\n
"},{"location":"reference/pwndbg/commands/","title":"pwndbg.commands","text":""},{"location":"reference/pwndbg/commands/#pwndbg.commands","title":"commands","text":"add_color_param(name: str, default: Any, set_show_doc: str) -> Parameter\nModules:
-
ai\u2013This command sends information on the current debugging context to OpenAI's
-
argv\u2013 -
aslr\u2013 -
asm\u2013 -
attachp\u2013 -
auxv\u2013 -
binder\u2013 -
binja\u2013 -
binja_functions\u2013 -
branch\u2013 -
canary\u2013 -
checksec\u2013 -
comments\u2013 -
config\u2013Dumps all pwndbg-specific configuration points.
-
context\u2013 -
cpsr\u2013 -
cyclic\u2013 -
cymbol\u2013Add, load, show, edit, or delete symbols for custom structures.
-
dev\u2013 -
distance\u2013 -
dt\u2013 -
dumpargs\u2013 -
elf\u2013 -
flags\u2013 -
gdt\u2013 -
ghidra\u2013 -
godbg\u2013 -
got\u2013 -
got_tracking\u2013 -
hex2ptr\u2013 -
hexdump\u2013 -
hijack_fd\u2013 -
ida\u2013 -
ignore\u2013Ignoring a breakpoint
-
integration\u2013 -
ipython_interactive\u2013Command to start an interactive IPython prompt.
-
jemalloc\u2013 -
kbase\u2013 -
kchecksec\u2013 -
kcmdline\u2013 -
kconfig\u2013 -
killthreads\u2013 -
klookup\u2013 -
knft\u2013 -
kversion\u2013 -
leakfind\u2013Find a chain of leaks given some starting address.
-
libcinfo\u2013 -
linkmap\u2013 -
memoize\u2013 -
misc\u2013 -
mmap\u2013 -
mprotect\u2013 -
nearpc\u2013 -
next\u2013Stepping until an event occurs
-
onegadget\u2013 -
p2p\u2013 -
patch\u2013 -
pcplist\u2013 -
peda\u2013 -
pie\u2013 -
plist\u2013 -
probeleak\u2013 -
procinfo\u2013 -
profiler\u2013Utilities for profiling pwndbg.
-
ptmalloc2\u2013 -
ptmalloc2_tracking\u2013 -
radare2\u2013 -
reload\u2013 -
retaddr\u2013 -
rizin\u2013 -
rop\u2013 -
ropper\u2013 -
search\u2013 -
segments\u2013 -
shell\u2013Wrapper for shell commands.
-
sigreturn\u2013 -
slab\u2013Commands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
-
spray\u2013 -
start\u2013Launches the target process after setting a breakpoint at a convenient
-
strings\u2013 -
telescope\u2013Prints out pointer chains starting at some address in memory.
-
tips\u2013 -
tls\u2013Command to print the information of the current Thread Local Storage (TLS).
-
valist\u2013 -
version\u2013Implements version and bugreport commands.
-
vmmap\u2013Command to print the virtual memory map a la /proc/self/maps.
-
windbg\u2013Compatibility functionality for Windbg users.
-
xinfo\u2013 -
xor\u2013
Classes:
-
CommandCategory\u2013 -
Command\u2013Generic command wrapper
-
ArgparsedCommand\u2013Adds documentation and offloads parsing for a Command via argparse
Functions:
-
fix\u2013Fix a single command-line argument coming from the CLI.
-
fix_reraise\u2013 -
fix_reraise_arg\u2013fix_reraise wrapper for evaluating command arguments
-
fix_int\u2013 -
fix_int_reraise\u2013 -
fix_int_reraise_arg\u2013fix_int_reraise wrapper for evaluating command arguments
-
func_name\u2013 -
OnlyWhenLocal\u2013 -
OnlyWithFile\u2013 -
OnlyWhenQemuKernel\u2013 -
OnlyWhenUserspace\u2013 -
OnlyWithKernelDebugSyms\u2013 -
OnlyWhenPagingEnabled\u2013 -
OnlyWhenRunning\u2013 -
OnlyWithTcache\u2013 -
OnlyWhenHeapIsInitialized\u2013 -
OnlyWithResolvedHeapSyms\u2013 -
sloppy_gdb_parse\u2013This function should be used as
argparse.ArgumentParser.add_argument method'stypehelper. -
AddressExpr\u2013Parses an address expression. Returns an int.
-
HexOrAddressExpr\u2013Parses string as hexadecimal int or an address expression. Returns an int.
-
load_commands\u2013
Attributes:
-
log\u2013 -
T\u2013 -
P\u2013 -
commands(list[Command]) \u2013 -
command_names(set[str]) \u2013 -
GDB_BUILTIN_COMMANDS\u2013 -
pwndbg_is_reloading\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.T","title":"Tlog = getLogger(__name__)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.P","title":"PT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.commands","title":"commandsP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.command_names","title":"command_namescommands: list[Command] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.GDB_BUILTIN_COMMANDS","title":"GDB_BUILTIN_COMMANDScommand_names: set[str] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.pwndbg_is_reloading","title":"pwndbg_is_reloadingGDB_BUILTIN_COMMANDS = commands()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory","title":"CommandCategory","text":"pwndbg_is_reloading = False\nBases:
str,EnumAttributes:
-
START\u2013 -
NEXT\u2013 -
CONTEXT\u2013 -
PTMALLOC2\u2013 -
JEMALLOC\u2013 -
BREAKPOINT\u2013 -
MEMORY\u2013 -
STACK\u2013 -
REGISTER\u2013 -
PROCESS\u2013 -
LINUX\u2013 -
DISASS\u2013 -
MISC\u2013 -
KERNEL\u2013 -
INTEGRATIONS\u2013 -
WINDBG\u2013 -
PWNDBG\u2013 -
SHELL\u2013 -
DEV\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.NEXT","title":"NEXTSTART = 'Start'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.CONTEXT","title":"CONTEXTNEXT = 'Step/Next/Continue'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PTMALLOC2","title":"PTMALLOC2CONTEXT = 'Context'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.JEMALLOC","title":"JEMALLOCPTMALLOC2 = 'GLibc ptmalloc2 Heap'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.BREAKPOINT","title":"BREAKPOINTJEMALLOC = 'jemalloc Heap'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MEMORY","title":"MEMORYBREAKPOINT = 'Breakpoint'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.STACK","title":"STACKMEMORY = 'Memory'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.REGISTER","title":"REGISTERSTACK = 'Stack'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PROCESS","title":"PROCESSREGISTER = 'Register'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.LINUX","title":"LINUXPROCESS = 'Process'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DISASS","title":"DISASSLINUX = 'Linux/libc/ELF'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MISC","title":"MISCDISASS = 'Disassemble'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.KERNEL","title":"KERNELMISC = 'Misc'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.INTEGRATIONS","title":"INTEGRATIONSKERNEL = 'Kernel'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.WINDBG","title":"WINDBGINTEGRATIONS = 'Integrations'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PWNDBG","title":"PWNDBGWINDBG = 'WinDbg'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.SHELL","title":"SHELLPWNDBG = 'pwndbg'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DEV","title":"DEVSHELL = 'Shell'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command","title":"Command","text":"DEV = 'Developer'\nCommand(\n function: Callable[..., str | None],\n prefix: bool = False,\n command_name: str | None = None,\n shell: bool = False,\n is_alias: bool = False,\n aliases: list[str] = [],\n category: CommandCategory = MISC,\n doc: str | None = None,\n)\nGeneric command wrapper
Methods:
-
split_args\u2013Split a command-line string from the user into arguments.
-
invoke\u2013Invoke the command with an argument string
-
check_repeated\u2013Keep a record of all commands which come from the TTY.
-
__call__\u2013
Attributes:
-
builtin_override_whitelist(set[str]) \u2013 -
history(dict[int, str]) \u2013 -
is_alias\u2013 -
aliases\u2013 -
category\u2013 -
shell\u2013 -
doc\u2013 -
handle\u2013 -
function\u2013 -
__name__\u2013 -
repeat\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.history","title":"historybuiltin_override_whitelist: set[str] = {\n \"up\",\n \"down\",\n \"search\",\n \"pwd\",\n \"start\",\n \"starti\",\n \"ignore\",\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.is_alias","title":"is_aliashistory: dict[int, str] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.aliases","title":"aliasesis_alias = is_alias\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.category","title":"categoryaliases = aliases\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.shell","title":"shellcategory = category\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.doc","title":"docshell = shell\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.handle","title":"handledoc = doc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.function","title":"functionhandle = add_command(command_name, _handler, doc)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.__name__","title":"__name__function = function\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.repeat","title":"repeat__name__ = command_name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.split_args","title":"split_args","text":"repeat = False\nsplit_args(argument: str) -> tuple[list[str], dict[Any, Any]]\nSplit a command-line string from the user into arguments.
This is only used by pwndbg/commands/shell.py which is deprecated. Usually _ArgparsedCommand.split_args is called.
Returns:
-
list[str]\u2013A
(tuple, dict), in the form of*args, **kwargs. -
dict[Any, Any]\u2013The contents of the tuple/dict are undefined.
invoke(argument: str, from_tty: bool) -> None\nInvoke the command with an argument string
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.check_repeated","title":"check_repeated","text":"check_repeated(argument: str, from_tty: bool) -> bool\nKeep a record of all commands which come from the TTY.
Returns:
-
bool\u2013True if this command was executed by the user just hitting \"enter\".
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand","title":"ArgparsedCommand","text":"__call__(*args: Any, **kwargs: Any) -> str | None\nArgparsedCommand(\n parser_or_desc: str | ArgumentParser,\n category: CommandCategory,\n command_name: str | None = None,\n aliases: list[str] = [],\n only_debuggers: set[DebuggerType] = None,\n exclude_debuggers: set[DebuggerType] = None,\n)\nAdds documentation and offloads parsing for a Command via argparse
Methods:
-
__call__\u2013
Attributes:
-
parser\u2013 -
aliases\u2013 -
category\u2013 -
only_debuggers\u2013 -
exclude_debuggers\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand.aliases","title":"aliasesparser = ArgumentParser(description=parser_or_desc)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand.category","title":"categoryaliases = aliases\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand.only_debuggers","title":"only_debuggerscategory = category\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand.exclude_debuggers","title":"exclude_debuggersonly_debuggers = only_debuggers\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand.__call__","title":"__call__","text":"exclude_debuggers = exclude_debuggers\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix","title":"fix","text":"__call__(function: Callable[..., Any]) -> _ArgparsedCommand\nfix(\n arg: str | Value,\n sloppy: bool = False,\n quiet: bool = True,\n reraise: bool = False,\n) -> str | Value | None\nFix a single command-line argument coming from the CLI.
Parameters:
-
arg(str | Value) \u2013Original string representation (e.g. '0', '$rax', '$rax+44')
-
sloppy(bool, default:False) \u2013If
argcannot be evaluated, returnarg. (default: False) -
quiet(bool, default:True) \u2013If an error occurs, suppress it. (default: True)
-
reraise(bool, default:False) \u2013If an error occurs, raise the exception. (default: False)
Returns:
-
str | Value | None\u2013Ideally a
Valueobject. May return astrifsloppy==True. -
str | Value | None\u2013May return
Noneifsloppy == False and reraise == False.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_reraise_arg","title":"fix_reraise_arg","text":"fix_reraise(*a, **kw) -> str | Value | None\nfix_reraise_arg(arg) -> Value\nfix_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int","title":"fix_int","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise","title":"fix_int_reraise","text":"fix_int(*a, **kw) -> int\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise_arg","title":"fix_int_reraise_arg","text":"fix_int_reraise(*a, **kw) -> int\nfix_int_reraise_arg(arg) -> int\nfix_int_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.func_name","title":"func_name","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenLocal","title":"OnlyWhenLocal","text":"func_name(function: Callable[P, T]) -> str\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithFile","title":"OnlyWithFile","text":"OnlyWhenLocal(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWithFile(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenUserspace","title":"OnlyWhenUserspace","text":"OnlyWhenQemuKernel(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithKernelDebugSyms","title":"OnlyWithKernelDebugSyms","text":"OnlyWhenUserspace(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenPagingEnabled","title":"OnlyWhenPagingEnabled","text":"OnlyWithKernelDebugSyms(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenRunning","title":"OnlyWhenRunning","text":"OnlyWhenPagingEnabled(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithTcache","title":"OnlyWithTcache","text":"OnlyWhenRunning(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenHeapIsInitialized","title":"OnlyWhenHeapIsInitialized","text":"OnlyWithTcache(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithResolvedHeapSyms","title":"OnlyWithResolvedHeapSyms","text":"OnlyWhenHeapIsInitialized(\n function: Callable[P, T],\n) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.sloppy_gdb_parse","title":"sloppy_gdb_parse","text":"OnlyWithResolvedHeapSyms(function: Callable[P, T]) -> Callable[P, T | None]\nsloppy_gdb_parse(s: str) -> int | str\nThis function should be used as
argparse.ArgumentParser.add_argument method'stypehelper.This makes the type being parsed as gdb value and if that parsing fails, a string is returned.
:param s: String. :return: Whatever gdb.parse_and_eval returns or string.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.AddressExpr","title":"AddressExpr","text":"AddressExpr(s: str) -> int\nParses an address expression. Returns an int.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.HexOrAddressExpr","title":"HexOrAddressExpr","text":"HexOrAddressExpr(s: str) -> int\nParses string as hexadecimal int or an address expression. Returns an int. (e.g. '1234' will return 0x1234)
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.load_commands","title":"load_commands","text":"
"},{"location":"reference/pwndbg/commands/ai/","title":"pwndbg.commands.ai","text":""},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai","title":"ai","text":"load_commands() -> None\nThis command sends information on the current debugging context to OpenAI's GPT-3 large language model and asks it a question supplied by the user. It then displays GPT-3's response to that question to the user.
Functions:
-
set_dummy_mode\u2013 -
get_openai_api_key\u2013 -
get_anthropic_api_key\u2013 -
get_ollama_endpoint\u2013 -
build_prompt\u2013 -
flatten_prompt\u2013 -
build_context_prompt_body\u2013 -
build_command_prompt_body\u2013 -
query_openai_chat\u2013 -
query_openai_completions\u2013 -
query\u2013 -
query_anthropic\u2013 -
query_ollama\u2013 -
get_openai_models\u2013 -
ai\u2013
Attributes:
-
last_question(list[str]) \u2013 -
last_answer(list[str]) \u2013 -
last_pc\u2013 -
last_command\u2013 -
dummy\u2013 -
verbosity\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_answer","title":"last_answerlast_question: list[str] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_pc","title":"last_pclast_answer: list[str] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_command","title":"last_commandlast_pc = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.dummy","title":"dummylast_command = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.verbosity","title":"verbositydummy = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.parser","title":"parserverbosity = 0\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.set_dummy_mode","title":"set_dummy_mode","text":"parser = ArgumentParser(\n description=\"Ask GPT-3 a question about the current debugging context.\"\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_api_key","title":"get_openai_api_key","text":"set_dummy_mode(d=True) -> None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_anthropic_api_key","title":"get_anthropic_api_key","text":"get_openai_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_ollama_endpoint","title":"get_ollama_endpoint","text":"get_anthropic_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_prompt","title":"build_prompt","text":"get_ollama_endpoint()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.flatten_prompt","title":"flatten_prompt","text":"build_prompt(question, command=None)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_context_prompt_body","title":"build_context_prompt_body","text":"flatten_prompt(conversation)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_command_prompt_body","title":"build_command_prompt_body","text":"build_context_prompt_body()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_chat","title":"query_openai_chat","text":"build_command_prompt_body(command)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_completions","title":"query_openai_completions","text":"query_openai_chat(\n prompt, model=\"gpt-3.5-turbo\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query","title":"query","text":"query_openai_completions(\n prompt, model=\"text-davinci-003\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_anthropic","title":"query_anthropic","text":"query(prompt, model='text-davinci-003', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_ollama","title":"query_ollama","text":"query_anthropic(prompt, model='claude-v1', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_models","title":"get_openai_models","text":"query_ollama(prompt, model='mistral', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.ai","title":"ai","text":"get_openai_models()\n
"},{"location":"reference/pwndbg/commands/argv/","title":"pwndbg.commands.argv","text":""},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv","title":"argv","text":"ai(\n question,\n model,\n temperature,\n max_tokens,\n verbose,\n list_models=False,\n command=None,\n) -> None\nFunctions:
-
argc\u2013 -
argv\u2013 -
envp\u2013Prints out the contents of the environment.
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argc","title":"argc","text":"parser = ArgumentParser(\n description=\"Prints out the contents of the environment.\"\n)\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argv","title":"argv","text":"argc() -> None\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.envp","title":"envp","text":"argv(i: int = None) -> None\nenvp(name: str = None)\nPrints out the contents of the environment.
"},{"location":"reference/pwndbg/commands/aslr/","title":"pwndbg.commands.aslr","text":""},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr","title":"aslr","text":"Functions:
-
check_aslr\u2013Detects the ASLR status. Returns True, False or None.
-
aslr\u2013
Attributes:
-
options\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.parser","title":"parseroptions = {'on': 'off', 'off': 'on'}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.check_aslr","title":"check_aslr","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nCheck the current ASLR status, or turn it on/off.\\n\\nDoes not take effect until the program is restarted.\\n\",\n)\ncheck_aslr() -> tuple[bool | None, str]\nDetects the ASLR status. Returns True, False or None.
None is returned when we can't detect ASLR.
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.aslr","title":"aslr","text":"
"},{"location":"reference/pwndbg/commands/asm/","title":"pwndbg.commands.asm","text":""},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm","title":"asm","text":"aslr(state=None) -> None\nFunctions:
-
asm\u2013
Attributes:
-
parser\u2013 -
input_group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.input_group","title":"input_groupparser = ArgumentParser(description='Assemble shellcode into bytes')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.asm","title":"asm","text":"input_group = add_mutually_exclusive_group(required=True)\n
"},{"location":"reference/pwndbg/commands/attachp/","title":"pwndbg.commands.attachp","text":""},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp","title":"attachp","text":"asm(shellcode, format, arch, avoid, infile) -> None\nFunctions:
-
find_pids\u2013 -
attachp\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.find_pids","title":"find_pids","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description='Attaches to a given pid, process name, process found with partial argv match or to a device file.\\n\\nThis command wraps the original GDB `attach` command to add the ability\\nto debug a process with a given name or partial name match. In such cases,\\nthe process identifier is fetched via the `pidof <name>` command first. If no\\nmatches are found, then it uses the `ps -eo pid,args` command to search for\\npartial name matches.\\n\\nOriginal GDB attach command help:\\n Attach to a process or file outside of GDB.\\n This command attaches to another target, of the same type as your last\\n \"target\" command (\"info files\" will show your target stack).\\n The command may take as argument a process id or a device file.\\n For a process id, you must have permission to send the process a signal,\\n and it must have the same effective uid as the debugger.\\n When using \"attach\" with a process id, the debugger finds the\\n program running in the process, looking first in the current working\\n directory, or (if not found there) using the source file search path\\n (see the \"directory\" command). You can also use the \"file\" command\\n to specify the program, and to load its symbol table.',\n)\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.attachp","title":"attachp","text":"find_pids(target, user, exact, all)\n
"},{"location":"reference/pwndbg/commands/auxv/","title":"pwndbg.commands.auxv","text":""},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv","title":"auxv","text":"attachp(target, no_truncate, retry, exact, all, user=None) -> None\nFunctions:
-
auxv\u2013 -
auxv_explore\u2013
"},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv.auxv_explore","title":"auxv_explore","text":"auxv() -> None\n
"},{"location":"reference/pwndbg/commands/binder/","title":"pwndbg.commands.binder","text":""},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder","title":"binder","text":"auxv_explore() -> None\nClasses:
-
IndentContextManager\u2013 -
BinderVisitor\u2013
Functions:
-
for_each_transaction\u2013 -
for_each_hlist_entry\u2013 -
binder\u2013
Attributes:
-
log\u2013 -
addrc\u2013 -
fieldnamec\u2013 -
fieldvaluec\u2013 -
typenamec\u2013 -
node_types\u2013 -
entry_field_names\u2013 -
rb_node_field_names\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.addrc","title":"addrclog = getLogger(__name__)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldnamec","title":"fieldnamecaddrc = green\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldvaluec","title":"fieldvaluecfieldnamec = blue\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.typenamec","title":"typenamecfieldvaluec = yellow\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.node_types","title":"node_typestypenamec = red\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.entry_field_names","title":"entry_field_namesnode_types = {\n \"waiting_threads\": \"struct binder_thread\",\n \"todo\": \"struct binder_work\",\n \"refs\": \"struct binder_ref\",\n \"threads\": \"struct binder_thread\",\n \"nodes\": \"struct binder_node\",\n \"refs_by_node\": \"struct binder_ref\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.rb_node_field_names","title":"rb_node_field_namesentry_field_names = {\n \"waiting_threads\": \"waiting_thread_node\",\n \"todo\": \"entry\",\n \"refs\": \"node_entry\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.parser","title":"parserrb_node_field_names = {\n \"threads\": \"rb_node\",\n \"nodes\": \"rb_node\",\n \"refs_by_node\": \"rb_node_node\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager","title":"IndentContextManager","text":"parser = ArgumentParser(description='Show Android Binder information')\nIndentContextManager()\nMethods:
-
__enter__\u2013 -
__exit__\u2013
Attributes:
-
indent\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__enter__","title":"__enter__","text":"indent = 0\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__exit__","title":"__exit__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor","title":"BinderVisitor","text":"__exit__(exc_type, exc_value, exc_tb)\nBinderVisitor(procs_addr)\nMethods:
-
format_rb_tree\u2013 -
format_list\u2013 -
visit\u2013 -
format_proc\u2013 -
format_thread\u2013 -
format_transaction\u2013 -
format_node\u2013 -
format_ref\u2013 -
format_work\u2013 -
print_object\u2013 -
format_spinlock\u2013
Attributes:
-
indent\u2013 -
addr\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.addr","title":"addrindent = IndentContextManager()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_rb_tree","title":"format_rb_tree","text":"addr = get_typed_pointer_value('struct hlist_head', procs_addr)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_list","title":"format_list","text":"format_rb_tree(field: str, value: Value) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.visit","title":"visit","text":"format_list(field: str, value: Value, typename: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_proc","title":"format_proc","text":"visit()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_thread","title":"format_thread","text":"format_proc(proc: Value, only_heading=False)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_transaction","title":"format_transaction","text":"format_thread(thread: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_node","title":"format_node","text":"format_transaction(transaction: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_ref","title":"format_ref","text":"format_node(node: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_work","title":"format_work","text":"format_ref(ref: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.print_object","title":"print_object","text":"format_work(work: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_spinlock","title":"format_spinlock","text":"print_object(obj: Value)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_transaction","title":"for_each_transaction","text":"format_spinlock(lock: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_hlist_entry","title":"for_each_hlist_entry","text":"for_each_transaction(addr: Value, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.binder","title":"binder","text":"for_each_hlist_entry(head: Value, typename, field) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binja/","title":"pwndbg.commands.binja","text":""},{"location":"reference/pwndbg/commands/binja/#pwndbg.commands.binja","title":"binja","text":"binder()\nFunctions:
-
bn_sync\u2013Synchronize Binary Ninja's cursor with GDB
bn_sync(*args) -> None\nSynchronize Binary Ninja's cursor with GDB
"},{"location":"reference/pwndbg/commands/binja_functions/","title":"pwndbg.commands.binja_functions","text":""},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions","title":"binja_functions","text":"Functions:
-
bn_sym\u2013Lookup a symbol's address by name from Binary Ninja.
-
bn_var\u2013Lookup a stack variable's address by name from Binary Ninja.
-
bn_eval\u2013Parse and evaluate a Binary Ninja expression.
bn_sym(name_val: Value) -> int | None\nLookup a symbol's address by name from Binary Ninja.
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_var","title":"bn_var","text":"bn_var(name_val: Value) -> int | None\nLookup a stack variable's address by name from Binary Ninja.
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_eval","title":"bn_eval","text":"bn_eval(expr: Value) -> int | None\nParse and evaluate a Binary Ninja expression.
Docs: https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView.parse_expression
Adds all registers in the current register set as magic variables (e.g. $rip). Also adds a $piebase magic variable with the computed executable base.
"},{"location":"reference/pwndbg/commands/branch/","title":"pwndbg.commands.branch","text":""},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch","title":"branch","text":"Classes:
-
BreakOnConditionalBranch\u2013A breakpoint that only stops the inferior if a given branch is taken or not taken.
Functions:
-
break_if_taken\u2013 -
break_if_not_taken\u2013 -
install_breakpoint\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch","title":"BreakOnConditionalBranch","text":"parser = ArgumentParser(description='Breaks on a branch if it is not taken.')\nBreakOnConditionalBranch(instruction: PwndbgInstruction, taken: bool)\nBases:
BreakpointA breakpoint that only stops the inferior if a given branch is taken or not taken.
Methods:
-
should_stop\u2013 -
stop\u2013
Attributes:
-
instruction\u2013 -
taken\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.taken","title":"takeninstruction = instruction\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.should_stop","title":"should_stop","text":"taken = taken\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.stop","title":"stop","text":"should_stop()\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_taken","title":"break_if_taken","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_not_taken","title":"break_if_not_taken","text":"break_if_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.install_breakpoint","title":"install_breakpoint","text":"break_if_not_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/canary/","title":"pwndbg.commands.canary","text":""},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary","title":"canary","text":"install_breakpoint(branch, taken: bool) -> None\nFunctions:
-
canary_value\u2013 -
canary\u2013
Attributes:
-
DEFAULT_NUM_CANARIES_TO_DISPLAY\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.parser","title":"parserDEFAULT_NUM_CANARIES_TO_DISPLAY = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary_value","title":"canary_value","text":"parser = ArgumentParser(description='Print out the current stack canary.')\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary","title":"canary","text":"canary_value()\n
"},{"location":"reference/pwndbg/commands/checksec/","title":"pwndbg.commands.checksec","text":""},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec","title":"checksec","text":"canary(all) -> None\nFunctions:
-
checksec\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec.checksec","title":"checksec","text":"parser = ArgumentParser(\n description=\"Prints out the binary security settings using `checksec`.\"\n)\n
"},{"location":"reference/pwndbg/commands/comments/","title":"pwndbg.commands.comments","text":""},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments","title":"comments","text":"checksec(file: str) -> None\nFunctions:
-
comm\u2013 -
init\u2013
Attributes:
-
parser\u2013 -
file_lists(dict[str, dict[str, str]]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.file_lists","title":"file_listsparser = ArgumentParser(description='Put comments in assembly code.')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.comm","title":"comm","text":"file_lists: dict[str, dict[str, str]] = {}\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.init","title":"init","text":"comm(addr=None, comment=None) -> None\n
"},{"location":"reference/pwndbg/commands/config/","title":"pwndbg.commands.config","text":""},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config","title":"config","text":"init() -> None\nDumps all pwndbg-specific configuration points.
Functions:
-
print_row\u2013 -
extend_value_with_default\u2013 -
get_config_parameters\u2013 -
display_config\u2013 -
config\u2013 -
theme\u2013 -
configfile\u2013 -
themefile\u2013 -
configfile_print_scope\u2013
Attributes:
-
configfile_parser\u2013 -
parser\u2013 -
themefile_parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.parser","title":"parserconfigfile_parser = ArgumentParser(\n description=\"Generates a configuration file for the current pwndbg options.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile_parser","title":"themefile_parserparser = ArgumentParser(\n description=\"Shows pwndbg-specific theme configuration.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.print_row","title":"print_row","text":"themefile_parser = ArgumentParser(\n description=\"Generates a configuration file for the current pwndbg theme options.\"\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.extend_value_with_default","title":"extend_value_with_default","text":"print_row(\n name: str,\n value: str,\n default: str,\n set_show_doc: str,\n ljust_optname: int,\n ljust_doc: int,\n empty_space: int = 2,\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.get_config_parameters","title":"get_config_parameters","text":"extend_value_with_default(value, default)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.display_config","title":"display_config","text":"get_config_parameters(scope, filter_pattern)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.config","title":"config","text":"display_config(\n filter_pattern: str, scope: str, has_file_command: bool = True\n) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.theme","title":"theme","text":"config(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile","title":"configfile","text":"theme(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile","title":"themefile","text":"configfile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile_print_scope","title":"configfile_print_scope","text":"themefile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/context/","title":"pwndbg.commands.context","text":""},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context","title":"context","text":"configfile_print_scope(scope: str, show_all: bool = False) -> None\nClasses:
-
StdOutput\u2013A context manager wrapper to give stdout
-
FileOutput\u2013A context manager wrapper to reopen files on enter
-
CallOutput\u2013A context manager which calls a function on write
Functions:
-
clear_screen\u2013Clear the screen by moving the cursor to top-left corner and
-
reserve_lines_maybe\u2013Scroll the terminal up a few lines to reduce shaking
-
validate_context_sections\u2013 -
output\u2013Creates a context manager corresponding to configured context output
-
contextoutput\u2013 -
resetcontextoutput\u2013 -
history_size_changed\u2013 -
serve_context_history\u2013 -
history_handle_unchanged_contents\u2013 -
contextprev\u2013 -
contextnext\u2013 -
contextsearch\u2013 -
contextwatch\u2013 -
contextunwatch\u2013 -
context_expressions\u2013 -
context_ghidra\u2013Print out the source of the current function decompiled by ghidra.
-
context\u2013Print out the current register, instruction, and stack context.
-
calculate_padding_to_align\u2013Calculates the number of spaces to append to reach the next alignment.
-
compact_regs\u2013 -
context_regs\u2013 -
context_heap_tracker\u2013 -
regs\u2013Print out all registers and enhance the information.
-
get_regs\u2013 -
try_emulate_if_bug_disable\u2013 -
context_disasm\u2013 -
get_highlight_source\u2013 -
get_filename_and_formatted_source\u2013Returns formatted, lines limited and highlighted source as list
-
context_code\u2013 -
context_stack\u2013 -
context_backtrace\u2013 -
context_args\u2013 -
get_thread_status\u2013 -
context_threads\u2013 -
save_signal\u2013 -
context_last_signal\u2013
Attributes:
-
log\u2013 -
T\u2013 -
P\u2013 -
c\u2013 -
config_reserve_lines\u2013 -
config_clear_screen\u2013 -
config_output\u2013 -
config_context_sections\u2013 -
config_max_threads_display\u2013 -
outputs(dict[str, str]) \u2013 -
output_settings(DefaultDict[str, dict[str, Any]]) \u2013 -
banner_arg\u2013 -
context_history(DefaultDict[str, list[list[str]]]) \u2013 -
selected_history_index(int | None) \u2013 -
context_history_size\u2013 -
expressions\u2013 -
config_context_ghidra\u2013 -
parser\u2013 -
disasm_lines\u2013 -
source_disasm_lines\u2013 -
should_decompile\u2013 -
stack_lines\u2013 -
backtrace_lines\u2013 -
backtrace_frame_label\u2013 -
last_signal(list[str]) \u2013 -
thread_status_messages\u2013 -
context_sections\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.T","title":"Tlog = getLogger(__name__)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.P","title":"PT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.c","title":"cP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_reserve_lines","title":"config_reserve_linesc = ColorConfig(\n \"backtrace\",\n [\n ColorParamSpec(\n \"prefix\", \"none\", \"color for prefix of current backtrace label\"\n ),\n ColorParamSpec(\"address\", \"none\", \"color for backtrace (address)\"),\n ColorParamSpec(\"symbol\", \"none\", \"color for backtrace (symbol)\"),\n ColorParamSpec(\n \"frame-label\", \"none\", \"color for backtrace (frame label)\"\n ),\n ],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_clear_screen","title":"config_clear_screenconfig_reserve_lines = add_param(\n \"context-reserve-lines\",\n \"if-ctx-fits\",\n \"when to reserve lines after the prompt to reduce context shake\",\n help_docstring='\\nThe \"if-ctx-fits\" setting only reserves lines if the whole context would still fit vertically in the current terminal window.\\nIt doesn\\'t take into account line-wrapping due to insufficient terminal width.\\n',\n param_class=PARAM_ENUM,\n enum_sequence=[\"never\", \"if-ctx-fits\", \"always\"],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_output","title":"config_outputconfig_clear_screen = add_param(\n \"context-clear-screen\",\n False,\n \"whether to clear the screen before printing the context\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_sections","title":"config_context_sectionsconfig_output = add_param(\n \"context-output\",\n \"stdout\",\n 'where pwndbg should output (\"stdout\" or file/tty).',\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_max_threads_display","title":"config_max_threads_displayconfig_context_sections = add_param(\n \"context-sections\",\n \"regs disasm code ghidra stack backtrace expressions threads heap_tracker\",\n \"which context sections are displayed (controls order)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.outputs","title":"outputsconfig_max_threads_display = add_param(\n \"context-max-threads\",\n 4,\n \"maximum number of threads displayed by the context command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output_settings","title":"output_settingsoutputs: dict[str, str] = {}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.banner_arg","title":"banner_argoutput_settings: DefaultDict[str, dict[str, Any]] = defaultdict(dict)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history","title":"context_historybanner_arg = add_argument(\n \"banner\",\n type=str,\n nargs=\"?\",\n default=\"both\",\n help=\"Where a banner should be placed: both, top , bottom, none\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.selected_history_index","title":"selected_history_indexcontext_history: DefaultDict[str, list[list[str]]] = defaultdict(list)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history_size","title":"context_history_sizeselected_history_index: int | None = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.expressions","title":"expressionscontext_history_size = add_param(\n \"context-history-size\", 50, \"number of context history entries to store\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_ghidra","title":"config_context_ghidraexpressions = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.parser","title":"parserconfig_context_ghidra = add_param(\n \"context-ghidra\",\n \"never\",\n \"when to try to decompile the current function with ghidra\",\n help_docstring=\"Doing this is slow and requires radare2/r2pipe or rizin/rzpipe.\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"always\", \"never\", \"if-no-source\"],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.disasm_lines","title":"disasm_linesparser = ArgumentParser(\n description=\"Print out all registers and enhance the information.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.source_disasm_lines","title":"source_disasm_linesdisasm_lines = add_param(\n \"context-disasm-lines\",\n 10,\n \"number of additional lines to print in the disasm context\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.should_decompile","title":"should_decompilesource_disasm_lines = add_param(\n \"context-code-lines\",\n 10,\n \"number of source code lines to print by the context command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.stack_lines","title":"stack_linesshould_decompile = add_param(\n \"context-integration-decompile\",\n True,\n \"whether context should fall back to decompilation with no source code\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_lines","title":"backtrace_linesstack_lines = add_param(\n \"context-stack-lines\", 8, \"number of lines to print in the stack context\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_frame_label","title":"backtrace_frame_labelbacktrace_lines = add_param(\n \"context-backtrace-lines\",\n 8,\n \"number of lines to print in the backtrace context\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.last_signal","title":"last_signalbacktrace_frame_label = add_param(\n \"backtrace-frame-label\", \"\", \"frame number label for backtrace\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.thread_status_messages","title":"thread_status_messageslast_signal: list[str] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_sections","title":"context_sectionsthread_status_messages = {\n \"running\": light_green(\"running\"),\n \"stopped\": yellow(\"stopped\"),\n \"exited\": gray(\"exited \"),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput","title":"StdOutput","text":"context_sections = {\n \"a\": context_args,\n \"r\": context_regs,\n \"d\": context_disasm,\n \"s\": context_stack,\n \"b\": context_backtrace,\n \"c\": context_code,\n}\nA context manager wrapper to give stdout
Methods:
-
__enter__\u2013 -
__exit__\u2013 -
__hash__\u2013 -
__eq__\u2013
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__exit__","title":"__exit__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__hash__","title":"__hash__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__eq__","title":"__eq__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput","title":"FileOutput","text":"__eq__(other) -> bool\nFileOutput(*args)\nA context manager wrapper to reopen files on enter
Methods:
-
__enter__\u2013 -
__exit__\u2013 -
__hash__\u2013 -
__eq__\u2013
Attributes:
-
args\u2013 -
handle\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.handle","title":"handleargs = args\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__enter__","title":"__enter__","text":"handle = None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__exit__","title":"__exit__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__hash__","title":"__hash__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__eq__","title":"__eq__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput","title":"CallOutput","text":"__eq__(other)\nCallOutput(func)\nA context manager which calls a function on write
Methods:
-
__enter__\u2013 -
__exit__\u2013 -
__hash__\u2013 -
__eq__\u2013 -
write\u2013 -
writelines\u2013 -
flush\u2013 -
isatty\u2013
Attributes:
-
func\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__enter__","title":"__enter__","text":"func = func\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__exit__","title":"__exit__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__hash__","title":"__hash__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__eq__","title":"__eq__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.write","title":"write","text":"__eq__(other)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.writelines","title":"writelines","text":"write(data) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.flush","title":"flush","text":"writelines(lines_iterable) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.isatty","title":"isatty","text":"flush()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.clear_screen","title":"clear_screen","text":"isatty()\nclear_screen(out=stdout) -> None\nClear the screen by moving the cursor to top-left corner and clearing the content. Different terminals may act differently
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.reserve_lines_maybe","title":"reserve_lines_maybe","text":"reserve_lines_maybe(cmd_lines: int) -> None\nScroll the terminal up a few lines to reduce shaking when repeatedly printing the context.
Only do this if the context would still fit on the screen.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.validate_context_sections","title":"validate_context_sections","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output","title":"output","text":"validate_context_sections() -> None\noutput(section: str)\nCreates a context manager corresponding to configured context output
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextoutput","title":"contextoutput","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.resetcontextoutput","title":"resetcontextoutput","text":"contextoutput(section, path, clearing, banner='both', width: int = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_size_changed","title":"history_size_changed","text":"resetcontextoutput(section)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.serve_context_history","title":"serve_context_history","text":"history_size_changed() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_handle_unchanged_contents","title":"history_handle_unchanged_contents","text":"serve_context_history(\n function: Callable[P, list[str]],\n) -> Callable[P, list[str]]\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextprev","title":"contextprev","text":"history_handle_unchanged_contents() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextnext","title":"contextnext","text":"contextprev(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextsearch","title":"contextsearch","text":"contextnext(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextwatch","title":"contextwatch","text":"contextsearch(needle, section) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextunwatch","title":"contextunwatch","text":"contextwatch(expression, cmd) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_expressions","title":"context_expressions","text":"contextunwatch(num) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_ghidra","title":"context_ghidra","text":"context_expressions(target=stdout, with_banner=True, width=None)\ncontext_ghidra(target=stdout, with_banner=True, width=None)\nPrint out the source of the current function decompiled by ghidra.
The context-ghidra config parameter is used to configure whether to always, never or only show the context if no source is available.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context","title":"context","text":"context(subcontext=None, enabled=None) -> None\nPrint out the current register, instruction, and stack context.
Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.calculate_padding_to_align","title":"calculate_padding_to_align","text":"calculate_padding_to_align(length, align)\nCalculates the number of spaces to append to reach the next alignment. The next alignment point is given by \"x * align >= length\".
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.compact_regs","title":"compact_regs","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_regs","title":"context_regs","text":"compact_regs(regs, width=None, target=stdout)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_heap_tracker","title":"context_heap_tracker","text":"context_regs(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.regs","title":"regs","text":"context_heap_tracker(target=stdout, with_banner=True, width=None)\nregs(regs=[]) -> None\nPrint out all registers and enhance the information.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_regs","title":"get_regs","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.try_emulate_if_bug_disable","title":"try_emulate_if_bug_disable","text":"get_regs(regs: list[str] = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_disasm","title":"context_disasm","text":"try_emulate_if_bug_disable(handler: Callable[[], T]) -> T\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_highlight_source","title":"get_highlight_source","text":"context_disasm(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_filename_and_formatted_source","title":"get_filename_and_formatted_source","text":"get_highlight_source(filename: str) -> tuple[str, ...]\nget_filename_and_formatted_source()\nReturns formatted, lines limited and highlighted source as list or if it isn't there - an empty list
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_code","title":"context_code","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_stack","title":"context_stack","text":"context_code(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_backtrace","title":"context_backtrace","text":"context_stack(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_args","title":"context_args","text":"context_backtrace(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_thread_status","title":"get_thread_status","text":"context_args(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_threads","title":"context_threads","text":"get_thread_status(thread)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.save_signal","title":"save_signal","text":"context_threads(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_last_signal","title":"context_last_signal","text":"save_signal(signal) -> None\n
"},{"location":"reference/pwndbg/commands/cpsr/","title":"pwndbg.commands.cpsr","text":""},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr","title":"cpsr","text":"context_last_signal(with_banner=True, target=stdout, width=None)\nFunctions:
-
cpsr\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr.cpsr","title":"cpsr","text":"parser = ArgumentParser(description='Print out ARM CPSR or xPSR register.')\n
"},{"location":"reference/pwndbg/commands/cyclic/","title":"pwndbg.commands.cyclic","text":""},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic","title":"cyclic","text":"cpsr(cpsr_value=None) -> None\nFunctions:
-
cyclic_cmd\u2013
Attributes:
-
parser\u2013 -
group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.group","title":"groupparser = ArgumentParser(description='Cyclic pattern creator/finder.')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.cyclic_cmd","title":"cyclic_cmd","text":"group = add_mutually_exclusive_group(required=False)\n
"},{"location":"reference/pwndbg/commands/cymbol/","title":"pwndbg.commands.cymbol","text":""},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol","title":"cymbol","text":"cyclic_cmd(\n alphabet, length: int | None, lookup, count=100, filename=\"\"\n) -> None\nAdd, load, show, edit, or delete symbols for custom structures.
For the generation of the symbols g++/gcc is being used under the hood.
In case of remote debugging a binary which is not native to your architecture it is advised to configure the 'gcc-config-path' config parameter to your own cross-platform gnu gcc compiled toolchain for your target architecture.
You are advised to configure the 'cymbol-editor' config parameter to the path of your favorite text editor. Otherwise cymbol exapnds $EDITOR and $VISUAL environment variables to find the path to the default text editor.
Functions:
-
unload_loaded_symbol\u2013 -
OnlyWhenStructFileExists\u2013 -
generate_debug_symbols\u2013 -
add_custom_structure\u2013 -
add_structure_from_header\u2013 -
edit_custom_structure\u2013 -
remove_custom_structure\u2013 -
load_custom_structure\u2013 -
show_custom_structure\u2013 -
cymbol\u2013
Attributes:
-
P\u2013 -
T\u2013 -
gcc_compiler_path\u2013 -
cymbol_editor\u2013 -
loaded_symbols(dict[str, str]) \u2013 -
pwndbg_cachedir\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.gcc_compiler_path","title":"gcc_compiler_pathT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol_editor","title":"cymbol_editorgcc_compiler_path = add_param(\n \"gcc-compiler-path\",\n \"\",\n \"path to the gcc/g++ toolchain for generating imported symbols\",\n param_class=PARAM_OPTIONAL_FILENAME,\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.loaded_symbols","title":"loaded_symbolscymbol_editor = add_param(\n \"cymbol-editor\",\n \"\",\n \"path to the editor for editing custom structures\",\n param_class=PARAM_OPTIONAL_FILENAME,\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.pwndbg_cachedir","title":"pwndbg_cachedirloaded_symbols: dict[str, str] = {}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.parser","title":"parserpwndbg_cachedir = cachedir('custom-symbols')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.unload_loaded_symbol","title":"unload_loaded_symbol","text":"parser = ArgumentParser(\n description=\"Add, show, load, edit, or delete custom structures in plain C.\"\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.OnlyWhenStructFileExists","title":"OnlyWhenStructFileExists","text":"unload_loaded_symbol(custom_structure_name: str) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.generate_debug_symbols","title":"generate_debug_symbols","text":"OnlyWhenStructFileExists(\n func: _OnlyWhenStructFileExists,\n) -> _OnlyWhenStructFileExists\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_custom_structure","title":"add_custom_structure","text":"generate_debug_symbols(\n custom_structure_path: str,\n pwndbg_debug_symbols_output_file: str | None = None,\n) -> str | None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_structure_from_header","title":"add_structure_from_header","text":"add_custom_structure(custom_structure_name: str) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.edit_custom_structure","title":"edit_custom_structure","text":"add_structure_from_header(\n header_file: str, custom_structure_name: str = None\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.remove_custom_structure","title":"remove_custom_structure","text":"edit_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.load_custom_structure","title":"load_custom_structure","text":"remove_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.show_custom_structure","title":"show_custom_structure","text":"load_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol","title":"cymbol","text":"show_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/dev/","title":"pwndbg.commands.dev","text":""},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev","title":"dev","text":"cymbol(\n add: str, file: str, remove: str, edit: str, load: str, show: str\n) -> None\nFunctions:
-
dev_dump_instruction\u2013 -
log_level\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.dev_dump_instruction","title":"dev_dump_instruction","text":"parser = ArgumentParser(description='Set the log level.')\n
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.log_level","title":"log_level","text":"dev_dump_instruction(\n address=None, force_emulate=False, no_emulate=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/distance/","title":"pwndbg.commands.distance","text":""},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance","title":"distance","text":"log_level(level: str) -> None\nFunctions:
-
distance\u2013Print the distance between the two arguments
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance.distance","title":"distance","text":"parser = ArgumentParser(\n description=\"Print the distance between the two arguments, or print the offset to the address's page base.\"\n)\ndistance(a, b) -> None\nPrint the distance between the two arguments
"},{"location":"reference/pwndbg/commands/dt/","title":"pwndbg.commands.dt","text":""},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt","title":"dt","text":"Functions:
-
dt\u2013Dump out information on a type (e.g. ucontext_t).
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt.dt","title":"dt","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\n Dump out information on a type (e.g. ucontext_t).\\n\\n Optionally overlay that information at an address.\\n \",\n)\ndt(typename: str, address: int | None = None) -> None\nDump out information on a type (e.g. ucontext_t).
Optionally overlay that information at an address.
"},{"location":"reference/pwndbg/commands/dumpargs/","title":"pwndbg.commands.dumpargs","text":""},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs","title":"dumpargs","text":"Functions:
-
dumpargs\u2013 -
call_args\u2013Returns list of resolved call argument strings for display.
-
all_args\u2013Returns list of all argument strings for display.
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.dumpargs","title":"dumpargs","text":"parser = ArgumentParser(\n description=\"Prints determined arguments for call instruction.\"\n)\n
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.call_args","title":"call_args","text":"dumpargs(force: bool = False) -> None\ncall_args() -> list[str]\nReturns list of resolved call argument strings for display. Attempts to resolve the target and determine the number of arguments. Should be used only when being on a call instruction.
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.all_args","title":"all_args","text":"all_args() -> list[str]\nReturns list of all argument strings for display.
"},{"location":"reference/pwndbg/commands/elf/","title":"pwndbg.commands.elf","text":""},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf","title":"elf","text":"Functions:
-
elfsections\u2013 -
gotplt\u2013 -
plt\u2013 -
get_section_bounds\u2013 -
print_symbols_in_section\u2013 -
get_symbols_in_region\u2013
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.gotplt","title":"gotplt","text":"elfsections() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.plt","title":"plt","text":"gotplt() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_section_bounds","title":"get_section_bounds","text":"plt() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.print_symbols_in_section","title":"print_symbols_in_section","text":"get_section_bounds(section_name)\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_symbols_in_region","title":"get_symbols_in_region","text":"print_symbols_in_section(section_name, filter_text='') -> None\n
"},{"location":"reference/pwndbg/commands/flags/","title":"pwndbg.commands.flags","text":""},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags","title":"flags","text":"get_symbols_in_region(start, end, filter_text='')\nFunctions:
-
setflag\u2013
Attributes:
-
description\u2013 -
epilog\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.epilog","title":"epilogdescription = 'Modify the flags register.'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.parser","title":"parserepilog = \"Examples:\\n On X86/X64:\\n setflag ZF 1 -- set zero flag\\n setflag CF 0 -- unset carry flag\\n\\n On ARM:\\n setflag Z 0 -- unset the Z cpsr/xpsr flag\\n\\n To see flags registers:\\n info reg eflags -- on x86/x64\\n info reg cpsr/xpsr -- on ARM (specific register may vary)\\n\\n(This command supports flags registers that are defined for architectures in the pwndbg/regs.py file)\\n \"\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.setflag","title":"setflag","text":"parser = ArgumentParser(\n description=description, epilog=epilog, formatter_class=RawTextHelpFormatter\n)\n
"},{"location":"reference/pwndbg/commands/gdt/","title":"pwndbg.commands.gdt","text":""},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt","title":"gdt","text":"setflag(flag: str, value: int) -> None\nFunctions:
-
gdt\u2013 -
decode_gdt_entry\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.gdt","title":"gdt","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Decode X86-64 GDT entries at address\\n\\nSee also:\\n* https://wiki.osdev.org/Global_Descriptor_Table\\n* https://wiki.osdev.org/GDT_Tutorial\\n\\nNote:\\nIn 64-bit mode, the Base and Limit values are ignored, each descriptor covers the entire linear address space regardless of what they are set to.\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.decode_gdt_entry","title":"decode_gdt_entry","text":"gdt(address, count) -> None\n
"},{"location":"reference/pwndbg/commands/ghidra/","title":"pwndbg.commands.ghidra","text":""},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra","title":"ghidra","text":"decode_gdt_entry(value)\nFunctions:
-
ghidra\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra.ghidra","title":"ghidra","text":"parser = ArgumentParser(description='Decompile a given function using Ghidra.')\n
"},{"location":"reference/pwndbg/commands/godbg/","title":"pwndbg.commands.godbg","text":""},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg","title":"godbg","text":"ghidra(func) -> None\nFunctions:
-
go_dump\u2013 -
go_type\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_dump","title":"go_dump","text":"parser = ArgumentParser(\n description=\"Dumps a Go runtime reflection type at a specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_type","title":"go_type","text":"go_dump(\n ty: str,\n address: int,\n hex: bool,\n decimals: int | None,\n debug: bool,\n pretty: bool,\n) -> None\n
"},{"location":"reference/pwndbg/commands/got/","title":"pwndbg.commands.got","text":""},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got","title":"got","text":"go_type(address: int) -> None\nFunctions:
-
got\u2013
Attributes:
-
parser\u2013 -
group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.group","title":"groupparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Show the state of the Global Offset Table.\\n\\nExamples:\\n got\\n got puts\\n got -p libc\\n got -a\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.got","title":"got","text":"group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/got_tracking/","title":"pwndbg.commands.got_tracking","text":""},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking","title":"got_tracking","text":"got(\n path_filter: str, all_: bool, accept_readonly: bool, symbol_filter: str\n) -> None\nFunctions:
-
columns\u2013Print data formatted into distinct columns.
-
track_got\u2013 -
got_report\u2013Prints out a report of the current status of the GOT tracker.
-
got_tracking_status\u2013Prints out information about a single GOT tracking entry.
Attributes:
-
parser\u2013 -
subparsers\u2013 -
enable\u2013 -
disable\u2013 -
report\u2013 -
status\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.subparsers","title":"subparsersparser = ArgumentParser(description='Controls GOT tracking')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.enable","title":"enablesubparsers = add_subparsers(\n required=True,\n description=\"Used to disable and query information about the tracker\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.disable","title":"disableenable = add_parser('enable', help='Enable GOT parsing')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.report","title":"reportdisable = add_parser('disable', help='Disable GOT tracking')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.status","title":"statusreport = add_parser('info', help='Give an overview of the GOT tracker')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.columns","title":"columns","text":"status = add_parser(\n \"query\",\n help=\"Queries detailed tracking information about a single entry in the GOT\",\n)\ncolumns(rows, colors=None) -> None\nPrint data formatted into distinct columns.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.track_got","title":"track_got","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_report","title":"got_report","text":"track_got(mode=None, soname=None, writable=False, fnname=None, address=None)\ngot_report(soname='.*', writable=False, fnname='.*') -> None\nPrints out a report of the current status of the GOT tracker.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_tracking_status","title":"got_tracking_status","text":"got_tracking_status(address) -> None\nPrints out information about a single GOT tracking entry.
"},{"location":"reference/pwndbg/commands/hex2ptr/","title":"pwndbg.commands.hex2ptr","text":""},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr","title":"hex2ptr","text":"Functions:
-
hex2ptr\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr.hex2ptr","title":"hex2ptr","text":"parser = ArgumentParser(\n description=\"Converts a space-separated hex string to a little-endian address.\"\n)\n
"},{"location":"reference/pwndbg/commands/hexdump/","title":"pwndbg.commands.hexdump","text":""},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump","title":"hexdump","text":"hex2ptr(hex_string) -> None\nFunctions:
-
address_or_module_name\u2013 -
hexdump\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.address_or_module_name","title":"address_or_module_name","text":"parser = ArgumentParser(\n description=\"Hexdumps data at the specified address or module name.\"\n)\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.hexdump","title":"hexdump","text":"address_or_module_name(s) -> int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/","title":"pwndbg.commands.hijack_fd","text":""},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd","title":"hijack_fd","text":"hexdump(address, count=hexdump_bytes) -> None\nClasses:
-
ShellcodeRegs\u2013 -
ParsedSocket\u2013
Functions:
-
get_shellcode_regs\u2013 -
stack_size_alignment\u2013 -
asm_replace_file\u2013 -
asm_replace_socket\u2013 -
exec_shellcode_with_stack\u2013 -
parse_socket\u2013 -
parse_file_or_socket\u2013 -
hijack_fd\u2013
Attributes:
-
parser\u2013 -
PARSED_FILE_ARG\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.PARSED_FILE_ARG","title":"PARSED_FILE_ARGparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Replace a file descriptor of a debugged process.\\n\\nThe new file descriptor can point to:\\n- a file\\n- a pipe\\n- a socket\\n- a device, etc.\\n\\nExamples:\\n1. Redirect STDOUT to a file:\\n `hijack-fd 1 /dev/null`\\n\\n2. Redirect STDERR to a socket:\\n `hijack-fd 2 tcp://localhost:8888`\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs","title":"ShellcodeRegs","text":"PARSED_FILE_ARG = Tuple[Optional[ParsedSocket], Optional[str]]\nBases:
NamedTupleAttributes:
-
newfd(str) \u2013 -
syscall_ret(str) \u2013 -
stack(str) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.syscall_ret","title":"syscall_retnewfd: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.stack","title":"stacksyscall_ret: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket","title":"ParsedSocket","text":"stack: str\nBases:
NamedTupleAttributes:
-
protocol(Literal['tcp', 'udp']) \u2013 -
ip_version(Literal['ipv4', 'ipv6']) \u2013 -
address(str) \u2013 -
port(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.ip_version","title":"ip_versionprotocol: Literal['tcp', 'udp']\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.address","title":"addressip_version: Literal['ipv4', 'ipv6']\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.port","title":"portaddress: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.get_shellcode_regs","title":"get_shellcode_regs","text":"port: int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.stack_size_alignment","title":"stack_size_alignment","text":"get_shellcode_regs() -> ShellcodeRegs\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_file","title":"asm_replace_file","text":"stack_size_alignment(s: int) -> int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_socket","title":"asm_replace_socket","text":"asm_replace_file(replace_fd: int, filename: str) -> tuple[int, str]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.exec_shellcode_with_stack","title":"exec_shellcode_with_stackasm_replace_socket(\n replace_fd: int, socket_data: ParsedSocket\n) -> tuple[int, str]\nasync","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_socket","title":"parse_socket","text":"exec_shellcode_with_stack(ec: ExecutionController, blob, stack_size: int)\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_file_or_socket","title":"parse_file_or_socket","text":"parse_socket(url: str) -> ParsedSocket\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.hijack_fd","title":"hijack_fd","text":"parse_file_or_socket(s: str) -> PARSED_FILE_ARG\n
"},{"location":"reference/pwndbg/commands/ida/","title":"pwndbg.commands.ida","text":""},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida","title":"ida","text":"hijack_fd(fdnum: int, newfile: PARSED_FILE_ARG) -> None\nFunctions:
-
j\u2013Synchronize IDA's cursor with GDB
-
up\u2013Select and print stack frame that called this one.
-
down\u2013Select and print stack frame called by this one.
-
save_ida\u2013Save the IDA database
-
ida\u2013Evaluate ida.LocByName() on the supplied value.
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.j","title":"j","text":"parser = ArgumentParser(\n description=\"Select and print stack frame called by this one.\"\n)\nj(*args) -> None\nSynchronize IDA's cursor with GDB
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.up","title":"up","text":"up(n=1) -> None\nSelect and print stack frame that called this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.down","title":"down","text":"down(n=1) -> None\nSelect and print stack frame called by this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.save_ida","title":"save_ida","text":"save_ida() -> None\nSave the IDA database
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.ida","title":"ida","text":"ida(name)\nEvaluate ida.LocByName() on the supplied value.
"},{"location":"reference/pwndbg/commands/ignore/","title":"pwndbg.commands.ignore","text":""},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore","title":"ignore","text":"Ignoring a breakpoint
Functions:
-
ignore\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore.ignore","title":"ignore","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Set ignore-count of breakpoint number N to COUNT.\\n\\nWhile the ignore count is positive, execution will not stop on the breakpoint.\\n\\nBy default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.\",\n)\n
"},{"location":"reference/pwndbg/commands/integration/","title":"pwndbg.commands.integration","text":""},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration","title":"integration","text":"ignore(bpnum, count) -> None\nFunctions:
-
decomp\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration.decomp","title":"decomp","text":"parser = ArgumentParser(\n description=\"Use the current integration to decompile code near an address.\"\n)\n
"},{"location":"reference/pwndbg/commands/ipython_interactive/","title":"pwndbg.commands.ipython_interactive","text":""},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive","title":"ipython_interactive","text":"decomp(addr: int | None, lines: int | None) -> None\nCommand to start an interactive IPython prompt.
Functions:
-
switch_to_ipython_env\u2013We need to change stdout/stderr to the default ones, otherwise we can't use tab or autocomplete
-
ipi\u2013
switch_to_ipython_env()\nWe need to change stdout/stderr to the default ones, otherwise we can't use tab or autocomplete
"},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive.ipi","title":"ipi","text":"
"},{"location":"reference/pwndbg/commands/jemalloc/","title":"pwndbg.commands.jemalloc","text":""},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc","title":"jemalloc","text":"ipi() -> None\nFunctions:
-
jemalloc_find_extent\u2013 -
jemalloc_extent_info\u2013 -
jemalloc_heap\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_find_extent","title":"jemalloc_find_extent","text":"parser = ArgumentParser(description='Prints all extents information')\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_extent_info","title":"jemalloc_extent_info","text":"jemalloc_find_extent(addr) -> None\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_heap","title":"jemalloc_heap","text":"jemalloc_extent_info(addr, verbose=False, header=True) -> bool\n
"},{"location":"reference/pwndbg/commands/kbase/","title":"pwndbg.commands.kbase","text":""},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase","title":"kbase","text":"jemalloc_heap() -> None\nFunctions:
-
kbase\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase.kbase","title":"kbase","text":"parser = ArgumentParser(description='Finds the kernel virtual base address.')\n
"},{"location":"reference/pwndbg/commands/kchecksec/","title":"pwndbg.commands.kchecksec","text":""},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec","title":"kchecksec","text":"kbase(rebase=False) -> None\nClasses:
-
Option\u2013
Functions:
-
kchecksec\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option","title":"Option","text":"parser = ArgumentParser(\n description=\"Checks for kernel hardening configuration options.\"\n)\nBases:
NamedTupleAttributes:
-
name(str) \u2013 -
desired(bool) \u2013 -
cmdline_option(str) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.desired","title":"desiredname: str\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.cmdline_option","title":"cmdline_optiondesired: bool = True\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.kchecksec","title":"kchecksec","text":"cmdline_option: str = None\n
"},{"location":"reference/pwndbg/commands/kcmdline/","title":"pwndbg.commands.kcmdline","text":""},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline","title":"kcmdline","text":"kchecksec() -> None\nFunctions:
-
kcmdline\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline.kcmdline","title":"kcmdline","text":"parser = ArgumentParser(\n description=\"Return the kernel commandline (/proc/cmdline).\"\n)\n
"},{"location":"reference/pwndbg/commands/kconfig/","title":"pwndbg.commands.kconfig","text":""},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig","title":"kconfig","text":"kcmdline() -> None\nFunctions:
-
kconfig\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig.kconfig","title":"kconfig","text":"parser = ArgumentParser(\n description=\"Outputs the kernel config (requires CONFIG_IKCONFIG).\"\n)\n
"},{"location":"reference/pwndbg/commands/killthreads/","title":"pwndbg.commands.killthreads","text":""},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads","title":"killthreads","text":"kconfig(config_name=None) -> None\nFunctions:
-
killthreads\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads.killthreads","title":"killthreads","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Kill all or given threads.\\n\\nSwitches to given threads and calls pthread_exit(0) on them.\\nThis is performed with scheduler-locking to prevent other threads from operating at the same time.\\n\\nKilling all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/klookup/","title":"pwndbg.commands.klookup","text":""},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup","title":"klookup","text":"killthreads(thread_ids: list[int] | None = None, all: bool = False) -> None\nFunctions:
-
klookup\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup.klookup","title":"klookup","text":"parser = ArgumentParser(description='Lookup kernel symbols')\n
"},{"location":"reference/pwndbg/commands/knft/","title":"pwndbg.commands.knft","text":""},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft","title":"knft","text":"klookup(symbol: str) -> None\nFunctions:
-
parse_nft_family\u2013 -
knft_dump\u2013 -
knft_list_tables\u2013 -
knft_list_chains\u2013 -
knft_list_rules\u2013 -
knft_list_exprs\u2013 -
knft_list_sets\u2013 -
knft_list_objects\u2013 -
knft_list_flowtables\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.parse_nft_family","title":"parse_nft_family","text":"parser = ArgumentParser(\n description=\"Dump netfilter flowtables from a specific table\"\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_dump","title":"knft_dump","text":"parse_nft_family(s: str) -> int\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_tables","title":"knft_list_tables","text":"knft_dump(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_chains","title":"knft_list_chains","text":"knft_list_tables(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_rules","title":"knft_list_rules","text":"knft_list_chains(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_exprs","title":"knft_list_exprs","text":"knft_list_rules(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_sets","title":"knft_list_sets","text":"knft_list_exprs(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n rule_id: int | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_objects","title":"knft_list_objects","text":"knft_list_sets(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_flowtables","title":"knft_list_flowtables","text":"knft_list_objects(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/kversion/","title":"pwndbg.commands.kversion","text":""},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion","title":"kversion","text":"knft_list_flowtables(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\nFunctions:
-
kversion\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion.kversion","title":"kversion","text":"parser = ArgumentParser(\n description=\"Outputs the kernel version (/proc/version).\"\n)\n
"},{"location":"reference/pwndbg/commands/leakfind/","title":"pwndbg.commands.leakfind","text":""},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind","title":"leakfind","text":"kversion() -> None\nFind a chain of leaks given some starting address.
Functions:
-
get_rec_addr_string\u2013 -
dbg_print_map\u2013 -
leakfind\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.get_rec_addr_string","title":"get_rec_addr_string","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nAttempt to find a leak chain given a starting address.\\nScans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.\\n\\nExample: leakfind $rsp --page_name=filename --max_offset=0x48 --max_depth=6. This would look for any chains of leaks that point to a section in filename which begin near $rsp, are never 0x48 bytes further from a known pointer, and are a maximum length of 6.\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.dbg_print_map","title":"dbg_print_map","text":"get_rec_addr_string(addr, visited_map)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.leakfind","title":"leakfind","text":"dbg_print_map(maps) -> None\n
"},{"location":"reference/pwndbg/commands/libcinfo/","title":"pwndbg.commands.libcinfo","text":""},{"location":"reference/pwndbg/commands/libcinfo/#pwndbg.commands.libcinfo","title":"libcinfo","text":"leakfind(\n address=None,\n page_name=None,\n max_offset: int = 64,\n max_depth: int = 4,\n step: int = 1,\n negative_offset: int = 0,\n)\nFunctions:
-
libcinfo\u2013
"},{"location":"reference/pwndbg/commands/linkmap/","title":"pwndbg.commands.linkmap","text":""},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap","title":"linkmap","text":"libcinfo()\nFunctions:
-
linkmap\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap.linkmap","title":"linkmap","text":"parser = ArgumentParser(description='Show the state of the Link Map')\n
"},{"location":"reference/pwndbg/commands/memoize/","title":"pwndbg.commands.memoize","text":""},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize","title":"memoize","text":"linkmap() -> None\nFunctions:
-
memoize\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize.memoize","title":"memoize","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nToggles memoization (caching).\\n\\nUseful for diagnosing caching-related bugs. Decreases performance.\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/misc/","title":"pwndbg.commands.misc","text":""},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc","title":"misc","text":"memoize() -> None\nFunctions:
-
errno_\u2013 -
pwndbg_\u2013 -
list_and_filter_commands\u2013
Attributes:
-
parser\u2013 -
group\u2013 -
cat_group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.group","title":"groupparser = ArgumentParser(description=\"Prints out a list of all pwndbg commands.\")\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.cat_group","title":"cat_groupgroup = add_mutually_exclusive_group()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.errno_","title":"errno_","text":"cat_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.pwndbg_","title":"pwndbg_","text":"errno_(err) -> None\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.list_and_filter_commands","title":"list_and_filter_commands","text":"pwndbg_(filter_pattern, shell, all_, category_, list_categories) -> None\n
"},{"location":"reference/pwndbg/commands/mmap/","title":"pwndbg.commands.mmap","text":""},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap","title":"mmap","text":"list_and_filter_commands(filter_str, pwndbg_cmds=True, shell_cmds=False)\nFunctions:
-
prot_str_to_val\u2013Heuristic to convert PROT_EXEC|PROT_WRITE to integer value.
-
flag_str_to_val\u2013Heuristic to convert MAP_SHARED|MAP_FIXED to integer value.
-
parse_str_or_int\u2013Try parsing a string with one of the parsers above or by converting it to
-
mmap\u2013
Attributes:
-
parser\u2013 -
prot_dict\u2013 -
flag_dict\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_dict","title":"prot_dictparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nCalls the mmap syscall and prints its resulting address.\\n\\nNote that the mmap syscall may fail for various reasons\\n(see `man mmap`) and, in case of failure, its return value\\nwill not be a valid pointer.\\n\\nPROT values: NONE (0), READ (1), WRITE (2), EXEC (4)\\nMAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10),\\n ANONYMOUS (0x20)\\n\\nFlags and protection values can be either a string containing the names of the\\nflags or permissions or a single number corresponding to the bitwise OR of the\\nprotection and flag numbers.\\n\\nExamples:\\n mmap 0x0 4096 PROT_READ|PROT_WRITE|PROT_EXEC MAP_PRIVATE|MAP_ANONYMOUS -1 0\\n - Maps a new private+anonymous page with RWX permissions at a location\\n decided by the kernel.\\n\\n mmap 0x0 4096 PROT_READ MAP_PRIVATE 10 0\\n - Maps 4096 bytes of the file pointed to by file descriptor number 10 with\\n read permission at a location decided by the kernel.\\n\\n mmap 0xdeadbeef 0x1000\\n - Maps a new private+anonymous page with RWX permissions at a page boundary\\n near 0xdeadbeef.\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_dict","title":"flag_dictprot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_str_to_val","title":"prot_str_to_val","text":"flag_dict = {\n \"MAP_SHARED\": 1,\n \"MAP_PRIVATE\": 2,\n \"MAP_SHARED_VALIDATE\": 3,\n \"MAP_FIXED\": 16,\n \"MAP_ANONYMOUS\": 32,\n}\nprot_str_to_val(protstr)\nHeuristic to convert PROT_EXEC|PROT_WRITE to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_str_to_val","title":"flag_str_to_val","text":"flag_str_to_val(flagstr)\nHeuristic to convert MAP_SHARED|MAP_FIXED to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.parse_str_or_int","title":"parse_str_or_int","text":"parse_str_or_int(val: str | int, parser)\nTry parsing a string with one of the parsers above or by converting it to an int, or passes the value through if it is already an integer.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.mmap","title":"mmap","text":"
"},{"location":"reference/pwndbg/commands/mprotect/","title":"pwndbg.commands.mprotect","text":""},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect","title":"mprotect","text":"mmap(\n addr, length, prot=7, flags=34, fd=-1, offset=0, quiet=False, force=False\n) -> None\nFunctions:
-
prot_str_to_val\u2013Converts a protection string to an integer. Formats include:
-
prot_val_to_str\u2013 -
mprotect\u2013
Attributes:
-
parser\u2013 -
SYS_MPROTECT\u2013 -
prot_dict\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.SYS_MPROTECT","title":"SYS_MPROTECTparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nCalls the mprotect syscall and prints its result value.\\n\\nNote that the mprotect syscall may fail for various reasons\\n(see `man mprotect`) and a non-zero error return value\\ncan be decoded with the `errno <value>` command.\\n\\nExamples:\\n mprotect $rsp 4096 PROT_READ|PROT_WRITE|PROT_EXEC\\n mprotect $rsp 4096 rwx\\n mprotect $rsp 4096 7\\n mprotect some_symbol 0x1000 PROT_NONE\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_dict","title":"prot_dictSYS_MPROTECT = 125\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_str_to_val","title":"prot_str_to_val","text":"prot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\nprot_str_to_val(protstr: str) -> int\nConverts a protection string to an integer. Formats include: - A positive integer, like 3 - A combination of r, w, and x, like rw - A combination of PROT_READ, PROT_WRITE, and PROT_EXEC, like PROT_READ|PROT_WRITE
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_val_to_str","title":"prot_val_to_str","text":"
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.mprotect","title":"mprotect","text":"prot_val_to_str(protval: int) -> str\n
"},{"location":"reference/pwndbg/commands/nearpc/","title":"pwndbg.commands.nearpc","text":""},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc","title":"nearpc","text":"mprotect(addr, length, prot) -> None\nFunctions:
-
nearpc\u2013Disassemble near a specified address.
-
emulate\u2013Like nearpc, but will emulate instructions from the current $PC forward.
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.nearpc","title":"nearpc","text":"parser = ArgumentParser(\n description=\"Like nearpc, but will emulate instructions from the current $PC forward.\"\n)\nnearpc(\n pc=None, lines=None, emulate=False, use_cache=False, linear=True\n) -> None\nDisassemble near a specified address.
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.emulate","title":"emulate","text":"emulate(pc=None, lines=None, emulate_=True) -> None\nLike nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"reference/pwndbg/commands/next/","title":"pwndbg.commands.next","text":""},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next","title":"next","text":"Stepping until an event occurs
Functions:
-
nextjmp\u2013Breaks at the next jump instruction
-
nextcall\u2013Breaks at the next call instruction
-
nextret\u2013Breaks at next return-like instruction
-
stepret\u2013Breaks at next return-like instruction by 'stepping' to it
-
nextproginstr\u2013 -
stepover\u2013Sets a breakpoint on the instruction after this one
-
nextsyscall\u2013Breaks at the next syscall not taking branches.
-
stepsyscall\u2013Breaks at the next syscall by taking branches.
-
stepuntilasm\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextjmp","title":"nextjmp","text":"parser = ArgumentParser(description='Breaks on the next matching instruction.')\nnextjmp() -> None\nBreaks at the next jump instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextcall","title":"nextcall","text":"nextcall(symbol_regex=None) -> None\nBreaks at the next call instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextret","title":"nextret","text":"nextret() -> None\nBreaks at next return-like instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepret","title":"stepret","text":"stepret() -> None\nBreaks at next return-like instruction by 'stepping' to it
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextproginstr","title":"nextproginstr","text":"
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepover","title":"stepover","text":"nextproginstr() -> None\nstepover(addr=None) -> None\nSets a breakpoint on the instruction after this one
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextsyscall","title":"nextsyscall","text":"nextsyscall() -> None\nBreaks at the next syscall not taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepsyscall","title":"stepsyscall","text":"stepsyscall() -> None\nBreaks at the next syscall by taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepuntilasm","title":"stepuntilasm","text":"
"},{"location":"reference/pwndbg/commands/onegadget/","title":"pwndbg.commands.onegadget","text":""},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget","title":"onegadget","text":"stepuntilasm(mnemonic, op_str) -> None\nFunctions:
-
onegadget\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget.onegadget","title":"onegadget","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nFind gadgets which single-handedly give code execution.\\n\\nUses the onegadget tool by david942j.\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/p2p/","title":"pwndbg.commands.p2p","text":""},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p","title":"p2p","text":"onegadget(\n show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> None\nClasses:
-
AddrRange\u2013
Functions:
-
get_addrrange_any_named\u2013 -
address_range_explicit\u2013 -
address_range\u2013 -
maybe_points_to_ranges\u2013 -
p2p_walk\u2013 -
p2p\u2013
Attributes:
-
ts\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.parser","title":"parserts = telescope\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange","title":"AddrRange","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.\\n\\nAny chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.\",\n)\nAddrRange(begin: int, end: int)\nMethods:
-
__repr__\u2013
Attributes:
-
begin\u2013 -
end\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.end","title":"endbegin = begin\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.__repr__","title":"__repr__","text":"end = end\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.get_addrrange_any_named","title":"get_addrrange_any_named","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range_explicit","title":"address_range_explicit","text":"get_addrrange_any_named() -> list[AddrRange]\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range","title":"address_range","text":"address_range_explicit(section: str) -> AddrRange\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.maybe_points_to_ranges","title":"maybe_points_to_ranges","text":"address_range(section: str) -> list[AddrRange] | tuple[int, int] | None\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p_walk","title":"p2p_walk","text":"maybe_points_to_ranges(ptr: int, rs: list[AddrRange])\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p","title":"p2p","text":"p2p_walk(\n addr: int, ranges: list[list[AddrRange]], current_level: int\n) -> int | None\n
"},{"location":"reference/pwndbg/commands/patch/","title":"pwndbg.commands.patch","text":""},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch","title":"patch","text":"p2p(mapping_names: list[list[AddrRange]] | None = None) -> None\nFunctions:
-
patch\u2013 -
patch_revert\u2013 -
patch_list\u2013
Attributes:
-
patches(dict[int, tuple[bytearray, bytearray]]) \u2013 -
parser\u2013 -
parser2\u2013 -
parser3\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser","title":"parserpatches: dict[int, tuple[bytearray, bytearray]] = {}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser2","title":"parser2parser = ArgumentParser(\n description=\"Patches given instruction with given code or bytes.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser3","title":"parser3parser2 = ArgumentParser(description='Revert patch at given address.')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch","title":"patch","text":"parser3 = ArgumentParser(description='List all patches.')\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_revert","title":"patch_revert","text":"patch(address: int, ins: str, quiet: bool) -> None\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_list","title":"patch_list","text":"patch_revert(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/pcplist/","title":"pwndbg.commands.pcplist","text":""},{"location":"reference/pwndbg/commands/pcplist/#pwndbg.commands.pcplist","title":"pcplist","text":"patch_list() -> None\nFunctions:
-
print_zone\u2013 -
pcplist\u2013
Attributes:
-
log\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/pcplist/#pwndbg.commands.pcplist.parser","title":"parserlog = getLogger(__name__)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/pcplist/#pwndbg.commands.pcplist.print_zone","title":"print_zone","text":"parser = ArgumentParser(description='Print Per-CPU page list')\n
"},{"location":"reference/pwndbg/commands/pcplist/#pwndbg.commands.pcplist.pcplist","title":"pcplist","text":"print_zone(zone: int, list_num=None) -> None\n
"},{"location":"reference/pwndbg/commands/peda/","title":"pwndbg.commands.peda","text":""},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda","title":"peda","text":"pcplist(zone: int = None, list_num: int = None) -> None\nFunctions:
-
getfile\u2013 -
xuntil\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.getfile","title":"getfile","text":"parser = ArgumentParser(\n description=\"Continue execution until an address or expression.\"\n)\n
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.xuntil","title":"xuntil","text":"getfile() -> None\n
"},{"location":"reference/pwndbg/commands/pie/","title":"pwndbg.commands.pie","text":""},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie","title":"pie","text":"xuntil(target) -> None\nFunctions:
-
translate_addr\u2013 -
piebase\u2013 -
breakrva\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.translate_addr","title":"translate_addr","text":"parser = ArgumentParser(description='Calculate VA of RVA from PIE base.')\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.piebase","title":"piebase","text":"translate_addr(offset, module)\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.breakrva","title":"breakrva","text":"piebase(offset=None, module=None) -> None\n
"},{"location":"reference/pwndbg/commands/plist/","title":"pwndbg.commands.plist","text":""},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist","title":"plist","text":"breakrva(offset=0, module=None) -> None\nFunctions:
-
plist\u2013 -
bit_offset_of_field\u2013 -
get_byte_offset\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.plist","title":"plist","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Dumps the elements of a linked list.\\n\\nThis command traverses the linked list beginning at a given element, dumping its\\ncontents and the contents of all the elements that come after it in the list.\\nTraversal is configurable and can handle multiple types of linked lists, but will\\nalways stop when a cycle is detected.\\n\\nThe path to the first element can be any GDB expression that evaluates to either\\nthe first element directly, or a to pointer to it. The next element is the name\\nof the field containing the next pointer, in either the structure itself or in\\nthe structure given by --inner.\\n\\nAn address value may be given with --sentinel that signals the end of the list.\\nBy default, the value used is NULL (0).\\n\\nIf only one field inside each node is desired, it can be printed exclusively by\\nspecifying its name with --field.\\n\\nThis command supports traversing three types of linked lists, classified by how\\nthe next pointer can be found in the structure and what type it is:\\n 1 - Next pointer is field of structure, type is the same as structure.\\n 2 - Next pointer is field of inner nested structure, pointed to type is the\\n same as outer structure.\\n 3 - Next pointer is field of inner nested structure, pointed to type is the\\n same as inner structure.\\nTypes 2 and 3 require --inner to be specified.\\n\\nExample 1:\\n\\n```\\nstruct node {\\n int value;\\n struct node *next;\\n};\\nstruct node node_c = { 2, NULL };\\nstruct node node_b = { 1, &node_c };\\nstruct node node_a = { 0, &node_b };\\n```\\n\\npwndbg> plist node_a next\\n0x4000011050 <node_a>: {\\n value = 0,\\n next = 0x4000011040 <node_b>\\n}\\n0x4000011040 <node_b>: {\\n value = 1,\\n next = 0x4000011010 <node_c>\\n}\\n0x4000011010 <node_c>: {\\n value = 2,\\n next = 0x0\\n}\\n\\nExample 2:\\n\\n```\\nstruct node_inner_a {\\n struct node_inner_a *next;\\n};\\nstruct inner_a_node {\\n int value;\\n struct node_inner_a inner;\\n};\\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\\n```\\n\\npwndbg> plist inner_a_node_a -i inner next\\n0x4000011070 <inner_a_node_a>: {\\n value = 0,\\n inner = {\\n next = 0x4000011068 <inner_a_node_b+8>\\n }\\n}\\n0x4000011060 <inner_a_node_b>: {\\n value = 1,\\n inner = {\\n next = 0x4000011028 <inner_a_node_c+8>\\n }\\n}\\n0x4000011020 <inner_a_node_c>: {\\n value = 2,\\n inner = {\\n next = 0x0\\n }\\n}\\n\\nExample 3:\\n\\n```\\nstruct inner_b_node;\\nstruct node_inner_b {\\n struct inner_b_node *next;\\n};\\nstruct inner_b_node {\\n int value;\\n struct node_inner_b inner;\\n};\\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\\n```\\n\\npwndbg> plist inner_b_node_a -i inner next\\n0x4000011090 <inner_b_node_a>: {\\n value = 0,\\n inner = {\\n next = 0x4000011080 <inner_b_node_b>\\n }\\n}\\n0x4000011080 <inner_b_node_b>: {\\n value = 1,\\n inner = {\\n next = 0x4000011030 <inner_b_node_c>\\n }\\n}\\n0x4000011030 <inner_b_node_c>: {\\n value = 2,\\n inner = {\\n next = 0x0\\n }\\n}\\n\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.bit_offset_of_field","title":"bit_offset_of_field","text":"plist(\n path: str,\n next: str,\n sentinel: int,\n inner_name: str | None,\n field_name: str | None,\n offset: int,\n count: int | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.get_byte_offset","title":"get_byte_offset","text":"bit_offset_of_field(struct, field_name, inner_name=None)\n
"},{"location":"reference/pwndbg/commands/probeleak/","title":"pwndbg.commands.probeleak","text":""},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak","title":"probeleak","text":"get_byte_offset(bit_offset)\nFunctions:
-
find_module\u2013 -
satisfied_flags\u2013 -
flags_str2int\u2013 -
probeleak\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.find_module","title":"find_module","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nPointer scan for possible offset leaks.\\nExamples:\\n probeleak $rsp 0x64 - leaks 0x64 bytes starting at stack pointer and search for valid pointers\\n probeleak $rsp 0x64 --max-dist 0x10 - as above, but pointers may point 0x10 bytes outside of memory page\\n probeleak $rsp 0x64 --point-to libc --max-ptrs 1 --flags rwx - leaks 0x64 bytes starting at stack pointer and search for one valid pointer which points to a libc rwx page\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.satisfied_flags","title":"satisfied_flags","text":"find_module(addr, max_distance)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.flags_str2int","title":"flags_str2int","text":"satisfied_flags(require_flags, flags)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.probeleak","title":"probeleak","text":"flags_str2int(flags_s)\n
"},{"location":"reference/pwndbg/commands/procinfo/","title":"pwndbg.commands.procinfo","text":""},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo","title":"procinfo","text":"probeleak(\n address=None,\n count=64,\n max_distance=0,\n point_to=None,\n max_ptrs=0,\n flags=None,\n) -> None\nClasses:
-
Process\u2013
Functions:
-
tcp\u2013It will first list all listening TCP sockets, and next list all established
-
unix\u2013 -
netlink\u2013 -
pid\u2013 -
procinfo\u2013Display information about the running process.
Attributes:
-
capabilities\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process","title":"Process","text":"capabilities = {\n 0: \"CAP_CHOWN\",\n 1: \"CAP_DAC_OVERRIDE\",\n 2: \"CAP_DAC_READ_SEARCH\",\n 3: \"CAP_FOWNER\",\n 4: \"CAP_FSETID\",\n 5: \"CAP_KILL\",\n 6: \"CAP_SETGID\",\n 7: \"CAP_SETUID\",\n 8: \"CAP_SETPCAP\",\n 9: \"CAP_LINUX_IMMUTABLE\",\n 10: \"CAP_NET_BIND_SERVICE\",\n 11: \"CAP_NET_BROADCAST\",\n 12: \"CAP_NET_ADMIN\",\n 13: \"CAP_NET_RAW\",\n 14: \"CAP_IPC_LOCK\",\n 15: \"CAP_IPC_OWNER\",\n 16: \"CAP_SYS_MODULE\",\n 17: \"CAP_SYS_RAWIO\",\n 18: \"CAP_SYS_CHROOT\",\n 19: \"CAP_SYS_PTRACE\",\n 20: \"CAP_SYS_PACCT\",\n 21: \"CAP_SYS_ADMIN\",\n 22: \"CAP_SYS_BOOT\",\n 23: \"CAP_SYS_NICE\",\n 24: \"CAP_SYS_RESOURCE\",\n 25: \"CAP_SYS_TIME\",\n 26: \"CAP_SYS_TTY_CONFIG\",\n 27: \"CAP_MKNOD\",\n 28: \"CAP_LEASE\",\n 29: \"CAP_AUDIT_WRITE\",\n 30: \"CAP_AUDIT_CONTROL\",\n 31: \"CAP_SETFCAP\",\n 32: \"CAP_MAC_OVERRIDE\",\n 33: \"CAP_MAC_ADMIN\",\n 34: \"CAP_SYSLOG\",\n 35: \"CAP_WAKE_ALARM\",\n 36: \"CAP_BLOCK_SUSPEND\",\n}\nProcess(pid=None, tid=None)\nAttributes:
-
pid\u2013 -
tid\u2013 -
selinux(str) \u2013 -
cmdline\u2013 -
cwd(str) \u2013 -
status\u2013 -
open_files\u2013 -
connections\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.tid","title":"tidpid = pid\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.selinux","title":"selinuxtid = tid\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cmdline","title":"cmdlineselinux: str\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cwd","title":"cwdcmdline\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.status","title":"statuscwd: str\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.open_files","title":"open_filesstatus\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.connections","title":"connectionsopen_files\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.tcp","title":"tcp","text":"connections\ntcp()\nIt will first list all listening TCP sockets, and next list all established TCP connections. A typical entry of /proc/net/tcp would look like this (split up into 3 parts because of the length of the line):
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.unix","title":"unix","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.netlink","title":"netlink","text":"unix()\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.pid","title":"pid","text":"netlink()\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.procinfo","title":"procinfo","text":"pid() -> None\nprocinfo() -> None\nDisplay information about the running process.
"},{"location":"reference/pwndbg/commands/profiler/","title":"pwndbg.commands.profiler","text":""},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler","title":"profiler","text":"Utilities for profiling pwndbg.
Functions:
-
profiler\u2013
Attributes:
-
parser\u2013 -
subparsers\u2013 -
parser_start\u2013 -
parser_stop\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.subparsers","title":"subparsersparser = ArgumentParser(description='Utilities for profiling pwndbg.')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_start","title":"parser_startsubparsers = add_subparsers(dest='command')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_stop","title":"parser_stopparser_start = add_parser('start', prog='profiler start')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.profiler","title":"profiler","text":"parser_stop = add_parser('stop', prog='profiler stop')\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/","title":"pwndbg.commands.ptmalloc2","text":""},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2","title":"ptmalloc2","text":"profiler(command, file='pwndbg.pstats') -> None\nFunctions:
-
read_chunk\u2013Read a chunk's metadata.
-
format_bin\u2013 -
print_no_arena_found_error\u2013 -
print_no_tcache_bins_found_error\u2013 -
heap\u2013Iteratively print chunks on a heap, default to the current thread's
-
hi\u2013 -
arena\u2013Print the contents of an arena, default to the current thread's arena.
-
arenas\u2013Lists this process's arenas.
-
tcache\u2013Print a thread's tcache contents, default to the current thread's
-
mp\u2013Print the mp_ struct's contents.
-
top_chunk\u2013Print relevant information about an arena's top chunk, default to the
-
malloc_chunk\u2013Print a malloc_chunk struct's contents.
-
bins\u2013Print the contents of all an arena's bins and a thread's tcache,
-
fastbins\u2013Print the contents of an arena's fastbins, default to the current
-
unsortedbin\u2013Print the contents of an arena's unsortedbin, default to the current
-
smallbins\u2013Print the contents of an arena's smallbins, default to the current
-
largebins\u2013Print the contents of an arena's largebins, default to the current
-
tcachebins\u2013Print the contents of a tcache, default to the current thread's tcache.
-
find_fake_fast\u2013Find candidate fake fast chunks overlapping the specified address.
-
vis_heap_chunks\u2013Visualize chunks on a heap, default to the current arena's active heap.
-
bin_ascii\u2013 -
bin_labels_mapping\u2013Returns all potential bin labels for all potential addresses
-
try_free\u2013 -
try_unlink\u2013 -
heap_config\u2013
Attributes:
-
group\u2013 -
VALID_CHARS\u2013 -
try_free_parser\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.VALID_CHARS","title":"VALID_CHARSgroup = add_mutually_exclusive_group()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free_parser","title":"try_free_parserVALID_CHARS = list(map(ord, set(printable) - set('\\t\\r\\n\\x0c\\x0b')))\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.parser","title":"parsertry_free_parser = ArgumentParser(\n description=\"Check what would happen if free was called with given address.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.read_chunk","title":"read_chunk","text":"parser = ArgumentParser(description='Shows heap related configuration.')\nread_chunk(addr: int) -> dict[str, int]\nRead a chunk's metadata.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.format_bin","title":"format_bin","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_arena_found_error","title":"print_no_arena_found_error","text":"format_bin(\n bins: Bins, verbose: bool = False, offset: int | None = None\n) -> list[str]\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_tcache_bins_found_error","title":"print_no_tcache_bins_found_error","text":"print_no_arena_found_error(tid=None) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.heap","title":"heap","text":"print_no_tcache_bins_found_error(tid: int | None = None) -> None\nheap(\n addr: int | None = None, verbose: bool = False, simple: bool = False\n) -> None\nIteratively print chunks on a heap, default to the current thread's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.hi","title":"hi","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arena","title":"arena","text":"hi(\n addr: int, verbose: bool = False, simple: bool = False, fake: bool = False\n) -> None\narena(addr: int | None = None) -> None\nPrint the contents of an arena, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arenas","title":"arenas","text":"arenas() -> None\nLists this process's arenas.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcache","title":"tcache","text":"tcache(addr: int | None = None) -> None\nPrint a thread's tcache contents, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.mp","title":"mp","text":"mp() -> None\nPrint the mp_ struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.top_chunk","title":"top_chunk","text":"top_chunk(addr: int | None = None) -> None\nPrint relevant information about an arena's top chunk, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.malloc_chunk","title":"malloc_chunk","text":"malloc_chunk(\n addr: int,\n fake: bool = False,\n verbose: bool = False,\n simple: bool = False,\n next: int = 0,\n dump: bool = False,\n) -> None\nPrint a malloc_chunk struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bins","title":"bins","text":"bins(addr: int | None = None, tcache_addr: int | None = None) -> None\nPrint the contents of all an arena's bins and a thread's tcache, default to the current thread's arena and tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.fastbins","title":"fastbins","text":"fastbins(addr: int | None = None, verbose: bool = False) -> None\nPrint the contents of an arena's fastbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.unsortedbin","title":"unsortedbin","text":"unsortedbin(addr: int | None = None, verbose: bool = False) -> None\nPrint the contents of an arena's unsortedbin, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.smallbins","title":"smallbins","text":"smallbins(addr: int | None = None, verbose: bool = False) -> None\nPrint the contents of an arena's smallbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.largebins","title":"largebins","text":"largebins(addr: int | None = None, verbose: bool = False) -> None\nPrint the contents of an arena's largebins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcachebins","title":"tcachebins","text":"tcachebins(addr: int | None = None, verbose: bool = False) -> None\nPrint the contents of a tcache, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.find_fake_fast","title":"find_fake_fast","text":"find_fake_fast(\n target_address: int,\n max_candidate_size: int | None = None,\n align: bool = False,\n glibc_fastbin_bug: bool = False,\n partial_overwrite: bool = False,\n) -> None\nFind candidate fake fast chunks overlapping the specified address.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.vis_heap_chunks","title":"vis_heap_chunks","text":"vis_heap_chunks(\n addr: int | None = None,\n count: int | None = None,\n beyond_top: bool = False,\n no_truncate: bool = False,\n all_chunks: bool = False,\n) -> None\nVisualize chunks on a heap, default to the current arena's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_ascii","title":"bin_ascii","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_labels_mapping","title":"bin_labels_mapping","text":"bin_ascii(bs)\nbin_labels_mapping(collections)\nReturns all potential bin labels for all potential addresses We precompute all of them because doing this on demand was too slow and inefficient See #1675 for more details
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free","title":"try_free","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_unlink","title":"try_unlink","text":"try_free(addr: str | int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.heap_config","title":"heap_config","text":"try_unlink(addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/","title":"pwndbg.commands.ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"heap_config(filter_pattern: str) -> None\nFunctions:
-
track_heap\u2013
Attributes:
-
parser\u2013 -
subparsers\u2013 -
enable\u2013 -
disable\u2013 -
toggle_break\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.subparsers","title":"subparsersparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Manages the heap tracker.\\n\\nThe heap tracker is a module that tracks usage of the GLibc heap and looks for\\nuser errors such as double frees and use after frees.\\n\\nCurrently, the following errors can be detected:\\n - Use After Free\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.enable","title":"enablesubparsers = add_subparsers(\n required=True,\n description=\"Used to enable, disable and query information about the tracker\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.disable","title":"disableenable = add_parser('enable', help='Enable heap tracking')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.toggle_break","title":"toggle_breakdisable = add_parser('disable', help='Disable heap tracking')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.track_heap","title":"track_heap","text":"toggle_break = add_parser(\n \"toggle-break\",\n help=\"Toggles whether possible UAF conditions will pause execution\",\n)\n
"},{"location":"reference/pwndbg/commands/radare2/","title":"pwndbg.commands.radare2","text":""},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2","title":"radare2","text":"track_heap(mode=None, use_hardware_breakpoints=False)\nFunctions:
-
r2\u2013 -
r2pipe\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2","title":"r2","text":"parser = ArgumentParser(\n description=\"Execute stateful radare2 commands through r2pipe.\",\n epilog=\"Example: r2pipe pdf sym.main\",\n)\n
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2pipe","title":"r2pipe","text":"r2(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/reload/","title":"pwndbg.commands.reload","text":""},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload","title":"reload","text":"r2pipe(arguments) -> None\nFunctions:
-
rreload\u2013Recursively reload modules.
-
reload\u2013 -
reinit_pwndbg\u2013Makes pwndbg reinitialize all state.
rreload(module, _exclude_mods=None) -> None\nRecursively reload modules. Impl based on https://stackoverflow.com/a/66661311/1508881
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reload","title":"reload","text":"
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reinit_pwndbg","title":"reinit_pwndbg","text":"reload(*a) -> None\nreinit_pwndbg() -> None\nMakes pwndbg reinitialize all state.
"},{"location":"reference/pwndbg/commands/retaddr/","title":"pwndbg.commands.retaddr","text":""},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr","title":"retaddr","text":"Functions:
-
retaddr\u2013 -
stack_explore\u2013
"},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr.stack_explore","title":"stack_explore","text":"retaddr() -> None\n
"},{"location":"reference/pwndbg/commands/rizin/","title":"pwndbg.commands.rizin","text":""},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin","title":"rizin","text":"stack_explore() -> None\nFunctions:
-
rz\u2013 -
rzpipe\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rz","title":"rz","text":"parser = ArgumentParser(\n description=\"Execute stateful rizin commands through rzpipe.\",\n epilog=\"Example: rzpipe pdf sym.main\",\n)\n
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rzpipe","title":"rzpipe","text":"rz(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/rop/","title":"pwndbg.commands.rop","text":""},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop","title":"rop","text":"rzpipe(arguments) -> None\nClasses:
-
RawMemoryBinary\u2013
Functions:
-
split_range_to_chunks\u2013 -
parse_size\u2013 -
iterate_over_pages\u2013 -
rop\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary","title":"RawMemoryBinary","text":"parser = ArgumentParser(\n description=\"Dump ROP gadgets with Jon Salwan's ROPgadget tool.\",\n epilog=\"Example: rop --grep 'pop rdi' -- --nojop\",\n)\nRawMemoryBinary(options, start_addr: int)\nBases:
objectMethods:
-
getBinary\u2013 -
getFileName\u2013 -
getRawBinary\u2013 -
getEntryPoint\u2013 -
getExecSections\u2013 -
getDataSections\u2013 -
getArch\u2013 -
getArchMode\u2013 -
getEndian\u2013 -
getFormat\u2013
Attributes:
-
start_addr\u2013 -
cs\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__fileName","title":"__fileNamestart_addr = start_addr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.cs","title":"cs__fileName = binary\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__rawBinary","title":"__rawBinarycs = get_disassembler(pc)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getBinary","title":"getBinary","text":"__rawBinary = read()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFileName","title":"getFileName","text":"getBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getRawBinary","title":"getRawBinary","text":"getFileName()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEntryPoint","title":"getEntryPoint","text":"getRawBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getExecSections","title":"getExecSections","text":"getEntryPoint()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getDataSections","title":"getDataSections","text":"getExecSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArch","title":"getArch","text":"getDataSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArchMode","title":"getArchMode","text":"getArch()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEndian","title":"getEndian","text":"getArchMode()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFormat","title":"getFormat","text":"getEndian()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.split_range_to_chunks","title":"split_range_to_chunks","text":"getFormat()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.parse_size","title":"parse_size","text":"split_range_to_chunks(\n range_start: int, range_end: int, chunk_size: int = 10 * 1024 * 1024\n) -> Iterator[tuple[int, int, int, int]]\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.iterate_over_pages","title":"iterate_over_pages","text":"parse_size(size_str: str) -> int\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.rop","title":"rop","text":"iterate_over_pages(mem_limit: int) -> Iterator[tuple[str, Page | None]]\n
"},{"location":"reference/pwndbg/commands/ropper/","title":"pwndbg.commands.ropper","text":""},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper","title":"ropper","text":"rop(grep: str | None, memlimit: str, argument: list[str]) -> None\nFunctions:
-
ropper\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper.ropper","title":"ropper","text":"parser = ArgumentParser(\n description=\"ROP gadget search with ropper.\",\n epilog=\"Example: ropper -- --console; ropper -- --search 'mov e?x'\",\n)\n
"},{"location":"reference/pwndbg/commands/search/","title":"pwndbg.commands.search","text":""},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search","title":"search","text":"ropper(argument) -> None\nFunctions:
-
print_search_hit\u2013Prints out a single search hit.
-
search\u2013
Attributes:
-
saved(set[int]) \u2013 -
auto_save\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.auto_save","title":"auto_savesaved: set[int] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.parser","title":"parserauto_save = add_param(\n \"auto-save-search\", False, 'automatically pass --save to \"search\" command'\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.print_search_hit","title":"print_search_hit","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Search memory for byte sequences, strings, pointers, and integer values.\\n\\nBy default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.\\n\\n\",\n)\nprint_search_hit(address: int) -> None\nPrints out a single search hit.
Parameters:
-
address(int) \u2013Address to print
"},{"location":"reference/pwndbg/commands/segments/","title":"pwndbg.commands.segments","text":""},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments","title":"segments","text":"search(\n type,\n arch,\n asmbp,\n hex,\n executable,\n writable,\n step,\n limit,\n aligned,\n value,\n mapping_name,\n save,\n next,\n trunc_out,\n) -> None\nClasses:
-
segment\u2013Get the flat address of memory based off of the named segment register.
Functions:
-
fsbase\u2013Prints out the FS base address. See also $fsbase.
-
gsbase\u2013Prints out the GS base address. See also $gsbase.
segment(name: str)\nBases:
FunctionGet the flat address of memory based off of the named segment register.
Methods:
-
invoke\u2013
Attributes:
-
name\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.segment.invoke","title":"invoke","text":"name = name\n
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.fsbase","title":"fsbase","text":"invoke(arg: Value = Value(0), *args: Value) -> int\nfsbase() -> None\nPrints out the FS base address. See also $fsbase.
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.gsbase","title":"gsbase","text":"gsbase() -> None\nPrints out the GS base address. See also $gsbase.
"},{"location":"reference/pwndbg/commands/shell/","title":"pwndbg.commands.shell","text":""},{"location":"reference/pwndbg/commands/shell/#pwndbg.commands.shell","title":"shell","text":"Wrapper for shell commands.
Functions:
-
register_shell_function\u2013
Attributes:
-
pwncmd_names\u2013 -
shellcmd_names\u2013 -
pwncmds\u2013 -
shellcmds\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/shell/#pwndbg.commands.shell.shellcmd_names","title":"shellcmd_namespwncmd_names = ['constgrep', 'disasm', 'pwn', 'unhex']\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/shell/#pwndbg.commands.shell.pwncmds","title":"pwncmdsshellcmd_names = [\n \"awk\",\n \"bash\",\n \"cat\",\n \"chattr\",\n \"chmod\",\n \"chown\",\n \"cp\",\n \"date\",\n \"diff\",\n \"egrep\",\n \"grep\",\n \"htop\",\n \"id\",\n \"less\",\n \"ls\",\n \"man\",\n \"mkdir\",\n \"mktemp\",\n \"more\",\n \"mv\",\n \"nano\",\n \"nc\",\n \"ping\",\n \"pkill\",\n \"ps\",\n \"pstree\",\n \"pwd\",\n \"rm\",\n \"sed\",\n \"sh\",\n \"sort\",\n \"ssh\",\n \"sudo\",\n \"tail\",\n \"top\",\n \"touch\",\n \"uniq\",\n \"vi\",\n \"vim\",\n \"w\",\n \"wget\",\n \"who\",\n \"whoami\",\n \"zsh\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/shell/#pwndbg.commands.shell.shellcmds","title":"shellcmdspwncmds = list(filter(which, pwncmd_names))\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/shell/#pwndbg.commands.shell.register_shell_function","title":"register_shell_function","text":"shellcmds = list(filter(which, shellcmd_names))\n
"},{"location":"reference/pwndbg/commands/sigreturn/","title":"pwndbg.commands.sigreturn","text":""},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn","title":"sigreturn","text":"register_shell_function(cmd, deprecated=False) -> None\nFunctions:
-
sigreturn\u2013 -
print_value\u2013
Attributes:
-
SIGRETURN_FRAME_LAYOUTS(dict[str, list[tuple[int, str]]]) \u2013 -
SIGRETURN_CORE_REGISTER(dict[str, set[str]]) \u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.SIGRETURN_CORE_REGISTER","title":"SIGRETURN_CORE_REGISTERSIGRETURN_FRAME_LAYOUTS: dict[str, list[tuple[int, str]]] = {\n \"x86-64\": sorted([(-8, \"&pretcode\")] + list(items())),\n \"i386\": sorted(items()),\n \"aarch64\": sorted(items()),\n \"arm\": sorted(items()),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.parser","title":"parserSIGRETURN_CORE_REGISTER: dict[str, set[str]] = {\n \"x86-64\": {*gpr, frame, stack, pc},\n \"i386\": {*gpr, frame, stack, pc},\n \"aarch64\": {*gpr, \"sp\", \"pc\"},\n \"arm\": {*gpr, \"fp\", \"ip\", \"sp\", \"lr\", \"pc\"},\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.sigreturn","title":"sigreturn","text":"parser = ArgumentParser(\n description=\"Display the SigreturnFrame at the specific address\"\n)\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.print_value","title":"print_value","text":"sigreturn(address: int = None, display_all=False, print_address=False) -> None\n
"},{"location":"reference/pwndbg/commands/slab/","title":"pwndbg.commands.slab","text":""},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab","title":"slab","text":"print_value(string: str, address: int, print_address) -> None\nCommands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
Some of the code here was inspired from NeatMonster/slabdbg Some of the code here was inspired from osandov/drgn
Classes:
-
IndentContextManager\u2013
Functions:
-
slab\u2013 -
print_slab\u2013 -
print_cpu_cache\u2013 -
print_node_cache\u2013 -
slab_info\u2013 -
slab_list\u2013 -
slab_contains\u2013prints the slab_cache associated with the provided address
Attributes:
-
parser\u2013 -
subparsers\u2013 -
parser_list\u2013 -
parser_info\u2013 -
parser_contains\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.subparsers","title":"subparsersparser = ArgumentParser(\n description=\"Prints information about the slab allocator\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_list","title":"parser_listsubparsers = add_subparsers(dest='command')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_info","title":"parser_infoparser_list = add_parser('list', prog='slab list')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_contains","title":"parser_containsparser_info = add_parser('info', prog='slab info')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.IndentContextManager","title":"IndentContextManager","text":"parser_contains = add_parser('contains', prog='slab contains')\nIndentContextManager()\nMethods:
-
__enter__\u2013 -
__exit__\u2013 -
print\u2013
Attributes:
-
indent\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.IndentContextManager.__enter__","title":"__enter__","text":"indent = 0\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.IndentContextManager.__exit__","title":"__exit__","text":"__enter__() -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.IndentContextManager.print","title":"print","text":"__exit__(\n exc_type: type[BaseException] | None,\n exc_value: BaseException | None,\n exc_tb: TracebackType | None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab","title":"slab","text":"print(*a, **kw) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_slab","title":"print_slab","text":"slab(command, filter_=None, names=None, verbose=False, addresses=None) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_cpu_cache","title":"print_cpu_cache","text":"print_slab(slab: Slab, indent, verbose: bool) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_node_cache","title":"print_node_cache","text":"print_cpu_cache(cpu_cache: CpuCache, verbose: bool, indent) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_info","title":"slab_info","text":"print_node_cache(node_cache: NodeCache, verbose: bool, indent) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_list","title":"slab_list","text":"slab_info(name: str, verbose: bool) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_contains","title":"slab_contains","text":"slab_list(filter_) -> None\nslab_contains(address: str) -> None\nprints the slab_cache associated with the provided address
"},{"location":"reference/pwndbg/commands/spray/","title":"pwndbg.commands.spray","text":""},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray","title":"spray","text":"Functions:
-
spray\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray.spray","title":"spray","text":"parser = ArgumentParser(\n description=\"Spray memory with cyclic() generated values\"\n)\n
"},{"location":"reference/pwndbg/commands/start/","title":"pwndbg.commands.start","text":""},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start","title":"start","text":"spray(addr, length, value, only_funcptrs) -> None\nLaunches the target process after setting a breakpoint at a convenient entry point.
Functions:
-
breakpoint_at_entry\u2013 -
start\u2013 -
entry\u2013 -
sstart\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.breakpoint_at_entry","title":"breakpoint_at_entry","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description='\\nStart the debugged program stopping at its entrypoint address.\\n\\nNote that the entrypoint may not be the first instruction executed\\nby the program. If you want to stop on the first executed instruction,\\nuse the GDB\\'s `starti` command.\\n\\nArgs may include \"*\", or \"[...]\"; they are expanded using the\\nshell that will start the program (specified by the \"$SHELL\" environment\\nvariable). Input and output redirection with \">\", \"<\", or \">>\"\\nare also allowed.\\n\\nWith no arguments, uses arguments last specified (with \"run\" or\\n\"set args\"). To cancel previous arguments and run with no arguments,\\nuse \"set args\" without arguments.\\n\\nTo start the inferior without using a shell, use \"set startup-with-shell off\".\\n',\n)\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.start","title":"start","text":"breakpoint_at_entry()\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.entry","title":"entry","text":"start(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.sstart","title":"sstart","text":"entry(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/strings/","title":"pwndbg.commands.strings","text":""},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings","title":"strings","text":"sstart() -> None\nFunctions:
-
strings\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings.strings","title":"strings","text":"parser = ArgumentParser(\n description=\"Extracts and displays ASCII strings from readable memory pages of the debugged process.\"\n)\n
"},{"location":"reference/pwndbg/commands/telescope/","title":"pwndbg.commands.telescope","text":""},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope","title":"telescope","text":"strings(n: int = 4, page_names: list[str] = [], save_as: str = None)\nPrints out pointer chains starting at some address in memory.
Generally used to print out the stack or register values.
Functions:
-
telescope\u2013Recursively dereferences pointers starting at the specified address
-
regs_or_frame_offset\u2013 -
stack\u2013 -
stackf\u2013
Attributes:
-
telescope_lines\u2013 -
skip_repeating_values\u2013 -
skip_repeating_values_minimum\u2013 -
print_framepointer_offset\u2013 -
print_retaddr_in_frame\u2013 -
dont_skip_registers\u2013 -
offset_separator\u2013 -
offset_delimiter\u2013 -
repeating_marker\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values","title":"skip_repeating_valuestelescope_lines = add_param(\n \"telescope-lines\", 8, \"number of lines to printed by the telescope command\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values_minimum","title":"skip_repeating_values_minimumskip_repeating_values = add_param(\n \"telescope-skip-repeating-val\",\n True,\n \"whether to skip repeating values of the telescope command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_framepointer_offset","title":"print_framepointer_offsetskip_repeating_values_minimum = add_param(\n \"telescope-skip-repeating-val-min\",\n 3,\n \"minimum amount of repeated values before skipping lines\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_retaddr_in_frame","title":"print_retaddr_in_frameprint_framepointer_offset = add_param(\n \"telescope-framepointer-offset\",\n True,\n \"print offset to framepointer for each address, if sufficiently small\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.dont_skip_registers","title":"dont_skip_registersprint_retaddr_in_frame = add_param(\n \"telescope-frame-print-retaddr\",\n True,\n \"print one pointer past the stack frame\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_separator","title":"offset_separatordont_skip_registers = add_param(\n \"telescope-dont-skip-registers\",\n True,\n \"don't skip a repeated line if a registers points to it\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_delimiter","title":"offset_delimiteroffset_separator = add_param(\n \"telescope-offset-separator\",\n \"\u2502\",\n \"offset separator of the telescope command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.repeating_marker","title":"repeating_markeroffset_delimiter = add_param(\n \"telescope-offset-delimiter\",\n \":\",\n \"offset delimiter of the telescope command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.parser","title":"parserrepeating_marker = add_param(\n \"telescope-repeating-marker\",\n \"... \u2193\",\n \"repeating values marker of the telescope command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.telescope","title":"telescope","text":"parser = ArgumentParser(\n description=\"Dereferences on stack data, printing the entire stack frame with specified count and offset .\"\n)\ntelescope(\n address=None,\n count=telescope_lines,\n to_string=False,\n reverse=False,\n frame=False,\n inverse=False,\n)\nRecursively dereferences pointers starting at the specified address ($sp by default)
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.regs_or_frame_offset","title":"regs_or_frame_offset","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stack","title":"stack","text":"regs_or_frame_offset(\n addr: int, bp: int | None, regs: dict[int, str], longest_regs: int\n) -> str\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stackf","title":"stackf","text":"stack(count, offset, frame, inverse) -> None\n
"},{"location":"reference/pwndbg/commands/tips/","title":"pwndbg.commands.tips","text":""},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips","title":"tips","text":"stackf(count, offset) -> None\nFunctions:
-
tips\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips.tips","title":"tips","text":"parser = ArgumentParser(description='Shows tips.')\n
"},{"location":"reference/pwndbg/commands/tls/","title":"pwndbg.commands.tls","text":""},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls","title":"tls","text":"tips(all: bool) -> None\nCommand to print the information of the current Thread Local Storage (TLS).
Functions:
-
tls\u2013 -
threads\u2013
Attributes:
-
parser\u2013 -
group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.group","title":"groupparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"List all threads belonging to the selected inferior.\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.tls","title":"tls","text":"group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.threads","title":"threads","text":"tls(pthread_self=False, all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/valist/","title":"pwndbg.commands.valist","text":""},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist","title":"valist","text":"threads(num_threads, respect_config) -> None\nFunctions:
-
valist\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist.valist","title":"valist","text":"parser = ArgumentParser(description='Dumps the arguments of a va_list.')\n
"},{"location":"reference/pwndbg/commands/version/","title":"pwndbg.commands.version","text":""},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version","title":"version","text":"valist(addr: int, count: int) -> None\nImplements version and bugreport commands.
Functions:
-
os_info\u2013 -
module_version\u2013 -
debugger_version\u2013 -
all_versions\u2013 -
get_target_arch\u2013 -
get_terminal_size\u2013 -
version_impl\u2013Implementation of the
versioncommand. -
version\u2013 -
bugreport\u2013 -
get_debugger_configuration\u2013 -
get_debugger_session_history\u2013
Attributes:
-
bugreport_parser\u2013 -
bugreport_group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport_group","title":"bugreport_groupbugreport_parser = ArgumentParser(description='Generate a bug report.')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.os_info","title":"os_info","text":"bugreport_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.module_version","title":"module_version","text":"os_info()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.debugger_version","title":"debugger_version","text":"module_version(module)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.all_versions","title":"all_versions","text":"debugger_version()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_target_arch","title":"get_target_arch","text":"all_versions()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_terminal_size","title":"get_terminal_size","text":"get_target_arch()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version_impl","title":"version_impl","text":"get_terminal_size()\nversion_impl() -> None\nImplementation of the
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version","title":"version","text":"versioncommand.
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport","title":"bugreport","text":"version() -> None\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_configuration","title":"get_debugger_configuration","text":"bugreport(run_browser=False, use_gh=False)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_session_history","title":"get_debugger_session_history","text":"get_debugger_configuration()\n
"},{"location":"reference/pwndbg/commands/vmmap/","title":"pwndbg.commands.vmmap","text":""},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap","title":"vmmap","text":"get_debugger_session_history()\nCommand to print the virtual memory map a la /proc/self/maps.
Functions:
-
pages_filter\u2013 -
print_vmmap_table_header\u2013Prints the table header for the vmmap command.
-
print_vmmap_gaps_table_header\u2013Prints the table header for the vmmap --gaps command.
-
calculate_total_memory\u2013 -
gap_text\u2013 -
print_map\u2013 -
print_adjacent_map\u2013 -
print_guard\u2013 -
print_gap\u2013 -
print_vmmap_gaps\u2013Indicates the size of adjacent memory regions and unmapped gaps between them in process memory
-
vmmap\u2013 -
vmmap_add\u2013 -
vmmap_explore\u2013 -
vmmap_clear\u2013 -
vmmap_load\u2013
Attributes:
-
integer_types\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.parser","title":"parserinteger_types = (int, Value)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.pages_filter","title":"pages_filter","text":"parser = ArgumentParser(\n description=\"Load virtual memory map pages from ELF file.\"\n)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_table_header","title":"print_vmmap_table_header","text":"pages_filter(gdbval_or_str)\nprint_vmmap_table_header() -> None\nPrints the table header for the vmmap command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps_table_header","title":"print_vmmap_gaps_table_header","text":"print_vmmap_gaps_table_header() -> None\nPrints the table header for the vmmap --gaps command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.calculate_total_memory","title":"calculate_total_memory","text":"
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.gap_text","title":"gap_text","text":"calculate_total_memory(pages: tuple[Page, ...]) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_map","title":"print_map","text":"gap_text(page: Page) -> str\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_adjacent_map","title":"print_adjacent_map","text":"print_map(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_guard","title":"print_guard","text":"print_adjacent_map(map_start: Page, map_end: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_gap","title":"print_gap","text":"print_guard(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps","title":"print_vmmap_gaps","text":"print_gap(current: Page, last_map: Page)\nprint_vmmap_gaps(pages: tuple[Page, ...]) -> None\nIndicates the size of adjacent memory regions and unmapped gaps between them in process memory
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap","title":"vmmap","text":"
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_add","title":"vmmap_add","text":"vmmap(\n gdbval_or_str=None,\n writable=False,\n executable=False,\n lines_after=1,\n lines_before=1,\n context=None,\n gaps=False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_explore","title":"vmmap_explore","text":"vmmap_add(start: int, size: int, flags: str, offset: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_clear","title":"vmmap_clear","text":"vmmap_explore(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_load","title":"vmmap_load","text":"vmmap_clear() -> None\n
"},{"location":"reference/pwndbg/commands/windbg/","title":"pwndbg.commands.windbg","text":""},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg","title":"windbg","text":"vmmap_load(filename) -> None\nCompatibility functionality for Windbg users.
Functions:
-
enhex\u2013 -
db\u2013Starting at the specified address, dump N bytes
-
dw\u2013Starting at the specified address, dump N words
-
dd\u2013Starting at the specified address, dump N dwords
-
dq\u2013Starting at the specified address, dump N qwords
-
dc\u2013 -
dX\u2013Traditionally, windbg will display 16 bytes of data per line.
-
eb\u2013Write hex bytes at the specified address.
-
ew\u2013Write hex words at the specified address.
-
ed\u2013Write hex dwords at the specified address.
-
eq\u2013Write hex qwords at the specified address.
-
ez\u2013Write a character at the specified address.
-
eza\u2013Write a string at the specified address.
-
eX\u2013This relies on windbg's default hex encoding being enforced
-
dds\u2013Dump pointers and symbols at the specified address.
-
da\u2013 -
ds\u2013 -
bl\u2013List breakpoints
-
bd\u2013Disable the breakpoint with the specified index.
-
be\u2013Enable the breakpoint with the specified index.
-
bc\u2013Clear the breakpoint with the specified index.
-
bp\u2013 -
k\u2013Print a backtrace (alias 'bt')
-
go\u2013Windbg compatibility alias for 'continue' command.
-
ln\u2013List the symbols nearest to the provided value.
-
peb\u2013 -
pc\u2013Windbg compatibility alias for 'nextcall' command.
Attributes:
-
da_parser\u2013 -
ds_parser\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds_parser","title":"ds_parserda_parser = ArgumentParser(\n description=\"Dump a string at the specified address.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.parser","title":"parserds_parser = ArgumentParser(\n description=\"Dump a string at the specified address.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.enhex","title":"enhex","text":"parser = ArgumentParser(\n description=\"List the symbols nearest to the provided value.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.db","title":"db","text":"enhex(size, value)\ndb(address, count=64)\nStarting at the specified address, dump N bytes (default 64).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dw","title":"dw","text":"dw(address, count=32)\nStarting at the specified address, dump N words (default 32).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dd","title":"dd","text":"dd(address, count=16)\nStarting at the specified address, dump N dwords (default 16).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dq","title":"dq","text":"dq(address, count=8)\nStarting at the specified address, dump N qwords (default 8).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dc","title":"dc","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dX","title":"dX","text":"dc(address, count=8)\ndX(size, address, count, to_string=False, repeat=False)\nTraditionally, windbg will display 16 bytes of data per line.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eb","title":"eb","text":"eb(address, data)\nWrite hex bytes at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ew","title":"ew","text":"ew(address, data)\nWrite hex words at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ed","title":"ed","text":"ed(address, data)\nWrite hex dwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eq","title":"eq","text":"eq(address, data)\nWrite hex qwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ez","title":"ez","text":"ez(address, data)\nWrite a character at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eza","title":"eza","text":"eza(address, data)\nWrite a string at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eX","title":"eX","text":"eX(size, address, data, hex=True) -> None\nThis relies on windbg's default hex encoding being enforced
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dds","title":"dds","text":"dds(addr)\nDump pointers and symbols at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.da","title":"da","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds","title":"ds","text":"da(address, max) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bl","title":"bl","text":"ds(address, max) -> None\nbl() -> None\nList breakpoints
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bd","title":"bd","text":"bd(which='*') -> None\nDisable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.be","title":"be","text":"be(which='*') -> None\nEnable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bc","title":"bc","text":"bc(which='*') -> None\nClear the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bp","title":"bp","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.k","title":"k","text":"bp(where) -> None\nk() -> None\nPrint a backtrace (alias 'bt')
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.go","title":"go","text":"go() -> None\nWindbg compatibility alias for 'continue' command.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ln","title":"ln","text":"ln(value: int = None) -> None\nList the symbols nearest to the provided value.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.peb","title":"peb","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.pc","title":"pc","text":"peb() -> None\npc()\nWindbg compatibility alias for 'nextcall' command.
"},{"location":"reference/pwndbg/commands/xinfo/","title":"pwndbg.commands.xinfo","text":""},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo","title":"xinfo","text":"Functions:
-
print_line\u2013 -
xinfo_stack\u2013 -
xinfo_mmap_file\u2013 -
xinfo_default\u2013 -
xinfo\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.print_line","title":"print_line","text":"parser = ArgumentParser(\n description=\"Shows offsets of the specified address from various useful locations.\"\n)\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_stack","title":"xinfo_stack","text":"print_line(name, addr, first, second, op, width=20) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_mmap_file","title":"xinfo_mmap_file","text":"xinfo_stack(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_default","title":"xinfo_default","text":"xinfo_mmap_file(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo","title":"xinfo","text":"xinfo_default(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xor/","title":"pwndbg.commands.xor","text":""},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor","title":"xor","text":"xinfo(address=None) -> None\nFunctions:
-
xor_memory\u2013Helper function for xorring memory in gdb
-
xor\u2013 -
memfrob\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor_memory","title":"xor_memory","text":"parser = ArgumentParser(\n description=\"Memfrobs a region of memory (xor with '*').\"\n)\nxor_memory(address, key, count)\nHelper function for xorring memory in gdb
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor","title":"xor","text":"
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.memfrob","title":"memfrob","text":"xor(address, key, count) -> None\n
"},{"location":"reference/pwndbg/dbg/","title":"pwndbg.dbg","text":""},{"location":"reference/pwndbg/dbg/#pwndbg.dbg","title":"dbg","text":"memfrob(address, count)\nThe abstracted debugger interface.
Modules:
-
gdb\u2013 -
lldb\u2013
Classes:
-
Error\u2013 -
DisassembledInstruction\u2013 -
DebuggerType\u2013 -
Arch\u2013The definition of an architecture.
-
StopPoint\u2013The handle to either an insalled breakpoint or watchpoint.
-
BreakpointLocation\u2013This is the location specification for a breakpoint.
-
WatchpointLocation\u2013This is the location specification for a watchpoint.
-
Registers\u2013A handle to the register values in a frame.
-
SymbolLookupType\u2013Enum representing types of symbol lookups for filtering symbol searches.
-
Frame\u2013 -
Thread\u2013 -
MemoryMap\u2013A wrapper around a sequence of memory ranges
-
ExecutionController\u2013 -
Process\u2013 -
TypeCode\u2013Broad categories of types.
-
TypeField\u2013The fields in a structured type.
-
Type\u2013Class representing a type in the context of an inferior process.
-
Value\u2013Class representing a value in the context of an inferior process.
-
CommandHandle\u2013An opaque handle to an installed command.
-
EventType\u2013Events that can be listened for and reacted to in a debugger.
-
Debugger\u2013The base class representing a debugger.
Functions:
-
selection\u2013Debuggers have global state. Many of our queries require that we select a
Attributes:
-
dbg(Debugger) \u2013 -
T\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.T","title":"Tdbg: Debugger = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Error","title":"Error","text":"T = TypeVar('T')\nBases:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction","title":"DisassembledInstruction","text":"ExceptionBases:
TypedDictAttributes:
-
addr(int) \u2013 -
asm(str) \u2013 -
length(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.asm","title":"asmaddr: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.length","title":"lengthasm: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType","title":"DebuggerType","text":"length: int\nBases:
EnumAttributes:
-
GDB\u2013 -
LLDB\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType.LLDB","title":"LLDBGDB = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Arch","title":"Arch","text":"LLDB = 2\nThe definition of an architecture.
Attributes:
-
endian(Literal['little', 'big']) \u2013Wether code in this module is little or big.
-
name(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013Name of the architecture.
-
ptrsize(int) \u2013Length of the pointer in this module.
property","text":"endian: Literal['little', 'big']\nWether code in this module is little or big.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Arch.name","title":"nameproperty","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\nName of the architecture.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Arch.ptrsize","title":"ptrsizeproperty","text":"ptrsize: int\nLength of the pointer in this module.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint","title":"StopPoint","text":"The handle to either an insalled breakpoint or watchpoint.
May be used in a
withstatement, in which case the stop point is automatically removed at the end of the statement. This allows for easy implementation of temporary breakpoints.Methods:
-
remove\u2013Removes the breakpoint associated with this handle.
-
set_enabled\u2013Enables or disables this breakpoint.
-
__enter__\u2013 -
__exit__\u2013Automatic breakpoint removal.
remove() -> None\nRemoves the breakpoint associated with this handle.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.set_enabled","title":"set_enabled","text":"set_enabled(enabled: bool) -> None\nEnables or disables this breakpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__enter__","title":"__enter__","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__exit__","title":"__exit__","text":"__enter__() -> StopPoint\n__exit__(exc_type, exc_value, traceback) -> None\nAutomatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation","title":"BreakpointLocation","text":"BreakpointLocation(address: int)\nThis is the location specification for a breakpoint.
Methods:
-
__eq__\u2013
Attributes:
-
address(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation.__eq__","title":"__eq__","text":"address: int = address\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation","title":"WatchpointLocation","text":"__eq__(other: object) -> bool\nWatchpointLocation(\n address: int, size: int, watch_read: bool, watch_write: bool\n)\nThis is the location specification for a watchpoint.
Attributes:
-
address(int) \u2013 -
size(int) \u2013 -
watch_read(bool) \u2013 -
watch_write(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.size","title":"sizeaddress: int = address\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_read","title":"watch_readsize: int = size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_write","title":"watch_writewatch_read: bool = watch_read\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Registers","title":"Registers","text":"watch_write: bool = watch_write\nA handle to the register values in a frame.
Methods:
-
by_name\u2013Gets the value of a register if it exists, None otherwise.
by_name(name: str) -> Value | None\nGets the value of a register if it exists, None otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType","title":"SymbolLookupType","text":"Bases:
EnumEnum representing types of symbol lookups for filtering symbol searches.
Attributes: - ANY: Represents searching for any symbol type (default). - FUNCTION: Represents searching specifically for function symbols. - VARIABLE: Represents searching specifically for variable symbols.
Attributes:
-
ANY\u2013 -
FUNCTION\u2013 -
VARIABLE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.FUNCTION","title":"FUNCTIONANY = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.VARIABLE","title":"VARIABLEFUNCTION = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame","title":"Frame","text":"VARIABLE = 3\nMethods:
-
lookup_symbol\u2013Looks up and returns the address of a symbol in current frame by its name.
-
evaluate_expression\u2013Evaluate the given expression in the context of this frame, and
-
regs\u2013Access the values of the registers in this frame.
-
reg_write\u2013Sets the value of the register with the given name to the given value.
-
pc\u2013The value of the program counter for this frame.
-
sp\u2013The value of the stack pointer for this frame.
-
parent\u2013The parent frame of this frame, if it exists.
-
child\u2013The child frame of this frame, if it exists.
-
sal\u2013The filename of the source code file associated with this frame, and the
-
__eq__\u2013Whether this frame is the same as the given frame. Two frames are the
lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\nLooks up and returns the address of a symbol in current frame by its name.
Parameters: - name (str): The name of the symbol to look up. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults to SymbolLookupType.ANY.
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
Raises: - pwndbg.dbg_mod.Error: If symbol name contains invalid characters
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\nEvaluate the given expression in the context of this frame, and return a
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression--lock_scheduler","title":"Value.lock_scheduler","text":"Additionally, callers of this function might specify that they want to enable scheduler locking during the evaluation of this expression. This is a GDB-only option, and is intended for cases in which the result would be incorrect without it enabled, when running in GDB. Other debuggers should ignore this parameter.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.regs","title":"regs","text":"regs() -> Registers\nAccess the values of the registers in this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.reg_write","title":"reg_write","text":"reg_write(name: str, val: int) -> bool\nSets the value of the register with the given name to the given value. Returns true if the register exists, false othewise. Throws an exception if the register exists but cannot be written to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.pc","title":"pc","text":"pc() -> int\nThe value of the program counter for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sp","title":"sp","text":"sp() -> int\nThe value of the stack pointer for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.parent","title":"parent","text":"parent() -> Frame | None\nThe parent frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.child","title":"child","text":"child() -> Frame | None\nThe child frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sal","title":"sal","text":"sal() -> tuple[str, int] | None\nThe filename of the source code file associated with this frame, and the line number associated with it, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\nWhether this frame is the same as the given frame. Two frames are the same if they point to the same stack frame and have the same execution context.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread","title":"Thread","text":"Methods:
-
bottom_frame\u2013Frame at the bottom of the call stack for this thread.
-
ptid\u2013The PTID of this thread, if available.
-
index\u2013The unique index of this thread from the perspective of the debugger.
bottom_frame() -> Iterator[Frame]\nFrame at the bottom of the call stack for this thread.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.ptid","title":"ptid","text":"ptid() -> int | None\nThe PTID of this thread, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.index","title":"index","text":"index() -> int\nThe unique index of this thread from the perspective of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap","title":"MemoryMap","text":"A wrapper around a sequence of memory ranges
Methods:
-
is_qemu\u2013Returns whether this memory map was generated from a QEMU target.
-
ranges\u2013Returns all ranges in this memory map.
is_qemu() -> bool\nReturns whether this memory map was generated from a QEMU target.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.ranges","title":"ranges","text":"ranges() -> Sequence[Page]\nReturns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController","title":"ExecutionController","text":"Methods:
-
single_step\u2013Steps to the next instruction.
-
cont\u2013Continues execution until the given breakpoint or whatchpoint is hit.
single_step() -> Awaitable[None]\nSteps to the next instruction.
Throws
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.cont","title":"cont","text":"CancelledErrorif a breakpoint or watchpoint is hit, the program exits, or if any other unexpected event that diverts execution happens while fulfulling the step.cont(until: StopPoint) -> Awaitable[None]\nContinues execution until the given breakpoint or whatchpoint is hit.
Throws
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process","title":"Process","text":"CancelledErrorif a breakpoint or watchpoint is hit that is not the one given inuntil, the program exits, or if any other unexpected event happens.Methods:
-
threads\u2013Returns a list containing the threads in this process.
-
pid\u2013Returns the process ID of this process if it is alive.
-
alive\u2013Returns whether this process is alive.
-
stopped_with_signal\u2013Returns whether this process was stopped by a signal.
-
evaluate_expression\u2013Evaluate the given expression in the context of the current process, and
-
vmmap\u2013Returns the virtual memory map of this process.
-
read_memory\u2013Reads the requested number of bytes from the address given in the memory
-
write_memory\u2013Writes as many bytes from the given data buffer as possible into the
-
find_in_memory\u2013Searches for a bit pattern in the memory space of the process. The bit
-
is_remote\u2013Returns whether this process is a remote process connected to using the
-
send_remote\u2013Sends the given packet to the GDB remote debugging protocol server.
-
send_monitor\u2013Sends the given monitor command to the GDB remote debugging protocol
-
download_remote_file\u2013Downloads the given file from the remote host and saves it to the local
-
create_value\u2013Create a new value in the context of this process, with the given value
-
symbol_name_at_address\u2013Returns the name of the symbol at the given address in the program, if
-
lookup_symbol\u2013Looks up and returns the address of a symbol by its name.
-
types_with_name\u2013Returns a list of all types in this process that match the given name.
-
arch\u2013The default architecture of this process.
-
break_at\u2013Install a breakpoint or watchpoint at the given location.
-
is_linux\u2013Returns whether the current ABI is GNU/Linux.
-
disasm\u2013Returns the disassembled instruction at the given address in the address
-
module_section_locations\u2013Return a list of (address, size, section_name, module_name) tuples for
-
main_module_name\u2013Returns the name of the main module.
-
main_module_entry\u2013Returns the entry point of the main module.
-
is_dynamically_linked\u2013Returns whether this process makes use of dynamically linked libraries.
-
dispatch_execution_controller\u2013Queues up the given execution controller-based coroutine for execution,
threads() -> list[Thread]\nReturns a list containing the threads in this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.pid","title":"pid","text":"pid() -> int | None\nReturns the process ID of this process if it is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.alive","title":"alive","text":"alive() -> bool\nReturns whether this process is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.stopped_with_signal","title":"stopped_with_signal","text":"stopped_with_signal() -> bool\nReturns whether this process was stopped by a signal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str) -> Value\nEvaluate the given expression in the context of the current process, and return a
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.vmmap","title":"vmmap","text":"Value.vmmap() -> MemoryMap\nReturns the virtual memory map of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.read_memory","title":"read_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\nReads the requested number of bytes from the address given in the memory space of this process. Will read as many bytes as possible starting at that location, and returns how many were read.
Throws an exception if reading fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.write_memory","title":"write_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\nWrites as many bytes from the given data buffer as possible into the given address in the memory space of this process.
Throws an exception if writing fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.find_in_memory","title":"find_in_memory","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\nSearches for a bit pattern in the memory space of the process. The bit pattern can be searched for in a given memory range, and with a given alignment. The maximum number of matches that will be generated is given by
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_remote","title":"is_remote","text":"max_matches. A value ofmax_matchesof-1will generate all matches.is_remote() -> bool\nReturns whether this process is a remote process connected to using the GDB remote debugging protocol.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_remote","title":"send_remote","text":"send_remote(packet: str) -> bytes\nSends the given packet to the GDB remote debugging protocol server. Should only be called if
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_monitor","title":"send_monitor","text":"is_remote()is true.send_monitor(cmd: str) -> str\nSends the given monitor command to the GDB remote debugging protocol server. Should only be called if
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.download_remote_file","title":"download_remote_file","text":"is_remote()is true.download_remote_file(remote_path: str, local_path: str) -> None\nDownloads the given file from the remote host and saves it to the local given path. Should only be called if
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.create_value","title":"create_value","text":"is_remote()is true.create_value(value: int, type: Type | None = None) -> Value\nCreate a new value in the context of this process, with the given value and, optionally, type. If no type is provided, one will be chosen automatically.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.symbol_name_at_address","title":"symbol_name_at_address","text":"symbol_name_at_address(address: int) -> str | None\nReturns the name of the symbol at the given address in the program, if one exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\nLooks up and returns the address of a symbol by its name.
Parameters: - name (str): The name of the symbol to look up. - prefer_static (bool, optional): If True, prioritize symbols in the static block, if supported by the debugger. Defaults to False. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults to SymbolLookupType.ANY. - objfile_endswith (str | None, optional): If specified, limits the search to the first object file whose name ends with the provided string.
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
Raises: - pwndbg.dbg_mod.Error: If no object file matching the
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.types_with_name","title":"types_with_name","text":"objfile_endswithpattern is found.types_with_name(name: str) -> Sequence[Type]\nReturns a list of all types in this process that match the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.arch","title":"arch","text":"arch() -> Arch\nThe default architecture of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.break_at","title":"break_at","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\nInstall a breakpoint or watchpoint at the given location.
The type of the location determines whether the newly created object is a watchpoint or a breakpoint.
BreakpointLocationlocations yield breakpoints, whileWatchpointLocationlocations yield watchpoints.Aditionally, one may specify a stop handler function, to be run when the breakpoint or whatchpoint is hit, and that determines whether execution should stop. With a return value of
Truebeing interpreted as a signal to stop, and a return value ofFalsebeing interpreted as a signal to continue execution. The extent of the actions that may be taken during the stop handler is determined by the debugger.Marking a breakpoint or watchpoint as
internalhints to the implementation that the created breakpoint or watchpoint should not be directly nameable by the user, and that it should not print any messages upon being triggered. Implementations should try to honor this hint, but they are not required to in case honoring it is either not possible or comes at a significant impact to performance.This function returns a handle to the newly created breakpoint or watchpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_linux","title":"is_linux","text":"is_linux() -> bool\nReturns whether the current ABI is GNU/Linux.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.disasm","title":"disasm","text":"disasm(address: int) -> DisassembledInstruction | None\nReturns the disassembled instruction at the given address in the address space of the running process, or
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.module_section_locations","title":"module_section_locations","text":"Noneif there's no valid instruction at that address.module_section_locations() -> list[tuple[int, int, str, str]]\nReturn a list of (address, size, section_name, module_name) tuples for the loaded sections in every module of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_name","title":"main_module_name","text":"main_module_name() -> str | None\nReturns the name of the main module.
On remote targets, this may be prefixed with \"target:\" string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_entry","title":"main_module_entry","text":"main_module_entry() -> int | None\nReturns the entry point of the main module.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked","title":"is_dynamically_linked","text":"is_dynamically_linked() -> bool\nReturns whether this process makes use of dynamically linked libraries.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked--dynamically-linked","title":"\"dynamically linked\"","text":"What exactly it means to be \"dynamically linked\" here is a little ill-defined. Ideally, this function should return true if the process uses the default dynamic linker for the system, as that would better reflect whether the process uses dynamic linking.
Currently, though, Pwndbg expects it to behave the same as a check for the string \"No shared libraries loaded at this time.\" in the output of the
info dllGDB command, which checks for the presence of other modules in the address space of the process, rather than whether or not the dynamic linker is used.We should probably sort this out in the future.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.dispatch_execution_controller","title":"dispatch_execution_controller","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\nQueues up the given execution controller-based coroutine for execution, sometime between the calling of this function and the
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode","title":"TypeCode","text":"Bases:
EnumBroad categories of types.
Attributes:
-
INVALID\u2013 -
POINTER\u2013 -
ARRAY\u2013 -
STRUCT\u2013 -
TYPEDEF\u2013 -
UNION\u2013 -
INT\u2013 -
ENUM\u2013 -
FUNC\u2013 -
BOOL\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.POINTER","title":"POINTERINVALID = -1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ARRAY","title":"ARRAYPOINTER = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.STRUCT","title":"STRUCTARRAY = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.TYPEDEF","title":"TYPEDEFSTRUCT = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.UNION","title":"UNIONTYPEDEF = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.INT","title":"INTUNION = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ENUM","title":"ENUMINT = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.FUNC","title":"FUNCENUM = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.BOOL","title":"BOOLFUNC = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField","title":"TypeField","text":"BOOL = 9\nTypeField(\n bitpos: int,\n name: str | None,\n type: Type,\n parent_type,\n enumval: int | None = None,\n artificial: bool = False,\n is_base_class: bool = False,\n bitsize: int = 0,\n)\nThe fields in a structured type.
Currently this is just a mirror of
gdb.Field.Attributes:
-
bitpos\u2013 -
name\u2013 -
type\u2013 -
parent_type\u2013 -
enumval\u2013 -
artificial\u2013 -
is_base_class\u2013 -
bitsize\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.name","title":"namebitpos = bitpos\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.type","title":"typename = name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.parent_type","title":"parent_typetype = type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.enumval","title":"enumvalparent_type = parent_type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.artificial","title":"artificialenumval = enumval\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.is_base_class","title":"is_base_classartificial = artificial\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.bitsize","title":"bitsizeis_base_class = is_base_class\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type","title":"Type","text":"bitsize = bitsize\nClass representing a type in the context of an inferior process.
Methods:
-
func_arguments\u2013Returns a list of function arguments type.
-
fields\u2013List of all fields in this type, if it is a structured type.
-
has_field\u2013Whether this type has a field with the given name.
-
array\u2013Return a type that corresponds to an array whose elements have this type.
-
pointer\u2013Return a pointer type that has this type as its pointee.
-
strip_typedefs\u2013Return a type that corresponds to the base type after a typedef chain,
-
target\u2013Return the target of this reference type, if this is a reference type.
-
keys\u2013Returns a list containing all the field names of this type.
-
enum_member\u2013Retrieve the integer value of an enum member.
-
offsetof\u2013Calculate the byte offset of a field within a struct or union.
-
__eq__\u2013Returns True if types are the same
Attributes:
-
name_identifier(str | None) \u2013Returns the identifier of this type, eg:
-
name_to_human_readable(str) \u2013Returns the human friendly name of this type, eg:
-
sizeof(int) \u2013The size of this type, in bytes.
-
alignof(int) \u2013The alignment of this type, in bytes.
-
code(TypeCode) \u2013What category of type this object belongs to.
property","text":"name_identifier: str | None\nReturns the identifier of this type, eg: - someStructName - someEnumName - someTypedefName
Returns None if the type is anonymous or does not have a name, such as: - Anonymous structs - Anonymous Typedefs - Basic types like char[], void, etc.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.name_to_human_readable","title":"name_to_human_readableproperty","text":"name_to_human_readable: str\nReturns the human friendly name of this type, eg: - char [16] - int - char * - void * - fooStructName - barEnumName - barTypedefName
This function is not standardized, may return different names in gdb/lldb, eg: gdb:
char [16]orchar [50]orstruct {...}lldb:char[16]orchar[]or(anonymous struct)You should not use this function. Only for human eyes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.sizeof","title":"sizeofproperty","text":"sizeof: int\nThe size of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.alignof","title":"alignofproperty","text":"alignof: int\nThe alignment of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.code","title":"codeproperty","text":"code: TypeCode\nWhat category of type this object belongs to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.func_arguments","title":"func_arguments","text":"func_arguments() -> list[Type] | None\nReturns a list of function arguments type.
Returns:
-
list[Type] | None\u2013List[Type] | None: The function arguments type, or None if debug information is missing.
Raises:
-
TypeError\u2013If called on an unsupported type.
fields() -> list[TypeField]\nList of all fields in this type, if it is a structured type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.has_field","title":"has_field","text":"has_field(name: str) -> bool\nWhether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.array","title":"array","text":"array(count: int) -> Type\nReturn a type that corresponds to an array whose elements have this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.pointer","title":"pointer","text":"pointer() -> Type\nReturn a pointer type that has this type as its pointee.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.strip_typedefs","title":"strip_typedefs","text":"strip_typedefs() -> Type\nReturn a type that corresponds to the base type after a typedef chain, if this is a typedef. Returns the type itself otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.target","title":"target","text":"target() -> Type\nReturn the target of this reference type, if this is a reference type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.keys","title":"keys","text":"keys() -> list[str]\nReturns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.enum_member","title":"enum_member","text":"enum_member(field_name: str) -> int | None\nRetrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.offsetof","title":"offsetof","text":"offsetof(field_name: str) -> int | None\nCalculate the byte offset of a field within a struct or union.
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\nReturns True if types are the same
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value","title":"Value","text":"Class representing a value in the context of an inferior process.
Methods:
-
dereference\u2013If this is a poitner value, dereferences the pointer and returns a new
-
string\u2013If this value is a string, then this method converts it to a Python string.
-
value_to_human_readable\u2013Converts a Value to a human-readable string representation.\n -
fetch_lazy\u2013Fetches the value if it is lazy, does nothing otherwise.
-
__int__\u2013Converts this value to an integer, if possible.
-
cast\u2013Returns a new value with the same value as this object, but of the
-
__add__\u2013Adds an integer to this value, if that makes sense. Throws an exception
-
__sub__\u2013Subtract an integer from this value, if that makes sense. Throws an
-
__getitem__\u2013Gets the value with the given name that belongs to this value. For
Attributes:
-
address(Value | None) \u2013The address of this value, in memory, if addressable, otherwise
None. -
is_optimized_out(bool) \u2013Whether this value is present in debugging information, but has been
-
type(Type) \u2013The type associated with this value.
property","text":"address: Value | None\nThe address of this value, in memory, if addressable, otherwise
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.is_optimized_out","title":"is_optimized_outNone.property","text":"is_optimized_out: bool\nWhether this value is present in debugging information, but has been optimized out of the actual program.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.type","title":"typeproperty","text":"type: Type\nThe type associated with this value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.dereference","title":"dereference","text":"dereference() -> Value\nIf this is a poitner value, dereferences the pointer and returns a new instance of Value, containing the value pointed to by this pointer.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.string","title":"string","text":"string() -> str\nIf this value is a string, then this method converts it to a Python string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\nConverts a Value to a human-readable string representation.\n\n The format is similar to what is produced by the `str()` function for gdb.Value,\n displaying nested fields and pointers in a user-friendly way.\n\n **Usage Notes:**\n - This function is intended solely for displaying results to the user.\n - The output format may differ between debugger implementations (e.g., GDB vs LLDB),\n as each debugger may format values differently. For instance:\n - GDB might produce: '{\nvalue = 0, inner = { next = 0x555555558098 } }' - LLDB might produce: '(inner_a_node) *$PWNDBG_CREATED_VALUE_0 = { value = 0 inner = { next = 0x0000555555558098 } }' - As such, this function should not be relied upon for parsing or programmatic use."},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.fetch_lazy","title":"fetch_lazy","text":"
fetch_lazy() -> None\nFetches the value if it is lazy, does nothing otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__int__","title":"__int__","text":"__int__() -> int\nConverts this value to an integer, if possible.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.cast","title":"cast","text":"cast(type: Type | Any) -> Value\nReturns a new value with the same value as this object, but of the given type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__add__","title":"__add__","text":"__add__(rhs: int) -> Value\nAdds an integer to this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__sub__","title":"__sub__","text":"__sub__(rhs: int) -> Value\nSubtract an integer from this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__getitem__","title":"__getitem__","text":"__getitem__(idx: int | str) -> Value\nGets the value with the given name that belongs to this value. For structure types, this is the field with the given name. For array types, this is the field at the given index. For pointer types, this is the value of
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.CommandHandle","title":"CommandHandle","text":"*(ptr+idx).An opaque handle to an installed command.
Methods:
-
remove\u2013Removes this command from the command palette of the debugger.
remove() -> None\nRemoves this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType","title":"EventType","text":"Bases:
EnumEvents that can be listened for and reacted to in a debugger.
The events types listed here are defined as followsSTART: This event is fired some time between the creation of or attachment to the process to be debugged, and the start of its execution.STOP: This event is fired after execution of the process has been suspended, but before control is returned to the user for interactive debugging.EXIT: This event is fired after the process being debugged has been detached from or has finished executing.MEMORY_CHANGED: This event is fired when the user interactively makes changes to the memory of the process being debugged.REGISTER_CHANGED: LikeMEMORY_CHANGED, but for registers.CONTINUE: This event is fired after the user has requested for process execution to continue after it had been previously suspended.NEW_MODULE: This event is fired when a new application module has been encountered by the debugger. This usually happens when a new application module is loaded into the memory space of the process being debugged. In GDB terminology, these are calledobjfiles.
Attributes:
-
START\u2013 -
STOP\u2013 -
EXIT\u2013 -
MEMORY_CHANGED\u2013 -
REGISTER_CHANGED\u2013 -
CONTINUE\u2013 -
NEW_MODULE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.STOP","title":"STOPSTART = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.EXIT","title":"EXITSTOP = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.MEMORY_CHANGED","title":"MEMORY_CHANGEDEXIT = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.REGISTER_CHANGED","title":"REGISTER_CHANGEDMEMORY_CHANGED = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.CONTINUE","title":"CONTINUEREGISTER_CHANGED = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.NEW_MODULE","title":"NEW_MODULECONTINUE = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger","title":"Debugger","text":"NEW_MODULE = 6\nThe base class representing a debugger.
Methods:
-
setup\u2013Perform debugger-specific initialization.
-
history\u2013The command history of the interactive session in this debugger.
-
lex_args\u2013Lexes the given command line into a list of arguments, according to the
-
selected_inferior\u2013The inferior process currently being focused on in this interactive session.
-
selected_thread\u2013The thread currently being focused on in this interactive session.
-
selected_frame\u2013The stack frame currently being focused on in this interactive session.
-
commands\u2013List the commands available in this session.
-
add_command\u2013Adds a command with the given name to the debugger, that invokes the
-
has_event_type\u2013Whether the given event type is supported by this debugger. Indicates
-
event_handler\u2013Sets up the given function to be called when an event of the given type
-
suspend_events\u2013Suspend delivery of all events of the given type until it is resumed
-
resume_events\u2013Resume the delivery of all events of the given type, if previously
-
set_sysroot\u2013Sets the system root for this debugger.
-
x86_disassembly_flavor\u2013The flavor of disassembly to use for x86 targets.
-
supports_breakpoint_creation_during_stop_handler\u2013Whether breakpoint or watchpoint creation through
break_atis -
breakpoint_locations\u2013Returns a list of all breakpoint locations that are currently
-
name\u2013The type of the current debugger.
-
is_gdblib_available\u2013Whether gdblib is available under this debugger.
-
string_limit\u2013The maximum size of a string.
-
addrsz\u2013Format the given address value.
-
get_cmd_window_size\u2013The size of the command window, in characters, if available.
-
set_python_diagnostics\u2013Enables or disables Python diagnostic messages for this debugger.
Attributes:
-
pre_ctx_lines(int) \u2013Our prediction on how many lines of text will be printed as
property","text":"pre_ctx_lines: int\nOur prediction on how many lines of text will be printed as a preamble (right after the prompt, and before the context) the next time the context is printed.
This includes any lines the underlying debugger generates.
The user never sees these lines when context-clear-screen is enabled.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.setup","title":"setup","text":"setup(*args: Any) -> None\nPerform debugger-specific initialization.
This method should be run immediately after
pwndbg.dbgis set to an instance of this class, and, as such, is allowed to run code that depends on it being set.Because we can't really know what a given debugger object will need as part of its setup process, we allow for as many arguments as desired to be passed in, and leave it up to the implementations to decide what they need. This shouldn't be a problem, seeing as, unlike other methods in this class, this should only be called as part of the debugger-specific bringup code.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.history","title":"history","text":"history(last: int = 10) -> list[tuple[int, str]]\nThe command history of the interactive session in this debugger.
This function returns the last
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.lex_args","title":"lex_args","text":"lastitems in the command history, as an oldest-to-youngest-sorted list of tuples, where the first element in each tuple is the index of the command in the history, and the second element is a string giving the command itself.lex_args(command_line: str) -> list[str]\nLexes the given command line into a list of arguments, according to the conventions of the debugger being used and of the interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_inferior","title":"selected_inferior","text":"selected_inferior() -> Process | None\nThe inferior process currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_thread","title":"selected_thread","text":"selected_thread() -> Thread | None\nThe thread currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_frame","title":"selected_frame","text":"selected_frame() -> Frame | None\nThe stack frame currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.commands","title":"commands","text":"commands() -> list[str]\nList the commands available in this session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.add_command","title":"add_command","text":"add_command(\n name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\nAdds a command with the given name to the debugger, that invokes the given function every time it is called.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.has_event_type","title":"has_event_type","text":"has_event_type(ty: EventType) -> bool\nWhether the given event type is supported by this debugger. Indicates that a user either can or cannot register an event handler of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.event_handler","title":"event_handler","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\nSets up the given function to be called when an event of the given type gets fired. Returns a callable that corresponds to the wrapped function. This function my be used as a decorator.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.suspend_events","title":"suspend_events","text":"suspend_events(ty: EventType) -> None\nSuspend delivery of all events of the given type until it is resumed through a call to
resume_events.Events triggered during a suspension will be ignored, and will not be delived, even after delivery is resumed.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.resume_events","title":"resume_events","text":"resume_events(ty: EventType) -> None\nResume the delivery of all events of the given type, if previously suspeded through a call to
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_sysroot","title":"set_sysroot","text":"suspend_events. Does nothing if the delivery has not been previously suspeded.set_sysroot(sysroot: str) -> bool\nSets the system root for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\nThe flavor of disassembly to use for x86 targets.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"supports_breakpoint_creation_during_stop_handler() -> bool\nWhether breakpoint or watchpoint creation through
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.breakpoint_locations","title":"breakpoint_locations","text":"break_atis supported during breakpoint stop handlers.breakpoint_locations() -> list[BreakpointLocation]\nReturns a list of all breakpoint locations that are currently installed and enabled in the focused process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.name","title":"name","text":"name() -> DebuggerType\nThe type of the current debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.is_gdblib_available","title":"is_gdblib_available","text":"is_gdblib_available() -> bool\nWhether gdblib is available under this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.string_limit","title":"string_limit","text":"string_limit() -> int\nThe maximum size of a string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.addrsz","title":"addrsz","text":"addrsz(address: Any) -> str\nFormat the given address value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.get_cmd_window_size","title":"get_cmd_window_size","text":"get_cmd_window_size() -> tuple[int, int]\nThe size of the command window, in characters, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_python_diagnostics","title":"set_python_diagnostics","text":"set_python_diagnostics(enabled: bool) -> None\nEnables or disables Python diagnostic messages for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.selection","title":"selection","text":"selection(\n target: T, get_current: Callable[[], T], select: Callable[[T], None]\n)\nDebuggers have global state. Many of our queries require that we select a given object globally before we make them. When doing that, we must always be careful to return selection to its previous state before exiting. This class automatically manages the selection of a single object type.
Upon entrace to the
withblock, the element given bytargetwill be compared to the object returned by callingget_current. If they compare different, the value previously returned byget_currentis saved, and the element given bytargetwill be selected by passing it as an argument toselect, and, after execution leaves thewithblock, the previously saved element will be selected in the same fashion as the first element.If the elements don't compare different, this is a no-op.
"},{"location":"reference/pwndbg/dbg/gdb/","title":"pwndbg.dbg.gdb","text":""},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb","title":"gdb","text":"Modules:
-
debug_sym\u2013 -
symbol\u2013Looking up addresses for function names / symbols, and
Classes:
-
GDBArch\u2013 -
GDBRegisters\u2013 -
GDBFrame\u2013 -
GDBThread\u2013 -
GDBMemoryMap\u2013 -
BreakpointAdapter\u2013 -
GDBStopPoint\u2013 -
GDBProcess\u2013 -
GDBExecutionController\u2013 -
GDBCommand\u2013 -
GDBCommandHandle\u2013 -
GDBType\u2013 -
GDBValue\u2013 -
GDB\u2013
Functions:
-
parse_and_eval\u2013Same as
gdb.parse_and_eval, but only usesglobal_contextif it is
Attributes:
-
T\u2013 -
gdb_architecture_name_fixup_list\u2013 -
BPWP_DEFERRED_DELETE(Set[GDBStopPoint]) \u2013 -
BPWP_DEFERRED_ENABLE(Set[GDBStopPoint]) \u2013 -
BPWP_DEFERRED_DISABLE(Set[GDBStopPoint]) \u2013 -
EXECUTION_CONTROLLER\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.gdb_architecture_name_fixup_list","title":"gdb_architecture_name_fixup_listT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DELETE","title":"BPWP_DEFERRED_DELETEgdb_architecture_name_fixup_list = (\n \"x86-64\",\n \"i386\",\n \"i8086\",\n \"aarch64\",\n \"mips\",\n \"rs6000\",\n \"powerpc\",\n \"sparc\",\n \"arm\",\n \"iwmmxt\",\n \"iwmmxt2\",\n \"xscale\",\n \"riscv:rv32\",\n \"riscv:rv64\",\n \"riscv\",\n \"loongarch64\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_ENABLE","title":"BPWP_DEFERRED_ENABLEBPWP_DEFERRED_DELETE: Set[GDBStopPoint] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DISABLE","title":"BPWP_DEFERRED_DISABLEBPWP_DEFERRED_ENABLE: Set[GDBStopPoint] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLERBPWP_DEFERRED_DISABLE: Set[GDBStopPoint] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBArch","title":"GDBArch","text":"EXECUTION_CONTROLLER = GDBExecutionController()\nGDBArch(\n endian: Literal[\"little\", \"big\"],\n name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n ptrsize: int,\n)\nBases:
ArchAttributes:
-
endian(Literal['little', 'big']) \u2013 -
name(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize(int) \u2013
property","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBArch.name","title":"nameendian: Literal['little', 'big']\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBArch.ptrsize","title":"ptrsizename: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters","title":"GDBRegisters","text":"ptrsize: int\nGDBRegisters(frame: GDBFrame)\nBases:
RegistersMethods:
-
by_name\u2013
Attributes:
-
frame\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters.by_name","title":"by_name","text":"frame = frame\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame","title":"GDBFrame","text":"by_name(name: str) -> Value | None\nGDBFrame(inner: Frame)\nBases:
FrameMethods:
-
lookup_symbol\u2013 -
evaluate_expression\u2013 -
regs\u2013 -
reg_write\u2013 -
pc\u2013 -
sp\u2013 -
parent\u2013 -
child\u2013 -
sal\u2013 -
__eq__\u2013
Attributes:
-
inner\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.lookup_symbol","title":"lookup_symbol","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.evaluate_expression","title":"evaluate_expression","text":"lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.regs","title":"regs","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.reg_write","title":"reg_write","text":"regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.pc","title":"pc","text":"reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sp","title":"sp","text":"pc() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.parent","title":"parent","text":"sp() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.child","title":"child","text":"parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sal","title":"sal","text":"child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.__eq__","title":"__eq__","text":"sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread","title":"GDBThread","text":"__eq__(rhs: object) -> bool\nGDBThread(inner: InferiorThread)\nBases:
ThreadMethods:
-
bottom_frame\u2013 -
ptid\u2013 -
index\u2013
Attributes:
-
inner\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.bottom_frame","title":"bottom_frame","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.ptid","title":"ptid","text":"bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.index","title":"index","text":"ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap","title":"GDBMemoryMap","text":"index() -> int\nGDBMemoryMap(qemu: bool, pages: Sequence[Page])\nBases:
MemoryMapMethods:
-
is_qemu\u2013 -
ranges\u2013
Attributes:
-
qemu\u2013 -
pages\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.pages","title":"pagesqemu = qemu\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.is_qemu","title":"is_qemu","text":"pages = pages\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.ranges","title":"ranges","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter","title":"BreakpointAdapter","text":"ranges() -> Sequence[Page]\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
stop_handler(Callable[[], bool]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter.stop","title":"stop","text":"stop_handler: Callable[[], bool]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint","title":"GDBStopPoint","text":"stop() -> bool\nGDBStopPoint(inner: Breakpoint, proc: GDBProcess)\nBases:
StopPointMethods:
-
set_enabled\u2013 -
remove\u2013 -
__enter__\u2013 -
__exit__\u2013Automatic breakpoint removal.
Attributes:
-
inner(Breakpoint) \u2013 -
proc(GDBProcess) \u2013 -
inner_stop(Callable[[], bool] | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.proc","title":"procinner: Breakpoint = inner\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.inner_stop","title":"inner_stopproc: GDBProcess = proc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.set_enabled","title":"set_enabled","text":"inner_stop: Callable[[], bool] | None = None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.remove","title":"remove","text":"set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__enter__","title":"__enter__","text":"remove() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__exit__","title":"__exit__","text":"__enter__() -> StopPoint\n__exit__(exc_type, exc_value, traceback) -> None\nAutomatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess","title":"GDBProcess","text":"GDBProcess(inner: Inferior)\nBases:
ProcessMethods:
-
threads\u2013 -
pid\u2013 -
alive\u2013 -
stopped_with_signal\u2013 -
evaluate_expression\u2013 -
vmmap\u2013 -
read_memory\u2013 -
write_memory\u2013 -
find_in_memory\u2013 -
is_remote\u2013 -
send_remote\u2013 -
send_monitor\u2013 -
download_remote_file\u2013 -
create_value\u2013 -
symbol_name_at_address\u2013 -
lookup_symbol\u2013 -
types_with_name\u2013 -
arch\u2013 -
break_at\u2013 -
is_linux\u2013 -
disasm\u2013 -
module_section_locations\u2013 -
main_module_name\u2013 -
main_module_entry\u2013 -
is_dynamically_linked\u2013 -
dispatch_execution_controller\u2013
Attributes:
-
inner\u2013 -
in_bpwp_stop_handler(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.in_bpwp_stop_handler","title":"in_bpwp_stop_handlerinner = inner\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.threads","title":"threads","text":"in_bpwp_stop_handler: bool = False\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.pid","title":"pid","text":"threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.alive","title":"alive","text":"pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.evaluate_expression","title":"evaluate_expression","text":"stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.vmmap","title":"vmmap","text":"evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.read_memory","title":"read_memory","text":"vmmap() -> MemoryMap\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.write_memory","title":"write_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.find_in_memory","title":"find_in_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_remote","title":"is_remote","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_remote","title":"send_remote","text":"is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_monitor","title":"send_monitor","text":"send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.download_remote_file","title":"download_remote_file","text":"send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.create_value","title":"create_value","text":"download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.lookup_symbol","title":"lookup_symbol","text":"symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.types_with_name","title":"types_with_name","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.arch","title":"arch","text":"types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.break_at","title":"break_at","text":"arch() -> Arch\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_linux","title":"is_linux","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.disasm","title":"disasm","text":"is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.module_section_locations","title":"module_section_locations","text":"disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_name","title":"main_module_name","text":"module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_entry","title":"main_module_entry","text":"main_module_name() -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController","title":"GDBExecutionController","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\nBases:
ExecutionControllerMethods:
-
single_step\u2013 -
cont\u2013
async","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.cont","title":"contsingle_step()\nasync","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand","title":"GDBCommand","text":"cont(until: StopPoint)\nGDBCommand(\n debugger: GDB,\n name: str,\n handler: Callable[[Debugger, str, bool], None],\n doc: str | None,\n)\nBases:
CommandMethods:
-
invoke\u2013
Attributes:
-
debugger\u2013 -
handler\u2013 -
__doc__\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.handler","title":"handlerdebugger = debugger\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.__doc__","title":"__doc__handler = handler\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.invoke","title":"invoke","text":"__doc__ = doc\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle","title":"GDBCommandHandle","text":"invoke(args: str, from_tty: bool) -> None\nGDBCommandHandle(command: Command)\nBases:
CommandHandleMethods:
-
remove\u2013
Attributes:
-
command\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle.remove","title":"remove","text":"command = command\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType","title":"GDBType","text":"remove() -> None\nGDBType(inner: Type)\nBases:
TypeMethods:
-
__eq__\u2013 -
func_arguments\u2013 -
fields\u2013 -
has_field\u2013 -
array\u2013 -
pointer\u2013 -
strip_typedefs\u2013 -
target\u2013 -
keys\u2013 -
offsetof\u2013 -
enum_member\u2013Retrieve the integer value of an enum member.
Attributes:
-
CODE_MAPPING\u2013 -
inner\u2013 -
name_identifier(str | None) \u2013 -
name_to_human_readable(str) \u2013 -
sizeof(int) \u2013 -
alignof(int) \u2013 -
code(TypeCode) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.inner","title":"innerCODE_MAPPING = {\n TYPE_CODE_BOOL: BOOL,\n TYPE_CODE_INT: INT,\n TYPE_CODE_UNION: UNION,\n TYPE_CODE_STRUCT: STRUCT,\n TYPE_CODE_ENUM: ENUM,\n TYPE_CODE_TYPEDEF: TYPEDEF,\n TYPE_CODE_PTR: POINTER,\n TYPE_CODE_ARRAY: ARRAY,\n TYPE_CODE_FUNC: FUNC,\n TYPE_CODE_METHOD: FUNC,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_identifier","title":"name_identifierinner = inner\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_to_human_readable","title":"name_to_human_readablename_identifier: str | None\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.sizeof","title":"sizeofname_to_human_readable: str\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.alignof","title":"alignofsizeof: int\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.code","title":"codealignof: int\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.__eq__","title":"__eq__","text":"code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.func_arguments","title":"func_arguments","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.fields","title":"fields","text":"func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.has_field","title":"has_field","text":"fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.array","title":"array","text":"has_field(name: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.pointer","title":"pointer","text":"array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.strip_typedefs","title":"strip_typedefs","text":"pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.target","title":"target","text":"strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.keys","title":"keys","text":"target() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.offsetof","title":"offsetof","text":"keys() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.enum_member","title":"enum_member","text":"offsetof(field_name: str) -> int | None\nenum_member(field_name: str) -> int | None\nRetrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue","title":"GDBValue","text":"GDBValue(inner: Value)\nBases:
ValueMethods:
-
dereference\u2013 -
string\u2013 -
value_to_human_readable\u2013 -
fetch_lazy\u2013 -
__int__\u2013 -
cast\u2013 -
__add__\u2013 -
__sub__\u2013 -
__getitem__\u2013
Attributes:
-
inner\u2013 -
address(Value | None) \u2013 -
is_optimized_out(bool) \u2013 -
type(Type) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.address","title":"addressinner = inner\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.is_optimized_out","title":"is_optimized_outaddress: Value | None\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.type","title":"typeis_optimized_out: bool\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.dereference","title":"dereference","text":"type: Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.string","title":"string","text":"dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.value_to_human_readable","title":"value_to_human_readable","text":"string() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.fetch_lazy","title":"fetch_lazy","text":"value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__int__","title":"__int__","text":"fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.cast","title":"cast","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__add__","title":"__add__","text":"cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__sub__","title":"__sub__","text":"__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__getitem__","title":"__getitem__","text":"__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB","title":"GDB","text":"__getitem__(key: str | int) -> Value\nBases:
DebuggerMethods:
-
setup\u2013 -
add_command\u2013 -
history\u2013 -
lex_args\u2013 -
selected_thread\u2013 -
selected_frame\u2013 -
commands\u2013 -
selected_inferior\u2013 -
is_gdblib_available\u2013 -
has_event_type\u2013 -
event_handler\u2013 -
suspend_events\u2013 -
resume_events\u2013 -
set_sysroot\u2013 -
supports_breakpoint_creation_during_stop_handler\u2013 -
breakpoint_locations\u2013 -
name\u2013 -
x86_disassembly_flavor\u2013 -
string_limit\u2013 -
addrsz\u2013 -
get_cmd_window_size\u2013Get the size of the command window.
-
set_python_diagnostics\u2013
Attributes:
-
pre_ctx_lines(int) \u2013
property","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.setup","title":"setup","text":"pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.add_command","title":"add_command","text":"setup()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.history","title":"history","text":"add_command(\n name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.lex_args","title":"lex_args","text":"history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_thread","title":"selected_thread","text":"lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_frame","title":"selected_frame","text":"selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.commands","title":"commands","text":"selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_inferior","title":"selected_inferior","text":"commands()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.is_gdblib_available","title":"is_gdblib_available","text":"selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.has_event_type","title":"has_event_type","text":"is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.event_handler","title":"event_handler","text":"has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.suspend_events","title":"suspend_events","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.resume_events","title":"resume_events","text":"suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_sysroot","title":"set_sysroot","text":"resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.breakpoint_locations","title":"breakpoint_locations","text":"supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.name","title":"name","text":"breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.string_limit","title":"string_limit","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.addrsz","title":"addrsz","text":"string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.get_cmd_window_size","title":"get_cmd_window_size","text":"addrsz(address: Any) -> str\nget_cmd_window_size() -> tuple[int | None, int | None]\nGet the size of the command window.
GDB keeps these parameters up to date with the actual window size of the command output. This is the full terminal size in CLI mode or the size of the cmd window in TUI mode.
When the window size is set to be unlimited (0), the parameter is None.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_python_diagnostics","title":"set_python_diagnostics","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.parse_and_eval","title":"parse_and_eval","text":"set_python_diagnostics(enabled: bool) -> None\nparse_and_eval(expression: str, global_context: bool) -> Value\nSame as
gdb.parse_and_eval, but only usesglobal_contextif it is supported by the current version of GDB.
"},{"location":"reference/pwndbg/dbg/gdb/debug_sym/","title":"pwndbg.dbg.gdb.debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/debug_sym/#pwndbg.dbg.gdb.debug_sym","title":"debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/","title":"pwndbg.dbg.gdb.symbol","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol","title":"symbol","text":"global_contextwas introduced in GDB 14.Looking up addresses for function names / symbols, and vice-versa.
Classes:
-
Domain\u2013
Functions:
-
resolve_addr\u2013Retrieve the name for the symbol located at
address -
lookup_symbol\u2013Get the address for
symbol -
lookup_frame_symbol\u2013Get the address for local
symbolfrom frame, in most time you don't need it
Attributes:
-
skipped_exceptions\u2013 -
DOMAIN_MAPPING\u2013 -
order_prefs\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.DOMAIN_MAPPING","title":"DOMAIN_MAPPINGskipped_exceptions = ('No frame selected', 'Cannot find thread-local')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.order_prefs","title":"order_prefsDOMAIN_MAPPING = {\n ANY: SYMBOL_VAR_DOMAIN,\n VARIABLE: SYMBOL_VAR_DOMAIN,\n FUNCTION: SYMBOL_FUNCTION_DOMAIN,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain","title":"Domain","text":"order_prefs = {\n True: (\n _global_static_symbol_to_address,\n _global_exported_symbol_to_address,\n ),\n False: (\n _global_exported_symbol_to_address,\n _global_static_symbol_to_address,\n ),\n}\nBases:
EnumMethods:
-
validate\u2013
Attributes:
-
ANY\u2013 -
VARIABLE\u2013 -
FUNCTION\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.VARIABLE","title":"VARIABLEANY = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.FUNCTION","title":"FUNCTIONVARIABLE = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.validate","title":"validate","text":"FUNCTION = 3\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.resolve_addr","title":"resolve_addr","text":"validate(sym: Symbol) -> bool\nresolve_addr(address: int) -> str\nRetrieve the name for the symbol located at
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_symbol","title":"lookup_symbol","text":"addressEmpty string if no symbollookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n domain: Domain = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\nGet the address for
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"symbollookup_frame_symbol(name: str, *, domain: Domain = ANY) -> Value | None\nGet the address for local
"},{"location":"reference/pwndbg/dbg/lldb/","title":"pwndbg.dbg.lldb","text":""},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb","title":"lldb","text":"symbolfrom frame, in most time you don't need itModules:
-
hooks\u2013Code that sets up hooks for LLDB events.
-
pset\u2013 -
repl\u2013The Pwndbg REPL that is the interface to all debugging on LLDB.
-
util\u2013
Classes:
-
LLDBArch\u2013 -
LLDBRegisters\u2013 -
LLDBFrame\u2013 -
LLDBThread\u2013 -
LLDBType\u2013 -
LLDBValue\u2013 -
LLDBMemoryMap\u2013 -
LLDBStopPoint\u2013 -
OneShotAwaitable\u2013Used as part of the logic for the execution controller. This is an Awaitable
-
YieldContinue\u2013Continues execution of the process until the breakpoint or watchpoint given
-
YieldSingleStep\u2013Moves execution of the process being debugged forward by one instruction.
-
LLDBExecutionController\u2013 -
LLDBProcess\u2013 -
LLDBCommand\u2013 -
LLDB\u2013
Functions:
-
rename_register\u2013Some register names differ between Pwndbg/GDB and LLDB. This function takes
-
map_type_code\u2013Determines the type code of a given LLDB SBType.
Attributes:
-
T\u2013 -
LLDB_VERSION(tuple[int, int]) \u2013 -
EXECUTION_CONTROLLER\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB_VERSION","title":"LLDB_VERSIONT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLERLLDB_VERSION: tuple[int, int] = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBArch","title":"LLDBArch","text":"EXECUTION_CONTROLLER = LLDBExecutionController()\nLLDBArch(\n name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n ptrsize: int,\n endian: Literal[\"little\", \"big\"],\n)\nBases:
ArchAttributes:
-
endian(Literal['little', 'big']) \u2013 -
name(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize(int) \u2013
property","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBArch.name","title":"nameendian: Literal['little', 'big']\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBArch.ptrsize","title":"ptrsizename: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters","title":"LLDBRegisters","text":"ptrsize: int\nLLDBRegisters(groups: SBValueList, proc: LLDBProcess)\nBases:
RegistersMethods:
-
by_name\u2013
Attributes:
-
groups(SBValueList) \u2013 -
proc(LLDBProcess) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.proc","title":"procgroups: SBValueList = groups\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.by_name","title":"by_name","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame","title":"LLDBFrame","text":"by_name(name: str) -> Value | None\nLLDBFrame(inner: SBFrame, proc: LLDBProcess)\nBases:
FrameMethods:
-
lookup_symbol\u2013 -
evaluate_expression\u2013 -
regs\u2013 -
reg_write\u2013 -
pc\u2013 -
sp\u2013 -
parent\u2013 -
child\u2013 -
sal\u2013 -
__eq__\u2013
Attributes:
-
inner(SBFrame) \u2013 -
proc(LLDBProcess) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.proc","title":"procinner: SBFrame = inner\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.lookup_symbol","title":"lookup_symbol","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.evaluate_expression","title":"evaluate_expression","text":"lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.regs","title":"regs","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.reg_write","title":"reg_write","text":"regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.pc","title":"pc","text":"reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sp","title":"sp","text":"pc() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.parent","title":"parent","text":"sp() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.child","title":"child","text":"parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sal","title":"sal","text":"child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.__eq__","title":"__eq__","text":"sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread","title":"LLDBThread","text":"__eq__(rhs: object) -> bool\nLLDBThread(inner: SBThread, proc: LLDBProcess)\nBases:
ThreadMethods:
-
bottom_frame\u2013 -
ptid\u2013 -
index\u2013
Attributes:
-
inner(SBThread) \u2013 -
proc(LLDBProcess) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.proc","title":"procinner: SBThread = inner\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.bottom_frame","title":"bottom_frame","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.ptid","title":"ptid","text":"bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.index","title":"index","text":"ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType","title":"LLDBType","text":"index() -> int\nLLDBType(inner: SBType)\nBases:
TypeMethods:
-
__eq__\u2013 -
func_arguments\u2013 -
fields\u2013 -
array\u2013 -
pointer\u2013 -
strip_typedefs\u2013 -
target\u2013 -
has_field\u2013Whether this type has a field with the given name.
-
keys\u2013Returns a list containing all the field names of this type.
-
enum_member\u2013Retrieve the integer value of an enum member.
-
offsetof\u2013Calculate the byte offset of a field within a struct or union.
Attributes:
-
inner(SBType) \u2013 -
name_identifier(str | None) \u2013 -
name_to_human_readable(str) \u2013 -
sizeof(int) \u2013 -
alignof(int) \u2013 -
code(TypeCode) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_identifier","title":"name_identifierinner: SBType = inner\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_to_human_readable","title":"name_to_human_readablename_identifier: str | None\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.sizeof","title":"sizeofname_to_human_readable: str\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.alignof","title":"alignofsizeof: int\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.code","title":"codealignof: int\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.__eq__","title":"__eq__","text":"code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.func_arguments","title":"func_arguments","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.fields","title":"fields","text":"func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.array","title":"array","text":"fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.pointer","title":"pointer","text":"array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.strip_typedefs","title":"strip_typedefs","text":"pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.target","title":"target","text":"strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.has_field","title":"has_field","text":"target() -> Type\nhas_field(name: str) -> bool\nWhether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.keys","title":"keys","text":"keys() -> list[str]\nReturns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.enum_member","title":"enum_member","text":"enum_member(field_name: str) -> int | None\nRetrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.offsetof","title":"offsetof","text":"offsetof(field_name: str) -> int | None\nCalculate the byte offset of a field within a struct or union.
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue","title":"LLDBValue","text":"LLDBValue(inner: SBValue, proc: LLDBProcess)\nBases:
ValueMethods:
-
dereference\u2013 -
string\u2013 -
value_to_human_readable\u2013 -
fetch_lazy\u2013 -
__int__\u2013 -
cast\u2013 -
__add__\u2013 -
__sub__\u2013 -
__getitem__\u2013
Attributes:
-
proc\u2013 -
inner\u2013 -
address(Value | None) \u2013 -
is_optimized_out(bool) \u2013 -
type(Type) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.inner","title":"innerproc = proc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.address","title":"addressinner = inner\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.is_optimized_out","title":"is_optimized_outaddress: Value | None\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.type","title":"typeis_optimized_out: bool\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.dereference","title":"dereference","text":"type: Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.string","title":"string","text":"dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.value_to_human_readable","title":"value_to_human_readable","text":"string() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.fetch_lazy","title":"fetch_lazy","text":"value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__int__","title":"__int__","text":"fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.cast","title":"cast","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__add__","title":"__add__","text":"cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__sub__","title":"__sub__","text":"__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__getitem__","title":"__getitem__","text":"__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap","title":"LLDBMemoryMap","text":"__getitem__(key: str | int) -> Value\nLLDBMemoryMap(pages: list[Page])\nBases:
MemoryMapMethods:
-
is_qemu\u2013 -
ranges\u2013
Attributes:
-
pages\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.is_qemu","title":"is_qemu","text":"pages = pages\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.ranges","title":"ranges","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint","title":"LLDBStopPoint","text":"ranges() -> list[Page]\nLLDBStopPoint(\n inner: SBBreakpoint | SBWatchpoint,\n proc: LLDBProcess,\n stop_handler_name: str | None,\n)\nBases:
StopPointMethods:
-
remove\u2013 -
set_enabled\u2013 -
__enter__\u2013 -
__exit__\u2013Automatic breakpoint removal.
Attributes:
-
inner(SBBreakpoint | SBWatchpoint) \u2013 -
proc(LLDBProcess) \u2013 -
stop_handler_name(str | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.proc","title":"procinner: SBBreakpoint | SBWatchpoint = inner\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.stop_handler_name","title":"stop_handler_nameproc: LLDBProcess = proc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.remove","title":"remove","text":"stop_handler_name: str | None = stop_handler_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.set_enabled","title":"set_enabled","text":"remove() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__enter__","title":"__enter__","text":"set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__exit__","title":"__exit__","text":"__enter__() -> StopPoint\n__exit__(exc_type, exc_value, traceback) -> None\nAutomatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable","title":"OneShotAwaitable","text":"OneShotAwaitable(value: Any)\nUsed as part of the logic for the execution controller. This is an Awaitable object that yields the value passed to its constructor exactly once.
Methods:
-
__await__\u2013
Attributes:
-
value\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable.__await__","title":"__await__","text":"value = value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue","title":"YieldContinue","text":"__await__() -> Generator[Any, Any, Any]\nYieldContinue(target: LLDBStopPoint)\nContinues execution of the process until the breakpoint or watchpoint given in the constructor is hit or the operation is cancelled.
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
Attributes:
-
target(LLDBStopPoint) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldSingleStep","title":"YieldSingleStep","text":"target: LLDBStopPoint = target\nMoves execution of the process being debugged forward by one instruction.
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController","title":"LLDBExecutionController","text":"Bases:
ExecutionControllerMethods:
-
single_step\u2013 -
cont\u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.cont","title":"cont","text":"single_step() -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess","title":"LLDBProcess","text":"cont(target: StopPoint) -> Awaitable[None]\nLLDBProcess(\n dbg: LLDB, process: SBProcess, target: SBTarget, is_gdb_remote: bool\n)\nBases:
ProcessMethods:
-
threads\u2013 -
pid\u2013 -
alive\u2013 -
stopped_with_signal\u2013 -
evaluate_expression\u2013 -
get_known_pages\u2013 -
vmmap\u2013 -
find_largest_range_len\u2013Finds the largest memory range given a minimum and a maximum value
-
read_memory\u2013 -
write_memory\u2013 -
find_in_memory\u2013 -
is_remote\u2013 -
send_remote\u2013 -
send_monitor\u2013 -
download_remote_file\u2013 -
create_value\u2013 -
symbol_name_at_address\u2013 -
lookup_symbol\u2013 -
types_with_name\u2013 -
arch\u2013 -
break_at\u2013 -
disasm\u2013 -
is_linux\u2013 -
module_section_locations\u2013 -
main_module_name\u2013 -
main_module_entry\u2013 -
is_dynamically_linked\u2013 -
dispatch_execution_controller\u2013
Attributes:
-
dbg\u2013 -
process\u2013 -
target\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.process","title":"processdbg = dbg\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.target","title":"targetprocess = process\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.threads","title":"threads","text":"target = target\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.pid","title":"pid","text":"threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.alive","title":"alive","text":"pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.evaluate_expression","title":"evaluate_expression","text":"stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.get_known_pages","title":"get_known_pages","text":"evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.vmmap","title":"vmmap","text":"get_known_pages() -> list[Page]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_largest_range_len","title":"find_largest_range_len","text":"vmmap() -> MemoryMap\nfind_largest_range_len(\n min_search: int, max_search: int, test: Callable[[int], bool]\n) -> int\nFinds the largest memory range given a minimum and a maximum value for the size of the rage. This is a binary search, so it should do on the order of log2(max_search - min_search) attempts before it arrives at an answer.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.read_memory","title":"read_memory","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.write_memory","title":"write_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_in_memory","title":"find_in_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_remote","title":"is_remote","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_remote","title":"send_remote","text":"is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_monitor","title":"send_monitor","text":"send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.download_remote_file","title":"download_remote_file","text":"send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.create_value","title":"create_value","text":"download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.lookup_symbol","title":"lookup_symbol","text":"symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.types_with_name","title":"types_with_name","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.arch","title":"arch","text":"types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.break_at","title":"break_at","text":"arch() -> Arch\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.disasm","title":"disasm","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_linux","title":"is_linux","text":"disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.module_section_locations","title":"module_section_locations","text":"is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_name","title":"main_module_name","text":"module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_entry","title":"main_module_entry","text":"main_module_name() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand","title":"LLDBCommand","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\nLLDBCommand(handler_name: str, command_name: str)\nBases:
CommandHandleMethods:
-
remove\u2013Removes this command from the command palette of the debugger.
Attributes:
-
handler_name\u2013 -
command_name\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.command_name","title":"command_namehandler_name = handler_name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.remove","title":"remove","text":"command_name = command_name\nremove() -> None\nRemoves this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB","title":"LLDB","text":"Bases:
DebuggerMethods:
-
setup\u2013 -
add_command\u2013 -
history\u2013 -
commands\u2013 -
lex_args\u2013 -
selected_inferior\u2013 -
selected_thread\u2013 -
selected_frame\u2013 -
has_event_type\u2013 -
event_handler\u2013 -
suspend_events\u2013 -
resume_events\u2013 -
set_sysroot\u2013 -
supports_breakpoint_creation_during_stop_handler\u2013 -
breakpoint_locations\u2013 -
name\u2013 -
x86_disassembly_flavor\u2013 -
string_limit\u2013 -
get_cmd_window_size\u2013 -
is_gdblib_available\u2013 -
addrsz\u2013 -
set_python_diagnostics\u2013
Attributes:
-
exec_states(list[SBExecutionState]) \u2013 -
event_handlers(dict[EventType, list[Callable[..., T]]]) \u2013 -
suspended_events(dict[EventType, bool]) \u2013 -
prompt_hook(Callable[[], None]) \u2013 -
controllers(list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]) \u2013 -
pre_ctx_lines(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handlers","title":"event_handlersexec_states: list[SBExecutionState]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspended_events","title":"suspended_eventsevent_handlers: dict[EventType, list[Callable[..., T]]]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.prompt_hook","title":"prompt_hooksuspended_events: dict[EventType, bool]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.controllers","title":"controllersprompt_hook: Callable[[], None]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.pre_ctx_lines","title":"pre_ctx_linescontrollers: list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.setup","title":"setup","text":"pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.add_command","title":"add_command","text":"setup(*args, **kwargs)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.history","title":"history","text":"add_command(\n command_name: str,\n handler: Callable[[Debugger, str, bool], None],\n doc: str | None,\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.commands","title":"commands","text":"history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.lex_args","title":"lex_args","text":"commands() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_inferior","title":"selected_inferior","text":"lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_thread","title":"selected_thread","text":"selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_frame","title":"selected_frame","text":"selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.has_event_type","title":"has_event_type","text":"selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handler","title":"event_handler","text":"has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspend_events","title":"suspend_events","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.resume_events","title":"resume_events","text":"suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_sysroot","title":"set_sysroot","text":"resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.breakpoint_locations","title":"breakpoint_locations","text":"supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.name","title":"name","text":"breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.string_limit","title":"string_limit","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.get_cmd_window_size","title":"get_cmd_window_size","text":"string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.is_gdblib_available","title":"is_gdblib_available","text":"get_cmd_window_size() -> tuple[int, int]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.addrsz","title":"addrsz","text":"is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_python_diagnostics","title":"set_python_diagnostics","text":"addrsz(address: Any) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.rename_register","title":"rename_register","text":"set_python_diagnostics(enabled: bool) -> None\nrename_register(name: str, proc: LLDBProcess) -> str\nSome register names differ between Pwndbg/GDB and LLDB. This function takes in a register name in the Pwndbg/GDB convention and returns the equivalent LLDB name for the register.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.map_type_code","title":"map_type_code","text":"map_type_code(type: SBType) -> TypeCode\nDetermines the type code of a given LLDB SBType.
"},{"location":"reference/pwndbg/dbg/lldb/hooks/","title":"pwndbg.dbg.lldb.hooks","text":""},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks","title":"hooks","text":"Code that sets up hooks for LLDB events.
Functions:
-
update_typeinfo\u2013 -
reset_config\u2013 -
on_start\u2013 -
on_stop\u2013 -
on_exit\u2013 -
renew_show_context\u2013 -
prompt_hook\u2013
Attributes:
-
should_show_context\u2013 -
dbg(LLDB) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.dbg","title":"dbgshould_show_context = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.update_typeinfo","title":"update_typeinfo","text":"dbg: LLDB = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.reset_config","title":"reset_config","text":"update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_start","title":"on_start","text":"reset_config() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_stop","title":"on_stop","text":"on_start() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_exit","title":"on_exit","text":"on_stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.renew_show_context","title":"renew_show_context","text":"on_exit() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.prompt_hook","title":"prompt_hook","text":"renew_show_context()\n
"},{"location":"reference/pwndbg/dbg/lldb/pset/","title":"pwndbg.dbg.lldb.pset","text":""},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset","title":"pset","text":"prompt_hook()\nClasses:
-
InvalidParse\u2013
Functions:
-
pset\u2013Parses and sets a Pwndbg configuration value.
-
parse_value\u2013
Bases:
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.pset","title":"pset","text":"Exceptionpset(name: str, value: str) -> bool\nParses and sets a Pwndbg configuration value.
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.parse_value","title":"parse_value","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/","title":"pwndbg.dbg.lldb.repl","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl","title":"repl","text":"parse_value(param: Parameter, expression: str) -> Any\nThe Pwndbg REPL that is the interface to all debugging on LLDB.
Pwndbg has an event system that allows it to react to events in the process being debugged, such as when new executable modules get added to the its address space, when the value of memory and registers change, and pretty much all possible changes to its execution state. We'd like to have the event system work the same way under LLDB as it does under GDB.
Fortunately for us, the events types that are native to LLDB map really well to the event types in GDB and Pwndbg. Very, very unfortunately for us, however, that's basically where our luck ends.
LLDB, as of version 18, only provides two ways to capture events: registering directly with the broadcaster, or registering globally. The former is not available to us in the standard LLDB REPL, as we don't get access to the process object until after it's been launched1. Likewise for the latter, as the interactive debugger will register to receive the global process state change events before everyone else, and LLDB doesn't allow for multiple listeners for the same event bits in the same event class2.
This leaves us with handling process management ourselves as the only option we really have to implement event dispatch in Pwndbg. Easy, right? We can just hijack the commands that deal with target and process creation, and leave everything else untouched. Unfortunately for us, again, shadowing builtin commands is simply not allowed3.
So, really, all that's left for us is either implement our own REPL, or get rid of the event system.
Modules:
-
io\u2013For our REPL, we need to drive our own I/O with the process being debugged. This
-
proc\u2013 -
readline\u2013Readline interface for the Pwndbg LLDB REPL.
Classes:
-
EventRelay\u2013The event system that is sensible for the REPL process driver to use isn't
-
YieldExecDirect\u2013Execute the given command directly, on behalf of the user.
-
YieldInteractive\u2013Prompt the user for the next command.
-
PwndbgController\u2013Class providing interfaces for a client to control the behavior of Pwndbg
Functions:
-
lex_args\u2013Splits the arguments, respecting quotation marks.
-
show_greeting\u2013Show the Pwndbg greeting, the same way the GDB version of Pwndbg would. This
-
run\u2013Runs the Pwndbg CLI through the given asynchronous controller.
-
exec_repl_command\u2013Parses and runs the given command, returning whether the event loop should continue.
-
parse\u2013Parses a list of string arguments into an object containing the parsed
-
run_ipython_shell\u2013 -
target_create\u2013Creates a new target, registers it with the Pwndbg LLDB implementation, and
-
process_launch\u2013Launches a process with the given arguments.
-
process_attach\u2013Attaches to a process with the given arguments.
-
attach\u2013Attaches to a process with the given name or pid based on regex match.
-
process_connect\u2013Connects to the given remote process.
-
gdb_remote\u2013Like
process_connect, but more lenient with the remote URL format. -
continue_process\u2013Continues the execution of a process.
Attributes:
-
show_tip\u2013 -
LLDB_EXCLUSIVE\u2013 -
target_create_ap\u2013 -
target_create_unsupported\u2013 -
process_launch_ap\u2013 -
process_launch_unsupported\u2013 -
process_attach_ap\u2013 -
process_attach_unsupported\u2013 -
process_connect_ap\u2013 -
gdb_remote_ap\u2013 -
continue_ap\u2013 -
continue_unsupported\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.LLDB_EXCLUSIVE","title":"LLDB_EXCLUSIVEshow_tip = add_param(\n \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_ap","title":"target_create_apLLDB_EXCLUSIVE = [\n (\"script\", lambda cmd: startswith(\"sc\") and startswith(cmd)),\n (\"expression\", lambda cmd: startswith(\"e\") and startswith(cmd)),\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_unsupported","title":"target_create_unsupportedtarget_create_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_ap","title":"process_launch_aptarget_create_unsupported = [\n \"build\",\n \"core\",\n \"no-dependents\",\n \"remote-file\",\n \"symfile\",\n \"version\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_unsupported","title":"process_launch_unsupportedprocess_launch_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_ap","title":"process_attach_approcess_launch_unsupported = [\n \"disable-aslr\",\n \"script-class\",\n \"environment\",\n \"plugin\",\n \"shell-expand-args\",\n \"arch\",\n \"shell\",\n \"stderr\",\n \"stdin\",\n \"structured-data-key\",\n \"no-stdio\",\n \"stdout\",\n \"tty\",\n \"structured-data-value\",\n \"working-dir\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_unsupported","title":"process_attach_unsupportedprocess_attach_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect_ap","title":"process_connect_approcess_attach_unsupported = [\n \"python-class\",\n \"plugin\",\n \"structured-data-key\",\n \"structured-data-value\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote_ap","title":"gdb_remote_approcess_connect_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_ap","title":"continue_apgdb_remote_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_unsupported","title":"continue_unsupportedcontinue_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay","title":"EventRelay","text":"continue_unsupported = ['ignore-count']\nEventRelay(dbg: LLDB)\nBases:
EventHandlerThe event system that is sensible for the REPL process driver to use isn't an exact match with the one used by the rest of Pwndbg. They're close, but there's a bit of work we have to do to properly convey certain events.
Methods:
-
created\u2013 -
suspended\u2013 -
resumed\u2013 -
exited\u2013 -
modules_loaded\u2013
Attributes:
-
dbg\u2013 -
ignore_resumed\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.ignore_resumed","title":"ignore_resumeddbg = dbg\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.created","title":"created","text":"ignore_resumed = 0\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.suspended","title":"suspended","text":"created()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.resumed","title":"resumed","text":"suspended()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.exited","title":"exited","text":"resumed()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.modules_loaded","title":"modules_loaded","text":"exited()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldExecDirect","title":"YieldExecDirect","text":"modules_loaded()\nYieldExecDirect(command: str, capture: bool, prompt_silent: bool)\nExecute the given command directly, on behalf of the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldInteractive","title":"YieldInteractive","text":"Prompt the user for the next command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController","title":"PwndbgController","text":"Class providing interfaces for a client to control the behavior of Pwndbg asynchronously.
Methods:
-
interactive\u2013Runs a single interactive round, in which the user is prompted for a
-
execute\u2013Runs the given command, and displays its output to the user.
-
execute_and_capture\u2013Runs the given command, and captures its output as a byte string.
interactive() -> Awaitable[None]\nRuns a single interactive round, in which the user is prompted for a command from standard input and
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute","title":"execute","text":"readline, and whatever command they type in is executed.execute(command: str) -> Awaitable[None]\nRuns the given command, and displays its output to the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute--interactivity","title":"Interactivity","text":"Some commands - such as
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture","title":"execute_and_capture","text":"lldbandipi- start interactive prompts when they are run, and issuing them through this command will not change that behavior.execute_and_capture(command: str) -> Awaitable[bytes]\nRuns the given command, and captures its output as a byte string.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--interactivity","title":"Interactivity","text":"Same caveats apply as in
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--reliabily-of-capture","title":"Reliabily of Capture","text":"execute.Some Pwndbg commands currently do not have their outputs captured, even when run through this command. It is expected that this will be improved in the future, but, as as general rule, clients should not rely on the output of the command being available.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.lex_args","title":"lex_args","text":"lex_args(args: str) -> list[str]\nSplits the arguments, respecting quotation marks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.show_greeting","title":"show_greeting","text":"show_greeting() -> None\nShow the Pwndbg greeting, the same way the GDB version of Pwndbg would. This one is considerably simpler than the GDB version, however, as we control the lifetime of the program, we know exactly when the greeting needs to be shown, so we don't bother with any of the lifetime checks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run","title":"run","text":"run(\n controller: Callable[[PwndbgController], Coroutine[Any, Any, None]],\n debug: bool = False,\n) -> None\nRuns the Pwndbg CLI through the given asynchronous controller.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.exec_repl_command","title":"exec_repl_command","text":"exec_repl_command(\n line: str,\n lldb_out_target: BinaryIO,\n dbg: LLDB,\n driver: ProcessDriver,\n relay: EventRelay,\n) -> bool\nParses and runs the given command, returning whether the event loop should continue.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.parse","title":"parse","text":"parse(\n args: list[str], parser: ArgumentParser, unsupported: list[str]\n) -> Any | None\nParses a list of string arguments into an object containing the parsed data.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run_ipython_shell","title":"run_ipython_shell","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create","title":"target_create","text":"run_ipython_shell()\ntarget_create(args: list[str], dbg: LLDB) -> None\nCreates a new target, registers it with the Pwndbg LLDB implementation, and sets up listeners for it.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch","title":"process_launch","text":"process_launch(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\nLaunches a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach","title":"process_attach","text":"process_attach(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\nAttaches to a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.attach","title":"attach","text":"attach(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\nAttaches to a process with the given name or pid based on regex match. Used for
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect","title":"process_connect","text":"_regexp-attach <pid|name>(alias forattach <pid|name>) Note: for some reason,attachdoes not really take a regex for process name.process_connect(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\nConnects to the given remote process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote","title":"gdb_remote","text":"gdb_remote(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\nLike
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_process","title":"continue_process","text":"process_connect, but more lenient with the remote URL format.continue_process(driver: ProcessDriver, args: list[str], dbg: LLDB) -> None\nContinues the execution of a process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/","title":"pwndbg.dbg.lldb.repl.io","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io","title":"io","text":"For our REPL, we need to drive our own I/O with the process being debugged. This module contains all the strategies we have for doing that.
Classes:
-
OpportunisticTerminalControl\u2013Handles optional terminal control for a given file descriptor. Crucially,
-
IODriver\u2013 -
IODriverPlainText\u2013Plaintext-based I/O driver. It simply copies input from our standard input
-
IODriverPseudoTerminal\u2013pty-based I/O driver. Forwards input from standard input and has support for
Functions:
-
get_io_driver\u2013Instances a new IODriver using the best strategy available in the current
-
make_pty\u2013We need to make a pseudo-terminal ourselves if we want the process to handle
Attributes:
-
TERM_CONTROL_AVAILABLE\u2013 -
SELECT_AVAILABLE\u2013 -
PTY_AVAILABLE\u2013 -
TC_LFLAG\u2013 -
LIVE_PSEUDO_TERMINAL_OBJECTS\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.SELECT_AVAILABLE","title":"SELECT_AVAILABLETERM_CONTROL_AVAILABLE = True\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.PTY_AVAILABLE","title":"PTY_AVAILABLESELECT_AVAILABLE = True\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.TC_LFLAG","title":"TC_LFLAGPTY_AVAILABLE = True\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.LIVE_PSEUDO_TERMINAL_OBJECTS","title":"LIVE_PSEUDO_TERMINAL_OBJECTSTC_LFLAG = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl","title":"OpportunisticTerminalControl","text":"LIVE_PSEUDO_TERMINAL_OBJECTS = False\nOpportunisticTerminalControl(fd: int = -1)\nHandles optional terminal control for a given file descriptor. Crucially, all the functions in this class should work regardless of whether terminal control is actually supported on not, but should do nothing in case it is not supported.
'/dev/tty', and use that.
Methods:
-
get_line_buffering\u2013Gets the current state of line buffering for this terminal.
-
set_line_buffering\u2013Enables or disables line buffering for this terminal.
-
get_echo\u2013Gets the current state of echoing for this terminal.
-
set_echo\u2013Enables or disables echoing for this terminal.
Attributes:
-
fd(int) \u2013 -
supported(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.supported","title":"supportedfd: int = fd\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_line_buffering","title":"get_line_buffering","text":"supported: bool = True\nget_line_buffering() -> bool\nGets the current state of line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_line_buffering","title":"set_line_buffering","text":"set_line_buffering(enabled: bool) -> None\nEnables or disables line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_echo","title":"get_echo","text":"get_echo() -> bool\nGets the current state of echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_echo","title":"set_echo","text":"set_echo(enabled: bool) -> None\nEnables or disables echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver","title":"IODriver","text":"Methods:
-
stdio\u2013The names for the stdin, stdout and stderr files, respectively. These
-
start\u2013Starts the handling of I/O by this driver on the given process.
-
stop\u2013Stops the handling of I/O by this driver.
-
on_output_event\u2013Hints that there might be data in either the standard output or the
-
on_process_start\u2013Allow the I/O driver an opportunity to change aspects of the process
stdio() -> tuple[str | None, str | None, str | None]\nThe names for the stdin, stdout and stderr files, respectively. These will get passed as arguments to
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.start","title":"start","text":"SBTarget.Launchstart(process: Process) -> None\nStarts the handling of I/O by this driver on the given process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.stop","title":"stop","text":"stop() -> None\nStops the handling of I/O by this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_output_event","title":"on_output_event","text":"on_output_event() -> None\nHints that there might be data in either the standard output or the standard error streams. This should be called when an
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_process_start","title":"on_process_start","text":"eBroadcastBitSTDOUToreBroadcastBitSTDERRis encountered by the event loop.on_process_start(proc: SBProcess) -> None\nAllow the I/O driver an opportunity to change aspects of the process after it has been launched, but before it has started executing, if it so wishes.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText","title":"IODriverPlainText","text":"IODriverPlainText()\nBases:
IODriverPlaintext-based I/O driver. It simply copies input from our standard input to the standard input of a given process, and copies output from the standard output of a given process to out standard output.
Methods:
-
stdio\u2013 -
on_output_event\u2013 -
on_process_start\u2013 -
start\u2013 -
stop\u2013
Attributes:
-
in_thr(Thread) \u2013 -
out_thr(Thread) \u2013 -
likely_output(BoundedSemaphore) \u2013 -
process(SBProcess) \u2013 -
stop_requested(Event) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.out_thr","title":"out_thrin_thr: Thread\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.likely_output","title":"likely_outputout_thr: Thread\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.process","title":"processlikely_output: BoundedSemaphore = BoundedSemaphore(1)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop_requested","title":"stop_requestedprocess: SBProcess = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stdio","title":"stdio","text":"stop_requested: Event = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_output_event","title":"on_output_event","text":"stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_process_start","title":"on_process_start","text":"on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.start","title":"start","text":"on_process_start(proc: SBProcess) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop","title":"stop","text":"start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal","title":"IODriverPseudoTerminal","text":"stop() -> None\nIODriverPseudoTerminal(manager: int, worker: str)\nBases:
IODriverpty-based I/O driver. Forwards input from standard input and has support for terminal width and height, and for terminal-based file operations on the program being debugged.
Methods:
-
stdio\u2013 -
start\u2013 -
stop\u2013 -
on_output_event\u2013 -
on_process_start\u2013
Attributes:
-
io_thread(Thread) \u2013 -
has_terminal_control(bool) \u2013 -
manager(int) \u2013 -
worker(str) \u2013 -
termcontrol(OpportunisticTerminalControl) \u2013 -
stop_requested(Event) \u2013 -
input_buffer(bytes) \u2013 -
process(SBProcess) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.has_terminal_control","title":"has_terminal_controlio_thread: Thread\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.manager","title":"managerhas_terminal_control: bool\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.worker","title":"workermanager: int = manager\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.termcontrol","title":"termcontrolworker: str = worker\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop_requested","title":"stop_requestedtermcontrol: OpportunisticTerminalControl = OpportunisticTerminalControl()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.input_buffer","title":"input_bufferstop_requested: Event = Event()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.process","title":"processinput_buffer: bytes = b''\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stdio","title":"stdio","text":"process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.start","title":"start","text":"stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop","title":"stop","text":"start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_output_event","title":"on_output_event","text":"stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_process_start","title":"on_process_start","text":"on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.get_io_driver","title":"get_io_driver","text":"on_process_start(proc: SBProcess) -> None\nget_io_driver() -> IODriver\nInstances a new IODriver using the best strategy available in the current system. Meaning a PTY on Unix and plain text on Windows.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.make_pty","title":"make_pty","text":"make_pty() -> tuple[str, int] | None\nWe need to make a pseudo-terminal ourselves if we want the process to handle naturally for the user. Returns a tuple with the path of the worker device and the file descriptor of the manager device if successful.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/","title":"pwndbg.dbg.lldb.repl.proc","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc","title":"proc","text":"Classes:
-
EventHandler\u2013The event types that make sense for us to track in the process driver aren't
-
ProcessDriver\u2013Drives the execution of a process, responding to its events and handling its
The event types that make sense for us to track in the process driver aren't the same as the ones in the rest of Pwndbg, so we just expose the native events in process driver, and let the rest of the REPL deal with any complexities that might arise from the translation.
This is mostly intended to keep the complexity of generating the START and NEW_THREAD events correctly out of the process driver.
Methods:
-
created\u2013This function is called when a process is created or attached to.
-
suspended\u2013This function is called when the execution of a process is suspended.
-
resumed\u2013This function is called when the execution of a process is resumed.
-
exited\u2013This function is called when a process terminates or is detached from.
-
modules_loaded\u2013This function is called when a new modules have been loaded.
created()\nThis function is called when a process is created or attached to.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.suspended","title":"suspended","text":"suspended()\nThis function is called when the execution of a process is suspended.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.resumed","title":"resumed","text":"resumed()\nThis function is called when the execution of a process is resumed.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.exited","title":"exited","text":"exited()\nThis function is called when a process terminates or is detached from.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.modules_loaded","title":"modules_loaded","text":"modules_loaded()\nThis function is called when a new modules have been loaded.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver","title":"ProcessDriver","text":"ProcessDriver(event_handler: EventHandler, debug=False)\nDrives the execution of a process, responding to its events and handling its I/O, and exposes a simple synchronous interface to the REPL interface.
Methods:
-
has_process\u2013Whether there's an active process in this driver.
-
has_connection\u2013Whether this driver's connected to a target. All drivers that have an
-
cancel\u2013Request that a currently ongoing operation be cancelled.
-
interrupt\u2013Interrupts the currently running process.
-
cont\u2013Continues execution of the process this object is driving, and returns
-
run_lldb_command\u2013Runs the given LLDB command and ataches I/O if necessary.
-
run_coroutine\u2013Runs the given coroutine and allows it to control the execution of the
-
launch\u2013Launches the process and handles startup events. Always stops on first
-
attach\u2013Attach to a process and handles startup events. Always stops on first
-
connect\u2013Connects to a remote proces with the given URL using the plugin with the
Attributes:
-
io(IODriver) \u2013 -
process(SBProcess) \u2013 -
listener(SBListener) \u2013 -
debug(bool) \u2013 -
eh(EventHandler) \u2013 -
cancellation_requested(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.process","title":"processio: IODriver = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.listener","title":"listenerprocess: SBProcess = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.debug","title":"debuglistener: SBListener = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.eh","title":"ehdebug: bool = debug\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cancellation_requested","title":"cancellation_requestedeh: EventHandler = event_handler\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_process","title":"has_process","text":"cancellation_requested: bool = False\nhas_process() -> bool\nWhether there's an active process in this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_connection","title":"has_connection","text":"has_connection() -> bool\nWhether this driver's connected to a target. All drivers that have an active process also must necessarily be connected.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cancel","title":"cancel","text":"cancel() -> None\nRequest that a currently ongoing operation be cancelled.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.interrupt","title":"interrupt","text":"interrupt() -> None\nInterrupts the currently running process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cont","title":"cont","text":"cont() -> None\nContinues execution of the process this object is driving, and returns whenever the process stops.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_lldb_command","title":"run_lldb_command","text":"run_lldb_command(command: str, target: BinaryIO) -> None\nRuns the given LLDB command and ataches I/O if necessary.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_coroutine","title":"run_coroutine","text":"run_coroutine(coroutine: Coroutine[Any, Any, None]) -> bool\nRuns the given coroutine and allows it to control the execution of the process in this driver. Returns
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.launch","title":"launch","text":"Trueif the coroutine ran to completion, andFalseif it was cancelled.launch(\n target: SBTarget,\n io: IODriver,\n env: list[str],\n args: list[str],\n working_dir: str,\n) -> SBError\nLaunches the process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.attach","title":"attach","text":"attach(target: SBTarget, io: IODriver, info: SBAttachInfo) -> SBError\nAttach to a process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.connect","title":"connect","text":"connect(target: SBTarget, io: IODriver, url: str, plugin: str) -> SBError\nConnects to a remote proces with the given URL using the plugin with the given name. This might cause the process to launch in some implementations, or it might require a call to
launch(), in implementations that require a further call toSBProcess::RemoteLaunch().Fires the created() event if a process is automatically attached to or launched when a connection succeeds.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/","title":"pwndbg.dbg.lldb.repl.readline","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline","title":"readline","text":"Readline interface for the Pwndbg LLDB REPL.
Mostly concerns itself with argument completion.
Functions:
-
complete\u2013Runs the tab autocompletion function for readline based on the values
-
display_completions\u2013Display the completions found by
completein the style of LLDB. -
wrap_with_history\u2013 -
ctx_with_history\u2013 -
enable_readline\u2013Enables the readline functionality.
-
disable_readline\u2013Disables the readline functionality.
Attributes:
-
P\u2013 -
T\u2013 -
PROMPT\u2013 -
HISTORY_FILE\u2013 -
complete_values\u2013 -
complete_descrs\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.PROMPT","title":"PROMPTT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.HISTORY_FILE","title":"HISTORY_FILEPROMPT = readline_escape(prompt, 'pwndbg-lldb> ')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_values","title":"complete_valuesHISTORY_FILE = expanduser('~/.pwndbg_history')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_descrs","title":"complete_descrscomplete_values = SBStringList()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete","title":"complete","text":"complete_descrs = SBStringList()\ncomplete(dbg: LLDB, text: str, state: int) -> str | None\nRuns the tab autocompletion function for readline based on the values returned by
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.display_completions","title":"display_completions","text":"SBCommandInterpreter.HandleCompletion.display_completions(substitutions, matches, longest_match_len)\nDisplay the completions found by
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.wrap_with_history","title":"wrap_with_history","text":"completein the style of LLDB.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.ctx_with_history","title":"ctx_with_history","text":"wrap_with_history(function: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.enable_readline","title":"enable_readline","text":"ctx_with_history()\nenable_readline(dbg: LLDB)\nEnables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.disable_readline","title":"disable_readline","text":"disable_readline()\nDisables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/util/","title":"pwndbg.dbg.lldb.util","text":""},{"location":"reference/pwndbg/dbg/lldb/util/#pwndbg.dbg.lldb.util","title":"util","text":"Functions:
-
system_decode\u2013LLDB requires Python strings in many places where it makes sense to accept
system_decode(b: bytes) -> str\nLLDB requires Python strings in many places where it makes sense to accept bytes values. This is mostly an artifact of how Swig maps C
char*tostrin Python, but since Swig will refuse bytes objects, we have to figure out a way to pass this data as a regular string object, even if that's nonsensical in Python terms.This function tries its best to resolve that by decoding it with the same decoder the filesystem uses, and, failing that, ASCII.
"},{"location":"reference/pwndbg/decorators/","title":"pwndbg.decorators","text":""},{"location":"reference/pwndbg/decorators/#pwndbg.decorators","title":"decorators","text":"Functions:
-
only_after_first_prompt\u2013Decorator to prevent a function from running before the first prompt was displayed.
-
suppress_errors\u2013Decorator to make a function return a fallback value when it would otherwise error.
Attributes:
-
first_prompt\u2013 -
P\u2013 -
T\u2013 -
K\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.P","title":"Pfirst_prompt = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.K","title":"KT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.only_after_first_prompt","title":"only_after_first_prompt","text":"K = TypeVar('K')\nonly_after_first_prompt(\n value_before: T | None = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\nDecorator to prevent a function from running before the first prompt was displayed. The 'value_before' parameter can be used to specify the value that is returned if the function is called before the first prompt was displayed.
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.suppress_errors","title":"suppress_errors","text":"suppress_errors(\n fallback: K = None, should_warn: bool = True\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\nDecorator to make a function return a fallback value when it would otherwise error. The 'fallback' parameter can be used to specify the fallback value. If the 'should_warn' parameter is set, a warning will be printed whenever an error is suppressed.
"},{"location":"reference/pwndbg/emu/","title":"pwndbg.emu","text":""},{"location":"reference/pwndbg/emu/#pwndbg.emu","title":"emu","text":"Modules:
-
emulator\u2013Emulation assistance from Unicorn.
Emulation assistance from Unicorn.
Classes:
-
InstructionExecutedResult\u2013 -
Emulator\u2013
Functions:
-
parse_consts\u2013Unicorn \"consts\" is a python module consisting of a variable definition
-
create_reg_to_const_map\u2013 -
debug\u2013
Attributes:
-
arch_to_UC\u2013 -
arch_to_UC_consts\u2013 -
arch_to_reg_const_map\u2013 -
DEBUG\u2013 -
arch_to_SYSCALL\u2013 -
ARM_BANNED_INSTRUCTIONS\u2013 -
BANNED_INSTRUCTIONS\u2013 -
blacklisted_regs\u2013e = pwndbg.emu.emulator.Emulator()
module-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_UC_consts","title":"arch_to_UC_constsarch_to_UC = {\n \"i386\": UC_ARCH_X86,\n \"x86-64\": UC_ARCH_X86,\n \"mips\": UC_ARCH_MIPS,\n \"sparc\": UC_ARCH_SPARC,\n \"arm\": UC_ARCH_ARM,\n \"armcm\": UC_ARCH_ARM,\n \"aarch64\": UC_ARCH_ARM64,\n \"rv32\": UC_ARCH_RISCV,\n \"rv64\": UC_ARCH_RISCV,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_reg_const_map","title":"arch_to_reg_const_maparch_to_UC_consts = {\n \"i386\": parse_consts(x86_const),\n \"x86-64\": parse_consts(x86_const),\n \"mips\": parse_consts(mips_const),\n \"sparc\": parse_consts(sparc_const),\n \"arm\": parse_consts(arm_const),\n \"armcm\": parse_consts(arm_const),\n \"aarch64\": parse_consts(arm64_const),\n \"rv32\": parse_consts(riscv_const),\n \"rv64\": parse_consts(riscv_const),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.DEBUG","title":"DEBUGarch_to_reg_const_map = {\n \"i386\": create_reg_to_const_map(arch_to_UC_consts[\"i386\"]),\n \"x86-64\": create_reg_to_const_map(\n arch_to_UC_consts[\"x86-64\"],\n {\"FSBASE\": UC_X86_REG_FS_BASE, \"GSBASE\": UC_X86_REG_GS_BASE},\n ),\n \"mips\": create_reg_to_const_map(arch_to_UC_consts[\"mips\"]),\n \"sparc\": create_reg_to_const_map(arch_to_UC_consts[\"sparc\"]),\n \"arm\": create_reg_to_const_map(arch_to_UC_consts[\"arm\"]),\n \"armcm\": create_reg_to_const_map(arch_to_UC_consts[\"armcm\"]),\n \"aarch64\": create_reg_to_const_map(\n arch_to_UC_consts[\"aarch64\"], {\"CPSR\": UC_ARM64_REG_NZCV}\n ),\n \"rv32\": create_reg_to_const_map(arch_to_UC_consts[\"rv32\"]),\n \"rv64\": create_reg_to_const_map(arch_to_UC_consts[\"rv64\"]),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_SYSCALL","title":"arch_to_SYSCALLDEBUG = NO_DEBUG\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.ARM_BANNED_INSTRUCTIONS","title":"ARM_BANNED_INSTRUCTIONSarch_to_SYSCALL = {\n UC_ARCH_X86: [\n X86_INS_SYSCALL,\n X86_INS_SYSENTER,\n X86_INS_SYSEXIT,\n X86_INS_SYSRET,\n X86_INS_IRET,\n X86_INS_IRETD,\n X86_INS_IRETQ,\n X86_INS_INT,\n X86_INS_INT1,\n X86_INS_INT3,\n ],\n UC_ARCH_MIPS: [MIPS_INS_SYSCALL],\n UC_ARCH_SPARC: [SPARC_INS_T],\n UC_ARCH_ARM: [ARM_INS_SVC],\n UC_ARCH_ARM64: [ARM64_INS_SVC],\n UC_ARCH_PPC: [PPC_INS_SC],\n UC_ARCH_RISCV: [RISCV_INS_ECALL],\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.BANNED_INSTRUCTIONS","title":"BANNED_INSTRUCTIONSARM_BANNED_INSTRUCTIONS = {\n ARM_INS_MRC,\n ARM_INS_MRRC,\n ARM_INS_MRC2,\n ARM_INS_MRRC2,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.blacklisted_regs","title":"blacklisted_regsBANNED_INSTRUCTIONS = {\n \"mips\": {MIPS_INS_RDHWR},\n \"arm\": ARM_BANNED_INSTRUCTIONS,\n \"armcm\": ARM_BANNED_INSTRUCTIONS,\n \"aarch64\": {ARM64_INS_MRS},\n}\nmodule-attribute","text":"blacklisted_regs = ['ip', 'cs', 'ds', 'es', 'fs', 'gs', 'ss']\ne = pwndbg.emu.emulator.Emulator() e.until_jump()
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult","title":"InstructionExecutedResult","text":"Bases:
NamedTupleAttributes:
-
address(int) \u2013 -
size(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult.size","title":"sizeaddress: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator","title":"Emulator","text":"size: int\nEmulator()\nMethods:
-
read_register\u2013 -
read_memory\u2013 -
telescope\u2013 -
format_telescope\u2013 -
format_telescope_list\u2013 -
telescope_enhance\u2013 -
memory_read_string\u2013 -
__getattr__\u2013 -
update_pc\u2013 -
read_thumb_bit\u2013Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
-
get_uc_mode\u2013Retrieve the mode used by Unicorn for the current architecture.
-
map_page\u2013 -
hook_mem_invalid\u2013 -
hook_intr\u2013We never want to emulate through an interrupt. Just stop.
-
get_reg_enum\u2013Returns the Unicorn Emulator enum code for the named register.
-
hook_add\u2013 -
hook_del\u2013 -
emu_start\u2013 -
emu_stop\u2013 -
emulate_with_hook\u2013 -
mem_read\u2013 -
until_jump\u2013Emulates instructions starting at the specified address until the
-
until_jump_hook_code\u2013 -
until_call\u2013 -
until_syscall\u2013Emulates instructions starting at the specified address until the program
-
until_syscall_hook_code\u2013 -
single_step\u2013Steps one instruction.
-
single_step_iter\u2013 -
single_step_hook_code\u2013 -
dumpregs\u2013 -
trace_hook\u2013 -
__repr__\u2013
Attributes:
-
arch\u2013 -
const_regs\u2013 -
uc_mode\u2013 -
uc\u2013 -
regs(RegisterSet) \u2013 -
valid\u2013 -
last_pc\u2013 -
last_single_step_result\u2013 -
last_step_succeeded(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.const_regs","title":"const_regsarch = name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc_mode","title":"uc_modeconst_regs = arch_to_reg_const_map[arch]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc","title":"ucuc_mode = get_uc_mode()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.regs","title":"regsuc = Uc(arch_to_UC[arch], uc_mode)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.valid","title":"validregs: RegisterSet = current\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_pc","title":"last_pcvalid = True\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_single_step_result","title":"last_single_step_resultlast_pc = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_step_succeeded","title":"last_step_succeededlast_single_step_result = InstructionExecutedResult(None, None)\nproperty","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_register","title":"read_register","text":"last_step_succeeded: bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_memory","title":"read_memory","text":"read_register(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope","title":"telescope","text":"read_memory(address: int, size: int) -> bytes | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope","title":"format_telescope","text":"telescope(address: int, limit: int, read_size: int = None) -> list[int]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope_list","title":"format_telescope_list","text":"format_telescope(address: int, limit: int) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope_enhance","title":"telescope_enhance","text":"format_telescope_list(\n chain: list[int], limit: int, enhance_string_len: int = None\n) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.memory_read_string","title":"memory_read_string","text":"telescope_enhance(\n value: int, code: bool = True, enhance_string_len: int = None\n)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__getattr__","title":"__getattr__","text":"memory_read_string(\n address: int, max_string_len=None, max_read=None\n) -> str | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.update_pc","title":"update_pc","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_thumb_bit","title":"read_thumb_bit","text":"update_pc(pc=None) -> None\nread_thumb_bit() -> int\nReturn 0 or 1, representing the status of the Thumb bit in the current Arm architecture
This reads from the emulator itself, meaning this can be read to determine a state transitions between non-Thumb and Thumb mode
Return None if the Thumb bit is not relevent to the current architecture
Mimics the
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_uc_mode","title":"get_uc_mode","text":"read_thumb_bitfunction defined in aglib/arch.pyget_uc_mode()\nRetrieve the mode used by Unicorn for the current architecture.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.map_page","title":"map_page","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_mem_invalid","title":"hook_mem_invalid","text":"map_page(page) -> bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_intr","title":"hook_intr","text":"hook_mem_invalid(uc, access, address, size: int, value, user_data) -> bool\nhook_intr(uc, intno, user_data) -> None\nWe never want to emulate through an interrupt. Just stop.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_reg_enum","title":"get_reg_enum","text":"get_reg_enum(reg: str) -> int | None\nReturns the Unicorn Emulator enum code for the named register.
Also supports general registers like 'sp' and 'pc'.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_add","title":"hook_add","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_del","title":"hook_del","text":"hook_add(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_start","title":"emu_start","text":"hook_del(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_stop","title":"emu_stop","text":"emu_start(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emulate_with_hook","title":"emulate_with_hook","text":"emu_stop(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.mem_read","title":"mem_read","text":"emulate_with_hook(hook, count=512) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump","title":"until_jump","text":"mem_read(*a, **kw)\nuntil_jump(pc: int = None)\nEmulates instructions starting at the specified address until the program counter is set to an address which does not linearly follow the previously-emulated instruction.
Parameters:
-
pc(int, default:None) \u2013Address to start at. If
None, uses the current instruction.
Returns a tuple containing the address of the jump instruction, and its target in the format (address, target).
If emulation is forced to stop (e.g., because of a syscall or invalid memory access) then address is the instruction which could not be emulated through, and target will be None.
NotesThis routine does not consider 'call $+5'
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump_hook_code","title":"until_jump_hook_code","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_call","title":"until_call","text":"until_jump_hook_code(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall","title":"until_syscall","text":"until_call(pc=None)\nuntil_syscall(pc=None)\nEmulates instructions starting at the specified address until the program counter points at a syscall instruction (int 0x80, svc, etc.).
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall_hook_code","title":"until_syscall_hook_code","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step","title":"single_step","text":"until_syscall_hook_code(uc, address, size: int, user_data) -> None\nsingle_step(pc=None) -> tuple[int, int]\nSteps one instruction.
Yields:
-
int\u2013Each iteration, yields a tuple of (address_just_executed, instruction_size).
-
int\u2013Returns (None, None) upon failure to execute the instruction
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step_hook_code","title":"single_step_hook_code","text":"single_step_iter(pc=None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.dumpregs","title":"dumpregs","text":"single_step_hook_code(\n _uc, address: int, instruction_size: int, _user_data\n) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.trace_hook","title":"trace_hook","text":"dumpregs() -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__repr__","title":"__repr__","text":"trace_hook(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.parse_consts","title":"parse_consts","text":"__repr__() -> str\nparse_consts(u_consts) -> dict[str, int]\nUnicorn \"consts\" is a python module consisting of a variable definition for each known entity. We repack it here as a dict for performance.
Maps \"UC_*\" -> integer value of the constant
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.create_reg_to_const_map","title":"create_reg_to_const_map","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.debug","title":"debug","text":"create_reg_to_const_map(\n base_consts: dict[str, int], additional_mapping: dict[str, int] = None\n) -> dict[str, int]\n
"},{"location":"reference/pwndbg/enhance/","title":"pwndbg.enhance","text":""},{"location":"reference/pwndbg/enhance/#pwndbg.enhance","title":"enhance","text":"debug(debug_type, fmt, args=()) -> None\nGiven an address in memory which does not contain a pointer elsewhere into memory, attempt to describe the data as best as possible.
Currently prints out code, integers, or strings, in a best-effort manner dependent on page permissions, the contents of the data, and any supplemental information sources (e.g. active IDA Pro connection).
Functions:
-
format_small_int\u2013 -
format_small_int_pair\u2013 -
int_str\u2013 -
enhance\u2013Given the last pointer in a chain, attempt to characterize
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.format_small_int_pair","title":"format_small_int_pair","text":"format_small_int(value: int) -> str\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.int_str","title":"int_str","text":"format_small_int_pair(first: int, second: int) -> tuple[str, str]\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.enhance","title":"enhance","text":"int_str(value: int) -> str\nenhance(\n value: int,\n code: bool = True,\n safe_linking: bool = False,\n attempt_dereference=True,\n enhance_string_len: int = None,\n) -> str\nGiven the last pointer in a chain, attempt to characterize
Note that 'the last pointer in a chain' may not at all actually be a pointer.
Additionally, optimizations are made based on various sources of data for 'value'. For example, if it is set to RWX, we try to get information on whether it resides on the stack, or in a RW section that happens to be RWX, to determine which order to print the fields.
Parameters:
-
value(int) \u2013Value to enhance
-
code(bool, default:True) \u2013Hint that indicates the value may be an instruction
-
safe_linking(bool, default:False) \u2013Whether this chain use safe-linking
-
enhance_string_len(int, default:None) \u2013The length of string to display for enhancement of the last pointer
Functions:
-
print_exception\u2013 -
inform_unmet_dependencies\u2013Informs user about unmet dependencies
-
inform_report_issue\u2013Informs user that he can report an issue.
-
inform_verbose_and_debug\u2013 -
handle\u2013Displays an exception to the user, optionally displaying a full traceback
-
set_trace\u2013Enable sane debugging in Pwndbg by switching to the \"real\" stdio.
-
update\u2013
Attributes:
-
verbose\u2013 -
debug\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.debug","title":"debugverbose = add_param(\n \"exception-verbose\",\n False,\n \"print a full stacktrace for exceptions raised in pwndbg commands\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.print_exception","title":"print_exception","text":"debug = add_param(\n \"exception-debugger\",\n False,\n \"whether to debug exceptions raised in Pwndbg commands\",\n)\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_unmet_dependencies","title":"inform_unmet_dependencies","text":"print_exception(exception_msg) -> None\ninform_unmet_dependencies(errors) -> None\nInforms user about unmet dependencies
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_report_issue","title":"inform_report_issue","text":"inform_report_issue(exception_msg) -> None\nInforms user that he can report an issue. The use of caching makes it reporting only once for a given exception message.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_verbose_and_debug","title":"inform_verbose_and_debug","text":"
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.handle","title":"handle","text":"inform_verbose_and_debug() -> None\nhandle(name='Error')\nDisplays an exception to the user, optionally displaying a full traceback and spawning an interactive post-moretem debugger.
Notesset exception-verbose onenables stack traces.set exception-debugger onenables the post-mortem debugger.
set_trace() -> None\nEnable sane debugging in Pwndbg by switching to the \"real\" stdio.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.update","title":"update","text":"
"},{"location":"reference/pwndbg/gdblib/","title":"pwndbg.gdblib","text":""},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib","title":"gdblib","text":"update() -> None\nModules:
-
bpoint\u2013 -
config\u2013Dynamic configuration system for pwndbg, using GDB's built-in Parameter
-
events\u2013Enables callbacks into functions to be automatically invoked
-
functions\u2013Put all functions defined for gdb in here.
-
got\u2013Global Offset Table Tracker
-
hooks\u2013 -
info\u2013Runs a few useful commands which are available under \"info\".
-
prompt\u2013 -
ptmalloc2_tracking\u2013Heap Tracking
-
scheduler\u2013 -
shellcode\u2013Shellcode
-
symbol\u2013Looking up addresses for function names / symbols, and
-
tui\u2013 -
vmmap\u2013Routines to enumerate mapped memory, and attempt to associate
Functions:
-
load_gdblib\u2013Import all gdblib modules that need to run code on import
Attributes:
-
regs\u2013 -
__all__\u2013 -
gdb_version\u2013 -
msg\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.__all__","title":"__all__regs = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.gdb_version","title":"gdb_version__all__ = ()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.msg","title":"msggdb_version = tuple(map(int, groups()))\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.load_gdblib","title":"load_gdblib","text":"msg = 'Unsupported GDB version, pwndbg only support GDB12+'\nload_gdblib() -> None\nImport all gdblib modules that need to run code on import
"},{"location":"reference/pwndbg/gdblib/bpoint/","title":"pwndbg.gdblib.bpoint","text":""},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint","title":"bpoint","text":"Classes:
-
Breakpoint\u2013Breakpoint class, similar to gdb.Breakpoint, but clears the caches
Bases:
BreakpointBreakpoint class, similar to gdb.Breakpoint, but clears the caches associated with the stop event before determining whether it should stop the inferior or not.
Unlike gdb.Breakpoint, users of this class should override
should_stop(), instead ofstop(), as the latter is used to do cache invalidation.Methods:
-
stop\u2013 -
should_stop\u2013This function is called whenever this breakpoint is hit in the code and
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint.should_stop","title":"should_stop","text":"stop() -> bool\nshould_stop() -> bool\nThis function is called whenever this breakpoint is hit in the code and its return value determines whether the inferior will be stopped.
"},{"location":"reference/pwndbg/gdblib/config/","title":"pwndbg.gdblib.config","text":""},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config","title":"config","text":"Dynamic configuration system for pwndbg, using GDB's built-in Parameter mechanism.
To create a new pwndbg configuration point, call
pwndbg.config.add_param.Parameters should be declared in the module in which they are primarily used, or in this module for general-purpose parameters.
All pwndbg Parameter types are accessible via property access on this module, for example:
>>> pwndbg.config.add_param('example-value', 7, 'an example')\n>>> int(pwndbg.config.example_value)\n7\nClasses:
-
Parameter\u2013
Functions:
-
init_params\u2013
Attributes:
-
CLASS_MAPPING\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter","title":"Parameter","text":"CLASS_MAPPING = {\n PARAM_BOOLEAN: PARAM_BOOLEAN,\n PARAM_AUTO_BOOLEAN: PARAM_AUTO_BOOLEAN,\n PARAM_ZINTEGER: PARAM_ZINTEGER,\n PARAM_STRING: PARAM_STRING,\n PARAM_ZUINTEGER: PARAM_ZUINTEGER,\n PARAM_ENUM: PARAM_ENUM,\n PARAM_OPTIONAL_FILENAME: PARAM_OPTIONAL_FILENAME,\n PARAM_ZUINTEGER_UNLIMITED: PARAM_ZUINTEGER_UNLIMITED,\n PARAM_INTEGER: PARAM_INTEGER,\n PARAM_UINTEGER: PARAM_UINTEGER,\n}\nParameter(param: Parameter)\nBases:
ParameterMethods:
-
init_super\u2013Initializes the super class for GDB >= 9
-
on_change\u2013Called when the value of the pwndbg.lib.config.Parameter changes
-
get_set_string\u2013Handles the GDB
set <param> -
get_show_string\u2013Handles the GDB
show <param>
Attributes:
-
set_doc\u2013 -
show_doc\u2013 -
__doc__\u2013 -
param\u2013 -
value\u2013 -
native_value\u2013 -
native_default\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.show_doc","title":"show_docset_doc = 'Set ' + set_show_doc + '.'\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.__doc__","title":"__doc__show_doc = 'Show ' + set_show_doc + '.'\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.param","title":"param__doc__ = help_docstring or None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.value","title":"valueparam = param\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_value","title":"native_valuevalue = value\nproperty","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_default","title":"native_defaultnative_value\nproperty","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.init_super","title":"init_super","text":"native_default\ninit_super(param: Parameter) -> None\nInitializes the super class for GDB >= 9
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.on_change","title":"on_change","text":"on_change(value: Any) -> None\nCalled when the value of the pwndbg.lib.config.Parameter changes Transfer the value to the GDB parameter to keep them in sync.
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_set_string","title":"get_set_string","text":"get_set_string() -> str\nHandles the GDB
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_show_string","title":"get_show_string","text":"set <param>get_show_string(svalue: str) -> str\nHandles the GDB
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.init_params","title":"init_params","text":"show <param>
"},{"location":"reference/pwndbg/gdblib/events/","title":"pwndbg.gdblib.events","text":""},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events","title":"events","text":"init_params() -> None\nEnables callbacks into functions to be automatically invoked when various events occur to the debuggee (e.g. STOP on SIGINT) by using a decorator.
Classes:
-
StartEvent\u2013 -
HandlerPriority\u2013A priority level for an event handler, ordered from highest to lowest priority.
Functions:
-
wrap_safe_event_handler\u2013Wraps an event handler to ensure it is only executed when the event is safe.
-
pause\u2013 -
unpause\u2013 -
connect\u2013 -
exit\u2013 -
cont\u2013 -
new_objfile\u2013 -
stop\u2013 -
start\u2013 -
thread\u2013 -
before_prompt\u2013 -
reg_changed\u2013 -
mem_changed\u2013 -
log_objfiles\u2013 -
invoke_event\u2013 -
after_reload\u2013 -
on_reload\u2013
Attributes:
-
debug\u2013 -
gdb_workaround_stop_event\u2013 -
P\u2013 -
T\u2013 -
queued_events(Deque[Callable[..., Any]]) \u2013 -
executing_event\u2013 -
registered(dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]]) \u2013 -
connected\u2013 -
paused\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.gdb_workaround_stop_event","title":"gdb_workaround_stop_eventdebug = add_param(\n \"debug-events\", False, \"display internal event debugging info\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.P","title":"Pgdb_workaround_stop_event = add_param(\n \"gdb-workaround-stop-event\",\n 0,\n \"asynchronous stop events to improve 'commands' functionality.\",\n help_docstring=\"\\nNote: This may cause unexpected behavior with pwndbg or gdb.execute.\\n\\nValues:\\n0 - Disable the workaround (default).\\n1 - Enable asynchronous stop events; gdb.execute may behave unexpectedly(asynchronously).\\n2 - Disable only deadlock detection; deadlocks may still occur.\\n \",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.queued_events","title":"queued_eventsT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.executing_event","title":"executing_eventqueued_events: Deque[Callable[..., Any]] = deque()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.registered","title":"registeredexecuting_event = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connected","title":"connectedregistered: dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]] = {\n exited: {},\n cont: {},\n new_objfile: {},\n stop: {},\n start: {},\n new_thread: {},\n before_prompt: {},\n memory_changed: {},\n register_changed: {},\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.paused","title":"pausedconnected = {}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent","title":"StartEvent","text":"paused = defaultdict(bool)\nStartEvent()\nMethods:
-
connect\u2013 -
disconnect\u2013 -
on_new_objfile\u2013 -
on_exited\u2013 -
on_stop\u2013
Attributes:
-
registered(list[Callable[..., Any]]) \u2013 -
running\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.running","title":"runningregistered: list[Callable[..., Any]] = []\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.connect","title":"connect","text":"running = False\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.disconnect","title":"disconnect","text":"connect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_new_objfile","title":"on_new_objfile","text":"disconnect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_exited","title":"on_exited","text":"on_new_objfile() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_stop","title":"on_stop","text":"on_exited() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority","title":"HandlerPriority","text":"on_stop() -> None\nBases:
EnumA priority level for an event handler, ordered from highest to lowest priority.
Attributes:
-
CACHE_CLEAR\u2013 -
LOW\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority.LOW","title":"LOWCACHE_CLEAR = auto()\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.wrap_safe_event_handler","title":"wrap_safe_event_handler","text":"LOW = auto()\nwrap_safe_event_handler(\n event_handler: Callable[P, T], event_type: Any\n) -> Callable[P, T]\nWraps an event handler to ensure it is only executed when the event is safe. Invalid events are queued and executed later when safe.
Note: Avoid using
gdb.post_eventbecause of another bug in gdbserver where thegdb.newest_framefunction may not work properly.Workaround to fix bug in gdbserver (gdb.events.new_objfile): #2576 Workaround to fix bug in gdb (gdb.events.stop): #425
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.pause","title":"pause","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.unpause","title":"unpause","text":"pause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connect","title":"connect","text":"unpause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.exit","title":"exit","text":"connect(\n func: Callable[[], T],\n event_handler: Any,\n name: str = \"\",\n priority: HandlerPriority = LOW,\n) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.cont","title":"cont","text":"exit(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.new_objfile","title":"new_objfile","text":"cont(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.stop","title":"stop","text":"new_objfile(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.start","title":"start","text":"stop(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.thread","title":"thread","text":"start(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.before_prompt","title":"before_prompt","text":"thread(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.reg_changed","title":"reg_changed","text":"before_prompt(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.mem_changed","title":"mem_changed","text":"reg_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.log_objfiles","title":"log_objfiles","text":"mem_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.invoke_event","title":"invoke_event","text":"log_objfiles(ofile: NewObjFileEvent | None = None) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.after_reload","title":"after_reload","text":"invoke_event(event: Any, *args: Any, **kwargs: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.on_reload","title":"on_reload","text":"after_reload(fire_start: bool = True) -> None\n
"},{"location":"reference/pwndbg/gdblib/functions/","title":"pwndbg.gdblib.functions","text":""},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions","title":"functions","text":"on_reload() -> None\nPut all functions defined for gdb in here.
This file might be changed into a module in the future.
Functions:
-
GdbFunction\u2013 -
rebase\u2013Return rebased address.
-
base\u2013Return base address of the first memory mapping containing the given name.
-
hex2ptr\u2013Converts a hex string to a little-endian address and returns the address.
-
argv\u2013Evaluate argv on the supplied value.
-
envp\u2013Evaluate envp on the supplied value.
-
argc\u2013Evaluates to argc.
-
environ\u2013Evaluate getenv() on the supplied value.
-
dbg_value_to_gdb\u2013
Attributes:
-
functions(list[_GdbFunction]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.GdbFunction","title":"GdbFunction","text":"functions: list[_GdbFunction] = []\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.rebase","title":"rebase","text":"GdbFunction(only_when_running: bool = False) -> Callable[..., Any]\nrebase(addr: int | Value) -> int\nReturn rebased address.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.base","title":"base","text":"base(name_pattern: str | Value) -> int\nReturn base address of the first memory mapping containing the given name.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.hex2ptr","title":"hex2ptr","text":"hex2ptr(hex_string: str | Value) -> int\nConverts a hex string to a little-endian address and returns the address. Example usage: $hex2ptr(\"00 70 75 c1 cd ef 59 00\")
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argv","title":"argv","text":"argv(number_value: Value) -> Value\nEvaluate argv on the supplied value.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.envp","title":"envp","text":"envp(number_value: Value) -> Value\nEvaluate envp on the supplied value.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argc","title":"argc","text":"argc(*args) -> int\nEvaluates to argc.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.environ","title":"environ","text":"environ(name_value: Value) -> Value\nEvaluate getenv() on the supplied value.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.dbg_value_to_gdb","title":"dbg_value_to_gdb","text":"
"},{"location":"reference/pwndbg/gdblib/got/","title":"pwndbg.gdblib.got","text":""},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got","title":"got","text":"dbg_value_to_gdb(d: Value) -> Value\nGlobal Offset Table Tracker
Subsystem for tracking accesses to external function calls made through pointers in an inferior's Global Offset Table, such as those made by the stubs in the Procedure Linkage Table.
Currently, it does this by attatching watchpoints to the entries in the GOT and taking note of where the call came from, but it could be done much faster by injecting our own code into the program space to track this.
Classes:
-
RelocTypes\u2013This class contains all the relocation type constants so that one may
-
TrapAllocator\u2013Utility that allocates and manages executable addresses in the space of the
-
Patcher\u2013Watches for changes made by program code to the GOT and fixes them up.
-
Tracker\u2013Class that tracks the accesses made to the entries in the GOT.
Functions:
-
is_mmap_error\u2013Checks whether the return value of an mmap of indicates an error.
-
display_name\u2013Return the display name for a symbol or objfile.
-
all_tracked_entries\u2013Return an iterator over all of the GOT whose accesses are being tracked.
-
tracked_entry_by_address\u2013Return the tracker associated with the entry at the given address, if any.
-
enable_got_call_tracking\u2013Enable the analysis of calls made through the GOT.
-
disable_got_call_tracking\u2013Disable the analysis of calls made through the GOT.
-
jump_slots_for\u2013Returns the jump slot addresses described by the given dynamic section.
Attributes:
-
JUMP_SLOTS\u2013 -
IRELATIVE_SLOTS\u2013 -
TRAP_ALLOCATOR\u2013 -
GOT_TRACKING\u2013 -
INSTALLED_WATCHPOINTS(dict[int, tuple[Tracker, Patcher]]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.IRELATIVE_SLOTS","title":"IRELATIVE_SLOTSJUMP_SLOTS = {\n \"x86-64\": {R_X86_64_JUMP_SLOT},\n \"i386\": {R_386_JMP_SLOT},\n \"aarch64\": {R_AARCH64_JUMP_SLOT},\n \"mips\": {R_MIPS_JUMP_SLOT},\n \"powerpc\": {R_PPC_JMP_SLOT},\n \"sparc\": {R_SPARC_JMP_SLOT},\n \"arm\": {R_ARM_JUMP_SLOT},\n \"armcm\": {R_ARM_JUMP_SLOT},\n \"rv32\": {R_RISCV_JUMP_SLOT},\n \"rv64\": {R_RISCV_JUMP_SLOT},\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TRAP_ALLOCATOR","title":"TRAP_ALLOCATORIRELATIVE_SLOTS = {\n \"x86-64\": {R_X86_64_IRELATIVE},\n \"i386\": {R_386_IRELATIVE},\n \"aarch64\": {R_AARCH64_P32_IRELATIVE, R_AARCH64_IRELATIVE},\n \"mips\": set(),\n \"powerpc\": {R_PPC_IRELATIVE},\n \"sparc\": {R_SPARC_IRELATIVE},\n \"arm\": {R_ARM_IRELATIVE},\n \"armcm\": {R_ARM_IRELATIVE},\n \"rv32\": {R_RISCV_IRELATIVE},\n \"rv64\": {R_RISCV_IRELATIVE},\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.GOT_TRACKING","title":"GOT_TRACKINGTRAP_ALLOCATOR = TrapAllocator()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.INSTALLED_WATCHPOINTS","title":"INSTALLED_WATCHPOINTSGOT_TRACKING = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes","title":"RelocTypes","text":"INSTALLED_WATCHPOINTS: dict[int, tuple[Tracker, Patcher]] = {}\nThis class contains all the relocation type constants so that one may interpret the relocations types present in the DYNAMIC segment. These constants are defined in each of the processors' SystemV R4 psABI document, or equivalent, and should stay the same across all implementations of libc on systems that adhere to that ABI, such as Linux.
Most of these were sourced from GLibc, which conveniently lists all of the relocations types in a single file1.
Attributes:
-
R_RISCV_JUMP_SLOT\u2013 -
R_X86_64_JUMP_SLOT\u2013 -
R_386_JMP_SLOT\u2013 -
R_CRIS_JUMP_SLOT\u2013 -
R_390_JMP_SLOT\u2013 -
R_CKCORE_JUMP_SLOT\u2013 -
R_TILEPRO_JMP_SLOT\u2013 -
R_MICROBLAZE_JUMP_SLOT\u2013 -
R_TILEGX_JMP_SLOT\u2013 -
R_OR1K_JMP_SLOT\u2013 -
R_68K_JMP_SLOT\u2013 -
R_SPARC_JMP_SLOT\u2013 -
R_PPC_JMP_SLOT\u2013 -
R_PPC64_JMP_SLOT\u2013 -
R_ARM_JUMP_SLOT\u2013 -
R_MN10300_JMP_SLOT\u2013 -
R_ALPHA_JMP_SLOT\u2013 -
R_NIOS2_JUMP_SLOT\u2013 -
R_NDS32_JMP_SLOT\u2013 -
R_METAG_JMP_SLOT\u2013 -
R_M32R_JMP_SLOT\u2013 -
R_ARC_JMP_SLOT\u2013 -
R_MIPS_JUMP_SLOT\u2013 -
R_SH_JMP_SLOT\u2013 -
R_AARCH64_JUMP_SLOT\u2013 -
R_X86_64_IRELATIVE\u2013 -
R_386_IRELATIVE\u2013 -
R_RISCV_IRELATIVE\u2013 -
R_390_IRELATIVE\u2013 -
R_ARM_IRELATIVE\u2013 -
R_AARCH64_P32_IRELATIVE\u2013 -
R_PPC_IRELATIVE\u2013 -
R_PPC64_IRELATIVE\u2013 -
R_SPARC_IRELATIVE\u2013 -
R_AARCH64_IRELATIVE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_JUMP_SLOT","title":"R_X86_64_JUMP_SLOTR_RISCV_JUMP_SLOT = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_JMP_SLOT","title":"R_386_JMP_SLOTR_X86_64_JUMP_SLOT = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CRIS_JUMP_SLOT","title":"R_CRIS_JUMP_SLOTR_386_JMP_SLOT = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_JMP_SLOT","title":"R_390_JMP_SLOTR_CRIS_JUMP_SLOT = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CKCORE_JUMP_SLOT","title":"R_CKCORE_JUMP_SLOTR_390_JMP_SLOT = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEPRO_JMP_SLOT","title":"R_TILEPRO_JMP_SLOTR_CKCORE_JUMP_SLOT = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MICROBLAZE_JUMP_SLOT","title":"R_MICROBLAZE_JUMP_SLOTR_TILEPRO_JMP_SLOT = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEGX_JMP_SLOT","title":"R_TILEGX_JMP_SLOTR_MICROBLAZE_JUMP_SLOT = 17\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_OR1K_JMP_SLOT","title":"R_OR1K_JMP_SLOTR_TILEGX_JMP_SLOT = 18\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_68K_JMP_SLOT","title":"R_68K_JMP_SLOTR_OR1K_JMP_SLOT = 20\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_JMP_SLOT","title":"R_SPARC_JMP_SLOTR_68K_JMP_SLOT = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_JMP_SLOT","title":"R_PPC_JMP_SLOTR_SPARC_JMP_SLOT = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_JMP_SLOT","title":"R_PPC64_JMP_SLOTR_PPC_JMP_SLOT = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_JUMP_SLOT","title":"R_ARM_JUMP_SLOTR_PPC64_JMP_SLOT = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MN10300_JMP_SLOT","title":"R_MN10300_JMP_SLOTR_ARM_JUMP_SLOT = 22\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ALPHA_JMP_SLOT","title":"R_ALPHA_JMP_SLOTR_MN10300_JMP_SLOT = 22\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NIOS2_JUMP_SLOT","title":"R_NIOS2_JUMP_SLOTR_ALPHA_JMP_SLOT = 26\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NDS32_JMP_SLOT","title":"R_NDS32_JMP_SLOTR_NIOS2_JUMP_SLOT = 38\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_METAG_JMP_SLOT","title":"R_METAG_JMP_SLOTR_NDS32_JMP_SLOT = 41\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_M32R_JMP_SLOT","title":"R_M32R_JMP_SLOTR_METAG_JMP_SLOT = 44\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARC_JMP_SLOT","title":"R_ARC_JMP_SLOTR_M32R_JMP_SLOT = 52\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MIPS_JUMP_SLOT","title":"R_MIPS_JUMP_SLOTR_ARC_JMP_SLOT = 55\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SH_JMP_SLOT","title":"R_SH_JMP_SLOTR_MIPS_JUMP_SLOT = 127\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_JUMP_SLOT","title":"R_AARCH64_JUMP_SLOTR_SH_JMP_SLOT = 164\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_IRELATIVE","title":"R_X86_64_IRELATIVER_AARCH64_JUMP_SLOT = 1026\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_IRELATIVE","title":"R_386_IRELATIVER_X86_64_IRELATIVE = 37\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_RISCV_IRELATIVE","title":"R_RISCV_IRELATIVER_386_IRELATIVE = 42\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_IRELATIVE","title":"R_390_IRELATIVER_RISCV_IRELATIVE = 58\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_IRELATIVE","title":"R_ARM_IRELATIVER_390_IRELATIVE = 61\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_P32_IRELATIVE","title":"R_AARCH64_P32_IRELATIVER_ARM_IRELATIVE = 160\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_IRELATIVE","title":"R_PPC_IRELATIVER_AARCH64_P32_IRELATIVE = 188\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_IRELATIVE","title":"R_PPC64_IRELATIVER_PPC_IRELATIVE = 248\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_IRELATIVE","title":"R_SPARC_IRELATIVER_PPC64_IRELATIVE = 248\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_IRELATIVE","title":"R_AARCH64_IRELATIVER_SPARC_IRELATIVE = 249\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator","title":"TrapAllocator","text":"R_AARCH64_IRELATIVE = 1032\nTrapAllocator()\nUtility that allocates and manages executable addresses in the space of the executing program that we can trap.
Methods:
-
alloc\u2013Allocates a new address to where program execution can be diverted.
-
free\u2013Indicates that an address obtained from alloc() can be recycled.
-
clear\u2013Deletes all memory mappings and frees all addresses.
Attributes:
-
block_capacity\u2013 -
slot_size\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.slot_size","title":"slot_sizeblock_capacity = 4096\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.alloc","title":"alloc","text":"slot_size = 8\nalloc()\nAllocates a new address to where program execution can be diverted.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.free","title":"free","text":"free(address) -> None\nIndicates that an address obtained from alloc() can be recycled.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.clear","title":"clear","text":"clear()\nDeletes all memory mappings and frees all addresses.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher","title":"Patcher","text":"Patcher(entry, tracker)\nBases:
BreakpointWatches for changes made by program code to the GOT and fixes them up.
This class is paired with Tracker, and instances of both classes always function together.
Methods:
-
should_stop\u2013 -
stop\u2013
Attributes:
-
silent\u2013 -
entry\u2013 -
tracker\u2013 -
init\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.entry","title":"entrysilent = True\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.tracker","title":"trackerentry = entry\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.init","title":"inittracker = tracker\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.should_stop","title":"should_stop","text":"init = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.stop","title":"stop","text":"should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker","title":"Tracker","text":"stop() -> bool\nTracker()\nBases:
BreakpointClass that tracks the accesses made to the entries in the GOT.
This class is paired with Patcher, and instances of both classes always function together.
Methods:
-
delete\u2013 -
should_stop\u2013 -
stop\u2013
Attributes:
-
total_hits\u2013 -
target\u2013 -
dynamic_section\u2013 -
relocation_fn\u2013 -
relocation_index\u2013 -
link_map_entry\u2013 -
trapped_address\u2013 -
hits(dict[tuple[int, ...], int]) \u2013 -
silent\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.target","title":"targettotal_hits = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.dynamic_section","title":"dynamic_sectiontarget = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_fn","title":"relocation_fndynamic_section = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_index","title":"relocation_indexrelocation_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.link_map_entry","title":"link_map_entryrelocation_index = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.trapped_address","title":"trapped_addresslink_map_entry = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.hits","title":"hitstrapped_address = alloc()\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.silent","title":"silenthits: dict[tuple[int, ...], int] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.delete","title":"delete","text":"silent = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.should_stop","title":"should_stop","text":"delete() -> None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.stop","title":"stop","text":"should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.is_mmap_error","title":"is_mmap_error","text":"stop() -> bool\nis_mmap_error(ptr: int)\nChecks whether the return value of an mmap of indicates an error.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.display_name","title":"display_name","text":"display_name(name, basename=False)\nReturn the display name for a symbol or objfile.
Ideally, we'd like to display all of the names of the symbols as text, but there is really nothing stopping symbol names from being stored in some fairly wacky encoding or really from having names that aren't text at all.
We should try our best to turn whatever the symbol name is into text, but not so much that non-text entries or entries in unknown encodings become unrecognizable.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.all_tracked_entries","title":"all_tracked_entries","text":"all_tracked_entries()\nReturn an iterator over all of the GOT whose accesses are being tracked.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.tracked_entry_by_address","title":"tracked_entry_by_address","text":"tracked_entry_by_address(address)\nReturn the tracker associated with the entry at the given address, if any.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.enable_got_call_tracking","title":"enable_got_call_tracking","text":"enable_got_call_tracking(disable_hardware_whatchpoints=True) -> None\nEnable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.disable_got_call_tracking","title":"disable_got_call_tracking","text":"disable_got_call_tracking() -> None\nDisable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.jump_slots_for","title":"jump_slots_for","text":"jump_slots_for(dynamic)\nReturns the jump slot addresses described by the given dynamic section.
"},{"location":"reference/pwndbg/gdblib/hooks/","title":"pwndbg.gdblib.hooks","text":""},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks","title":"hooks","text":"Functions:
-
update_typeinfo\u2013 -
update_arch\u2013 -
reset_config\u2013 -
on_start\u2013 -
on_stop\u2013 -
on_exit\u2013 -
init\u2013Calls all GDB hook functions that need to be called when GDB/pwndbg
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.update_arch","title":"update_arch","text":"update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.reset_config","title":"reset_config","text":"update_arch() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_start","title":"on_start","text":"reset_config() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_stop","title":"on_stop","text":"on_start() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_exit","title":"on_exit","text":"on_stop() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.init","title":"init","text":"on_exit() -> None\ninit() -> None\nCalls all GDB hook functions that need to be called when GDB/pwndbg itself is loaded, as opposed to when an actual hook event occurs
"},{"location":"reference/pwndbg/gdblib/info/","title":"pwndbg.gdblib.info","text":""},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info","title":"info","text":"Runs a few useful commands which are available under \"info\".
Functions:
-
proc_mappings\u2013 -
auxv\u2013 -
files\u2013 -
target\u2013 -
sharedlibrary\u2013 -
parsed_sharedlibrary\u2013Returns a dictionary of shared libraries with their .text section from and to addresses.
-
sharedlibrary_paths\u2013Get the paths of all shared libraries loaded in the process by parsing the output of \"info sharedlibrary\".
-
address\u2013
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.auxv","title":"auxv","text":"proc_mappings() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.files","title":"files","text":"auxv() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.target","title":"target","text":"files() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary","title":"sharedlibrary","text":"target() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.parsed_sharedlibrary","title":"parsed_sharedlibrary","text":"sharedlibrary() -> str\nparsed_sharedlibrary() -> dict[str, tuple[int, int]]\nReturns a dictionary of shared libraries with their .text section from and to addresses.
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary_paths","title":"sharedlibrary_paths","text":"sharedlibrary_paths() -> list[str]\nGet the paths of all shared libraries loaded in the process by parsing the output of \"info sharedlibrary\".
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.address","title":"address","text":"
"},{"location":"reference/pwndbg/gdblib/prompt/","title":"pwndbg.gdblib.prompt","text":""},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt","title":"prompt","text":"address(symbol: str) -> int | None\nFunctions:
-
initial_hook\u2013 -
show_hint\u2013 -
thread_is_stopped\u2013This detects whether selected thread is stopped.
-
prompt_hook\u2013 -
reset_context_shown\u2013 -
set_prompt\u2013
Attributes:
-
show_tip\u2013 -
cur(tuple[Inferior, InferiorThread] | None) \u2013 -
context_shown\u2013 -
last_alive_state\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.cur","title":"curshow_tip = add_param(\n \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.context_shown","title":"context_showncur: tuple[Inferior, InferiorThread] | None = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.last_alive_state","title":"last_alive_statecontext_shown = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.initial_hook","title":"initial_hook","text":"last_alive_state = False\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.show_hint","title":"show_hint","text":"initial_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.thread_is_stopped","title":"thread_is_stopped","text":"show_hint() -> None\nthread_is_stopped() -> bool\nThis detects whether selected thread is stopped. It is not stopped in situations when gdb is executing commands that are attached to a breakpoint by
commandcommand.For more info see issue #229 ( #299 ) :return: Whether gdb executes commands attached to bp with
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.prompt_hook","title":"prompt_hook","text":"commandcommand.
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.reset_context_shown","title":"reset_context_shown","text":"prompt_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.set_prompt","title":"set_prompt","text":"reset_context_shown(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/","title":"pwndbg.gdblib.ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"set_prompt() -> None\nHeap Tracking
This module implements runtime tracking of the heap, allowing pwndbg to detect heap related misbehavior coming from an inferior in real time, which lets us catch UAF bugs, double frees (and more), and report them to the user.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--approach","title":"Approach","text":"The approach used starting with using breakpoints to hook into the following libc symbols:
malloc,free,calloc, andrealloc. Each hook has a reference to a shared instance of theTrackerclass, which is responsible for handling the tracking of the chunks of memory from the heap.The tracker keeps two sorted maps of chunks, for freed and in use chunks, keyed by their base address. Newly allocated chunks are added to the map of in use chunks right before an allocating call returns, and newly freed chunks are moved from the map of in use chunks to the map of free ones right before a freeing call returns. The tracker is also responsible for installing watchpoints for free chunks when they're added to the free chunk map and deleting them when their corresponding chunks are removed from the map.
Additionally, because going through the data structures inside of libc to determine whether a chunk is free or not is, more often than not, a fairly slow operation, this module will only do so when it determines its view of the chunks has diverged from the one in libc in a way that would affect behavior. When such a diffence is detected, this module will rebuild the chunk maps in the range it determines to have been affected.
Currently, the way it does this is by deleting and querying from libc the new status of all chunks that overlap the region of a new allocation when it detects that allocation overlaps chunks it previously considered free.
This approach lets us avoid a lot of the following linked lists that comes with trying to answer the allocation status of a chunk, by keeping at hand as much known-good information as possible about them. Keep in mind that, although it is much faster than going to libc every time we need to know the allocation status of a chunk, this approach does have drawbacks when it comes to memory usage.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--compatibility","title":"Compatibility","text":"Currently module assumes the inferior is using GLibc.
There are points along the code in this module where the assumptions it makes are explicitly documented and checked to be valid for the current inferior, so that it may be immediately clear to the user that something has gone wrong if they happen to not be valid. However, be aware that there may be assumptions that were not made explicit.
Classes:
-
FreeChunkWatchpoint\u2013 -
AllocChunkWatchpoint\u2013 -
Chunk\u2013 -
Tracker\u2013 -
MallocEnterBreakpoint\u2013 -
CallocEnterBreakpoint\u2013 -
AllocExitBreakpoint\u2013 -
ReallocEnterBreakpoint\u2013 -
ReallocExitBreakpoint\u2013 -
FreeEnterBreakpoint\u2013 -
FreeExitBreakpoint\u2013
Functions:
-
is_enabled\u2013Whether the heap tracker in enabled.
-
resolve_address\u2013Checks whether a given symbol is available and part of libc, and returns its
-
get_chunk\u2013Reads a chunk from a given address.
-
in_program_code_stack\u2013 -
install\u2013 -
uninstall\u2013
Attributes:
-
LIBC_NAME\u2013 -
MALLOC_NAME\u2013 -
CALLOC_NAME\u2013 -
REALLOC_NAME\u2013 -
FREE_NAME\u2013 -
last_issue(str | None) \u2013 -
PRINT_DEBUG\u2013 -
DEFERED_DELETE(list[Breakpoint]) \u2013 -
malloc_enter\u2013 -
calloc_enter\u2013 -
realloc_enter\u2013 -
free_enter\u2013 -
stop_on_error\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MALLOC_NAME","title":"MALLOC_NAMELIBC_NAME = 'libc.so.6'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CALLOC_NAME","title":"CALLOC_NAMEMALLOC_NAME = 'malloc'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.REALLOC_NAME","title":"REALLOC_NAMECALLOC_NAME = 'calloc'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FREE_NAME","title":"FREE_NAMEREALLOC_NAME = 'realloc'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.last_issue","title":"last_issueFREE_NAME = 'free'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.PRINT_DEBUG","title":"PRINT_DEBUGlast_issue: str | None = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.DEFERED_DELETE","title":"DEFERED_DELETEPRINT_DEBUG = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.malloc_enter","title":"malloc_enterDEFERED_DELETE: list[Breakpoint] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.calloc_enter","title":"calloc_entermalloc_enter = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.realloc_enter","title":"realloc_entercalloc_enter = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.free_enter","title":"free_enterrealloc_enter = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.stop_on_error","title":"stop_on_errorfree_enter = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint","title":"FreeChunkWatchpoint","text":"stop_on_error = True\nFreeChunkWatchpoint(chunk: Chunk, tracker: Tracker)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
chunk\u2013 -
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.tracker","title":"trackerchunk = chunk\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint","title":"AllocChunkWatchpoint","text":"stop()\nAllocChunkWatchpoint(chunk: Chunk)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
chunk\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint.stop","title":"stop","text":"chunk = chunk\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk","title":"Chunk","text":"stop() -> bool\nChunk(address: int, size: int, requested_size: int, flags: int)\nAttributes:
-
address\u2013 -
size\u2013 -
requested_size\u2013 -
flags\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.size","title":"sizeaddress = address\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.requested_size","title":"requested_sizesize = size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.flags","title":"flagsrequested_size = requested_size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker","title":"Tracker","text":"flags = flags\nTracker()\nMethods:
-
is_performing_memory_management\u2013 -
enter_memory_management\u2013 -
exit_memory_management\u2013 -
malloc\u2013 -
free\u2013
Attributes:
-
free_chunks(SortedDict[int, Chunk]) \u2013 -
alloc_chunks(SortedDict[int, Chunk]) \u2013 -
free_watchpoints(dict[int, FreeChunkWatchpoint]) \u2013 -
memory_management_calls(dict[int, bool]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.alloc_chunks","title":"alloc_chunksfree_chunks: SortedDict[int, Chunk] = SortedDict()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free_watchpoints","title":"free_watchpointsalloc_chunks: SortedDict[int, Chunk] = SortedDict()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.memory_management_calls","title":"memory_management_callsfree_watchpoints: dict[int, FreeChunkWatchpoint] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.is_performing_memory_management","title":"is_performing_memory_management","text":"memory_management_calls: dict[int, bool] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.enter_memory_management","title":"enter_memory_management","text":"is_performing_memory_management()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.exit_memory_management","title":"exit_memory_management","text":"enter_memory_management(name: str) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.malloc","title":"malloc","text":"exit_memory_management() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free","title":"free","text":"malloc(chunk: Chunk) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint","title":"MallocEnterBreakpoint","text":"free(address: int) -> bool\nMallocEnterBreakpoint(address, tracker)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint","title":"CallocEnterBreakpoint","text":"stop() -> bool\nCallocEnterBreakpoint(address, tracker)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint","title":"AllocExitBreakpoint","text":"stop() -> bool\nAllocExitBreakpoint(tracker, requested_size, name)\nBases:
FinishBreakpointMethods:
-
stop\u2013 -
out_of_scope\u2013
Attributes:
-
requested_size\u2013 -
tracker\u2013 -
name\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.tracker","title":"trackerrequested_size = requested_size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.name","title":"nametracker = tracker\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.stop","title":"stop","text":"name = name\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint","title":"ReallocEnterBreakpoint","text":"out_of_scope() -> None\nReallocEnterBreakpoint(address, tracker)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint","title":"ReallocExitBreakpoint","text":"stop() -> bool\nReallocExitBreakpoint(tracker, freed_ptr, requested_size)\nBases:
FinishBreakpointMethods:
-
stop\u2013 -
out_of_scope\u2013
Attributes:
-
freed_ptr\u2013 -
requested_size\u2013 -
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.requested_size","title":"requested_sizefreed_ptr = freed_ptr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.tracker","title":"trackerrequested_size = requested_size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint","title":"FreeEnterBreakpoint","text":"out_of_scope() -> None\nFreeEnterBreakpoint(address, tracker)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint","title":"FreeExitBreakpoint","text":"stop() -> bool\nFreeExitBreakpoint(tracker, ptr)\nBases:
FinishBreakpointMethods:
-
stop\u2013 -
out_of_scope\u2013
Attributes:
-
ptr\u2013 -
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.tracker","title":"trackerptr = ptr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.out_of_scope","title":"out_of_scope","text":"stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.is_enabled","title":"is_enabled","text":"out_of_scope() -> None\nis_enabled() -> bool\nWhether the heap tracker in enabled.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.resolve_address","title":"resolve_address","text":"resolve_address(name: str) -> int | None\nChecks whether a given symbol is available and part of libc, and returns its address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.get_chunk","title":"get_chunk","text":"get_chunk(address, requested_size)\nReads a chunk from a given address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.in_program_code_stack","title":"in_program_code_stack","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.install","title":"install","text":"in_program_code_stack() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.uninstall","title":"uninstall","text":"install(disable_hardware_watchpoints=True) -> None\n
"},{"location":"reference/pwndbg/gdblib/scheduler/","title":"pwndbg.gdblib.scheduler","text":""},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler","title":"scheduler","text":"uninstall() -> None\nFunctions:
-
lock_scheduler\u2013This context manager can be used to run GDB commands with threads scheduling
-
parse_and_eval_with_scheduler_lock\u2013
lock_scheduler() -> Iterator[None]\nThis context manager can be used to run GDB commands with threads scheduling being locked which means that other threads will be stopped during execution.
This is useful to prevent bugs where e.g.: gdb.parse_and_eval(\"(int)foo()\") would execute foo() on the current debugee thread but would also unlock other threads for being executed and those other threads may for example hit a breakpoint we set previously which would be confusing for the user.
See also: https://sourceware.org/gdb/onlinedocs/gdb/All_002dStop-Mode.html
"},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler.parse_and_eval_with_scheduler_lock","title":"parse_and_eval_with_scheduler_lock","text":"
"},{"location":"reference/pwndbg/gdblib/shellcode/","title":"pwndbg.gdblib.shellcode","text":""},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode","title":"shellcode","text":"parse_and_eval_with_scheduler_lock(expr: str) -> Value\nShellcode
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
Functions:
-
exec_syscall\u2013Tries executing the given syscall in the context of the inferior.
-
exec_shellcode\u2013Tries executing the given blob of machine code in the current context of the
exec_syscall(\n syscall,\n arg0=None,\n arg1=None,\n arg2=None,\n arg3=None,\n arg4=None,\n arg5=None,\n arg6=None,\n disable_breakpoints=False,\n)\nTries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode","title":"exec_shellcode","text":"exec_shellcode(\n blob, restore_context=True, capture=None, disable_breakpoints=False\n)\nTries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode--safety","title":"Safety","text":"Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/gdblib/symbol/","title":"pwndbg.gdblib.symbol","text":""},{"location":"reference/pwndbg/gdblib/symbol/#pwndbg.gdblib.symbol","title":"symbol","text":"Looking up addresses for function names / symbols, and vice-versa.
Uses IDA when available if there isn't sufficient symbol information available.
Functions:
-
selected_frame_source_absolute_filename\u2013Retrieve the symbol table\u2019s source absolute file name from the selected frame.
selected_frame_source_absolute_filename()\nRetrieve the symbol table\u2019s source absolute file name from the selected frame.
In case of missing symbol table or frame information, None is returned.
"},{"location":"reference/pwndbg/gdblib/tui/","title":"pwndbg.gdblib.tui","text":""},{"location":"reference/pwndbg/gdblib/tui/#pwndbg.gdblib.tui","title":"tui","text":"Modules:
-
context\u2013 -
control\u2013
Functions:
-
setup\u2013
"},{"location":"reference/pwndbg/gdblib/tui/context/","title":"pwndbg.gdblib.tui.context","text":""},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context","title":"context","text":"setup() -> None\nClasses:
-
ContextTUIWindow\u2013
Attributes:
-
sections\u2013 -
target_func(Callable[..., _Window]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.target_func","title":"target_funcsections = ['legend'] + [replace('context_', '') for section in values()]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow","title":"ContextTUIWindow","text":"target_func: Callable[..., _Window] = (\n lambda window, section_name=section_name: ContextTUIWindow(\n window, section_name\n )\n)\nContextTUIWindow(tui_window: 'gdb.TuiWindow', section: str)\nMethods:
-
close\u2013 -
render\u2013 -
hscroll\u2013 -
vscroll\u2013 -
click\u2013
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.render","title":"render","text":"close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.hscroll","title":"hscroll","text":"render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.vscroll","title":"vscroll","text":"hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.click","title":"click","text":"vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/","title":"pwndbg.gdblib.tui.control","text":""},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control","title":"control","text":"click(x: int, y: int, button: int) -> None\nClasses:
-
ControlTUIWindow\u2013
ControlTUIWindow(tui_window: 'gdb.TuiWindow')\nMethods:
-
close\u2013 -
render\u2013 -
hscroll\u2013 -
vscroll\u2013 -
click\u2013
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.render","title":"render","text":"close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.hscroll","title":"hscroll","text":"render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.vscroll","title":"vscroll","text":"hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.click","title":"click","text":"vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/vmmap/","title":"pwndbg.gdblib.vmmap","text":""},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap","title":"vmmap","text":"click(x: int, y: int, button: int) -> None\nRoutines to enumerate mapped memory, and attempt to associate address ranges with various ELF files and permissions.
The reason that we need robustness is that not every operating system has /proc/$$/maps, which backs 'info proc mapping'.
Functions:
-
is_corefile\u2013For example output use:
-
get_known_maps\u2013Similar to
vmmap.get(), except only returns maps in cases where -
coredump_maps\u2013Parses
info proc mappingsandmaintenance info sections -
parse_info_proc_mappings_line\u2013Parse a line from
info proc mappingsand return a pwndbg.lib.memory.Page -
info_proc_maps\u2013Parse the result of info proc mappings.
-
proc_tid_maps\u2013Parse the contents of /proc/$TID/maps on the server.
-
info_sharedlibrary\u2013Parses the output of
info sharedlibrary. -
info_files\u2013 -
info_auxv\u2013Extracts the name of the executable from the output of the command
For example output useis_corefile() -> bool\ngdb ./tests/binaries/crash_simple.out -ex run -ex 'generate-core-file ./core' -ex 'quit'
And then usegdb ./tests/binaries/crash_simple.out -core ./core -ex 'info target'
And: gdb -core ./core
As the two differ in output slighty.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.get_known_maps","title":"get_known_maps","text":"get_known_maps() -> tuple[Page, ...] | None\nSimilar to
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.coredump_maps","title":"coredump_maps","text":"vmmap.get(), except only returns maps in cases where the mappings are known, like if it's a coredump, or if process mappings are available.coredump_maps() -> tuple[Page, ...]\nParses
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.parse_info_proc_mappings_line","title":"parse_info_proc_mappings_line","text":"info proc mappingsandmaintenance info sectionsand tries to make sense out of the result :)parse_info_proc_mappings_line(\n line: str, perms_available: bool, parse_flags: bool\n) -> Page | None\nParse a line from
Example linesinfo proc mappingsand return a pwndbg.lib.memory.Page object if the line is valid.0x4c3000 0x4c5000 0x2000 0xc2000 rw-p /root/hello_world/main 0x4c5000 0x4cb000 0x6000 0x0 rw-p
The objfile column might be empty, and the permissions column is only present in GDB versions >= 12.1 bminor/binutils-gdb@29ef4c0
Parameters:
-
line(str) \u2013A line from
info proc mappings.
Returns:
-
Page | None\u2013A pwndbg.lib.memory.Page object or None.
info_proc_maps(parse_flags=True) -> tuple[Page, ...]\nParse the result of info proc mappings.
Example output:
Start Addr End Addr Size Offset Perms objfile\n 0x400000 0x401000 0x1000 0x0 r--p /root/hello_world/main\n 0x401000 0x497000 0x96000 0x1000 r-xp /root/hello_world/main\n 0x497000 0x4be000 0x27000 0x97000 r--p /root/hello_world/main\n 0x4be000 0x4c3000 0x5000 0xbd000 r--p /root/hello_world/main\n 0x4c3000 0x4c5000 0x2000 0xc2000 rw-p /root/hello_world/main\n 0x4c5000 0x4cb000 0x6000 0x0 rw-p\n 0x4cb000 0x4ed000 0x22000 0x0 rw-p [heap]\n0x7ffff7ff9000 0x7ffff7ffd000 0x4000 0x0 r--p [vvar]\n0x7ffff7ffd000 0x7ffff7fff000 0x2000 0x0 r-xp [vdso]\n0x7ffffffde000 0x7ffffffff000 0x21000 0x0 rw-p [stack]\n0xffffffffff600000 0xffffffffff601000 0x1000 0x0 --xp [vsyscall]
Note: this may return no pages due to a bug/behavior of GDB. See https://sourceware.org/bugzilla/show_bug.cgi?id=31207 for more information.
Returns:
-
Page\u2013A tuple of pwndbg.lib.memory.Page objects or an empty tuple if
-
...\u2013info proc mapping is not supported on the target.
proc_tid_maps() -> tuple[Page, ...] | None\nParse the contents of /proc/$TID/maps on the server. (TID == Thread Identifier. We do not use PID since it may not be correct)
Returns:
-
tuple[Page, ...] | None\u2013A tuple of pwndbg.lib.memory.Page objects or None if
-
tuple[Page, ...] | None\u2013/proc/$tid/maps doesn't exist or when we debug a qemu-user target
info_sharedlibrary() -> tuple[Page, ...]\nParses the output of
info sharedlibrary.Specifically, all we really want is any valid pointer into each library, and the path to the library on disk.
With this information, we can use the ELF parser to get all of the page permissions for every mapped page in the ELF.
Returns:
-
tuple[Page, ...]\u2013A list of pwndbg.lib.memory.Page objects.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_auxv","title":"info_auxv","text":"info_files() -> tuple[Page, ...]\ninfo_auxv(skip_exe: bool = False) -> tuple[Page, ...]\nExtracts the name of the executable from the output of the command \"info auxv\". Note that if the executable path is a symlink, it is not dereferenced by
info auxvand we also don't dereference it.Parameters:
-
skip_exe(bool, default:False) \u2013Do not return any mappings that belong to the exe.
Returns:
-
tuple[Page, ...]\u2013A list of pwndbg.lib.memory.Page objects.
Functions:
-
set_r2decompiler\u2013 -
decompile\u2013Return the source of the given function decompiled by ghidra.
Attributes:
-
r2decompiler\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.set_r2decompiler","title":"set_r2decompiler","text":"r2decompiler = add_param(\n \"r2decompiler\",\n \"radare2\",\n \"framework that your ghidra plugin installed\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"radare2\", \"rizin\"],\n)\n
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.decompile","title":"decompile","text":"set_r2decompiler() -> None\ndecompile(func=None)\nReturn the source of the given function decompiled by ghidra.
If no function is given, decompile the function within the current pc. This function requires radare2, r2pipe and r2ghidra, or their related rizin counterparts.
Raises Exception if any fatal error occurs.
"},{"location":"reference/pwndbg/glibc/","title":"pwndbg.glibc","text":""},{"location":"reference/pwndbg/glibc/#pwndbg.glibc","title":"glibc","text":"Get information about the GLibc
Functions:
-
set_glibc_version\u2013 -
get_version\u2013 -
get_libc_filename_from_info_sharedlibrary\u2013Get the filename of the libc by parsing the output of
info sharedlibrary. -
dump_elf_data_section\u2013Dump .data section of libc ELF file
-
dump_relocations_by_section_name\u2013Dump relocations of a section by section name of libc ELF file
-
get_section_address_by_name\u2013Find section address of libc by section name
-
OnlyWhenGlibcLoaded\u2013 -
check_safe_linking\u2013Safe-linking is a glibc 2.32 mitigation; see:
Attributes:
-
P\u2013 -
T\u2013 -
safe_lnk\u2013 -
glibc_version\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.safe_lnk","title":"safe_lnkT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.glibc_version","title":"glibc_versionsafe_lnk = add_param(\n \"safe-linking\",\n None,\n \"whether glibc uses safe-linking\",\n param_class=PARAM_AUTO_BOOLEAN,\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.set_glibc_version","title":"set_glibc_version","text":"glibc_version = add_param(\n \"glibc\",\n \"\",\n \"GLIBC version for heap heuristics resolution (e.g. 2.31)\",\n scope=\"heap\",\n)\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_version","title":"get_version","text":"set_glibc_version() -> None\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_libc_filename_from_info_sharedlibrary","title":"get_libc_filename_from_info_sharedlibrary","text":"get_version() -> tuple[int, ...] | None\nget_libc_filename_from_info_sharedlibrary() -> str | None\nGet the filename of the libc by parsing the output of
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_elf_data_section","title":"dump_elf_data_section","text":"info sharedlibrary.dump_elf_data_section() -> tuple[int, int, bytes] | None\nDump .data section of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n section_name: str,\n) -> tuple[Relocation, ...] | None\nDump relocations of a section by section name of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_section_address_by_name","title":"get_section_address_by_name","text":"get_section_address_by_name(section_name: str) -> int\nFind section address of libc by section name
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.OnlyWhenGlibcLoaded","title":"OnlyWhenGlibcLoaded","text":"
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.check_safe_linking","title":"check_safe_linking","text":"OnlyWhenGlibcLoaded(function: Callable[P, T]) -> Callable[P, T | None]\ncheck_safe_linking() -> bool\nSafe-linking is a glibc 2.32 mitigation; see: - https://lanph3re.blogspot.com/2020/08/blog-post.html - https://research.checkpoint.com/2020/safe-linking-eliminating-a-20-year-old-malloc-exploit-primitive/
"},{"location":"reference/pwndbg/hexdump/","title":"pwndbg.hexdump","text":""},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump","title":"hexdump","text":"Hexdump implementation, ~= stolen from pwntools.
Functions:
-
groupby\u2013 -
load_color_scheme\u2013 -
hexdump\u2013
Attributes:
-
color_scheme\u2013 -
printable\u2013 -
config_colorize_ascii\u2013 -
config_separator\u2013 -
config_byte_separator\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.printable","title":"printablecolor_scheme = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_colorize_ascii","title":"config_colorize_asciiprintable = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_separator","title":"config_separatorconfig_colorize_ascii = add_param(\n \"hexdump-colorize-ascii\",\n True,\n \"whether to colorize the hexdump command ascii section\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_byte_separator","title":"config_byte_separatorconfig_separator = add_param(\n \"hexdump-ascii-block-separator\",\n \"\u2502\",\n \"block separator char of the hexdump command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.groupby","title":"groupby","text":"config_byte_separator = add_param(\n \"hexdump-byte-separator\",\n \" \",\n \"separator of single bytes in hexdump (does NOT affect group separator)\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.load_color_scheme","title":"load_color_scheme","text":"groupby(width: int, array, fill=None)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.hexdump","title":"hexdump","text":"load_color_scheme() -> None\n
"},{"location":"reference/pwndbg/integration/","title":"pwndbg.integration","text":""},{"location":"reference/pwndbg/integration/#pwndbg.integration","title":"integration","text":"hexdump(\n data: bytes,\n address: int = 0,\n width: int = 16,\n group_width: int = 4,\n flip_group_endianness: bool = False,\n skip: bool = True,\n offset: int = 0,\n size: int = 0,\n count: int = 0,\n repeat: bool = False,\n dX_call: bool = False,\n)\nModules:
-
binja\u2013Talks to an XMLRPC server running inside of an active Binary Ninja instance,
-
ida\u2013Talks to an XMLRPC server running inside of an active IDA Pro instance,
Classes:
-
IntegrationProvider\u2013A class representing an integration that provides intelligence external to GDB.
-
ConfigurableProvider\u2013A wrapper around an IntegrationProvider that skips calling functions if disabled in config.
Functions:
-
switch_providers\u2013
Attributes:
-
provider_name\u2013 -
symbol_lookup\u2013 -
smart_enhance\u2013 -
function_lookup\u2013 -
provider(IntegrationProvider) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.symbol_lookup","title":"symbol_lookupprovider_name = add_param(\n \"integration-provider\",\n \"none\",\n \"which provider to use for integration features\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"none\", \"binja\", \"ida\"],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.smart_enhance","title":"smart_enhancesymbol_lookup = add_param(\n \"integration-symbol-lookup\",\n True,\n \"whether to use integration to look up unknown symbols\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.function_lookup","title":"function_lookupsmart_enhance = add_param(\n \"integration-smart-enhance\",\n True,\n \"use integration to determine when to disassemble during enhancing\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.provider","title":"providerfunction_lookup = add_param(\n \"integration-function-lookup\",\n True,\n \"use integration to look up function type signatures\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider","title":"IntegrationProvider","text":"provider: IntegrationProvider = IntegrationProvider()\nA class representing an integration that provides intelligence external to GDB.
Methods:
-
get_symbol\u2013Get a symbol at an address, or an offset from a symbol.
-
get_versions\u2013Gets any version strings relevant to the integration,
-
is_in_function\u2013Checks if integration thinks that an address is in a function,
-
get_comment_lines\u2013Gets any comments attached to an instruction.
-
decompile\u2013Decompiles the code near an address given a line count.
-
get_func_type\u2013Gets the type signature of a function, used for argument labeling.
-
get_stack_var_name\u2013Gets the name of a stack variable based on only the address of the variable.
get_symbol(addr: int) -> str | None\nGet a symbol at an address, or an offset from a symbol.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_versions","title":"get_versions","text":"get_versions() -> tuple[str, ...]\nGets any version strings relevant to the integration, which are used when displaying the
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.is_in_function","title":"is_in_function","text":"versioncommand.is_in_function(addr: int) -> bool\nChecks if integration thinks that an address is in a function, which is used to determine if
telshould try to disassemble something.If uncertain, it's better to default to True than to False.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_comment_lines","title":"get_comment_lines","text":"get_comment_lines(addr: int) -> list[str]\nGets any comments attached to an instruction.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.decompile","title":"decompile","text":"decompile(addr: int, lines: int) -> list[str] | None\nDecompiles the code near an address given a line count.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_func_type","title":"get_func_type","text":"get_func_type(addr: int) -> Function | None\nGets the type signature of a function, used for argument labeling.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_stack_var_name(addr: int) -> str | None\nGets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider","title":"ConfigurableProviderdataclass","text":"ConfigurableProvider(inner: IntegrationProvider)\nBases:
IntegrationProviderA wrapper around an IntegrationProvider that skips calling functions if disabled in config.
Methods:
-
get_symbol\u2013 -
get_versions\u2013 -
is_in_function\u2013 -
get_comment_lines\u2013 -
decompile\u2013 -
get_func_type\u2013 -
get_stack_var_name\u2013
Attributes:
-
inner(IntegrationProvider) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_symbol","title":"get_symbol","text":"inner: IntegrationProvider\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_versions","title":"get_versions","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.is_in_function","title":"is_in_function","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_comment_lines","title":"get_comment_lines","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.decompile","title":"decompile","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_func_type","title":"get_func_type","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.switch_providers","title":"switch_providers","text":"get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/","title":"pwndbg.integration.binja","text":""},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja","title":"binja","text":"switch_providers()\nTalks to an XMLRPC server running inside of an active Binary Ninja instance, in order to query it about the database. Allows symbol resolution and interactive debugging.
Classes:
-
DarkTheme\u2013 -
LightTheme\u2013 -
BinjaProvider\u2013
Functions:
-
init_bn_rpc_client\u2013 -
with_bn\u2013 -
available\u2013 -
can_connect\u2013 -
l2r\u2013 -
r2l\u2013 -
base\u2013 -
auto_update_pc\u2013 -
auto_update_bp\u2013 -
auto_clear_pc\u2013 -
navigate_to\u2013 -
bn_to_pygment_tok\u2013 -
bn_to_pygment_theme\u2013
Attributes:
-
bn_rpc_host\u2013 -
bn_rpc_port\u2013 -
bn_timeout\u2013 -
bn_autosync\u2013 -
bn_il_level\u2013 -
P\u2013 -
T\u2013 -
K\u2013 -
themes\u2013 -
style\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_rpc_port","title":"bn_rpc_portbn_rpc_host = add_param(\n \"bn-rpc-host\", \"127.0.0.1\", \"Binary Ninja XML-RPC server host\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_timeout","title":"bn_timeoutbn_rpc_port = add_param(\n \"bn-rpc-port\", 31337, \"Binary Ninja XML-RPC server port\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_autosync","title":"bn_autosyncbn_timeout = add_param(\n \"bn-timeout\", 2, \"time to wait for Binary Ninja XML-RPC, in seconds\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_il_level","title":"bn_il_levelbn_autosync = add_param(\n \"bn-autosync\", False, \"whether to automatically run bn-sync every step\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.P","title":"Pbn_il_level = add_param(\n \"bn-il-level\",\n \"hlil\",\n \"the IL level to use when displaying Binary Ninja decompilation\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"disasm\", \"llil\", \"mlil\", \"hlil\"],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.K","title":"KT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.themes","title":"themesK = TypeVar('K')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.style","title":"stylethemes = {}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.DarkTheme","title":"DarkTheme","text":"style = add_param(\n \"bn-decomp-style\",\n \"dark\",\n \"decompilation highlight theme for Binary Ninja\",\n help_docstring=f\"Valid values: {join(keys())})\",\n)\nBases:
StyleAttributes:
-
styles\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.LightTheme","title":"LightTheme","text":"styles = bn_to_pygment_theme(\n {\n \"TextToken\": \"#e0e0e0\",\n \"InstructionToken\": \"#eddfb3\",\n \"OperandSeparatorToken\": \"#e0e0e0\",\n \"RegisterToken\": \"#e0e0e0\",\n \"IntegerToken\": \"#a2d9af\",\n \"PossibleAddressToken\": \"#a2d9af\",\n \"BeginMemoryOperandToken\": \"#e0e0e0\",\n \"EndMemoryOperandToken\": \"#e0e0e0\",\n \"FloatingPointToken\": \"#a2d9af\",\n \"AnnotationToken\": \"#dac4d1\",\n \"CodeRelativeAddressToken\": \"#a2d9af\",\n \"ArgumentNameToken\": \"#e0e0e0\",\n \"HexDumpByteValueToken\": \"#e0e0e0\",\n \"HexDumpSkippedByteToken\": \"#e0e0e0\",\n \"HexDumpInvalidByteToken\": \"#909090\",\n \"HexDumpTextToken\": \"#e0e0e0\",\n \"OpcodeToken\": \"#909090\",\n \"StringToken\": \"#dac4d1\",\n \"CharacterConstantToken\": \"#dac4d1\",\n \"KeywordToken\": \"#eddfb3\",\n \"TypeNameToken\": \"#edbd81\",\n \"FieldNameToken\": \"#b0dde4\",\n \"NameSpaceToken\": \"#80c6e9\",\n \"NameSpaceSeparatorToken\": \"#80c6e9\",\n \"TagToken\": \"#e0e0e0\",\n \"StructOffsetToken\": \"#b0dde4\",\n \"StructOffsetByteValueToken\": \"#e0e0e0\",\n \"StructureHexDumpTextToken\": \"#e0e0e0\",\n \"GotoLabelToken\": \"#80c6e9\",\n \"CommentToken\": \"#dac4d1\",\n \"PossibleValueToken\": \"#e0e0e0\",\n \"PossibleValueTypeToken\": \"#e0e0e0\",\n \"ArrayIndexToken\": \"#a2d9af\",\n \"IndentationToken\": \"#5d5d5d\",\n \"UnknownMemoryToken\": \"#909090\",\n \"EnumerationMemberToken\": \"#eddfb3\",\n \"OperationToken\": \"#89a4b1\",\n \"BaseStructureNameToken\": \"#dac4d1\",\n \"BaseStructureSeparatorToken\": \"#dac4d1\",\n \"BraceToken\": \"#e0e0e0\",\n \"CodeSymbolToken\": \"#80c6e9\",\n \"DataSymbolToken\": \"#8ee6ed\",\n \"LocalVariableToken\": \"#e0e0e0\",\n \"ImportToken\": \"#edbd81\",\n \"AddressDisplayToken\": \"#a2d9af\",\n \"IndirectImportToken\": \"#edbd81\",\n \"ExternalSymbolToken\": \"#edbd81\",\n \"StackVariableToken\": \"#c1dcc7\",\n \"AddressSeparatorToken\": \"#e0e0e0\",\n }\n)\nBases:
StyleAttributes:
-
styles\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider","title":"BinjaProvider","text":"styles = bn_to_pygment_theme(\n {\n \"TextToken\": \"#1f1f1f\",\n \"InstructionToken\": \"#8d8d2d\",\n \"OperandSeparatorToken\": \"#1f1f1f\",\n \"RegisterToken\": \"#1f1f1f\",\n \"IntegerToken\": \"#30820d\",\n \"PossibleAddressToken\": \"#30820d\",\n \"BeginMemoryOperandToken\": \"#1f1f1f\",\n \"EndMemoryOperandToken\": \"#1f1f1f\",\n \"FloatingPointToken\": \"#30820d\",\n \"AnnotationToken\": \"#bf2624\",\n \"CodeRelativeAddressToken\": \"#30820d\",\n \"ArgumentNameToken\": \"#1f1f1f\",\n \"HexDumpByteValueToken\": \"#1f1f1f\",\n \"HexDumpSkippedByteToken\": \"#1f1f1f\",\n \"HexDumpInvalidByteToken\": \"#7a7a7a\",\n \"HexDumpTextToken\": \"#1f1f1f\",\n \"OpcodeToken\": \"#7a7a7a\",\n \"StringToken\": \"#203635\",\n \"CharacterConstantToken\": \"#203635\",\n \"KeywordToken\": \"#8d8d2d\",\n \"TypeNameToken\": \"#e07c35\",\n \"FieldNameToken\": \"#35dae0\",\n \"NameSpaceToken\": \"#00a4c7\",\n \"NameSpaceSeparatorToken\": \"#00a4c7\",\n \"TagToken\": \"#1f1f1f\",\n \"StructOffsetToken\": \"#35dae0\",\n \"StructOffsetByteValueToken\": \"#1f1f1f\",\n \"StructureHexDumpTextToken\": \"#1f1f1f\",\n \"GotoLabelToken\": \"#00a4c7\",\n \"CommentToken\": \"#bf2624\",\n \"PossibleValueToken\": \"#1f1f1f\",\n \"PossibleValueTypeToken\": \"#1f1f1f\",\n \"ArrayIndexToken\": \"#30820d\",\n \"IndentationToken\": \"#bcbcbc\",\n \"UnknownMemoryToken\": \"#7a7a7a\",\n \"EnumerationMemberToken\": \"#8d8d2d\",\n \"OperationToken\": \"#5b848d\",\n \"BaseStructureNameToken\": \"#bf2624\",\n \"BaseStructureSeparatorToken\": \"#bf2624\",\n \"BraceToken\": \"#1f1f1f\",\n \"CodeSymbolToken\": \"#00a4c7\",\n \"DataSymbolToken\": \"#278cad\",\n \"LocalVariableToken\": \"#1f1f1f\",\n \"ImportToken\": \"#e07c35\",\n \"AddressDisplayToken\": \"#30820d\",\n \"IndirectImportToken\": \"#e07c35\",\n \"ExternalSymbolToken\": \"#e07c35\",\n \"StackVariableToken\": \"#275016\",\n \"AddressSeparatorToken\": \"#1f1f1f\",\n }\n)\nBases:
IntegrationProviderMethods:
-
get_symbol\u2013 -
get_versions\u2013 -
is_in_function\u2013 -
get_comment_lines\u2013 -
decompile\u2013 -
get_func_type\u2013 -
get_stack_var_name\u2013
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_versions","title":"get_versions","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.is_in_function","title":"is_in_function","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_comment_lines","title":"get_comment_lines","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.decompile","title":"decompile","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_func_type","title":"get_func_type","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.init_bn_rpc_client","title":"init_bn_rpc_client","text":"get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.with_bn","title":"with_bn","text":"init_bn_rpc_client() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.available","title":"available","text":"with_bn(\n fallback: K = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.can_connect","title":"can_connect","text":"available() -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.l2r","title":"l2r","text":"can_connect() -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.r2l","title":"r2l","text":"l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.base","title":"base","text":"r2l(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_pc","title":"auto_update_pc","text":"base()\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_bp","title":"auto_update_bp","text":"auto_update_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_clear_pc","title":"auto_clear_pc","text":"auto_update_bp() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.navigate_to","title":"navigate_to","text":"auto_clear_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_tok","title":"bn_to_pygment_tok","text":"navigate_to(addr: int) -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_theme","title":"bn_to_pygment_theme","text":"bn_to_pygment_tok(tok: str) -> Any\n
"},{"location":"reference/pwndbg/integration/ida/","title":"pwndbg.integration.ida","text":""},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida","title":"ida","text":"bn_to_pygment_theme(theme: dict[str, str]) -> dict[Any, str]\nTalks to an XMLRPC server running inside of an active IDA Pro instance, in order to query it about the database. Allows symbol resolution and interactive debugging.
Classes:
-
IDC\u2013 -
IdaProvider\u2013
Functions:
-
init_ida_rpc_client\u2013 -
withIDA\u2013 -
withHexrays\u2013 -
takes_address\u2013 -
returns_address\u2013 -
available\u2013 -
can_connect\u2013 -
l2r\u2013 -
r2l\u2013 -
remote\u2013Runs the provided function in IDA's interpreter.
-
base\u2013 -
Comment\u2013 -
Name\u2013 -
GetFuncOffset\u2013 -
GetType\u2013 -
here\u2013 -
Jump\u2013 -
Anterior\u2013 -
GetBreakpoints\u2013 -
GetBptQty\u2013 -
GetBptEA\u2013 -
UpdateBreakpoints\u2013 -
SetColor\u2013 -
Auto_Color_PC\u2013 -
Auto_UnColor_PC\u2013 -
LocByName\u2013 -
PrevHead\u2013 -
NextHead\u2013 -
GetFunctionName\u2013 -
GetFlags\u2013 -
isASCII\u2013 -
ArgCount\u2013 -
SaveBase\u2013 -
GetIdbPath\u2013 -
has_cached_cfunc\u2013 -
decompile\u2013 -
decompile_context\u2013 -
get_ida_versions\u2013 -
GetStrucQty\u2013 -
GetStrucId\u2013 -
GetStrucName\u2013 -
GetStrucSize\u2013 -
GetMemberQty\u2013 -
GetMemberSize\u2013 -
GetMemberId\u2013 -
GetMemberName\u2013 -
GetMemberFlag\u2013 -
GetStrucNextOff\u2013 -
print_member\u2013 -
print_structs\u2013
Attributes:
-
ida_rpc_host\u2013 -
ida_rpc_port\u2013 -
ida_timeout\u2013 -
P\u2013 -
T\u2013 -
colored_pc\u2013 -
idc\u2013 -
ida_replacements\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_rpc_port","title":"ida_rpc_portida_rpc_host = add_param(\n \"ida-rpc-host\", \"127.0.0.1\", \"ida xmlrpc server address\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_timeout","title":"ida_timeoutida_rpc_port = add_param('ida-rpc-port', 31337, 'ida xmlrpc server port')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.P","title":"Pida_timeout = add_param(\n \"ida-timeout\", 2, \"time to wait for ida xmlrpc in seconds\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.colored_pc","title":"colored_pcT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.idc","title":"idccolored_pc = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_replacements","title":"ida_replacementsidc = IDC()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IDC","title":"IDC","text":"ida_replacements = {\n \"__int64\": \"signed long long int\",\n \"__int32\": \"signed int\",\n \"__int16\": \"signed short\",\n \"__int8\": \"signed char\",\n \"__uint64\": \"unsigned long long int\",\n \"__uint32\": \"unsigned int\",\n \"__uint16\": \"unsigned short\",\n \"__uint8\": \"unsigned char\",\n \"_BOOL_1\": \"unsigned char\",\n \"_BOOL_2\": \"unsigned short\",\n \"_BOOL_4\": \"unsigned int\",\n \"_BYTE\": \"unsigned char\",\n \"_WORD\": \"unsigned short\",\n \"_DWORD\": \"unsigned int\",\n \"_QWORD\": \"unsigned long long\",\n \"__pure\": \"\",\n \"__hidden\": \"\",\n \"__return_ptr\": \"\",\n \"__struct_ptr\": \"\",\n \"__array_ptr\": \"\",\n \"__fastcall\": \"\",\n \"__cdecl\": \"\",\n \"__thiscall\": \"\",\n \"__userpurge\": \"\",\n}\nIDC()\nAttributes:
-
query\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider","title":"IdaProvider","text":"query = \"{k:v for k,v in globals()['idc'].__dict__.items() if type(v) in (int,long)}\"\nBases:
IntegrationProviderMethods:
-
get_symbol\u2013 -
get_versions\u2013 -
is_in_function\u2013 -
get_comment_lines\u2013 -
decompile\u2013 -
get_func_type\u2013 -
get_stack_var_name\u2013Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_versions","title":"get_versions","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.is_in_function","title":"is_in_function","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_comment_lines","title":"get_comment_lines","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.decompile","title":"decompile","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_func_type","title":"get_func_type","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_func_type(addr: int) -> Function | None\nget_stack_var_name(addr: int) -> str | None\nGets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.init_ida_rpc_client","title":"init_ida_rpc_client","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withIDA","title":"withIDA","text":"init_ida_rpc_client() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withHexrays","title":"withHexrays","text":"withIDA(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.takes_address","title":"takes_address","text":"withHexrays(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.returns_address","title":"returns_address","text":"takes_address(\n function: Callable[Concatenate[int, P], T],\n) -> Callable[Concatenate[int, P], T]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.available","title":"available","text":"returns_address(function: Callable[P, int]) -> Callable[P, int]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.can_connect","title":"can_connect","text":"available() -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.l2r","title":"l2r","text":"can_connect() -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.r2l","title":"r2l","text":"l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.remote","title":"remote","text":"r2l(addr: int) -> int\nremote(function) -> None\nRuns the provided function in IDA's interpreter.
The function must be self-contained and not reference any global variables.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.base","title":"base","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Comment","title":"Comment","text":"base()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Name","title":"Name","text":"Comment(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFuncOffset","title":"GetFuncOffset","text":"Name(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetType","title":"GetType","text":"GetFuncOffset(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.here","title":"here","text":"GetType(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Jump","title":"Jump","text":"here() -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Anterior","title":"Anterior","text":"Jump(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBreakpoints","title":"GetBreakpoints","text":"Anterior(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptQty","title":"GetBptQty","text":"GetBreakpoints()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptEA","title":"GetBptEA","text":"GetBptQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.UpdateBreakpoints","title":"UpdateBreakpoints","text":"GetBptEA(i: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SetColor","title":"SetColor","text":"UpdateBreakpoints() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_Color_PC","title":"Auto_Color_PC","text":"SetColor(pc, color)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_UnColor_PC","title":"Auto_UnColor_PC","text":"Auto_Color_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.LocByName","title":"LocByName","text":"Auto_UnColor_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.PrevHead","title":"PrevHead","text":"LocByName(name) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.NextHead","title":"NextHead","text":"PrevHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFunctionName","title":"GetFunctionName","text":"NextHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFlags","title":"GetFlags","text":"GetFunctionName(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.isASCII","title":"isASCII","text":"GetFlags(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ArgCount","title":"ArgCount","text":"isASCII(flags)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SaveBase","title":"SaveBase","text":"ArgCount(address) -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetIdbPath","title":"GetIdbPath","text":"SaveBase(path: str)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.has_cached_cfunc","title":"has_cached_cfunc","text":"GetIdbPath()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile","title":"decompile","text":"has_cached_cfunc(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile_context","title":"decompile_context","text":"decompile(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.get_ida_versions","title":"get_ida_versions","text":"decompile_context(pc, context_lines)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucQty","title":"GetStrucQty","text":"get_ida_versions() -> dict[str, str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucId","title":"GetStrucId","text":"GetStrucQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucName","title":"GetStrucName","text":"GetStrucId(idx)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucSize","title":"GetStrucSize","text":"GetStrucName(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberQty","title":"GetMemberQty","text":"GetStrucSize(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberSize","title":"GetMemberSize","text":"GetMemberQty(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberId","title":"GetMemberId","text":"GetMemberSize(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberName","title":"GetMemberName","text":"GetMemberId(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberFlag","title":"GetMemberFlag","text":"GetMemberName(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucNextOff","title":"GetStrucNextOff","text":"GetMemberFlag(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_member","title":"print_member","text":"GetStrucNextOff(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_structs","title":"print_structs","text":"print_member(sid, offset) -> None\n
"},{"location":"reference/pwndbg/lib/","title":"pwndbg.lib","text":""},{"location":"reference/pwndbg/lib/#pwndbg.lib","title":"lib","text":"print_structs() -> None\nModules:
-
abi\u2013 -
android\u2013 -
arch\u2013 -
cache\u2013Caches return values until some event in the inferior happens,
-
common\u2013 -
config\u2013 -
disasm\u2013 -
elftypes\u2013 -
funcparser\u2013 -
functions\u2013 -
functions_data\u2013 -
gcc\u2013Functions for determining the architecture-dependent path to
-
heap\u2013 -
kernel\u2013 -
memory\u2013Reading, writing, and describing memory.
-
net\u2013Re-implements some psutil functionality to be able to get information from
-
regs\u2013Reading register value from the inferior, and provides a
-
stdio\u2013Provides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout
-
strings\u2013 -
tempfile\u2013Common helper and cache for pwndbg tempdir
-
tips\u2013 -
version\u2013 -
which\u2013
Classes:
-
ABI\u2013Encapsulates information about a calling convention.
-
SyscallABI\u2013The syscall ABI treats the syscall number as the zeroth argument,
-
SigreturnABI\u2013The sigreturn ABI is similar to the syscall ABI, except that
Attributes:
-
linux_i386\u2013 -
linux_amd64\u2013 -
linux_arm\u2013 -
linux_aarch64\u2013 -
linux_mips\u2013 -
linux_mips64\u2013 -
linux_ppc\u2013 -
linux_ppc64\u2013 -
linux_riscv32\u2013 -
linux_riscv64\u2013 -
linux_i386_syscall\u2013 -
linux_amd64_syscall\u2013 -
linux_arm_syscall\u2013 -
linux_aarch64_syscall\u2013 -
linux_mips_syscall\u2013 -
linux_mips64_syscall\u2013 -
linux_ppc_syscall\u2013 -
linux_ppc64_syscall\u2013 -
linux_riscv32_syscall\u2013 -
linux_riscv64_syscall\u2013 -
linux_i386_sigreturn\u2013 -
linux_amd64_sigreturn\u2013 -
linux_arm_sigreturn\u2013 -
linux_i386_srop\u2013 -
linux_amd64_srop\u2013 -
linux_arm_srop\u2013 -
DEFAULT_ABIS(dict[tuple[int, str, str], ABI]) \u2013 -
SYSCALL_ABIS(dict[tuple[int, str, str], SyscallABI]) \u2013 -
SIGRETURN_ABIS(dict[tuple[int, str, str], SigreturnABI]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64","title":"linux_amd64linux_i386 = ABI([], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm","title":"linux_armlinux_amd64 = ABI(['rdi', 'rsi', 'rdx', 'rcx', 'r8', 'r9'], 8, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64","title":"linux_aarch64linux_arm = ABI(['r0', 'r1', 'r2', 'r3'], 8, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips","title":"linux_mipslinux_aarch64 = ABI(['x0', 'x1', 'x2', 'x3'], 16, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64","title":"linux_mips64linux_mips = ABI(['$a0', '$a1', '$a2', '$a3'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc","title":"linux_ppclinux_mips64 = ABI(\n [\"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\", \"$a6\", \"$a7\"], 8, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64","title":"linux_ppc64linux_ppc = ABI(['r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32","title":"linux_riscv32linux_ppc64 = ABI(['r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'], 8, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64","title":"linux_riscv64linux_riscv32 = ABI(['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_syscall","title":"linux_i386_syscalllinux_riscv64 = ABI(['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'], 8, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_syscall","title":"linux_amd64_syscalllinux_i386_syscall = SyscallABI(\n [\"eax\", \"ebx\", \"ecx\", \"edx\", \"esi\", \"edi\", \"ebp\"], 4, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_syscall","title":"linux_arm_syscalllinux_amd64_syscall = SyscallABI(\n [\"rax\", \"rdi\", \"rsi\", \"rdx\", \"r10\", \"r8\", \"r9\"], 8, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64_syscall","title":"linux_aarch64_syscalllinux_arm_syscall = SyscallABI(\n [\"r7\", \"r0\", \"r1\", \"r2\", \"r3\", \"r4\", \"r5\", \"r6\"], 4, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips_syscall","title":"linux_mips_syscalllinux_aarch64_syscall = SyscallABI(\n [\"x8\", \"x0\", \"x1\", \"x2\", \"x3\", \"x4\", \"x5\"], 16, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64_syscall","title":"linux_mips64_syscalllinux_mips_syscall = SyscallABI(['$v0', '$a0', '$a1', '$a2', '$a3'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc_syscall","title":"linux_ppc_syscalllinux_mips64_syscall = SyscallABI(\n [\"$v0\", \"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\"], 4, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64_syscall","title":"linux_ppc64_syscalllinux_ppc_syscall = SyscallABI(\n [\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\"], 4, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32_syscall","title":"linux_riscv32_syscalllinux_ppc64_syscall = SyscallABI(\n [\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\"], 8, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64_syscall","title":"linux_riscv64_syscalllinux_riscv32_syscall = SyscallABI(\n [\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"], 4, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_sigreturn","title":"linux_i386_sigreturnlinux_riscv64_syscall = SyscallABI(\n [\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"], 8, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_sigreturn","title":"linux_amd64_sigreturnlinux_i386_sigreturn = SigreturnABI(['eax'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_sigreturn","title":"linux_arm_sigreturnlinux_amd64_sigreturn = SigreturnABI(['rax'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_srop","title":"linux_i386_sroplinux_arm_sigreturn = SigreturnABI(['r7'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_srop","title":"linux_amd64_sroplinux_i386_srop = ABI(['eax'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_srop","title":"linux_arm_sroplinux_amd64_srop = ABI(['rax'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.DEFAULT_ABIS","title":"DEFAULT_ABISlinux_arm_srop = ABI(['r7'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SYSCALL_ABIS","title":"SYSCALL_ABISDEFAULT_ABIS: dict[tuple[int, str, str], ABI] = {\n (32, \"i386\", \"linux\"): linux_i386,\n (64, \"x86-64\", \"linux\"): linux_amd64,\n (64, \"aarch64\", \"linux\"): linux_aarch64,\n (32, \"arm\", \"linux\"): linux_arm,\n (32, \"thumb\", \"linux\"): linux_arm,\n (32, \"mips\", \"linux\"): linux_mips,\n (64, \"mips\", \"linux\"): linux_mips64,\n (32, \"powerpc\", \"linux\"): linux_ppc,\n (64, \"powerpc\", \"linux\"): linux_ppc64,\n (32, \"rv32\", \"linux\"): linux_riscv32,\n (64, \"rv64\", \"linux\"): linux_riscv64,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SIGRETURN_ABIS","title":"SIGRETURN_ABISSYSCALL_ABIS: dict[tuple[int, str, str], SyscallABI] = {\n (32, \"i386\", \"linux\"): linux_i386_syscall,\n (64, \"x86-64\", \"linux\"): linux_amd64_syscall,\n (64, \"aarch64\", \"linux\"): linux_aarch64_syscall,\n (32, \"arm\", \"linux\"): linux_arm_syscall,\n (32, \"thumb\", \"linux\"): linux_arm_syscall,\n (32, \"mips\", \"linux\"): linux_mips_syscall,\n (64, \"mips\", \"linux\"): linux_mips64_syscall,\n (32, \"powerpc\", \"linux\"): linux_ppc_syscall,\n (64, \"powerpc\", \"linux\"): linux_ppc64_syscall,\n (32, \"rv32\", \"linux\"): linux_riscv32_syscall,\n (64, \"rv64\", \"linux\"): linux_riscv64_syscall,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI","title":"ABI","text":"SIGRETURN_ABIS: dict[tuple[int, str, str], SigreturnABI] = {\n (32, \"i386\", \"linux\"): linux_i386_sigreturn,\n (64, \"x86-64\", \"linux\"): linux_amd64_sigreturn,\n (32, \"arm\", \"linux\"): linux_arm_sigreturn,\n (32, \"thumb\", \"linux\"): linux_arm_sigreturn,\n}\nABI(regs: list[str], align: int, minimum: int)\nEncapsulates information about a calling convention.
Methods:
-
default\u2013 -
syscall\u2013 -
sigreturn\u2013
Attributes:
-
returns\u2013 -
register_arguments(list[str]) \u2013 -
arg_alignment\u2013 -
stack_minimum\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.register_arguments","title":"register_argumentsreturns = True\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.arg_alignment","title":"arg_alignmentregister_arguments: list[str] = regs\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.stack_minimum","title":"stack_minimumarg_alignment = align\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.default","title":"defaultstack_minimum = minimum\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.syscall","title":"syscalldefault() -> ABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.sigreturn","title":"sigreturnsyscall() -> SyscallABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI","title":"SyscallABI","text":"sigreturn() -> SigreturnABI\nSyscallABI(register_arguments: list[str], *a: Any, **kw: Any)\nBases:
ABIThe syscall ABI treats the syscall number as the zeroth argument, which must be loaded into the specified register.
Methods:
-
default\u2013 -
syscall\u2013 -
sigreturn\u2013
Attributes:
-
syscall_register\u2013 -
register_arguments(list[str]) \u2013 -
arg_alignment\u2013 -
stack_minimum\u2013 -
returns\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.register_arguments","title":"register_argumentssyscall_register = pop(0)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.arg_alignment","title":"arg_alignmentregister_arguments: list[str] = regs\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.stack_minimum","title":"stack_minimumarg_alignment = align\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.returns","title":"returnsstack_minimum = minimum\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.default","title":"defaultreturns = True\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.syscall","title":"syscalldefault() -> ABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.sigreturn","title":"sigreturnsyscall() -> SyscallABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI","title":"SigreturnABI","text":"sigreturn() -> SigreturnABI\nSigreturnABI(register_arguments: list[str], *a: Any, **kw: Any)\nBases:
SyscallABIThe sigreturn ABI is similar to the syscall ABI, except that both PC and SP are loaded from the stack. Because of this, there is no 'return' slot necessary on the stack.
Methods:
-
default\u2013 -
syscall\u2013 -
sigreturn\u2013
Attributes:
-
returns\u2013 -
register_arguments(list[str]) \u2013 -
arg_alignment\u2013 -
stack_minimum\u2013 -
syscall_register\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.register_arguments","title":"register_argumentsreturns = False\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.arg_alignment","title":"arg_alignmentregister_arguments: list[str] = regs\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.stack_minimum","title":"stack_minimumarg_alignment = align\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.syscall_register","title":"syscall_registerstack_minimum = minimum\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.default","title":"defaultsyscall_register = pop(0)\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.syscall","title":"syscalldefault() -> ABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.sigreturn","title":"sigreturnsyscall() -> SyscallABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/android/","title":"pwndbg.lib.android","text":""},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android","title":"android","text":"sigreturn() -> SigreturnABI\nFunctions:
-
aid_name\u2013
Attributes:
-
KNOWN_AIDS\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android.aid_name","title":"aid_name","text":"KNOWN_AIDS = {\n 0: \"AID_ROOT\",\n 1000: \"AID_SYSTEM\",\n 1001: \"AID_RADIO\",\n 1002: \"AID_BLUETOOTH\",\n 1003: \"AID_GRAPHICS\",\n 1004: \"AID_INPUT\",\n 1005: \"AID_AUDIO\",\n 1006: \"AID_CAMERA\",\n 1007: \"AID_LOG\",\n 1008: \"AID_COMPASS\",\n 1009: \"AID_MOUNT\",\n 1010: \"AID_WIFI\",\n 1011: \"AID_ADB\",\n 1012: \"AID_INSTALL\",\n 1013: \"AID_MEDIA\",\n 1014: \"AID_DHCP\",\n 1015: \"AID_SDCARD_RW\",\n 1016: \"AID_VPN\",\n 1017: \"AID_KEYSTORE\",\n 1018: \"AID_USB\",\n 1019: \"AID_DRM\",\n 1020: \"AID_MDNSR\",\n 1021: \"AID_GPS\",\n 1022: \"AID_UNUSED1\",\n 1023: \"AID_MEDIA_RW\",\n 1024: \"AID_MTP\",\n 1025: \"AID_UNUSED2\",\n 1026: \"AID_DRMRPC\",\n 1027: \"AID_NFC\",\n 1028: \"AID_SDCARD_R\",\n 1029: \"AID_CLAT\",\n 1030: \"AID_LOOP_RADIO\",\n 1031: \"AID_MEDIA_DRM\",\n 1032: \"AID_PACKAGE_INFO\",\n 1033: \"AID_SDCARD_PICS\",\n 1034: \"AID_SDCARD_AV\",\n 1035: \"AID_SDCARD_ALL\",\n 1036: \"AID_LOGD\",\n 1037: \"AID_SHARED_RELRO\",\n 1038: \"AID_DBUS\",\n 1039: \"AID_TLSDATE\",\n 1040: \"AID_MEDIA_EX\",\n 1041: \"AID_AUDIOSERVER\",\n 1042: \"AID_METRICS_COLL\",\n 1043: \"AID_METRICSD\",\n 1044: \"AID_WEBSERV\",\n 1045: \"AID_DEBUGGERD\",\n 1046: \"AID_MEDIA_CODEC\",\n 1047: \"AID_CAMERASERVER\",\n 1048: \"AID_FIREWALL\",\n 1049: \"AID_TRUNKS\",\n 1050: \"AID_NVRAM\",\n 2001: \"AID_CACHE\",\n 2002: \"AID_DIAG\",\n 2900: \"AID_OEM_RESERVED_START\",\n 2999: \"AID_OEM_RESERVED_END\",\n 3001: \"AID_NET_BT_ADMIN\",\n 3002: \"AID_NET_BT\",\n 3003: \"AID_INET\",\n 3004: \"AID_NET_RAW\",\n 3005: \"AID_NET_ADMIN\",\n 3006: \"AID_NET_BW_STATS\",\n 3007: \"AID_NET_BW_ACCT\",\n 3008: \"AID_NET_BT_STACK\",\n 3009: \"AID_READPROC\",\n 3010: \"AID_WAKELOCK\",\n 5000: \"AID_OEM_RESERVED_2_START\",\n 5999: \"AID_OEM_RESERVED_2_END\",\n 9997: \"AID_EVERYBODY\",\n 9998: \"AID_MISC\",\n 9999: \"AID_NOBODY\",\n 10000: \"AID_APP\",\n 50000: \"AID_SHARED_GID_START\",\n 59999: \"AID_SHARED_GID_END\",\n 99000: \"AID_ISOLATED_START\",\n 99999: \"AID_ISOLATED_END\",\n 100000: \"AID_USER\",\n}\n
"},{"location":"reference/pwndbg/lib/arch/","title":"pwndbg.lib.arch","text":""},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch","title":"arch","text":"aid_name(uid: int) -> str\nClasses:
-
Arch\u2013
Attributes:
-
PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\u2013 -
PWNDBG_SUPPORTED_ARCHITECTURES(list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE]) \u2013 -
PWNLIB_ARCH_MAPPINGS\u2013 -
FMT_LITTLE_ENDIAN\u2013 -
FMT_BIG_ENDIAN\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNDBG_SUPPORTED_ARCHITECTURES","title":"PWNDBG_SUPPORTED_ARCHITECTURESPWNDBG_SUPPORTED_ARCHITECTURES_TYPE = Literal[\n \"x86-64\",\n \"i386\",\n \"i8086\",\n \"mips\",\n \"aarch64\",\n \"arm\",\n \"armcm\",\n \"rv32\",\n \"rv64\",\n \"sparc\",\n \"powerpc\",\n \"loongarch64\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNLIB_ARCH_MAPPINGS","title":"PWNLIB_ARCH_MAPPINGSPWNDBG_SUPPORTED_ARCHITECTURES: list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE] = (\n list(get_args(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE))\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.FMT_LITTLE_ENDIAN","title":"FMT_LITTLE_ENDIANPWNLIB_ARCH_MAPPINGS = {\n \"x86-64\": \"amd64\",\n \"i386\": \"i386\",\n \"i8086\": \"none\",\n \"mips\": \"mips\",\n \"aarch64\": \"aarch64\",\n \"arm\": \"arm\",\n \"armcm\": \"thumb\",\n \"rv32\": \"riscv32\",\n \"rv64\": \"riscv64\",\n \"powerpc\": \"powerpc\",\n \"sparc\": \"sparc\",\n \"loongarch64\": \"none\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.FMT_BIG_ENDIAN","title":"FMT_BIG_ENDIANFMT_LITTLE_ENDIAN = {1: 'B', 2: '<H', 4: '<I', 8: '<Q'}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch","title":"Arch","text":"FMT_BIG_ENDIAN = {1: 'B', 2: '>H', 4: '>I', 8: '>Q'}\nArch(\n arch_name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n ptrsize: int,\n endian: Literal[\"little\", \"big\"],\n)\nMethods:
-
update\u2013 -
pack\u2013 -
unpack\u2013 -
pack_size\u2013 -
unpack_size\u2013
Attributes:
-
native_endian\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch.update","title":"update","text":"native_endian = str(byteorder)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch.pack","title":"pack","text":"update(\n arch_name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n ptrsize: int,\n endian: Literal[\"little\", \"big\"],\n) -> None\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch.unpack","title":"unpack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch.pack_size","title":"pack_size","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch.unpack_size","title":"unpack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/lib/cache/","title":"pwndbg.lib.cache","text":""},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache","title":"cache","text":"unpack_size(data: bytes, size: int) -> int\nCaches return values until some event in the inferior happens, e.g. execution stops because of a SIGINT or breakpoint, or a new library/objfile are loaded, etc.
Classes:
-
DebugCacheDict\u2013
Functions:
-
connect_clear_caching_events\u2013Connect given debugger event hooks to correspoonding _CacheUntilEvent instances
-
cache_until\u2013 -
clear_caches\u2013 -
clear_cache\u2013
Attributes:
-
T\u2013 -
P\u2013 -
debug\u2013 -
debug_name\u2013 -
Cache\u2013 -
IS_CACHING\u2013 -
IS_CACHING_DISABLED_FOR(dict[str, bool]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.P","title":"PT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug","title":"debugP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug_name","title":"debug_namedebug = NO_DEBUG\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.Cache","title":"Cachedebug_name = 'regs'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING","title":"IS_CACHINGCache = Union[Dict[Tuple[Any, ...], Any], DebugCacheDict]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING_DISABLED_FOR","title":"IS_CACHING_DISABLED_FORIS_CACHING = True\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict","title":"DebugCacheDict","text":"IS_CACHING_DISABLED_FOR: dict[str, bool] = {\n \"stop\": False,\n \"exit\": False,\n \"objfile\": False,\n \"start\": False,\n \"cont\": False,\n \"thread\": False,\n \"prompt\": False,\n \"forever\": False,\n}\nDebugCacheDict(func: Callable[P, T], *args: Any, **kwargs: Any)\nBases:
UserDictMethods:
-
__getitem__\u2013 -
__setitem__\u2013 -
clear\u2013
Attributes:
-
hits\u2013 -
misses\u2013 -
func\u2013 -
name\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.misses","title":"misseshits = 0\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.func","title":"funcmisses = 0\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.name","title":"namefunc = func\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__getitem__","title":"__getitem__","text":"name = f'{split('.')[-1]}.{__name__}'\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__setitem__","title":"__setitem__","text":"__getitem__(key: tuple[Any, ...]) -> Any\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.clear","title":"clear","text":"__setitem__(key: tuple[Any, ...], value: Any) -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.connect_clear_caching_events","title":"connect_clear_caching_events","text":"clear() -> None\nconnect_clear_caching_events(\n event_dicts: dict[str, tuple[Any, ...]], **kwargs: Any\n) -> None\nConnect given debugger event hooks to correspoonding _CacheUntilEvent instances
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.cache_until","title":"cache_until","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_caches","title":"clear_caches","text":"cache_until(\n *event_names: str,\n) -> Callable[[Callable[P, T]], Callable[P, T]]\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_cache","title":"clear_cache","text":"clear_caches() -> None\n
"},{"location":"reference/pwndbg/lib/common/","title":"pwndbg.lib.common","text":""},{"location":"reference/pwndbg/lib/common/#pwndbg.lib.common","title":"common","text":"clear_cache(cache_name: str) -> None\nFunctions:
-
hex2ptr_common\u2013Converts a hex string to a little-endian integer address.
hex2ptr_common(arg: str) -> int\nConverts a hex string to a little-endian integer address.
"},{"location":"reference/pwndbg/lib/config/","title":"pwndbg.lib.config","text":""},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config","title":"config","text":"Classes:
-
Parameter\u2013 -
Config\u2013
Attributes:
-
T\u2013 -
PARAM_BOOLEAN\u2013 -
PARAM_ZINTEGER\u2013 -
PARAM_STRING\u2013 -
PARAM_ZUINTEGER\u2013 -
PARAM_ENUM\u2013 -
PARAM_OPTIONAL_FILENAME\u2013 -
PARAM_AUTO_BOOLEAN\u2013 -
PARAM_ZUINTEGER_UNLIMITED\u2013 -
PARAM_INTEGER\u2013 -
PARAM_UINTEGER\u2013 -
PARAM_CLASSES\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_BOOLEAN","title":"PARAM_BOOLEANT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZINTEGER","title":"PARAM_ZINTEGERPARAM_BOOLEAN = 0\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_STRING","title":"PARAM_STRINGPARAM_ZINTEGER = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER","title":"PARAM_ZUINTEGERPARAM_STRING = 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ENUM","title":"PARAM_ENUMPARAM_ZUINTEGER = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_OPTIONAL_FILENAME","title":"PARAM_OPTIONAL_FILENAMEPARAM_ENUM = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_AUTO_BOOLEAN","title":"PARAM_AUTO_BOOLEANPARAM_OPTIONAL_FILENAME = 5\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER_UNLIMITED","title":"PARAM_ZUINTEGER_UNLIMITEDPARAM_AUTO_BOOLEAN = 6\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_INTEGER","title":"PARAM_INTEGERPARAM_ZUINTEGER_UNLIMITED = 7\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_UINTEGER","title":"PARAM_UINTEGERPARAM_INTEGER = 8\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_CLASSES","title":"PARAM_CLASSESPARAM_UINTEGER = 9\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter","title":"Parameter","text":"PARAM_CLASSES = {bool: PARAM_BOOLEAN, int: PARAM_ZINTEGER, str: PARAM_STRING}\nParameter(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: str = \"config\",\n)\nMethods:
-
add_update_listener\u2013 -
revert_default\u2013 -
attr_name\u2013Returns the attribute name associated with this config option,
-
__getattr__\u2013 -
pretty_val\u2013Convert a value this object could contain to its pretty string representation.
-
pretty\u2013 -
pretty_default\u2013 -
__int__\u2013 -
__str__\u2013 -
__bool__\u2013 -
__eq__\u2013 -
__lt__\u2013 -
__add__\u2013 -
__radd__\u2013 -
__sub__\u2013 -
__rsub__\u2013 -
__mul__\u2013 -
__rmul__\u2013 -
__div__\u2013 -
__floordiv__\u2013 -
__pow__\u2013 -
__mod__\u2013 -
__len__\u2013
Attributes:
-
name\u2013 -
default\u2013 -
param_class\u2013 -
set_show_doc\u2013 -
help_docstring\u2013 -
enum_sequence\u2013 -
scope\u2013 -
update_listeners(list[Callable[[Any], None]]) \u2013 -
value(Any) \u2013 -
is_changed(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.default","title":"defaultname = name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.param_class","title":"param_classdefault = default\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.set_show_doc","title":"set_show_docparam_class = param_class or PARAM_CLASSES[type(default)]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.help_docstring","title":"help_docstringset_show_doc = strip()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.enum_sequence","title":"enum_sequencehelp_docstring = strip()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.scope","title":"scopeenum_sequence = enum_sequence\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.update_listeners","title":"update_listenersscope = scope\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.value","title":"valueupdate_listeners: list[Callable[[Any], None]] = []\npropertywritable","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.is_changed","title":"is_changedvalue: Any\nproperty","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.add_update_listener","title":"add_update_listener","text":"is_changed: bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.revert_default","title":"revert_default","text":"add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.attr_name","title":"attr_name","text":"revert_default() -> None\nattr_name() -> str\nReturns the attribute name associated with this config option, i.e.
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__getattr__","title":"__getattr__","text":"my-confighas the attribute namemy_config
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_val","title":"pretty_val","text":"__getattr__(name: str)\npretty_val(val: Any) -> str\nConvert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty","title":"pretty","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_default","title":"pretty_default","text":"pretty() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__int__","title":"__int__","text":"pretty_default() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__str__","title":"__str__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__bool__","title":"__bool__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__eq__","title":"__eq__","text":"__bool__() -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__lt__","title":"__lt__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__add__","title":"__add__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__radd__","title":"__radd__","text":"__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__sub__","title":"__sub__","text":"__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rsub__","title":"__rsub__","text":"__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mul__","title":"__mul__","text":"__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rmul__","title":"__rmul__","text":"__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__div__","title":"__div__","text":"__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__floordiv__","title":"__floordiv__","text":"__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__pow__","title":"__pow__","text":"__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mod__","title":"__mod__","text":"__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__len__","title":"__len__","text":"__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config","title":"Config","text":"__len__() -> int\nConfig()\nMethods:
-
add_param\u2013 -
add_param_obj\u2013 -
trigger\u2013 -
get_params\u2013 -
__getattr__\u2013 -
__setattr__\u2013
Attributes:
-
params(dict[str, Parameter]) \u2013 -
triggers(DefaultDict[str, list[Callable[..., Any]]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.triggers","title":"triggersparams: dict[str, Parameter] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param","title":"add_param","text":"triggers: DefaultDict[str, list[Callable[..., Any]]] = defaultdict(list)\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param_obj","title":"add_param_obj","text":"add_param(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: str = \"config\",\n) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.trigger","title":"trigger","text":"add_param_obj(p: Parameter) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.get_params","title":"get_params","text":"trigger(*params: Parameter) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__getattr__","title":"__getattr__","text":"get_params(scope: str) -> list[Parameter]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__setattr__","title":"__setattr__","text":"__getattr__(name: str) -> Parameter\n
"},{"location":"reference/pwndbg/lib/disasm/","title":"pwndbg.lib.disasm","text":""},{"location":"reference/pwndbg/lib/disasm/#pwndbg.lib.disasm","title":"disasm","text":"__setattr__(attr, val)\nModules:
-
helpers\u2013
Functions:
-
to_signed\u2013Returns the signed number associated with the two's-complement binary representation of
unsigned -
logical_shift_left\u2013 -
logical_shift_right\u2013nis truncated to the width ofbit_widthbefore the operation takes place. -
rotate_right\u2013nis truncated to the width ofbit_widthbefore the operation takes place. -
arithmetic_shift_right\u2013This returns the value represented by the two's-complement binary representation of the final result.
to_signed(unsigned: int, bit_width: int)\nReturns the signed number associated with the two's-complement binary representation of
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_left","title":"logical_shift_left","text":"unsigned
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_right","title":"logical_shift_right","text":"logical_shift_left(n: int, shift_amt: int, bit_width: int)\nlogical_shift_right(n: int, shift_amt: int, bit_width: int)\n
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.rotate_right","title":"rotate_right","text":"nis truncated to the width ofbit_widthbefore the operation takes place.rotate_right(n: int, shift_amt: int, bit_width: int)\n
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.arithmetic_shift_right","title":"arithmetic_shift_right","text":"nis truncated to the width ofbit_widthbefore the operation takes place.arithmetic_shift_right(n: int, shift_amt: int, bit_width: int)\nThis returns the value represented by the two's-complement binary representation of the final result. This means the result could be negative (if the top bit of the input is negative)
"},{"location":"reference/pwndbg/lib/elftypes/","title":"pwndbg.lib.elftypes","text":""},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes","title":"elftypes","text":"nis truncated to the width ofbit_widthbefore the operation takes place.Classes:
-
constants\u2013 -
Elf32_Ehdr\u2013 -
Elf64_Ehdr\u2013 -
Elf32_Phdr\u2013 -
Elf64_Phdr\u2013 -
AUXV\u2013
Attributes:
-
Elf32_Addr\u2013 -
Elf32_Half\u2013 -
Elf32_Off\u2013 -
Elf32_Sword\u2013 -
Elf32_Word\u2013 -
Elf64_Addr\u2013 -
Elf64_Half\u2013 -
Elf64_SHalf\u2013 -
Elf64_Off\u2013 -
Elf64_Sword\u2013 -
Elf64_Word\u2013 -
Elf64_Xword\u2013 -
Elf64_Sxword\u2013 -
AT_CONSTANTS(dict[int, str]) \u2013 -
AT_CONSTANT_NAMES\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Half","title":"Elf32_HalfElf32_Addr = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Off","title":"Elf32_OffElf32_Half = c_uint16\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Sword","title":"Elf32_SwordElf32_Off = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Word","title":"Elf32_WordElf32_Sword = c_int32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Addr","title":"Elf64_AddrElf32_Word = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Half","title":"Elf64_HalfElf64_Addr = c_uint64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_SHalf","title":"Elf64_SHalfElf64_Half = c_uint16\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Off","title":"Elf64_OffElf64_SHalf = c_int16\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sword","title":"Elf64_SwordElf64_Off = c_uint64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Word","title":"Elf64_WordElf64_Sword = c_int32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Xword","title":"Elf64_XwordElf64_Word = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sxword","title":"Elf64_SxwordElf64_Xword = c_uint64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANTS","title":"AT_CONSTANTSElf64_Sxword = c_int64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANT_NAMES","title":"AT_CONSTANT_NAMESAT_CONSTANTS: dict[int, str] = {\n 0: \"AT_NULL\",\n 1: \"AT_IGNORE\",\n 2: \"AT_EXECFD\",\n 3: \"AT_PHDR\",\n 4: \"AT_PHENT\",\n 5: \"AT_PHNUM\",\n 6: \"AT_PAGESZ\",\n 7: \"AT_BASE\",\n 8: \"AT_FLAGS\",\n 9: \"AT_ENTRY\",\n 10: \"AT_NOTELF\",\n 11: \"AT_UID\",\n 12: \"AT_EUID\",\n 13: \"AT_GID\",\n 14: \"AT_EGID\",\n 15: \"AT_PLATFORM\",\n 16: \"AT_HWCAP\",\n 17: \"AT_CLKTCK\",\n 18: \"AT_FPUCW\",\n 19: \"AT_DCACHEBSIZE\",\n 20: \"AT_ICACHEBSIZE\",\n 21: \"AT_UCACHEBSIZE\",\n 22: \"AT_IGNOREPPC\",\n 23: \"AT_SECURE\",\n 24: \"AT_BASE_PLATFORM\",\n 25: \"AT_RANDOM\",\n 26: \"AT_HWCAP2\",\n 27: \"AT_RSEQ_FEATURE_SIZE\",\n 28: \"AT_RSEQ_ALIGN\",\n 29: \"AT_HWCAP3\",\n 30: \"AT_HWCAP4\",\n 31: \"AT_EXECFN\",\n 32: \"AT_SYSINFO\",\n 33: \"AT_SYSINFO_EHDR\",\n 34: \"AT_L1I_CACHESHAPE\",\n 35: \"AT_L1D_CACHESHAPE\",\n 36: \"AT_L2_CACHESHAPE\",\n 37: \"AT_L3_CACHESHAPE\",\n 40: \"AT_L1I_CACHESIZE\",\n 41: \"AT_L1I_CACHEGEOMETRY\",\n 42: \"AT_L1D_CACHESIZE\",\n 43: \"AT_L1D_CACHEGEOMETRY\",\n 44: \"AT_L2_CACHESIZE\",\n 45: \"AT_L2_CACHEGEOMETRY\",\n 46: \"AT_L3_CACHESIZE\",\n 47: \"AT_L3_CACHEGEOMETRY\",\n 51: \"AT_MINSIGSTKSZ\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants","title":"constants","text":"AT_CONSTANT_NAMES = {v: _gfor (k, v) in items()}\nAttributes:
-
EI_MAG0\u2013 -
EI_MAG1\u2013 -
EI_MAG2\u2013 -
EI_MAG3\u2013 -
EI_CLASS\u2013 -
EI_DATA\u2013 -
EI_VERSION\u2013 -
EI_OSABI\u2013 -
EI_ABIVERSION\u2013 -
EI_PAD\u2013 -
EI_NIDENT\u2013 -
ELFMAG0\u2013 -
ELFMAG1\u2013 -
ELFMAG2\u2013 -
ELFMAG3\u2013 -
ELFCLASSNONE\u2013 -
ELFCLASS32\u2013 -
ELFCLASS64\u2013 -
ELFDATANONE\u2013 -
ELFDATA2LSB\u2013 -
ELFDATA2MSB\u2013 -
PT_NULL\u2013 -
PT_LOAD\u2013 -
PT_DYNAMIC\u2013 -
PT_INTERP\u2013 -
PT_NOTE\u2013 -
PT_SHLIB\u2013 -
PT_PHDR\u2013 -
PT_TLS\u2013 -
ET_NONE\u2013 -
ET_REL\u2013 -
ET_EXEC\u2013 -
ET_DYN\u2013 -
ET_CORE\u2013 -
DT_NULL\u2013 -
DT_NEEDED\u2013 -
DT_PLTRELSZ\u2013 -
DT_PLTGOT\u2013 -
DT_HASH\u2013 -
DT_STRTAB\u2013 -
DT_SYMTAB\u2013 -
DT_RELA\u2013 -
DT_RELASZ\u2013 -
DT_RELAENT\u2013 -
DT_STRSZ\u2013 -
DT_SYMENT\u2013 -
DT_INIT\u2013 -
DT_FINI\u2013 -
DT_SONAME\u2013 -
DT_RPATH\u2013 -
DT_SYMBOLIC\u2013 -
DT_REL\u2013 -
DT_RELSZ\u2013 -
DT_RELENT\u2013 -
DT_PLTREL\u2013 -
DT_DEBUG\u2013 -
DT_TEXTREL\u2013 -
DT_JMPREL\u2013 -
DT_ENCODING\u2013 -
SHT_NULL\u2013 -
SHT_PROGBITS\u2013 -
SHT_SYMTAB\u2013 -
SHT_STRTAB\u2013 -
SHT_RELA\u2013 -
SHT_HASH\u2013 -
SHT_DYNAMIC\u2013 -
SHT_NOTE\u2013 -
SHT_NOBITS\u2013 -
SHT_REL\u2013 -
SHT_SHLIB\u2013 -
SHT_DYNSYM\u2013 -
SHT_NUM\u2013 -
STT_NOTYPE\u2013 -
STT_OBJECT\u2013 -
STT_FUNC\u2013 -
STT_SECTION\u2013 -
STT_FILE\u2013 -
STT_COMMON\u2013 -
STT_TLS\u2013 -
NT_PRSTATUS\u2013 -
NT_PRFPREG\u2013 -
NT_PRPSINFO\u2013 -
NT_TASKSTRUCT\u2013 -
NT_AUXV\u2013 -
NT_SIGINFO\u2013 -
NT_FILE\u2013 -
NT_PRXFPREG\u2013 -
NT_PPC_VMX\u2013 -
NT_PPC_SPE\u2013 -
NT_PPC_VSX\u2013 -
NT_386_TLS\u2013 -
NT_386_IOPERM\u2013 -
NT_X86_XSTATE\u2013 -
NT_S390_HIGH_GPRS\u2013 -
NT_S390_TIMER\u2013 -
NT_S390_TODCMP\u2013 -
NT_S390_TODPREG\u2013 -
NT_S390_CTRS\u2013 -
NT_S390_PREFIX\u2013 -
NT_S390_LAST_BREAK\u2013 -
NT_S390_SYSTEM_CALL\u2013 -
NT_S390_TDB\u2013 -
NT_ARM_VFP\u2013 -
NT_ARM_TLS\u2013 -
NT_ARM_HW_BREAK\u2013 -
NT_ARM_HW_WATCH\u2013 -
NT_METAG_CBUF\u2013 -
NT_METAG_RPIPE\u2013 -
NT_METAG_TLS\u2013 -
AT_NULL\u2013 -
AT_IGNORE\u2013 -
AT_EXECFD\u2013 -
AT_PHDR\u2013 -
AT_PHENT\u2013 -
AT_PHNUM\u2013 -
AT_PAGESZ\u2013 -
AT_BASE\u2013 -
AT_FLAGS\u2013 -
AT_ENTRY\u2013 -
AT_NOTELF\u2013 -
AT_UID\u2013 -
AT_EUID\u2013 -
AT_GID\u2013 -
AT_EGID\u2013 -
AT_PLATFORM\u2013 -
AT_HWCAP\u2013 -
AT_CLKTCK\u2013 -
AT_FPUCW\u2013 -
AT_DCACHEBSIZE\u2013 -
AT_ICACHEBSIZE\u2013 -
AT_UCACHEBSIZE\u2013 -
AT_IGNOREPPC\u2013 -
AT_SECURE\u2013 -
AT_BASE_PLATFORM\u2013 -
AT_RANDOM\u2013 -
AT_EXECFN\u2013 -
AT_SYSINFO\u2013 -
AT_SYSINFO_EHDR\u2013 -
AT_L1I_CACHESHAPE\u2013 -
AT_L1D_CACHESHAPE\u2013 -
AT_L2_CACHESHAPE\u2013 -
AT_L3_CACHESHAPE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG1","title":"EI_MAG1EI_MAG0 = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG2","title":"EI_MAG2EI_MAG1 = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG3","title":"EI_MAG3EI_MAG2 = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_CLASS","title":"EI_CLASSEI_MAG3 = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_DATA","title":"EI_DATAEI_CLASS = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_VERSION","title":"EI_VERSIONEI_DATA = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_OSABI","title":"EI_OSABIEI_VERSION = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_ABIVERSION","title":"EI_ABIVERSIONEI_OSABI = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_PAD","title":"EI_PADEI_ABIVERSION = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_NIDENT","title":"EI_NIDENTEI_PAD = 9\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG0","title":"ELFMAG0EI_NIDENT = 16\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG1","title":"ELFMAG1ELFMAG0 = 127\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG2","title":"ELFMAG2ELFMAG1 = ord('E')\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG3","title":"ELFMAG3ELFMAG2 = ord('L')\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASSNONE","title":"ELFCLASSNONEELFMAG3 = ord('F')\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS32","title":"ELFCLASS32ELFCLASSNONE = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS64","title":"ELFCLASS64ELFCLASS32 = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATANONE","title":"ELFDATANONEELFCLASS64 = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2LSB","title":"ELFDATA2LSBELFDATANONE = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2MSB","title":"ELFDATA2MSBELFDATA2LSB = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NULL","title":"PT_NULLELFDATA2MSB = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_LOAD","title":"PT_LOADPT_NULL = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_DYNAMIC","title":"PT_DYNAMICPT_LOAD = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_INTERP","title":"PT_INTERPPT_DYNAMIC = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NOTE","title":"PT_NOTEPT_INTERP = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_SHLIB","title":"PT_SHLIBPT_NOTE = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_PHDR","title":"PT_PHDRPT_SHLIB = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_TLS","title":"PT_TLSPT_PHDR = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_NONE","title":"ET_NONEPT_TLS = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_REL","title":"ET_RELET_NONE = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_EXEC","title":"ET_EXECET_REL = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_DYN","title":"ET_DYNET_EXEC = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_CORE","title":"ET_COREET_DYN = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NULL","title":"DT_NULLET_CORE = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NEEDED","title":"DT_NEEDEDDT_NULL = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTRELSZ","title":"DT_PLTRELSZDT_NEEDED = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTGOT","title":"DT_PLTGOTDT_PLTRELSZ = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_HASH","title":"DT_HASHDT_PLTGOT = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRTAB","title":"DT_STRTABDT_HASH = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMTAB","title":"DT_SYMTABDT_STRTAB = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELA","title":"DT_RELADT_SYMTAB = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELASZ","title":"DT_RELASZDT_RELA = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELAENT","title":"DT_RELAENTDT_RELASZ = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRSZ","title":"DT_STRSZDT_RELAENT = 9\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMENT","title":"DT_SYMENTDT_STRSZ = 10\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_INIT","title":"DT_INITDT_SYMENT = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_FINI","title":"DT_FINIDT_INIT = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SONAME","title":"DT_SONAMEDT_FINI = 13\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RPATH","title":"DT_RPATHDT_SONAME = 14\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMBOLIC","title":"DT_SYMBOLICDT_RPATH = 15\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_REL","title":"DT_RELDT_SYMBOLIC = 16\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELSZ","title":"DT_RELSZDT_REL = 17\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELENT","title":"DT_RELENTDT_RELSZ = 18\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTREL","title":"DT_PLTRELDT_RELENT = 19\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_DEBUG","title":"DT_DEBUGDT_PLTREL = 20\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_TEXTREL","title":"DT_TEXTRELDT_DEBUG = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_JMPREL","title":"DT_JMPRELDT_TEXTREL = 22\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_ENCODING","title":"DT_ENCODINGDT_JMPREL = 23\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NULL","title":"SHT_NULLDT_ENCODING = 32\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_PROGBITS","title":"SHT_PROGBITSSHT_NULL = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SYMTAB","title":"SHT_SYMTABSHT_PROGBITS = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_STRTAB","title":"SHT_STRTABSHT_SYMTAB = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_RELA","title":"SHT_RELASHT_STRTAB = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_HASH","title":"SHT_HASHSHT_RELA = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNAMIC","title":"SHT_DYNAMICSHT_HASH = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOTE","title":"SHT_NOTESHT_DYNAMIC = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOBITS","title":"SHT_NOBITSSHT_NOTE = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_REL","title":"SHT_RELSHT_NOBITS = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SHLIB","title":"SHT_SHLIBSHT_REL = 9\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNSYM","title":"SHT_DYNSYMSHT_SHLIB = 10\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NUM","title":"SHT_NUMSHT_DYNSYM = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_NOTYPE","title":"STT_NOTYPESHT_NUM = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_OBJECT","title":"STT_OBJECTSTT_NOTYPE = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FUNC","title":"STT_FUNCSTT_OBJECT = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_SECTION","title":"STT_SECTIONSTT_FUNC = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FILE","title":"STT_FILESTT_SECTION = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_COMMON","title":"STT_COMMONSTT_FILE = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_TLS","title":"STT_TLSSTT_COMMON = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRSTATUS","title":"NT_PRSTATUSSTT_TLS = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRFPREG","title":"NT_PRFPREGNT_PRSTATUS = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRPSINFO","title":"NT_PRPSINFONT_PRFPREG = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_TASKSTRUCT","title":"NT_TASKSTRUCTNT_PRPSINFO = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_AUXV","title":"NT_AUXVNT_TASKSTRUCT = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_SIGINFO","title":"NT_SIGINFONT_AUXV = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_FILE","title":"NT_FILENT_SIGINFO = 1397311305\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRXFPREG","title":"NT_PRXFPREGNT_FILE = 1179208773\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VMX","title":"NT_PPC_VMXNT_PRXFPREG = 1189489535\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_SPE","title":"NT_PPC_SPENT_PPC_VMX = 256\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VSX","title":"NT_PPC_VSXNT_PPC_SPE = 257\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_TLS","title":"NT_386_TLSNT_PPC_VSX = 258\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_IOPERM","title":"NT_386_IOPERMNT_386_TLS = 512\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_X86_XSTATE","title":"NT_X86_XSTATENT_386_IOPERM = 513\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_HIGH_GPRS","title":"NT_S390_HIGH_GPRSNT_X86_XSTATE = 514\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TIMER","title":"NT_S390_TIMERNT_S390_HIGH_GPRS = 768\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODCMP","title":"NT_S390_TODCMPNT_S390_TIMER = 769\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODPREG","title":"NT_S390_TODPREGNT_S390_TODCMP = 770\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_CTRS","title":"NT_S390_CTRSNT_S390_TODPREG = 771\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_PREFIX","title":"NT_S390_PREFIXNT_S390_CTRS = 772\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_LAST_BREAK","title":"NT_S390_LAST_BREAKNT_S390_PREFIX = 773\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_SYSTEM_CALL","title":"NT_S390_SYSTEM_CALLNT_S390_LAST_BREAK = 774\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TDB","title":"NT_S390_TDBNT_S390_SYSTEM_CALL = 775\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_VFP","title":"NT_ARM_VFPNT_S390_TDB = 776\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_TLS","title":"NT_ARM_TLSNT_ARM_VFP = 1024\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_BREAK","title":"NT_ARM_HW_BREAKNT_ARM_TLS = 1025\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_WATCH","title":"NT_ARM_HW_WATCHNT_ARM_HW_BREAK = 1026\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_CBUF","title":"NT_METAG_CBUFNT_ARM_HW_WATCH = 1027\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_RPIPE","title":"NT_METAG_RPIPENT_METAG_CBUF = 1280\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_TLS","title":"NT_METAG_TLSNT_METAG_RPIPE = 1281\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NULL","title":"AT_NULLNT_METAG_TLS = 1282\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNORE","title":"AT_IGNOREAT_NULL = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFD","title":"AT_EXECFDAT_IGNORE = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHDR","title":"AT_PHDRAT_EXECFD = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHENT","title":"AT_PHENTAT_PHDR = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHNUM","title":"AT_PHNUMAT_PHENT = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PAGESZ","title":"AT_PAGESZAT_PHNUM = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE","title":"AT_BASEAT_PAGESZ = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FLAGS","title":"AT_FLAGSAT_BASE = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ENTRY","title":"AT_ENTRYAT_FLAGS = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NOTELF","title":"AT_NOTELFAT_ENTRY = 9\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UID","title":"AT_UIDAT_NOTELF = 10\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EUID","title":"AT_EUIDAT_UID = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_GID","title":"AT_GIDAT_EUID = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EGID","title":"AT_EGIDAT_GID = 13\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PLATFORM","title":"AT_PLATFORMAT_EGID = 14\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_HWCAP","title":"AT_HWCAPAT_PLATFORM = 15\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_CLKTCK","title":"AT_CLKTCKAT_HWCAP = 16\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FPUCW","title":"AT_FPUCWAT_CLKTCK = 17\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_DCACHEBSIZE","title":"AT_DCACHEBSIZEAT_FPUCW = 18\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ICACHEBSIZE","title":"AT_ICACHEBSIZEAT_DCACHEBSIZE = 19\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UCACHEBSIZE","title":"AT_UCACHEBSIZEAT_ICACHEBSIZE = 20\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNOREPPC","title":"AT_IGNOREPPCAT_UCACHEBSIZE = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SECURE","title":"AT_SECUREAT_IGNOREPPC = 22\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORMAT_SECURE = 23\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_RANDOM","title":"AT_RANDOMAT_BASE_PLATFORM = 24\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFN","title":"AT_EXECFNAT_RANDOM = 25\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO","title":"AT_SYSINFOAT_EXECFN = 31\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDRAT_SYSINFO = 32\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1I_CACHESHAPE","title":"AT_L1I_CACHESHAPEAT_SYSINFO_EHDR = 33\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1D_CACHESHAPE","title":"AT_L1D_CACHESHAPEAT_L1I_CACHESHAPE = 34\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L2_CACHESHAPE","title":"AT_L2_CACHESHAPEAT_L1D_CACHESHAPE = 35\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L3_CACHESHAPE","title":"AT_L3_CACHESHAPEAT_L2_CACHESHAPE = 36\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Ehdr","title":"Elf32_Ehdr","text":"AT_L3_CACHESHAPE = 37\nBases:
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Ehdr","title":"Elf64_Ehdr","text":"StructureBases:
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Phdr","title":"Elf32_Phdr","text":"StructureBases:
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Phdr","title":"Elf64_Phdr","text":"StructureBases:
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV","title":"AUXV","text":"StructureBases:
dict[str, int | str]Methods:
-
set\u2013 -
__getattr__\u2013 -
__str__\u2013
Attributes:
-
AT_PHDR(int | None) \u2013 -
AT_BASE(int | None) \u2013 -
AT_PLATFORM(str | None) \u2013 -
AT_BASE_PLATFORM(str | None) \u2013 -
AT_ENTRY(int | None) \u2013 -
AT_RANDOM(int | None) \u2013 -
AT_EXECFN(str | None) \u2013 -
AT_SYSINFO(int | None) \u2013 -
AT_SYSINFO_EHDR(int | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE","title":"AT_BASEAT_PHDR: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_PLATFORM","title":"AT_PLATFORMAT_BASE: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORMAT_PLATFORM: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_ENTRY","title":"AT_ENTRYAT_BASE_PLATFORM: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_RANDOM","title":"AT_RANDOMAT_ENTRY: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_EXECFN","title":"AT_EXECFNAT_RANDOM: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO","title":"AT_SYSINFOAT_EXECFN: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDRAT_SYSINFO: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.set","title":"set","text":"AT_SYSINFO_EHDR: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__getattr__","title":"__getattr__","text":"set(const: int, value: int) -> None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__str__","title":"__str__","text":"__getattr__(attr: str) -> int | str | None\n
"},{"location":"reference/pwndbg/lib/funcparser/","title":"pwndbg.lib.funcparser","text":""},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser","title":"funcparser","text":"__str__() -> str\nFunctions:
-
extractTypeAndName\u2013 -
Stringify\u2013 -
ExtractFuncDecl\u2013 -
ExtractAllFuncDecls\u2013 -
ExtractFuncDeclFromSource\u2013
Attributes:
-
CAstNode\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.extractTypeAndName","title":"extractTypeAndName","text":"CAstNode = Union[\n EllipsisParam, PtrDecl, ArrayDecl, FuncDecl, Struct, Union, Enum\n]\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.Stringify","title":"Stringify","text":"extractTypeAndName(\n n: CAstNode, defaultName: str | None = None\n) -> tuple[str, int, str] | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDecl","title":"ExtractFuncDecl","text":"Stringify(X: Function | Argument) -> str\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractAllFuncDecls","title":"ExtractAllFuncDecls","text":"ExtractFuncDecl(node: CAstNode, verbose: bool = False) -> Function | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDeclFromSource","title":"ExtractFuncDeclFromSource","text":"ExtractAllFuncDecls(ast: CAstNode, verbose: bool = False)\n
"},{"location":"reference/pwndbg/lib/functions/","title":"pwndbg.lib.functions","text":""},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions","title":"functions","text":"ExtractFuncDeclFromSource(source: str) -> Function | None\nClasses:
-
Function\u2013 -
Argument\u2013 -
Flag\u2013 -
LazyFunctions\u2013
Functions:
-
format_flags_argument\u2013
Attributes:
-
functions\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function","title":"Function","text":"functions = LazyFunctions()\nBases:
NamedTupleAttributes:
-
type(str) \u2013 -
derefcnt(int) \u2013 -
name(str) \u2013 -
args(list[Argument]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.derefcnt","title":"derefcnttype: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.name","title":"namederefcnt: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.args","title":"argsname: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument","title":"Argument","text":"args: list[Argument]\nBases:
NamedTupleAttributes:
-
type(str) \u2013 -
derefcnt(int) \u2013 -
name(str) \u2013 -
flags(tuple[Flag, ...] | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.derefcnt","title":"derefcnttype: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.name","title":"namederefcnt: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.flags","title":"flagsname: str\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag","title":"Flag","text":"flags: tuple[Flag, ...] | None = None\nBases:
NamedTupleAttributes:
-
value(int) \u2013 -
name(str) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag.name","title":"namevalue: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions","title":"LazyFunctions","text":"name: str\nLazyFunctions(*args, **kw)\nBases:
Mapping[str, Function]Methods:
-
__getitem__\u2013 -
__iter__\u2013 -
__len__\u2013
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__iter__","title":"__iter__","text":"__getitem__(key)\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__len__","title":"__len__","text":"__iter__()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.format_flags_argument","title":"format_flags_argument","text":"__len__()\n
"},{"location":"reference/pwndbg/lib/functions_data/","title":"pwndbg.lib.functions_data","text":""},{"location":"reference/pwndbg/lib/functions_data/#pwndbg.lib.functions_data","title":"functions_data","text":"format_flags_argument(flags: tuple[Flag, ...], value: int)\nFunctions:
-
load_functions\u2013
"},{"location":"reference/pwndbg/lib/gcc/","title":"pwndbg.lib.gcc","text":""},{"location":"reference/pwndbg/lib/gcc/#pwndbg.lib.gcc","title":"gcc","text":"load_functions()\nFunctions for determining the architecture-dependent path to GCC and any flags it should be executed with.
Functions:
-
which\u2013
Attributes:
-
printed_message\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/gcc/#pwndbg.lib.gcc.which","title":"which","text":"printed_message = False\n
"},{"location":"reference/pwndbg/lib/heap/","title":"pwndbg.lib.heap","text":""},{"location":"reference/pwndbg/lib/heap/#pwndbg.lib.heap","title":"heap","text":"which(arch: Arch) -> list[str]\nModules:
-
helpers\u2013
Functions:
-
find_fastbin_size\u2013
"},{"location":"reference/pwndbg/lib/kernel/","title":"pwndbg.lib.kernel","text":""},{"location":"reference/pwndbg/lib/kernel/#pwndbg.lib.kernel","title":"kernel","text":"find_fastbin_size(\n mem: bytes, max_size: int, step: int\n) -> Generator[int, None, None]\nModules:
-
kconfig\u2013 -
structs\u2013
Classes:
-
Kconfig\u2013
Functions:
-
parse_config\u2013 -
parse_compresed_config\u2013 -
config_to_key\u2013
Kconfig(compressed_config: bytes, *args: Any, **kwargs: Any)\nBases:
UserDictMethods:
-
get_key\u2013 -
__getitem__\u2013 -
__contains__\u2013 -
__getattr__\u2013
Attributes:
-
data\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.get_key","title":"get_key","text":"data = parse_compresed_config(compressed_config)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getitem__","title":"__getitem__","text":"get_key(name: str) -> str | None\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__contains__","title":"__contains__","text":"__getitem__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getattr__","title":"__getattr__","text":"__contains__(name: object) -> bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_config","title":"parse_config","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_compresed_config","title":"parse_compresed_config","text":"parse_config(config_text: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.config_to_key","title":"config_to_key","text":"parse_compresed_config(compressed_config: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/structs/","title":"pwndbg.lib.kernel.structs","text":""},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs","title":"structs","text":"config_to_key(name: str) -> str\nClasses:
-
IDTEntry\u2013Represents an entry in the Interrupt Descriptor Table (IDT)
IDTEntry(entry)\nRepresents an entry in the Interrupt Descriptor Table (IDT)
The IDTEntry class stores information about an IDT entry, including its index, offset, segment selector, descriptor privilege level (DPL), gate type, and interrupt stack table (IST) index.
https://wiki.osdev.org/Interrupt_Descriptor_Table
Attributes:
-
offset\u2013 -
segment\u2013 -
dpl\u2013 -
type\u2013 -
ist\u2013 -
present\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.segment","title":"segmentoffset = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.dpl","title":"dplsegment = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.type","title":"typedpl = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.ist","title":"isttype = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.present","title":"presentist = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/","title":"pwndbg.lib.memory","text":""},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory","title":"memory","text":"present = None\nReading, writing, and describing memory.
Classes:
-
Page\u2013Represents the address space and page permissions of at least
Functions:
-
round_down\u2013round_down(address, align) -> int
-
round_up\u2013round_up(address, align) -> int
-
page_align\u2013page_align(address) -> int
-
page_size_align\u2013 -
page_offset\u2013
Attributes:
-
PAGE_SIZE\u2013 -
PAGE_MASK\u2013 -
align_down\u2013 -
align_up\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.PAGE_MASK","title":"PAGE_MASKPAGE_SIZE = 4096\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_down","title":"align_downPAGE_MASK = ~PAGE_SIZE - 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_up","title":"align_upalign_down = round_down\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page","title":"Page","text":"align_up = round_up\nPage(start: int, size: int, flags: int, offset: int, objfile: str = '')\nRepresents the address space and page permissions of at least one page of memory.
Methods:
-
__str__\u2013 -
__repr__\u2013 -
__contains__\u2013 -
__eq__\u2013 -
__lt__\u2013 -
__hash__\u2013
Attributes:
-
vaddr\u2013 -
memsz\u2013 -
flags\u2013 -
offset\u2013 -
objfile\u2013Possible non-empty values of
objfile: -
start(int) \u2013Mapping start address.
-
end(int) \u2013Address beyond mapping. So the last effective address is self.end-1
-
is_stack(bool) \u2013 -
is_memory_mapped_file(bool) \u2013 -
read(bool) \u2013 -
write(bool) \u2013 -
execute(bool) \u2013 -
rw(bool) \u2013 -
wx(bool) \u2013 -
rwx(bool) \u2013 -
is_guard(bool) \u2013 -
permstr(str) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.memsz","title":"memszvaddr = start\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.flags","title":"flagsmemsz = size\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.offset","title":"offsetflags = flags\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.objfile","title":"objfileoffset = offset\nclass-attributeinstance-attribute","text":"objfile = objfile\nPossible non-empty values of
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.start","title":"startobjfile: - Contains square brackets \"[]\" if it's not a memory mapped file. Examples: [stack], [vsyscall], [heap], [vdso] - A path to a file, such as/usr/lib/libc.so.6property","text":"start: int\nMapping start address.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.end","title":"endproperty","text":"end: int\nAddress beyond mapping. So the last effective address is self.end-1 It is the same as displayed in /proc//maps"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_stack","title":"is_stack
property","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_memory_mapped_file","title":"is_memory_mapped_fileis_stack: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.read","title":"readis_memory_mapped_file: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.write","title":"writeread: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.execute","title":"executewrite: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rw","title":"rwexecute: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.wx","title":"wxrw: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rwx","title":"rwxwx: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_guard","title":"is_guardrwx: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.permstr","title":"permstris_guard: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__str__","title":"__str__","text":"permstr: str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__repr__","title":"__repr__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__contains__","title":"__contains__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__eq__","title":"__eq__","text":"__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__lt__","title":"__lt__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__hash__","title":"__hash__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_down","title":"round_down","text":"__hash__() -> int\nround_down(address: int, align: int) -> int\nround_down(address, align) -> int
Round down
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_up","title":"round_up","text":"addressto the nearest increment ofalign.round_up(address: int, align: int) -> int\nround_up(address, align) -> int
Round up
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_align","title":"page_align","text":"addressto the nearest increment ofalign.page_align(address: int) -> int\npage_align(address) -> int
Round down
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_size_align","title":"page_size_align","text":"addressto the nearest page boundary.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_offset","title":"page_offset","text":"page_size_align(address: int) -> int\n
"},{"location":"reference/pwndbg/lib/net/","title":"pwndbg.lib.net","text":""},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net","title":"net","text":"page_offset(address: int) -> int\nRe-implements some psutil functionality to be able to get information from remote debugging sessions.
Classes:
-
inode\u2013 -
Connection\u2013 -
UnixSocket\u2013 -
Netlink\u2013
Functions:
-
tcp\u2013It will first list all listening TCP sockets, and next list all established
-
unix\u2013 -
netlink\u2013
Attributes:
-
TCP_STATUSES\u2013 -
NETLINK_TYPES\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.NETLINK_TYPES","title":"NETLINK_TYPESTCP_STATUSES = {\n \"01\": \"established\",\n \"02\": \"syn_sent\",\n \"03\": \"syn_recv\",\n \"04\": \"fin_wait1\",\n \"05\": \"fin_wait2\",\n \"06\": \"time_wait\",\n \"07\": \"close\",\n \"08\": \"close_wait\",\n \"09\": \"last_ack\",\n \"0A\": \"listen\",\n \"0B\": \"closing\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.inode","title":"inode","text":"NETLINK_TYPES = {\n 0: \"NETLINK_ROUTE\",\n 1: \"NETLINK_UNUSED\",\n 2: \"NETLINK_USERSOCK\",\n 3: \"NETLINK_FIREWALL\",\n 4: \"NETLINK_SOCK_DIAG\",\n 5: \"NETLINK_NFLOG\",\n 6: \"NETLINK_XFRM\",\n 7: \"NETLINK_SELINUX\",\n 8: \"NETLINK_ISCSI\",\n 9: \"NETLINK_AUDIT\",\n 10: \"NETLINK_FIB_LOOKUP\",\n 11: \"NETLINK_CONNECTOR\",\n 12: \"NETLINK_NETFILTER\",\n 13: \"NETLINK_IP6_FW\",\n 14: \"NETLINK_DNRTMSG\",\n 15: \"NETLINK_KOBJECT_UEVENT\",\n 16: \"NETLINK_GENERIC\",\n 18: \"NETLINK_SCSITRANSPORT\",\n 19: \"NETLINK_ECRYPTFS\",\n 20: \"NETLINK_RDMA\",\n 21: \"NETLINK_CRYPTO\",\n}\nAttributes:
-
inode(int | None) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection","title":"Connection","text":"inode: int | None = None\nBases:
inodeMethods:
-
__str__\u2013 -
__repr__\u2013
Attributes:
-
rhost(str | None) \u2013 -
lhost(str | None) \u2013 -
rport(int | None) \u2013 -
lport(int | None) \u2013 -
inode(int | None) \u2013 -
status(str | None) \u2013 -
family(str | None) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lhost","title":"lhostrhost: str | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.rport","title":"rportlhost: str | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lport","title":"lportrport: int | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.inode","title":"inodelport: int | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.status","title":"statusinode: int | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.family","title":"familystatus: str | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__str__","title":"__str__","text":"family: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__repr__","title":"__repr__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket","title":"UnixSocket","text":"__repr__() -> str\nBases:
inodeMethods:
-
__str__\u2013 -
__repr__\u2013
Attributes:
-
path\u2013 -
inode(int | None) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.inode","title":"inodepath = '(anonymous)'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__str__","title":"__str__","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__repr__","title":"__repr__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink","title":"Netlink","text":"__repr__() -> str\nBases:
inodeMethods:
-
__str__\u2013 -
__repr__\u2013
Attributes:
-
eth(int) \u2013 -
pid(int | None) \u2013 -
inode(int | None) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.pid","title":"pideth: int = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.inode","title":"inodepid: int | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__str__","title":"__str__","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__repr__","title":"__repr__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.tcp","title":"tcp","text":"__repr__() -> str\ntcp(data: str) -> list[Connection]\nIt will first list all listening TCP sockets, and next list all established TCP connections. A typical entry of /proc/net/tcp would look like this (split up into 3 parts because of the length of the line):
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.unix","title":"unix","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.netlink","title":"netlink","text":"unix(data: str) -> list[UnixSocket]\n
"},{"location":"reference/pwndbg/lib/regs/","title":"pwndbg.lib.regs","text":""},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs","title":"regs","text":"netlink(data: str) -> list[Netlink]\nReading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
Classes:
-
RegisterSet\u2013
Attributes:
-
BitFlags\u2013 -
arm_cpsr_flags\u2013 -
arm_xpsr_flags\u2013 -
aarch64_cpsr_flags\u2013 -
aarch64_sctlr_flags\u2013 -
aarch64_scr_flags\u2013 -
arm\u2013 -
armcm\u2013 -
aarch64\u2013 -
x86flags\u2013 -
amd64\u2013 -
i386\u2013 -
powerpc\u2013 -
sparc\u2013 -
mips\u2013 -
riscv\u2013 -
loongarch64\u2013 -
reg_sets(dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_cpsr_flags","title":"arm_cpsr_flagsBitFlags = OrderedDict[str, Union[int, Tuple[int, int]]]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_xpsr_flags","title":"arm_xpsr_flagsarm_cpsr_flags = BitFlags(\n [\n (\"N\", 31),\n (\"Z\", 30),\n (\"C\", 29),\n (\"V\", 28),\n (\"Q\", 27),\n (\"J\", 24),\n (\"T\", 5),\n (\"E\", 9),\n (\"A\", 8),\n (\"I\", 7),\n (\"F\", 6),\n ]\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_cpsr_flags","title":"aarch64_cpsr_flagsarm_xpsr_flags = BitFlags(\n [(\"N\", 31), (\"Z\", 30), (\"C\", 29), (\"V\", 28), (\"Q\", 27), (\"T\", 24)]\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_sctlr_flags","title":"aarch64_sctlr_flagsaarch64_cpsr_flags = BitFlags(\n [\n (\"N\", 31),\n (\"Z\", 30),\n (\"C\", 29),\n (\"V\", 28),\n (\"Q\", 27),\n (\"PAN\", 22),\n (\"IL\", 20),\n (\"D\", 9),\n (\"A\", 8),\n (\"I\", 7),\n (\"F\", 6),\n (\"EL\", (2, 2)),\n (\"SP\", 0),\n ]\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_scr_flags","title":"aarch64_scr_flagsaarch64_sctlr_flags = BitFlags(\n [\n (\"TIDCP\", 63),\n (\"SPINTMASK\", 62),\n (\"NMI\", 61),\n (\"EPAN\", 57),\n (\"ATA0\", 43),\n (\"ATA0\", 42),\n (\"TCF\", (40, 2)),\n (\"TCF0\", (38, 2)),\n (\"ITFSB\", 37),\n (\"BT1\", 36),\n (\"BT0\", 35),\n (\"EnIA\", 31),\n (\"EnIB\", 30),\n (\"EnDA\", 27),\n (\"UCI\", 26),\n (\"EE\", 25),\n (\"E0E\", 24),\n (\"SPAN\", 23),\n (\"TSCXT\", 20),\n (\"WXN\", 19),\n (\"nTWE\", 18),\n (\"nTWI\", 16),\n (\"UCT\", 15),\n (\"DZE\", 14),\n (\"EnDB\", 13),\n (\"I\", 12),\n (\"UMA\", 9),\n (\"SED\", 8),\n (\"ITD\", 7),\n (\"nAA\", 6),\n (\"CP15BEN\", 5),\n (\"SA0\", 4),\n (\"SA\", 3),\n (\"C\", 2),\n (\"A\", 1),\n (\"M\", 0),\n ]\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm","title":"armaarch64_scr_flags = BitFlags(\n [(\"HCE\", 8), (\"SMD\", 7), (\"EA\", 3), (\"FIQ\", 2), (\"IRQ\", 1), (\"NS\", 0)]\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.armcm","title":"armcmarm = RegisterSet(\n retaddr=(\"lr\",),\n flags={\"cpsr\": arm_cpsr_flags},\n gpr=(\n \"r0\",\n \"r1\",\n \"r2\",\n \"r3\",\n \"r4\",\n \"r5\",\n \"r6\",\n \"r7\",\n \"r8\",\n \"r9\",\n \"r10\",\n \"r11\",\n \"r12\",\n ),\n args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n retval=\"r0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64","title":"aarch64armcm = RegisterSet(\n retaddr=(\"lr\",),\n flags={\"xpsr\": arm_xpsr_flags},\n gpr=(\n \"r0\",\n \"r1\",\n \"r2\",\n \"r3\",\n \"r4\",\n \"r5\",\n \"r6\",\n \"r7\",\n \"r8\",\n \"r9\",\n \"r10\",\n \"r11\",\n \"r12\",\n ),\n args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n retval=\"r0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.x86flags","title":"x86flagsaarch64 = RegisterSet(\n retaddr=(\"lr\",),\n flags={\"cpsr\": aarch64_cpsr_flags},\n extra_flags={\n \"scr_el3\": aarch64_scr_flags,\n \"sctlr\": aarch64_sctlr_flags,\n \"sctlr_el2\": aarch64_sctlr_flags,\n \"sctlr_el3\": aarch64_sctlr_flags,\n \"spsr_el1\": aarch64_cpsr_flags,\n \"spsr_el2\": aarch64_cpsr_flags,\n \"spsr_el3\": aarch64_cpsr_flags,\n },\n gpr=(\n \"x0\",\n \"x1\",\n \"x2\",\n \"x3\",\n \"x4\",\n \"x5\",\n \"x6\",\n \"x7\",\n \"x8\",\n \"x9\",\n \"x10\",\n \"x11\",\n \"x12\",\n \"x13\",\n \"x14\",\n \"x15\",\n \"x16\",\n \"x17\",\n \"x18\",\n \"x19\",\n \"x20\",\n \"x21\",\n \"x22\",\n \"x23\",\n \"x24\",\n \"x25\",\n \"x26\",\n \"x27\",\n \"x28\",\n \"x29\",\n ),\n misc=(\n \"w0\",\n \"w1\",\n \"w2\",\n \"w3\",\n \"w4\",\n \"w5\",\n \"w6\",\n \"w7\",\n \"w8\",\n \"w9\",\n \"w10\",\n \"w11\",\n \"w12\",\n \"w13\",\n \"w14\",\n \"w15\",\n \"w16\",\n \"w17\",\n \"w18\",\n \"w19\",\n \"w20\",\n \"w21\",\n \"w22\",\n \"w23\",\n \"w24\",\n \"w25\",\n \"w26\",\n \"w27\",\n \"w28\",\n ),\n args=(\"x0\", \"x1\", \"x2\", \"x3\"),\n retval=\"x0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.amd64","title":"amd64x86flags = {\n \"eflags\": BitFlags(\n [\n (\"CF\", 0),\n (\"PF\", 2),\n (\"AF\", 4),\n (\"ZF\", 6),\n (\"SF\", 7),\n (\"IF\", 9),\n (\"DF\", 10),\n (\"OF\", 11),\n ]\n )\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.i386","title":"i386amd64 = RegisterSet(\n pc=\"rip\",\n stack=\"rsp\",\n frame=\"rbp\",\n flags=x86flags,\n gpr=(\n \"rax\",\n \"rbx\",\n \"rcx\",\n \"rdx\",\n \"rdi\",\n \"rsi\",\n \"r8\",\n \"r9\",\n \"r10\",\n \"r11\",\n \"r12\",\n \"r13\",\n \"r14\",\n \"r15\",\n ),\n misc=(\n \"cs\",\n \"ss\",\n \"ds\",\n \"es\",\n \"fs\",\n \"gs\",\n \"fsbase\",\n \"gsbase\",\n \"ax\",\n \"ah\",\n \"al\",\n \"bx\",\n \"bh\",\n \"bl\",\n \"cx\",\n \"ch\",\n \"cl\",\n \"dx\",\n \"dh\",\n \"dl\",\n \"dil\",\n \"sil\",\n \"spl\",\n \"bpl\",\n \"di\",\n \"si\",\n \"bp\",\n \"sp\",\n \"ip\",\n ),\n args=(\"rdi\", \"rsi\", \"rdx\", \"rcx\", \"r8\", \"r9\"),\n retval=\"rax\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.powerpc","title":"powerpci386 = RegisterSet(\n pc=\"eip\",\n stack=\"esp\",\n frame=\"ebp\",\n flags=x86flags,\n gpr=(\"eax\", \"ebx\", \"ecx\", \"edx\", \"edi\", \"esi\"),\n misc=(\n \"cs\",\n \"ss\",\n \"ds\",\n \"es\",\n \"fs\",\n \"gs\",\n \"fsbase\",\n \"gsbase\",\n \"ax\",\n \"ah\",\n \"al\",\n \"bx\",\n \"bh\",\n \"bl\",\n \"cx\",\n \"ch\",\n \"cl\",\n \"dx\",\n \"dh\",\n \"dl\",\n \"di\",\n \"si\",\n \"bp\",\n \"sp\",\n \"ip\",\n ),\n retval=\"eax\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.sparc","title":"sparcpowerpc = RegisterSet(\n retaddr=(\"lr\",),\n flags={\"msr\": BitFlags(), \"xer\": BitFlags()},\n gpr=(\n \"r0\",\n \"r1\",\n \"r2\",\n \"r3\",\n \"r4\",\n \"r5\",\n \"r6\",\n \"r7\",\n \"r8\",\n \"r9\",\n \"r10\",\n \"r11\",\n \"r12\",\n \"r13\",\n \"r14\",\n \"r15\",\n \"r16\",\n \"r17\",\n \"r18\",\n \"r19\",\n \"r20\",\n \"r21\",\n \"r22\",\n \"r23\",\n \"r24\",\n \"r25\",\n \"r26\",\n \"r27\",\n \"r28\",\n \"r29\",\n \"r30\",\n \"r31\",\n \"cr\",\n \"ctr\",\n ),\n args=(\"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\", \"r10\"),\n retval=\"r3\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.mips","title":"mipssparc = RegisterSet(\n stack=\"sp\",\n frame=\"fp\",\n retaddr=(\"i7\",),\n flags={\"psr\": BitFlags()},\n gpr=(\n \"g1\",\n \"g2\",\n \"g3\",\n \"g4\",\n \"g5\",\n \"g6\",\n \"g7\",\n \"o0\",\n \"o1\",\n \"o2\",\n \"o3\",\n \"o4\",\n \"o5\",\n \"o7\",\n \"l0\",\n \"l1\",\n \"l2\",\n \"l3\",\n \"l4\",\n \"l5\",\n \"l6\",\n \"l7\",\n \"i0\",\n \"i1\",\n \"i2\",\n \"i3\",\n \"i4\",\n \"i5\",\n ),\n args=(\"i0\", \"i1\", \"i2\", \"i3\", \"i4\", \"i5\"),\n retval=\"o0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.riscv","title":"riscvmips = RegisterSet(\n frame=\"fp\",\n retaddr=(\"ra\",),\n gpr=(\n \"v0\",\n \"v1\",\n \"a0\",\n \"a1\",\n \"a2\",\n \"a3\",\n \"t0\",\n \"t1\",\n \"t2\",\n \"t3\",\n \"t4\",\n \"t5\",\n \"t6\",\n \"t7\",\n \"t8\",\n \"t9\",\n \"s0\",\n \"s1\",\n \"s2\",\n \"s3\",\n \"s4\",\n \"s5\",\n \"s6\",\n \"s7\",\n \"s8\",\n \"gp\",\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\"),\n retval=\"v0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.loongarch64","title":"loongarch64riscv = RegisterSet(\n pc=\"pc\",\n stack=\"sp\",\n retaddr=(\"ra\",),\n gpr=(\n \"gp\",\n \"tp\",\n \"t0\",\n \"t1\",\n \"t2\",\n \"s0\",\n \"s1\",\n \"a0\",\n \"a1\",\n \"a2\",\n \"a3\",\n \"a4\",\n \"a5\",\n \"a6\",\n \"a7\",\n \"s2\",\n \"s3\",\n \"s4\",\n \"s5\",\n \"s6\",\n \"s7\",\n \"s8\",\n \"s9\",\n \"s10\",\n \"s11\",\n \"t3\",\n \"t4\",\n \"t5\",\n \"t6\",\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n retval=\"a0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.reg_sets","title":"reg_setsloongarch64 = RegisterSet(\n pc=\"pc\",\n stack=\"sp\",\n frame=\"fp\",\n retaddr=(\"ra\",),\n gpr=(\n \"a0\",\n \"a1\",\n \"a2\",\n \"a3\",\n \"a4\",\n \"a5\",\n \"a6\",\n \"a7\",\n \"t0\",\n \"t1\",\n \"t2\",\n \"t3\",\n \"t4\",\n \"t5\",\n \"t6\",\n \"t7\",\n \"t8\",\n \"s0\",\n \"s1\",\n \"s2\",\n \"s3\",\n \"s4\",\n \"s5\",\n \"s6\",\n \"s7\",\n \"s8\",\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n misc=(\"tp\", \"r21\"),\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet","title":"RegisterSet","text":"reg_sets: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet] = {\n \"i386\": i386,\n \"i8086\": i386,\n \"x86-64\": amd64,\n \"rv32\": riscv,\n \"rv64\": riscv,\n \"mips\": mips,\n \"sparc\": sparc,\n \"arm\": arm,\n \"armcm\": armcm,\n \"aarch64\": aarch64,\n \"powerpc\": powerpc,\n \"loongarch64\": loongarch64,\n}\nRegisterSet(\n pc: str = \"pc\",\n stack: str = \"sp\",\n frame: str | None = None,\n retaddr: tuple[str, ...] = (),\n flags: dict[str, BitFlags] = {},\n extra_flags: dict[str, BitFlags] = {},\n gpr: tuple[str, ...] = (),\n misc: tuple[str, ...] = (),\n args: tuple[str, ...] = (),\n retval: str | None = None,\n)\nMethods:
-
__contains__\u2013 -
__iter__\u2013
Attributes:
-
pc(str) \u2013 -
stack(str) \u2013 -
frame(str | None) \u2013 -
retaddr(tuple[str, ...]) \u2013 -
flags(dict[str, BitFlags]) \u2013 -
extra_flags\u2013 -
gpr(tuple[str, ...]) \u2013 -
misc(tuple[str, ...]) \u2013 -
args(tuple[str, ...]) \u2013 -
retval(str | None) \u2013 -
common(list[str]) \u2013 -
emulated_regs_order(list[str]) \u2013 -
all(set[str]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.stack","title":"stackpc: str = pc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.frame","title":"framestack: str = stack\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retaddr","title":"retaddrframe: str | None = frame\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.flags","title":"flagsretaddr: tuple[str, ...] = retaddr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.extra_flags","title":"extra_flagsflags: dict[str, BitFlags] = flags\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.gpr","title":"gprextra_flags = extra_flags\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.misc","title":"miscgpr: tuple[str, ...] = gpr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.args","title":"argsmisc: tuple[str, ...] = misc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retval","title":"retvalargs: tuple[str, ...] = args\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.common","title":"commonretval: str | None = retval\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.emulated_regs_order","title":"emulated_regs_ordercommon: list[str] = []\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.all","title":"allemulated_regs_order: list[str] = []\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__contains__","title":"__contains__","text":"all: set[str] = (\n set(misc) | set(flags) | set(extra_flags) | set(retaddr) | set(common)\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__iter__","title":"__iter__","text":"__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/lib/stdio/","title":"pwndbg.lib.stdio","text":""},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio","title":"stdio","text":"__iter__() -> Iterator[str]\nProvides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout which prevent output from appearing on-screen inside of certain event handlers.
Classes:
-
Stdio\u2013
Attributes:
-
stdio\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio","title":"Stdio","text":"stdio = Stdio()\nMethods:
-
__enter__\u2013 -
__exit__\u2013
Attributes:
-
queue(list[tuple[TextIO, TextIO, TextIO]]) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__enter__","title":"__enter__","text":"queue: list[tuple[TextIO, TextIO, TextIO]] = []\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__exit__","title":"__exit__","text":"__enter__(*a: Any, **kw: Any) -> None\n
"},{"location":"reference/pwndbg/lib/strings/","title":"pwndbg.lib.strings","text":""},{"location":"reference/pwndbg/lib/strings/#pwndbg.lib.strings","title":"strings","text":"__exit__(\n exc_type: type[BaseException] | None,\n exc_value: BaseException | None,\n traceback: TracebackType | None,\n) -> None\nFunctions:
-
strip_colors\u2013Remove all ANSI color codes from the text
strip_colors(text)\nRemove all ANSI color codes from the text
"},{"location":"reference/pwndbg/lib/tempfile/","title":"pwndbg.lib.tempfile","text":""},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile","title":"tempfile","text":"Common helper and cache for pwndbg tempdir
Functions:
-
tempdir\u2013Returns a safe and unpredictable temporary directory with pwndbg prefix.
-
cachedir\u2013Returns and potentially creates a persistent safe cachedir location
tempdir() -> str\nReturns a safe and unpredictable temporary directory with pwndbg prefix.
"},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile.cachedir","title":"cachedir","text":"cachedir(namespace: str | None = None) -> str\nReturns and potentially creates a persistent safe cachedir location based on XDG_CACHE_HOME or ~/.cache
Optionally creates a sub namespace inside the pwndbg cache folder.
"},{"location":"reference/pwndbg/lib/tips/","title":"pwndbg.lib.tips","text":""},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips","title":"tips","text":"Functions:
-
get_tip_of_the_day\u2013Returns a random tip based on the current debugger type.
-
get_all_tips\u2013Returns all tips applicable to the current debugger.
-
color_tip\u2013
Attributes:
-
GDB_TIPS(list[str]) \u2013 -
PWNDBG_TIPS(list[str]) \u2013 -
LLDB_TIPS(list[str]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.PWNDBG_TIPS","title":"PWNDBG_TIPSGDB_TIPS: list[str] = [\n \"GDB's `apropos <topic>` command displays all registered commands that are related to the given <topic>\",\n \"GDB's `follow-fork-mode` parameter can be used to set whether to trace parent or child after fork() calls. Pwndbg sets it to child by default\",\n 'Use GDB\\'s `dprintf` command to print all calls to given function. E.g. `dprintf malloc, \"malloc(%p)\\\\n\", (void*)$rdi` will print all malloc calls',\n \"Use GDB's `pi` command to run an interactive Python console where you can use Pwndbg APIs like `pwndbg.aglib.memory.read(addr, len)`, `pwndbg.aglib.memory.write(addr, data)`, `pwndbg.aglib.vmmap.get()` and so on!\",\n \"GDB's `set directories <path>` parameter can be used to debug e.g. glibc sources like the malloc/free functions!\",\n \"If you have debugging symbols the `info args` command shows current frame's function arguments (use `up` and `down` to switch between frames)\",\n 'Calling functions like `call (void)puts(\"hello world\")` will run all other target threads for the time the function runs. Use `set scheduler-locking on` to lock the execution to current thread when calling functions',\n \"Use the `pipe <cmd> | <prog>` command to pass output of a GDB/Pwndbg command to a shell program, e.g. `pipe elfsections | grep bss`. This can also be shortened to: `| <cmd> | <prog>`\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.LLDB_TIPS","title":"LLDB_TIPSPWNDBG_TIPS: list[str] = [\n \"If you want Pwndbg to clear screen on each command (but still save previous output in history) use `set context-clear-screen on`\",\n \"The `set show-flags on` setting will display CPU flags register in the regs context panel\",\n \"GDB and Pwndbg parameters can be shown or set with `show <param>` and `set <param> <value>` GDB commands\",\n \"Use Pwndbg's `config` and `theme` commands to tune its configuration and theme colors!\",\n \"Pwndbg mirrors some of Windbg commands like `eq`, `ew`, `ed`, `eb`, `es`, `dq`, `dw`, `dd`, `db`, `ds` for writing and reading memory\",\n \"Pwndbg resolves kernel memory maps by parsing page tables (default) or via `monitor info mem` QEMU gdbstub command (use `set kernel-vmmap-via-page-tables off` for that)\",\n \"Use the `vmmap` command for a better & colored memory maps display (than the GDB's `info proc mappings`)\",\n \"Use the `telescope` command to dereference a given address/pointer multiple times (if the dereferenced value is a valid ptr; see `config telescope` to configure its behavior)\",\n \"Use the `context` (or `ctx`) command to display the context once again. You can reconfigure the context layout with `set context-section <sections>` or forward the output to a file/tty via `set context-output <file>`. See also `config context` to configure it further!\",\n \"Disable Pwndbg context information display with `set context-sections ''`\",\n \"Pwndbg context displays where the program branches to thanks to emulating few instructions into the future. You can disable this with `set emulate off` which may also speed up debugging\",\n \"Use the `canary` command to see all stack canary/cookie values on the stack (based on the *usual* stack canary value initialized by glibc)\",\n \"Use the `procinfo` command for better process introspection (than the GDB's `info proc` command)\",\n \"Want to display each context panel in a separate tmux window? See https://github.com/pwndbg/pwndbg/blob/dev/FEATURES.md#splitting--layouting-context\",\n 'Use `$base(\"heap\")` to get the start address of a [heap] memory page',\n \"Use the `errno` (or `errno <number>`) command to see the name of the last or provided (libc) error\",\n \"Pwndbg sets the SIGLARM, SIGBUS, SIGPIPE and SIGSEGV signals so they are not passed to the app; see `info signals` for full GDB signals configuration\",\n \"Use `vmmap -A|-B <number> <filter>` to display <number> of maps after/before filtered ones\",\n \"Use the `killall` command to kill all specified threads (via their ids)\",\n \"Use the `spray` command to spray memory with cyclic pattern or specified value\",\n \"Use `patch <address> '<assembly>'` to patch an address with given assembly code\",\n \"Want to NOP some instructions? Use `patch <address> 'nop; nop; nop'`\",\n \"`heap_config` shows heap related configuration\",\n \"`break-if-taken` and `break-if-not-taken` commands sets breakpoints after a given jump instruction was taken or not\",\n \"`stepuntilasm <assembly-instruction [operands]>` steps program forward until matching instruction occures\",\n \"Use `plist` command to dump elements of linked list\",\n \"If your program has multiple threads they will be displayed in the context display or using the `context threads` command\",\n \"Use `track-got enable|info|query` to track GOT accesses - useful for hijacking control flow via writable GOT/PLT\",\n \"Need to `mmap` or `mprotect` memory in the debugee? Use commands with the same name to inject and run such syscalls\",\n \"Use `hi` to see if a an address belongs to a glibc heap chunk\",\n \"Use `contextprev` and `contextnext` to display a previous context output again without scrolling\",\n \"Try splitting the context output into multiple TUI windows using `layout pwndbg` (`tui disable` or `ctrl-x + a` to go back to CLI mode)\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_tip_of_the_day","title":"get_tip_of_the_day","text":"LLDB_TIPS: list[str] = [\n \"Use LLDB's `help <command>` to get detailed help on any command\",\n \"LLDB's `expr` command lets you evaluate expressions in the current frame context\",\n \"Use `frame variable` (or `fr v`) to show all variables in the current frame\",\n \"The `watchpoint set` command allows you to stop execution when a variable changes\",\n \"Use `process launch --stop-at-entry` to stop at the program entry point\",\n \"LLDB's `memory read` (or `m read`) command displays memory contents at a specified address\",\n \"Use `thread backtrace all` to see backtraces of all threads\",\n \"The `breakpoint set --func-regex <regex>` command sets breakpoints on functions matching a regular expression\",\n \"Use `target modules list` to see all loaded modules in your process\",\n \"LLDB's `image lookup` command helps find symbols, addresses, and files in the executable and loaded libraries\",\n \"Use `command alias` to create custom shortcuts for frequently used commands\",\n \"LLDB's `register read` shows the contents of registers in the selected frame\",\n \"The `disassemble` command shows assembly instructions for the current function\",\n \"Use `thread step-inst` (or `si`) to step one instruction\",\n \"LLDB's Python API can be accessed with the `script` command to extend debugging capabilities\",\n \"Use `process attach --pid <pid>` to attach to a running process\",\n \"The `breakpoint command add` lets you run commands when a breakpoint is hit\",\n \"Use `memory find` to search for a value in the process's memory\",\n \"LLDB's `settings set` command allows you to customize debugger behavior\",\n \"The `platform list` command shows all available platforms for remote debugging\",\n]\nget_tip_of_the_day() -> str\nReturns a random tip based on the current debugger type.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_all_tips","title":"get_all_tips","text":"get_all_tips() -> list[str]\nReturns all tips applicable to the current debugger.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.color_tip","title":"color_tip","text":"
"},{"location":"reference/pwndbg/lib/version/","title":"pwndbg.lib.version","text":""},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version","title":"version","text":"color_tip(tip: str) -> str\nFunctions:
-
build_id\u2013Returns pwndbg commit id if git is available.
Attributes:
-
__version__\u2013 -
b_id\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.b_id","title":"b_id__version__ = '2025.04.13'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.build_id","title":"build_id","text":"b_id = build_id()\nbuild_id() -> str\nReturns pwndbg commit id if git is available.
"},{"location":"reference/pwndbg/lib/which/","title":"pwndbg.lib.which","text":""},{"location":"reference/pwndbg/lib/which/#pwndbg.lib.which","title":"which","text":"Functions:
-
which\u2013which(name, flags = os.X_OK, all = False) -> str or str set
which(name: str, all: bool = False) -> str | set[str] | None\nwhich(name, flags = os.X_OK, all = False) -> str or str set
Works as the system command
which; searches $PATH fornameand returns a full path if found.If
allisTruethe set of all found locations is returned, else the first occurrence orNoneis returned.Parameters:
-
name(str) \u2013The file to search for.
-
all(bool, default:False) \u2013Whether to return all locations where
namewas found.
Returns:
-
str | set[str] | None\u2013If
allisTruethe set of all locations wherenamewas found, -
str | set[str] | None\u2013else the first location or
Noneif not found.
which('sh') '/bin/sh'
"},{"location":"reference/pwndbg/log/","title":"pwndbg.log","text":""},{"location":"reference/pwndbg/log/#pwndbg.log","title":"log","text":"Classes:
-
ColorFormatter\u2013
Bases:
FormatterMethods:
-
format\u2013
Attributes:
-
log_funcs\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter.format","title":"format","text":"log_funcs = {\n DEBUG: debug,\n INFO: info,\n WARNING: warn,\n ERROR: error,\n CRITICAL: error,\n}\n
"},{"location":"reference/pwndbg/profiling/","title":"pwndbg.profiling","text":""},{"location":"reference/pwndbg/profiling/#pwndbg.profiling","title":"profiling","text":"format(record)\nClasses:
-
Profiler\u2013
Functions:
-
init\u2013
Attributes:
-
profiler(Profiler | None) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler","title":"Profiler","text":"profiler: Profiler | None = None\nProfiler(p: Profile)\nMethods:
-
print_time_elapsed\u2013 -
start\u2013 -
stop\u2013
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.start","title":"start","text":"print_time_elapsed() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.stop","title":"stop","text":"start() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.init","title":"init","text":"stop(filename: str | None = None) -> None\n
"},{"location":"reference/pwndbg/radare2/","title":"pwndbg.radare2","text":""},{"location":"reference/pwndbg/radare2/#pwndbg.radare2","title":"radare2","text":"init(p: Profile, _start_time: float | None) -> None\nFunctions:
-
r2pipe\u2013Spawn and return a r2pipe handle for the current process file.
r2pipe()\nSpawn and return a r2pipe handle for the current process file.
This function requires a radare2 installation plus the r2pipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed.
Raises ImportError if r2pipe python library is not available. Raises Exception if anything goes fatally wrong.
Returns a r2pipe.open handle.
"},{"location":"reference/pwndbg/rizin/","title":"pwndbg.rizin","text":""},{"location":"reference/pwndbg/rizin/#pwndbg.rizin","title":"rizin","text":"Functions:
-
rzpipe\u2013Spawn and return a rzpipe handle for the current process file.
rzpipe()\nSpawn and return a rzpipe handle for the current process file. This function requires a rizin installation plus the rzpipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed. Raises ImportError if rzpipe python library is not available. Raises Exception if anything goes fatally wrong. Returns a rzpipe.open handle.
"},{"location":"reference/pwndbg/search/","title":"pwndbg.search","text":""},{"location":"reference/pwndbg/search/#pwndbg.search","title":"search","text":"Search the address space for byte patterns.
Functions:
-
search\u2013Search inferior memory for a byte sequence.
search(\n searchfor: bytes,\n mappings: Collection[Page] | None = None,\n start: int | None = None,\n end: int | None = None,\n step: int | None = None,\n aligned: int | None = None,\n limit: int | None = None,\n executable: bool = False,\n writable: bool = False,\n) -> Generator[int, None, None]\nSearch inferior memory for a byte sequence.
Parameters:
-
searchfor(bytes) \u2013Byte sequence to find
-
mappings(Collection[Page] | None, default:None) \u2013List of pwndbg.lib.memory.Page objects to search By default, uses all available mappings.
-
start(int | None, default:None) \u2013First address to search, inclusive.
-
end(int | None, default:None) \u2013Last address to search, exclusive.
-
step(int | None, default:None) \u2013Size of memory region to skip each result
-
aligned(int | None, default:None) \u2013Strict byte alignment for search result
-
limit(int | None, default:None) \u2013Maximum number of results to return
-
executable(bool, default:False) \u2013Restrict search to executable pages
-
writable(bool, default:False) \u2013Restrict search to writable pages
Yields:
-
int\u2013An iterator on the address matches
A few helpers for making things print pretty-like.
Functions:
-
check_title_position\u2013 -
banner\u2013 -
addrsz\u2013 -
get_window_size\u2013 -
get_cmd_window_size\u2013
Attributes:
-
title_position\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.check_title_position","title":"check_title_position","text":"title_position = add_param(\n \"banner-title-position\", \"center\", \"banner title position\"\n)\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.banner","title":"banner","text":"check_title_position() -> None\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.addrsz","title":"addrsz","text":"banner(title, target=stdout, width=None, extra='')\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_window_size","title":"get_window_size","text":"addrsz(address) -> str\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_cmd_window_size","title":"get_cmd_window_size","text":"get_window_size(target=stdout)\n
"},{"location":"reference/pwndbg/wrappers/","title":"pwndbg.wrappers","text":""},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers","title":"wrappers","text":"get_cmd_window_size()\nModules:
-
checksec\u2013 -
readelf\u2013
Classes:
-
OnlyWithCommand\u2013
Functions:
-
call_cmd\u2013
Attributes:
-
P\u2013 -
T\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand","title":"OnlyWithCommand","text":"T = TypeVar('T')\nOnlyWithCommand(*commands: str | list[str])\nMethods:
-
__call__\u2013
Attributes:
-
all_cmds(list[str]) \u2013 -
cmd(list[str]) \u2013 -
cmd_path(str | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd","title":"cmdall_cmds: list[str] = [\n cmd[0] if isinstance(cmd, list) else cmd for cmd in commands\n]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd_path","title":"cmd_pathcmd: list[str] = command if isinstance(command, list) else [command]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.__call__","title":"__call__","text":"cmd_path: str | None = which(cmd[0])\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.call_cmd","title":"call_cmd","text":"__call__(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/wrappers/checksec/","title":"pwndbg.wrappers.checksec","text":""},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec","title":"checksec","text":"call_cmd(cmd: str | list[str]) -> str\nFunctions:
-
monkeypatch_pwnlib_term_text\u2013 -
get_raw_out\u2013 -
relro_status\u2013 -
pie_status\u2013
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.get_raw_out","title":"get_raw_out","text":"monkeypatch_pwnlib_term_text() -> Iterator[None]\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.relro_status","title":"relro_status","text":"get_raw_out(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.pie_status","title":"pie_status","text":"relro_status(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/readelf/","title":"pwndbg.wrappers.readelf","text":""},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf","title":"readelf","text":"pie_status(local_path: str) -> str\nClasses:
-
RelocationType\u2013
Functions:
-
get_got_entry\u2013
Attributes:
-
cmd_name\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType","title":"RelocationType","text":"cmd_name = 'readelf'\nBases:
EnumAttributes:
-
JUMP_SLOT\u2013 -
GLOB_DAT\u2013 -
IRELATIVE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.GLOB_DAT","title":"GLOB_DATJUMP_SLOT = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.IRELATIVE","title":"IRELATIVEGLOB_DAT = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.get_got_entry","title":"get_got_entry","text":"IRELATIVE = 3\n
"},{"location":"blog/archive/2022/","title":"2022","text":""}]} \ No newline at end of file +{"config":{"lang":["en"],"separator":"[\\s\\u200b\\-_,:!=\\[\\]()\"`/]+|\\.(?!\\d)|&[lg]t;|(?!\\b)(?=[A-Z][a-z])","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":""},{"location":"#pwndbg","title":"pwndbg","text":"get_got_entry(local_path: str) -> dict[RelocationType, list[str]]\npwndbg(/pa\u028an\u02c8di\u02ccb\u028c\u0261/) is a GDB and LLDB plug-in that makes debugging suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.It has a boatload of features, see FEATURES.md and CHEATSHEET (feel free to print it!).
"},{"location":"#why","title":"Why?","text":"Vanilla GDB and LLDB are terrible to use for reverse engineering and exploit development. Typing
"},{"location":"#what","title":"What?","text":"x/g30x $espor navigating cumbersome LLDB commands is not fun and often provides minimal information. The year is 2025, and core debuggers still lack many user-friendly features such as a robust hexdump command. Windbg users are completely lost when they occasionally need to bump into GDB or LLDB.Pwndbg is a Python module which is loaded directly into GDB or LLDB*. It provides a suite of utilities and enhancements that fill the gaps left by these debuggers, smoothing out rough edges and making them more user-friendly.
Many other projects from the past (e.g., gdbinit, PEDA) and present (e.g. GEF) exist to fill some these gaps. Each provides an excellent experience and great features -- but they're difficult to extend (some are unmaintained, and all are a single 100KB, 200KB, or 363KB file (respectively)).
Pwndbg exists not only to replace all of its predecessors, but also to have a clean implementation that runs quickly and is resilient against all the weird corner cases that come up. It also comes batteries-included, so all of its features are available if you run
"},{"location":"#when-to-use-gdb-or-lldb","title":"When to Use GDB or LLDB?","text":"setup.sh.Pwndbg supports both GDB and LLDB, and each debugger has its own strengths. Here's a quick guide to help you decide which one to use:
Use Case Supported Debugger Debugging Linux binaries or ELF files GDB, LLDB Debugging Mach-O binaries on macOS LLDB Linux kernel debugging (qemu-system) GDB, LLDB Linux user-space emulation (qemu-user) GDB Embedded debugging (ARM Cortex M* or RISC-V/32) GDB, LLDBPwndbg ensures a consistent experience across both, so switching between them is seamless.
The LLDB implementation in Pwndbg is still in early-stage and may contain bugs or limitations. Known issues are tracked in GitHub Issues.
If you encounter any problems, feel free to report them or discuss on our Discord server.
"},{"location":"#compatibility-table","title":"Compatibility Table","text":"Feature Supported Version Notes pwndbg-gdb - Python 3.10+ - GDB 12.1+ Battle-tested on Ubuntu 22.04/24.04 pwndbg-lldb - Python 3.12+ - LLDB 19+ Experimental/early-stage support qemu-user QEMU 8.1+ vFile API is needed for vmmap qemu-system QEMU 6.2+ Supported version since ubuntu 22.04"},{"location":"#how","title":"How?","text":"For a portable version with no external dependencies, scroll down for the Portable Installation section.
"},{"location":"#installing-lldb","title":"Installing LLDB","text":"- Install via the Nix package manager (you can use Nix on any distribution):
nix shell github:pwndbg/pwndbg#pwndbg-lldb\npwndbg-lldb ./your-binary\n - Or download portable version with no external dependencies, scroll down for the Portable Installation section
- Or install from source, instructions below. (not supported)
- Install via the Nix package manager (you can use Nix on any distribution):
nix shell github:pwndbg/pwndbg\npwndbg ./your-binary\n -
Or download portable version with no external dependencies, scroll down for the Portable Installation section
-
Or install from source, instructions below.
Pwndbg is supported on Ubuntu 22.04, and 24.04 with GDB 12.1 and later. We do not test on any older versions of Ubuntu, so `pwndbg` may not work on these versions. - For Ubuntu 20.04 use the [2024.08.29 release](https://github.com/pwndbg/pwndbg/releases/tag/2024.08.29) - For Ubuntu 18.04 use the [2023.07.17: ubuntu18.04-final release](https://github.com/pwndbg/pwndbg/releases/tag/2023.07.17) We may accept pull requests fixing issues in older versions on a case by case basis, please discuss this with us on [Discord][discord] first. You can also always checkout an older version of `pwndbg` from around the time the Ubuntu version you're interested in was still supported by Canonical, or you can attempt to build a newer version of GDB from source. Other Linux distributions are also supported via `setup.sh`, including: * Debian-based OSes (via apt-get) * Fedora and Red Hat (via dnf) * Clear (via swiped) * OpenSUSE LEAP (via zypper) * Arch and Manjaro (via community AUR packages) * Void (via xbps) * Gentoo (via emerge) If you use any Linux distribution other than Ubuntu, we recommend using the [latest available GDB](https://www.gnu.org/software/gdb/download/) built from source. You can build it as:git clone https://github.com/pwndbg/pwndbg\ncd pwndbg\n./setup.sh\n
"},{"location":"#portable-installation","title":"Portable Installation:","text":"cd <gdb-sources-dir>\nmkdir build && cd build\nsudo apt install libgmp-dev libmpfr-dev libreadline-dev texinfo # required by build\n../configure --disable-nls --disable-werror --with-system-readline --with-python=`which python3` --with-system-gdbinit=/etc/gdb/gdbinit --enable-targets=all\nmake -j7\nThe portable version includes all necessary dependencies and should work without the need to install additional packages.
"},{"location":"#download-the-portable-version","title":"Download the Portable Version:","text":"Download the portable version from the Pwndbg releases page by selecting the desired version.
Note: For LLDB, only the tarball version is available.
Make sure to select the correct file for your operating system and architecture: - Linux (x86_64, armv7l, aarch64, riscv64): -
pwndbg_2025.04.13_amd64.tar.xz(x86_64 for GDB) -pwndbg_2025.04.13_armv7.tar.xz(armv7l for GDB) -pwndbg_2025.04.13_arm64.tar.xz(aarch64 for GDB) -pwndbg_2025.04.13_riscv64.tar.xz(riscv64 for GDB) -pwndbg-lldb_2025.04.13_amd64.tar.xz(x86_64 for LLDB) -pwndbg-lldb_2025.04.13_armv7.tar.xz(armv7l for LLDB) -pwndbg-lldb_2025.04.13_arm64.tar.xz(aarch64 for LLDB) -pwndbg-lldb_2025.04.13_riscv64.tar.xz(riscv64 for LLDB)- macOS (amd64, arm64):
pwndbg-lldb_2025.04.13_macos_amd64.tar.xz(macOS, Intel/AMD CPUs, for LLDB)pwndbg-lldb_2025.04.13_macos_arm64.tar.xz(macOS, Apple Silicon/M1/M2/M*, for LLDB)pwndbg_2025.04.13_macos_amd64.tar.xz(macOS, Intel/AMD CPUs for GDB)pwndbg_2025.04.13_macos_amd64.tar.xz(macOS, Apple Silicon/M1/M2/M*, for GDB via Rosseta emulation)
- Portable tarball:
tar -v -xf ./pwndbg_2025.04.13_amd64.tar.xz\n# ./pwndbg/bin/pwndbg\n# or ./pwndbg/bin/pwndbg-lldb\n -
Installation on RPM-based Systems (CentOS/Alma/Rocky/RHEL):
dnf install ./pwndbg-2025.04.13.x86_64.rpm\n# pwndbg\n# and/or pwndbg-lldb\n -
Installation on DEB-based Systems (Debian/Ubuntu/Kali):
apt install ./pwndbg_2025.04.13_amd64.deb\n# pwndbg\n# and/or pwndbg-lldb\n -
Installation on Alpine:
apk add --allow-untrusted ./pwndbg_2025.04.13_x86_64.apk\n# pwndbg\n# and/or pwndbg-lldb\n -
Installation on Arch Linux:
pacman -U ./pwndbg-2025.04.13-1-x86_64.pkg.tar.zst\n# pwndbg\n# and/or pwndbg-lldb\n
For further info about features/functionalities, see FEATURES.
"},{"location":"#who","title":"Who?","text":"Pwndbg is an open-source project, maintained by many contributors!
Pwndbg was originally created by Zach Riggle, who is no longer with us. We want to thank Zach for all of his contributions to Pwndbg and the wider security community.
Want to help with development? Read CONTRIBUTING or join our Discord server!
"},{"location":"#how-to-develop","title":"How to develop?","text":"To run tests locally you can do this in docker image, after cloning repo run simply
Disclaimer - this won't work on apple silicon macs."},{"location":"#contact","title":"Contact","text":"docker compose run main ./tests.sh\nIf you have any questions not worthy of a bug report, feel free to ping anybody on Discord and ask away.
"},{"location":"setup/","title":"Setup","text":""},{"location":"setup/#quick-start","title":"Quick start","text":"Installation from source is straightforward:
"},{"location":"setup/#install-on-linux-distributions","title":"Install on Linux distributions","text":"git clone https://github.com/pwndbg/pwndbg\ncd pwndbg\n./setup.sh\nNix package manager (you can use Nix on any distribution):
nix shell github:pwndbg/pwndbg\npwndbg ./your-binary\nPwndbg is supported on Ubuntu 22.04, and 24.04 with GDB 12.1 and later. We do not test on any older versions of Ubuntu, so
pwndbgmay not work on these versions (for Ubuntu 18.04 use the 2023.07.17: ubuntu18.04-final release). We may accept pull requests fixing issues in older versions on a case by case basis, please discuss this with us on Discord first. You can also always checkout an older version ofpwndbgfrom around the time the Ubuntu version you're interested in was still supported by Canonical, or you can attempt to build a newer version of GDB from source.Other Linux distributions are also supported via
setup.sh, including:- Debian-based OSes (via apt-get)
- Fedora and Red Hat (via dnf)
- Clear (via swiped)
- OpenSUSE LEAP (via zypper)
- Arch and Manjaro (via community AUR packages)
- Void (via xbps)
- Gentoo (via emerge)
If you use any Linux distribution other than Ubuntu, we recommend using the latest available GDB built from source. You can build it as:
"},{"location":"setup/#portable-installation-from-package","title":"Portable Installation from package","text":"cd <gdb-sources-dir>\nmkdir build\ncd build\n../configure --disable-nls --disable-werror --with-system-readline --with-python=`which python3` --with-system-gdbinit=/etc/gdb/gdbinit --enable-targets=all\nmake -j7\nThe portable version includes all necessary dependencies and should work without the need to install additional packages.
"},{"location":"setup/#download-the-portable-version","title":"Download the Portable Version:","text":"Download the portable version from the Pwndbg releases page by selecting the desired version. Choose the appropriate version for your system architecture (x86_64, armv7l, aarch64, riscv64).
"},{"location":"setup/#installation-on-rpm-based-systems-centosalmarockyrhel","title":"Installation on RPM-based Systems (CentOS/Alma/Rocky/RHEL):","text":"
"},{"location":"setup/#installation-on-deb-based-systems-debianubuntukali","title":"Installation on DEB-based Systems (Debian/Ubuntu/Kali):","text":"dnf install ./pwndbg-2025.04.13.x86_64.rpm\n# pwndbg\n
"},{"location":"setup/#installation-on-alpine","title":"Installation on Alpine:","text":"apt install ./pwndbg_2025.04.13_amd64.deb\n# pwndbg\n
"},{"location":"setup/#installation-on-arch-linux","title":"Installation on Arch Linux:","text":"apk add --allow-untrusted ./pwndbg_2025.04.13_x86_64.apk\n# pwndbg\n
"},{"location":"setup/#generic-linux-installation","title":"Generic Linux Installation:","text":"pacman -U ./pwndbg-2025.04.13-1-x86_64.pkg.tar.zst\n# pwndbg\n
"},{"location":"blog/","title":"Blog","text":""},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/","title":"Pwndbg coding sprints report","text":"tar -v -xf ./pwndbg_2025.04.13_amd64.tar.xz\n# ./pwndbg/bin/pwndbg\nThis blog post is a report of the two coding sprints for the Pwndbg project that I organized first on the EuroPython 2022 conference and then, taking inspiration from the previous one, in the Hackerspace Krak\u00f3w, located in Cracow, Poland.
PS: If you are only looking for a list of things done, scroll down!
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#where-i-got-the-idea-for-sprints","title":"Where I got the idea for sprints?","text":"I have recently attended the EuroPython 2022 conference and I enjoyed the \u201csprints\u201d there. In short, a sprint is a semi-organized event, where anyone can announce a project they will be working on and others can join them. This helps both the projects and the event participants to learn about the project and to make first-time contributions. At the EuroPython conference, there were 16 officially announced projects, but I know that even more projects were being worked on in practice. Of course, other communities or conferences also do this (e.g. NixCon).
At the EuroPython conference, I announced my own sprint to work on the Pwndbg project that I maintain. Having no expectations, I felt excited when four people showed up to learn something new and hack together on the project. Later, taking inspiration from it, I organized another sprint, this time in Cracow in the local Hackerspace with even a bigger response. Below, you can read a small report on the two sprints that have happened.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#my-general-idea-for-a-pwndbg-sprint","title":"My general idea for a Pwndbg sprint","text":"Pwndbg is written in Python, so on one hand is easy to hack on, but on the other hand it is a plugin for GDB, a console debugger for native programs (e.g. ones written in C, C++, Go or Rust). The general idea of Pwndbg is to alleviate the pain points of working with and improve the UX of GDB when debugging assembly code, reverse engineering a binary or during exploit development.
Since not everyone is familiar with debuggers or the underlyings of programs execution (e.g. assembly code, CPU registers or stack or heap memory) I knew that I had to make some introduction to those concepts and if possible, prepare a list of simple tasks, so that people can get familiar with the codebase and the tool and contribute something.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#europython-2022-sprint","title":"EuroPython 2022 sprint","text":"On the first sprint, four people showed up, mostly having no prior experience with the topic. We started with an introduction to what GDB and Pwndbg are and why and when they are useful.
For this, I took a small C program that had a buffer overflow bug:
#include <stdio.h>\n#include <string.h>\n\nint main(int argc, char* argv[]) {\n char name[16] = {0};\n\n // NOTE: We copy the `argv[1]` string which may be of arbitrary length\n // into the `name` buffer which is only of 16-bytes long. Thus, we can\n // overwrite the stack memory of the program past the `name` buffer.\n strcpy(name, argv[1]);\n\n printf(\"Hello %s!\\n\", name);\n}\nThen, after compiling it (
gcc main.c), we ran the program twice to see that it will crash if we provide a too long string as its argument:$ ./a.out Disconnect3d\nHello Disconnect3d!\n\n$ ./a.out Disconnect3d_at_EuroPython\nHello Disconnect3d_at_EuroPython!\n*** stack smashing detected ***: <unknown> terminated\nAborted (core dumped)\nThen, I explained that the \"stack smashing detected\" we see is the \"stack canaries\" (also called \"stack cookies\") exploit mitigation added by compilers. This compiler feature adds a special 8-bytes canary value after the function's local variables located on the stack, so that then a stack frame may look like this:
------------------------------ lower addresses\nchar name[16]; |\nuint8_t canary[8]; |\nvoid* function_return_address; V\n------------------------------ higher addresses\nThis local stack canary value is then filled in just after the function\u2019s prologue and is verified against a global value before the function returns to see if the stack was not corrupted (starting from the canary). Of course this may not detect all possible stack memory corruptions but it often makes it impossible to exploit a program (e.g. by changing the return address, also located on the stack), knowing just this vulnerability.
The stack canary mitigation can also be disabled. And if it were done (by passing in a
-fno-stack-protectorflag during compilation), we would get a different result when running the resulting program:$ gcc -fno-stack-protector buf.c\n\n$ ./a.out Disconnect3d_on_EuroPython\nHello Disconnect3d_on_EuroPython!\nSegmentation fault (core dumped)\nNow, the \"stack smashing detected\" is gone, but the program still crashed, because we still corrupted a part of its memory that we shouldn't have touched in a way that made the program do illegal things (e.g. accessing unmapped memory).
During the sprint, we also ran a GDB+Pwndbg session to see the exact instructions that placed the canary value on the stack memory, to see that our input string was located just before it and how the canary was checked just before the function was returned.
I am not going to describe all of this here, but you can see some of it in the below asciinema recording.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#hackerspace-krakow-sprint","title":"Hackerspace Krak\u00f3w sprint","text":"Since the second sprint was an ad-hoc event, I had to organize it myself. As a member of Hackerspace Krak\u00f3w, I was able to reserve the hackerspace's softroom, which is a perfect place for people to hack on things using their computers. Then, I advertised the event on the Hackerspace's mailing list and on a few other mediums.
I did not expect many people to come, especially that I advertised the sprint ~2 days before the event.
But... 8 people (!) showed up (excluding me). I prepared a document with some basic information and tasks, which can be found here (though, it is in Polish and it was modified during and after the sprint).
I won't lie: most people that came were friends of mine, some of which I play CTFs with. However, not all of them had really used or developed Pwndbg before.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#accomplishments-from-the-two-sprints","title":"Accomplishments from the two sprints","text":"On the EP sprint, since we were just a group of four, we focused on small improvements to the codebase. In total, we did the following: * reviewed and merged the fs/gs_base fetching improvement PR, * pinned the project's dependencies, * updated the unicorn dependency version, * added a \"tip of the day\" feature, * improved the UX of using Pwndbg within a Python virtual environment, * and also worked on enhancing the display of arguments when stopping on a call to the printf functions family.
The last item from the list was the hardest to jump on and it still requires enhancements until it is merged. Nonetheless, all of this was a nice outcome from the whole sprint :).
On the second sprint, while we were a bigger group, we had much more limited time (since instead of having ~8 hours, we had just a few). Anyway, we were able to do the following:
- Cleanup some code leftover after dropping Python 2 support,
- Added documentation on how to debug Pwndbg using PyCharm remote debugging,
- Reviewed and merged the PRs that sets
$base_heapvariable and a tip for it, which may be useful for heap exploitation, - Fix the X30 register display on AARCH64 targets,
- Fix
context argsdisplay when PC/IP register pointed to unmapped memory, - Fixed the
xorandmemfrobcommands and added tests for them (! :D), - Worked on adding a way to dump memory that can be copied right away as C or Python code (this needs to be changed to a command flag),
- Investigated a potential parsing issue, even looking at GDB's command parsing source code, implemented potential patch, which only later turned out to be redundant and the issue to be invalid.
Organizing those sprints helped me to get back to develop the Pwndbg project more and and attract more people to contribute to it. I also think that more conferences should have this kind of attractions (similarly as more conferences should have lightning talk sessions, heh).
Regarding the Pwndbg sprints, I am organizing another one this week in Cracow on Tuesday, so if you live nearby and are interested in learning about Pwndbg or contributing to the project, feel invited! :)
PS: Thanks a lot to @arturcygan for reviewing this blog post.
"},{"location":"commands/","title":"Index","text":""},{"location":"commands/#commands","title":"Commands","text":""},{"location":"commands/#breakpoint","title":"Breakpoint","text":"- break-if-not-taken - Breaks on a branch if it is not taken.
- break-if-taken - Breaks on a branch if it is taken.
- breakrva - Break at RVA from PIE base.
- ignore - Set ignore-count of breakpoint number N to COUNT.
- context - Print out the current register, instruction, and stack context.
- contextnext - Select next entry in context history.
- contextoutput - Sets the output of a context section.
- contextprev - Select previous entry in context history.
- contextsearch - Search for a string in the context history and select that entry.
- contextunwatch - Removes an expression previously added to be watched.
- contextwatch - Adds an expression to be shown on context.
- regs - Print out all registers and enhance the information.
- dev-dump-instruction - Dump internal PwndbgInstruction attributes.
- log-level - Set the log level.
- emulate - Like nearpc, but will emulate instructions from the current $PC forward.
- nearpc - Disassemble near a specified address.
- arena - Print the contents of an arena.
- arenas - List this process's arenas.
- bins - Print the contents of all an arena's bins and a thread's tcache.
- fastbins - Print the contents of an arena's fastbins.
- find-fake-fast - Find candidate fake fast or tcache chunks overlapping the specified address.
- heap-config - Shows heap related configuration.
- heap - Iteratively print chunks on a heap.
- hi - Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
- largebins - Print the contents of an arena's largebins.
- malloc-chunk - Print a chunk.
- mp - Print the mp_ struct's contents.
- smallbins - Print the contents of an arena's smallbins.
- tcache - Print a thread's tcache contents.
- tcachebins - Print the contents of a tcache.
- top-chunk - Print relevant information about an arena's top chunk.
- try-free - Check what would happen if free was called with given address.
- unsortedbin - Print the contents of an arena's unsortedbin.
- vis-heap-chunks - Visualize chunks on a heap.
- ai - Ask GPT-3 a question about the current debugging context.
- bn-sync - Synchronize Binary Ninja's cursor with GDB.
- decomp - Use the current integration to decompile code near an address.
- j - Synchronize IDA's cursor with GDB.
- r2 - Launches radare2.
- r2pipe - Execute stateful radare2 commands through r2pipe.
- rop - Dump ROP gadgets with Jon Salwan's ROPgadget tool.
- ropper - ROP gadget search with ropper.
- rz - Launches rizin.
- rzpipe - Execute stateful rizin commands through rzpipe.
- save-ida - Save the ida database.
- binder - Show Android Binder information
- kbase - Finds the kernel virtual base address.
- kchecksec - Checks for kernel hardening configuration options.
- kcmdline - Return the kernel commandline (/proc/cmdline).
- kconfig - Outputs the kernel config (requires CONFIG_IKCONFIG).
- klookup - Lookup kernel symbols
- knft-dump - Dump all nftables: tables, chains, rules, expressions
- knft-list-chains - Dump netfilter chains form a specific table
- knft-list-exprs - Dump only expressions from specific rule
- knft-list-flowtables - Dump netfilter flowtables from a specific table
- knft-list-objects - Dump netfilter objects from a specific table
- knft-list-rules - Dump netfilter rules form a specific chain
- knft-list-sets - Dump netfilter sets from a specific table
- knft-list-tables - Dump netfliter tables from a specific network namespace
- kversion - Outputs the kernel version (/proc/version).
- pcplist - Print Per-CPU page list
- slab - Prints information about the slab allocator
- argc - Prints out the number of arguments.
- argv - Prints out the contents of argv.
- aslr - Check the current ASLR status, or turn it on/off.
- auxv-explore - Explore and print information from the Auxiliary ELF Vector.
- auxv - Print information from the Auxiliary ELF Vector.
- elfsections - Prints the section mappings contained in the ELF header.
- envp - Prints out the contents of the environment.
- errno - Converts errno (or argument) to its string representation.
- got - Show the state of the Global Offset Table.
- gotplt - Prints any symbols found in the .got.plt section if it exists.
- libcinfo - Show libc version and link to its sources
- linkmap - Show the state of the Link Map
- onegadget - Find gadgets which single-handedly give code execution.
- piebase - Calculate VA of RVA from PIE base.
- plt - Prints any symbols found in the .plt section if it exists.
- strings - Extracts and displays ASCII strings from readable memory pages of the debugged process.
- threads - List all threads belonging to the selected inferior.
- tls - Print out base address of the current Thread Local Storage (TLS).
- track-got - Controls GOT tracking
- track-heap - Manages the heap tracker.
- distance - Print the distance between the two arguments, or print the offset to the address's page base.
- gdt - Decode X86-64 GDT entries at address
- go-dump - Dumps a Go value of a given type at a specified address.
- go-type - Dumps a Go runtime reflection type at a specified address.
- hexdump - Hexdumps data at the specified address or module name.
- leakfind - Attempt to find a leak chain given a starting address.
- memfrob - Memfrobs a region of memory (xor with '*').
- mmap - Calls the mmap syscall and prints its resulting address.
- mprotect - Calls the mprotect syscall and prints its result value.
- p2p - Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
- probeleak - Pointer scan for possible offset leaks.
- search - Search memory for byte sequences, strings, pointers, and integer values.
- telescope - Recursively dereferences pointers starting at the specified address.
- telescope - Recursively dereferences pointers starting at the specified address.
- vmmap-add - Add virtual memory map page.
- vmmap-clear - Clear the vmmap cache.
- vmmap-explore - Explore a page, trying to guess permissions.
- vmmap - Print virtual memory map pages.
- xinfo - Shows offsets of the specified address from various useful locations.
- xor - XOR
countbytes ataddresswith the keykey.
- asm - Assemble shellcode into bytes
- checksec - Prints out the binary security settings using
checksec. - comm - Put comments in assembly code.
- cyclic - Cyclic pattern creator/finder.
- cymbol - Add, show, load, edit, or delete custom structures in plain C.
- down - Select and print stack frame called by this one.
- dt - Dump out information on a type (e.g. ucontext_t).
- dumpargs - Prints determined arguments for call instruction.
- getfile - Gets the current file.
- hex2ptr - Converts a space-separated hex string to a little-endian address.
- hijack-fd - Replace a file descriptor of a debugged process.
- ipi - Start an interactive IPython prompt.
- patch-list - List all patches.
- patch-revert - Revert patch at given address.
- patch - Patches given instruction with given code or bytes.
- plist - Dumps the elements of a linked list.
- sigreturn - Display the SigreturnFrame at the specific address
- spray - Spray memory with cyclic() generated values
- tips - Shows tips.
- up - Select and print stack frame that called this one.
- valist - Dumps the arguments of a va_list.
- vmmap-load - Load virtual memory map pages from ELF file.
- killthreads - Kill all or given threads.
- pid - Gets the pid.
- procinfo - Display information about the running process.
- cpsr - Print out ARM CPSR or xPSR register.
- fsbase - Prints out the FS base address. See also $fsbase.
- gsbase - Prints out the GS base address. See also $gsbase.
- setflag - Modify the flags register.
- canary - Print out the current stack canary.
- retaddr - Print out the stack addresses that contain return addresses.
- stack-explore - Explore stack from all threads.
- stack - Dereferences on stack data with specified count and offset.
- stackf - Dereferences on stack data, printing the entire stack frame with specified count and offset .
- attachp - Attaches to a given pid, process name, process found with partial argv match or to a device file.
- entry - Start the debugged program stopping at its entrypoint address.
- sstart - Alias for 'tbreak __libc_start_main; run'.
- start - Start the debugged program stopping at the first convenient location
- nextcall - Breaks at the next call instruction.
- nextjmp - Breaks at the next jump instruction.
- nextproginstr - Breaks at the next instruction that belongs to the running program.
- nextret - Breaks at next return-like instruction.
- nextsyscall - Breaks at the next syscall not taking branches.
- stepover - Breaks on the instruction after this one.
- stepret - Breaks at next return-like instruction by 'stepping' to it.
- stepsyscall - Breaks at the next syscall by taking branches.
- stepuntilasm - Breaks on the next matching instruction.
- xuntil - Continue execution until an address or expression.
- bc - Clear the breakpoint with the specified index.
- bd - Disable the breakpoint with the specified index.
- be - Enable the breakpoint with the specified index.
- bl - List breakpoints.
- bp - Set a breakpoint at the specified address.
- da - Dump a string at the specified address.
- db - Starting at the specified address, dump N bytes.
- dc - Starting at the specified address, hexdump.
- dd - Starting at the specified address, dump N dwords.
- dds - Dump pointers and symbols at the specified address.
- dq - Starting at the specified address, dump N qwords.
- ds - Dump a string at the specified address.
- dw - Starting at the specified address, dump N words.
- eb - Write hex bytes at the specified address.
- ed - Write hex dwords at the specified address.
- eq - Write hex qwords at the specified address.
- ew - Write hex words at the specified address.
- ez - Write a string at the specified address.
- eza - Write a string at the specified address.
- go - Windbg compatibility alias for 'continue' command.
- k - Print a backtrace (alias 'bt').
- ln - List the symbols nearest to the provided value.
- pc - Windbg compatibility alias for 'nextcall' command.
- peb - Not be windows.
- jemalloc-extent-info - Prints extent information for the given address
- jemalloc-find-extent - Returns extent information for pointer address allocated by jemalloc
- jemalloc-heap - Prints all extents information
- bugreport - Generate a bug report.
- config - Shows pwndbg-specific configuration.
- configfile - Generates a configuration file for the current pwndbg options.
- memoize - Toggles memoization (caching).
- profiler - Utilities for profiling pwndbg.
- pwndbg - Prints out a list of all pwndbg commands.
- reinit-pwndbg - Makes pwndbg reinitialize all state.
- reload - Reload pwndbg.
- theme - Shows pwndbg-specific theme configuration.
- themefile - Generates a configuration file for the current pwndbg theme options.
- version - Displays Pwndbg and its important deps versions.
Breaks on a branch if it is not taken.
"},{"location":"commands/breakpoint/break-if-not-taken/#usage","title":"Usage:","text":"
"},{"location":"commands/breakpoint/break-if-not-taken/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: break-if-not-taken [-h] branch\nbranchThe branch instruction to break on."},{"location":"commands/breakpoint/break-if-not-taken/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/breakpoint/break-if-taken/","title":"Break if taken","text":""},{"location":"commands/breakpoint/break-if-taken/#break-if-taken","title":"break-if-taken","text":""},{"location":"commands/breakpoint/break-if-taken/#description","title":"Description","text":"Breaks on a branch if it is taken.
"},{"location":"commands/breakpoint/break-if-taken/#usage","title":"Usage:","text":"
"},{"location":"commands/breakpoint/break-if-taken/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: break-if-taken [-h] branch\nbranchThe branch instruction to break on."},{"location":"commands/breakpoint/break-if-taken/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/breakpoint/breakrva/","title":"Breakrva","text":""},{"location":"commands/breakpoint/breakrva/#breakrva","title":"breakrva","text":""},{"location":"commands/breakpoint/breakrva/#description","title":"Description","text":"Break at RVA from PIE base.
"},{"location":"commands/breakpoint/breakrva/#usage","title":"Usage:","text":"
"},{"location":"commands/breakpoint/breakrva/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: breakrva [-h] [offset] [module]\noffsetOffset to add. (default: %(default)s)moduleModule to choose as base. Defaults to the target executable. (default: %(default)s)"},{"location":"commands/breakpoint/breakrva/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/breakpoint/ignore/","title":"Ignore","text":""},{"location":"commands/breakpoint/ignore/#ignore","title":"ignore","text":""},{"location":"commands/breakpoint/ignore/#description","title":"Description","text":"Set ignore-count of breakpoint number N to COUNT.
While the ignore count is positive, execution will not stop on the breakpoint.
By default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.
"},{"location":"commands/breakpoint/ignore/#usage","title":"Usage:","text":"
"},{"location":"commands/breakpoint/ignore/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ignore [-h] [N] COUNT\nbpnumThe breakpoint number N.countThe number to set COUNT."},{"location":"commands/breakpoint/ignore/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/context/","title":"Context","text":""},{"location":"commands/context/context/#context","title":"context","text":""},{"location":"commands/context/context/#description","title":"Description","text":"Print out the current register, instruction, and stack context.
"},{"location":"commands/context/context/#usage","title":"Usage:","text":"
"},{"location":"commands/context/context/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: context [-h] [--on] [--off] [subcontext ...]\nsubcontextSubmenu to display: 'regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'"},{"location":"commands/context/context/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--onNoneShow the section(s) in subsequent context commands again. The section(s) have to be in the 'context-sections' list.--offNoneDo not show the section(s) in subsequent context commands even though they might be in the 'context-sections' list."},{"location":"commands/context/contextnext/","title":"Contextnext","text":""},{"location":"commands/context/contextnext/#contextnext","title":"contextnext","text":""},{"location":"commands/context/contextnext/#description","title":"Description","text":"Select next entry in context history.
"},{"location":"commands/context/contextnext/#usage","title":"Usage:","text":"
"},{"location":"commands/context/contextnext/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextnext [-h] [count]\ncountThe number of entries to go forward in history (default: %(default)s)"},{"location":"commands/context/contextnext/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/contextoutput/","title":"Contextoutput","text":""},{"location":"commands/context/contextoutput/#contextoutput","title":"contextoutput","text":""},{"location":"commands/context/contextoutput/#description","title":"Description","text":"Sets the output of a context section.
"},{"location":"commands/context/contextoutput/#usage","title":"Usage:","text":"
"},{"location":"commands/context/contextoutput/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextoutput [-h] section path clearing [banner] [width]\nsectionThe section which is to be configured. ('regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal')pathThe path to which the output is writtenclearingIndicates weather to clear the outputbannerWhere a banner should be placed: both, top , bottom, none (default: %(default)s)widthSets a fixed width (used for banner). Set to None for auto"},{"location":"commands/context/contextoutput/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/contextprev/","title":"Contextprev","text":""},{"location":"commands/context/contextprev/#contextprev","title":"contextprev","text":""},{"location":"commands/context/contextprev/#description","title":"Description","text":"Select previous entry in context history.
"},{"location":"commands/context/contextprev/#usage","title":"Usage:","text":"
"},{"location":"commands/context/contextprev/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextprev [-h] [count]\ncountThe number of entries to go back in history (default: %(default)s)"},{"location":"commands/context/contextprev/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/contextsearch/","title":"Contextsearch","text":""},{"location":"commands/context/contextsearch/#contextsearch","title":"contextsearch","text":""},{"location":"commands/context/contextsearch/#description","title":"Description","text":"Search for a string in the context history and select that entry.
"},{"location":"commands/context/contextsearch/#usage","title":"Usage:","text":"
"},{"location":"commands/context/contextsearch/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextsearch [-h] needle [section]\nneedleThe string to search for in the context historysectionThe section to search in. If not provided, search in all sections"},{"location":"commands/context/contextsearch/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/contextunwatch/","title":"Contextunwatch","text":""},{"location":"commands/context/contextunwatch/#contextunwatch","title":"contextunwatch","text":""},{"location":"commands/context/contextunwatch/#description","title":"Description","text":"Removes an expression previously added to be watched.
"},{"location":"commands/context/contextunwatch/#usage","title":"Usage:","text":"
"},{"location":"commands/context/contextunwatch/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextunwatch [-h] num\nnumThe expression number to be removed from context"},{"location":"commands/context/contextunwatch/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/contextwatch/","title":"Contextwatch","text":""},{"location":"commands/context/contextwatch/#contextwatch","title":"contextwatch","text":""},{"location":"commands/context/contextwatch/#description","title":"Description","text":"Adds an expression to be shown on context.
To remove an expression, see
"},{"location":"commands/context/contextwatch/#usage","title":"Usage:","text":"cunwatch.
"},{"location":"commands/context/contextwatch/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: contextwatch [-h] [{eval,execute}] expression\ncmdCommand to be used with the expression. - eval: the expression is parsed and evaluated as in the debugged language. - execute: the expression is executed as a GDB command. (default: %(default)s)expressionThe expression to be evaluated and shown in context"},{"location":"commands/context/contextwatch/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/context/regs/","title":"Regs","text":""},{"location":"commands/context/regs/#regs","title":"regs","text":""},{"location":"commands/context/regs/#description","title":"Description","text":"Print out all registers and enhance the information.
"},{"location":"commands/context/regs/#usage","title":"Usage:","text":"
"},{"location":"commands/context/regs/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: regs [-h] [regs ...]\nregsRegisters to be shown"},{"location":"commands/context/regs/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/developer/dev-dump-instruction/","title":"Dev dump instruction","text":""},{"location":"commands/developer/dev-dump-instruction/#dev-dump-instruction","title":"dev-dump-instruction","text":""},{"location":"commands/developer/dev-dump-instruction/#description","title":"Description","text":"Dump internal PwndbgInstruction attributes.
"},{"location":"commands/developer/dev-dump-instruction/#usage","title":"Usage:","text":"
"},{"location":"commands/developer/dev-dump-instruction/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dev-dump-instruction [-h] [-e] [-n] [address]\naddressThe address to get the enhanced instruction from - must be in cache."},{"location":"commands/developer/dev-dump-instruction/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-e--emulateForce the use of emulation when enhancing the instruction, regardless of global 'emulate' setting. (default: %(default)s)-n--no-emulateDisable the use of emulation when enhancing the instruction, regardless of global 'emulate' setting. (default: %(default)s)"},{"location":"commands/developer/log-level/","title":"Log level","text":""},{"location":"commands/developer/log-level/#log-level","title":"log-level","text":""},{"location":"commands/developer/log-level/#description","title":"Description","text":"Set the log level.
"},{"location":"commands/developer/log-level/#usage","title":"Usage:","text":"
"},{"location":"commands/developer/log-level/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: log-level [-h] [{debug,info,warning,error,critical}]\nlevelThe log level to set. (default: %(default)s)"},{"location":"commands/developer/log-level/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/disassemble/emulate/","title":"Emulate","text":""},{"location":"commands/disassemble/emulate/#emulate","title":"emulate","text":""},{"location":"commands/disassemble/emulate/#description","title":"Description","text":"Like nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"commands/disassemble/emulate/#usage","title":"Usage:","text":"
"},{"location":"commands/disassemble/emulate/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: emulate [-h] [pc] [lines]\npcAddress to emulate near.linesNumber of lines to show on either side of the address."},{"location":"commands/disassemble/emulate/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/disassemble/nearpc/","title":"Nearpc","text":""},{"location":"commands/disassemble/nearpc/#nearpc","title":"nearpc","text":""},{"location":"commands/disassemble/nearpc/#description","title":"Description","text":"Disassemble near a specified address.
"},{"location":"commands/disassemble/nearpc/#usage","title":"Usage:","text":"
"},{"location":"commands/disassemble/nearpc/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: nearpc [-h] [-e] [pc] [lines]\npcAddress to disassemble near. If this is the only argument and the value provided is small enough, it is interpreted as lines instead.linesNumber of lines to show on either side of the address."},{"location":"commands/disassemble/nearpc/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-e--emulateWhether to emulate instructions to find the next ones or just linearly disassemble. (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/arena/","title":"Arena","text":""},{"location":"commands/glibc_ptmalloc2_heap/arena/#arena","title":"arena","text":""},{"location":"commands/glibc_ptmalloc2_heap/arena/#description","title":"Description","text":"Print the contents of an arena.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/arena/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/arena/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: arena [-h] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/arena/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/arenas/","title":"Arenas","text":""},{"location":"commands/glibc_ptmalloc2_heap/arenas/#arenas","title":"arenas","text":""},{"location":"commands/glibc_ptmalloc2_heap/arenas/#description","title":"Description","text":"List this process's arenas.
"},{"location":"commands/glibc_ptmalloc2_heap/arenas/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/arenas/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: arenas [-h]\n-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/bins/","title":"Bins","text":""},{"location":"commands/glibc_ptmalloc2_heap/bins/#bins","title":"bins","text":""},{"location":"commands/glibc_ptmalloc2_heap/bins/#description","title":"Description","text":"Print the contents of all an arena's bins and a thread's tcache.
Default to the current thread's arena and tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/bins/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/bins/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: bins [-h] [addr] [tcache_addr]\naddrAddress of the arena.tcache_addrAddress of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/bins/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/","title":"Fastbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#fastbins","title":"fastbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#description","title":"Description","text":"Print the contents of an arena's fastbins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: fastbins [-h] [-v] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verboseShow all fastbins, including empty ones (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/","title":"Find fake fast","text":""},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#find-fake-fast","title":"find-fake-fast","text":""},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#description","title":"Description","text":"Find candidate fake fast or tcache chunks overlapping the specified address.
"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: find-fake-fast [-h] [--align] [--glibc-fastbin-bug]\n [--partial-overwrite]\n target_address [max_candidate_size]\ntarget_addressAddress of the word-sized value to overlap.max_candidate_sizeMaximum size of fake chunks to find."},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-a--alignWhether the fake chunk must be aligned to MALLOC_ALIGNMENT. This is required for tcache chunks and for all chunks when Safe Linking is enabled (default: %(default)s)-b--glibc-fastbin-bugDoes the GLIBC fastbin size field bug affect the candidate size field width? (default: %(default)s)-p--partial-overwriteConsider partial overwrite candidates, default behavior only shows word-size overwrites. (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/heap-config/","title":"Heap config","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap-config/#heap-config","title":"heap-config","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap-config/#description","title":"Description","text":"Shows heap related configuration.
"},{"location":"commands/glibc_ptmalloc2_heap/heap-config/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/heap-config/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: heap-config [-h] [filter_pattern]\nfilter_patternFilter to apply to config parameters names/descriptions"},{"location":"commands/glibc_ptmalloc2_heap/heap-config/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/heap/","title":"Heap","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap/#heap","title":"heap","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap/#description","title":"Description","text":"Iteratively print chunks on a heap.
Default to the current thread's active heap.
"},{"location":"commands/glibc_ptmalloc2_heap/heap/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/heap/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: heap [-h] [-v] [-s] [addr]\naddrAddress of the first chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/heap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verbosePrint all chunk fields, even unused ones. (default: %(default)s)-s--simpleSimply print malloc_chunk struct's contents. (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/hi/","title":"Hi","text":""},{"location":"commands/glibc_ptmalloc2_heap/hi/#hi","title":"hi","text":""},{"location":"commands/glibc_ptmalloc2_heap/hi/#description","title":"Description","text":"Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/hi/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/hi/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: hi [-h] [-v] [-s] [-f] addr\naddrAddress of the interest."},{"location":"commands/glibc_ptmalloc2_heap/hi/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verbosePrint all chunk fields, even unused ones. (default: %(default)s)-s--simpleSimply print malloc_chunk struct's contents. (default: %(default)s)-f--fakeAllow fake chunks. If set, displays any memory as a heap chunk (even if its not a real chunk). (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/largebins/","title":"Largebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/largebins/#largebins","title":"largebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/largebins/#description","title":"Description","text":"Print the contents of an arena's largebins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/largebins/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/largebins/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: largebins [-h] [-v] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/largebins/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verboseShow all largebins, including empty ones (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/","title":"Malloc chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#malloc-chunk","title":"malloc-chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#description","title":"Description","text":"Print a chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: malloc-chunk [-h] [-f] [-v] [-s] [-d] [-n NEXT] addr\naddrAddress of the chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-f--fakeIs this a fake chunk? (default: %(default)s)-v--verbosePrint all chunk fields, even unused ones. (default: %(default)s)-s--simpleSimply print malloc_chunk struct's contents. (default: %(default)s)-d--dumpPrint a hexdump of the chunk. (default: %(default)s)-n--next0Print the next N chunks after the specified address. (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/mp/","title":"Mp","text":""},{"location":"commands/glibc_ptmalloc2_heap/mp/#mp","title":"mp","text":""},{"location":"commands/glibc_ptmalloc2_heap/mp/#description","title":"Description","text":"Print the mp_ struct's contents.
"},{"location":"commands/glibc_ptmalloc2_heap/mp/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/mp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: mp [-h]\n-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/","title":"Smallbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#smallbins","title":"smallbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#description","title":"Description","text":"Print the contents of an arena's smallbins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: smallbins [-h] [-v] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verboseShow all smallbins, including empty ones (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/tcache/","title":"Tcache","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcache/#tcache","title":"tcache","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcache/#description","title":"Description","text":"Print a thread's tcache contents.
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcache/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/tcache/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: tcache [-h] [addr]\naddrAddress of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/tcache/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/","title":"Tcachebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#tcachebins","title":"tcachebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#description","title":"Description","text":"Print the contents of a tcache.
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: tcachebins [-h] [-v] [addr]\naddrThe address of the tcache bins."},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verboseShow all tcachebins, including empty ones (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/","title":"Top chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#top-chunk","title":"top-chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#description","title":"Description","text":"Print relevant information about an arena's top chunk.
Default to current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: top-chunk [-h] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/try-free/","title":"Try free","text":""},{"location":"commands/glibc_ptmalloc2_heap/try-free/#try-free","title":"try-free","text":""},{"location":"commands/glibc_ptmalloc2_heap/try-free/#description","title":"Description","text":"Check what would happen if free was called with given address.
"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: try-free [-h] addr\naddrAddress passed to free"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/","title":"Unsortedbin","text":""},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#unsortedbin","title":"unsortedbin","text":""},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#description","title":"Description","text":"Print the contents of an arena's unsortedbin.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: unsortedbin [-h] [-v] [addr]\naddrAddress of the arena."},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verboseShow the \"all\" bin even if it's empty (default: %(default)s)"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/","title":"Vis heap chunks","text":""},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#vis-heap-chunks","title":"vis-heap-chunks","text":""},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#description","title":"Description","text":"Visualize chunks on a heap.
Default to the current arena's active heap.
"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#usage","title":"Usage:","text":"
"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: vis-heap-chunks [-h] [--beyond_top] [--no_truncate] [--all_chunks]\n [count] [addr]\ncountNumber of chunks to visualize. If the value is big enough and addr isn't provided, this is interpreted as addr instead. (default: %(default)s)addrAddress of the first chunk."},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-b--beyond_topAttempt to keep printing beyond the top chunk. (default: %(default)s)-n--no_truncateDisplay all the chunk contents (Ignore themax-visualize-chunk-sizeconfiguration). (default: %(default)s)-a--all_chunksDisplay all chunks (Ignore the default-visualize-chunk-number configuration). (default: %(default)s)"},{"location":"commands/integrations/ai/","title":"Ai","text":""},{"location":"commands/integrations/ai/#ai","title":"ai","text":""},{"location":"commands/integrations/ai/#description","title":"Description","text":"Ask GPT-3 a question about the current debugging context.
"},{"location":"commands/integrations/ai/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/ai/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ai [-h] [-M MODEL] [-t TEMPERATURE] [-m MAX_TOKENS] [-v] [-L]\n [-c COMMAND]\n [question ...]\nquestionThe question to ask."},{"location":"commands/integrations/ai/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-M--modelNoneThe OpenAI model to use.-t--temperatureNoneThe temperature to use.-m--max-tokensNoneThe maximum number of tokens to generate.-v--verbosePrint the prompt and response. (default: %(default)s)-L--list-modelsList the available models. (default: %(default)s)-c--commandNoneRun a command in the GDB debugger and ask a question about the output."},{"location":"commands/integrations/bn-sync/","title":"Bn sync","text":""},{"location":"commands/integrations/bn-sync/#bn-sync","title":"bn-sync","text":""},{"location":"commands/integrations/bn-sync/#description","title":"Description","text":"Synchronize Binary Ninja's cursor with GDB.
"},{"location":"commands/integrations/bn-sync/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/bn-sync/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: bn-sync [-h]\n-h--helpshow this help message and exit"},{"location":"commands/integrations/decomp/","title":"Decomp","text":""},{"location":"commands/integrations/decomp/#decomp","title":"decomp","text":""},{"location":"commands/integrations/decomp/#description","title":"Description","text":"Use the current integration to decompile code near an address.
"},{"location":"commands/integrations/decomp/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/decomp/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: decomp [-h] [addr] [lines]\naddrAddress to decompile near.linesNumber of lines of decompilation to show."},{"location":"commands/integrations/decomp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/integrations/j/","title":"J","text":""},{"location":"commands/integrations/j/#j","title":"j","text":""},{"location":"commands/integrations/j/#description","title":"Description","text":"Synchronize IDA's cursor with GDB.
"},{"location":"commands/integrations/j/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/j/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: j [-h]\n-h--helpshow this help message and exit"},{"location":"commands/integrations/r2/","title":"R2","text":""},{"location":"commands/integrations/r2/#r2","title":"r2","text":""},{"location":"commands/integrations/r2/#description","title":"Description","text":"Launches radare2.
"},{"location":"commands/integrations/r2/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/r2/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: r2 [-h] [--no-seek] [--no-rebase] [arguments ...]\nargumentsArguments to pass to radare"},{"location":"commands/integrations/r2/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--no-seekDo not seek to current pc (default: %(default)s)--no-rebaseDo not set the base address for PIE according to the current mapping (default: %(default)s)"},{"location":"commands/integrations/r2pipe/","title":"R2pipe","text":""},{"location":"commands/integrations/r2pipe/#r2pipe","title":"r2pipe","text":""},{"location":"commands/integrations/r2pipe/#description","title":"Description","text":"Execute stateful radare2 commands through r2pipe.
"},{"location":"commands/integrations/r2pipe/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/r2pipe/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: r2pipe [-h] arguments [arguments ...]\nargumentsArguments to pass to r2pipe"},{"location":"commands/integrations/r2pipe/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/integrations/rop/","title":"Rop","text":""},{"location":"commands/integrations/rop/#rop","title":"rop","text":""},{"location":"commands/integrations/rop/#description","title":"Description","text":"Dump ROP gadgets with Jon Salwan's ROPgadget tool.
"},{"location":"commands/integrations/rop/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/rop/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: rop [-h] [--grep GREP] [--memlimit MEMLIMIT] [argument ...]\nargumentArguments to pass to ROPgadget"},{"location":"commands/integrations/rop/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--grepNoneString to grep the output for--memlimit50MBString to grep the output for (default: %(default)s)"},{"location":"commands/integrations/ropper/","title":"Ropper","text":""},{"location":"commands/integrations/ropper/#ropper","title":"ropper","text":""},{"location":"commands/integrations/ropper/#description","title":"Description","text":"ROP gadget search with ropper.
"},{"location":"commands/integrations/ropper/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/ropper/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ropper [-h] [argument ...]\nargumentArguments to pass to ropper"},{"location":"commands/integrations/ropper/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/integrations/rz/","title":"Rz","text":""},{"location":"commands/integrations/rz/#rz","title":"rz","text":""},{"location":"commands/integrations/rz/#description","title":"Description","text":"Launches rizin.
"},{"location":"commands/integrations/rz/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/rz/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: rz [-h] [--no-seek] [--no-rebase] [arguments ...]\nargumentsArguments to pass to rizin"},{"location":"commands/integrations/rz/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--no-seekDo not seek to current pc (default: %(default)s)--no-rebaseDo not set the base address for PIE according to the current mapping (default: %(default)s)"},{"location":"commands/integrations/rzpipe/","title":"Rzpipe","text":""},{"location":"commands/integrations/rzpipe/#rzpipe","title":"rzpipe","text":""},{"location":"commands/integrations/rzpipe/#description","title":"Description","text":"Execute stateful rizin commands through rzpipe.
"},{"location":"commands/integrations/rzpipe/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/rzpipe/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: rzpipe [-h] arguments [arguments ...]\nargumentsArguments to pass to rzpipe"},{"location":"commands/integrations/rzpipe/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/integrations/save-ida/","title":"Save ida","text":""},{"location":"commands/integrations/save-ida/#save-ida","title":"save-ida","text":""},{"location":"commands/integrations/save-ida/#description","title":"Description","text":"Save the ida database.
"},{"location":"commands/integrations/save-ida/#usage","title":"Usage:","text":"
"},{"location":"commands/integrations/save-ida/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: save-ida [-h]\n-h--helpshow this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/","title":"Jemalloc extent info","text":""},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#jemalloc-extent-info","title":"jemalloc-extent-info","text":""},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#description","title":"Description","text":"Prints extent information for the given address
"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#usage","title":"Usage:","text":"
"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: jemalloc-extent-info [-h] [-v] addr\naddrAddress of the extent metadata"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-v--verbosePrint all chunk fields, even unused ones. (default: %(default)s)"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/","title":"Jemalloc find extent","text":""},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#jemalloc-find-extent","title":"jemalloc-find-extent","text":""},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#description","title":"Description","text":"Returns extent information for pointer address allocated by jemalloc
"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#usage","title":"Usage:","text":"
"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: jemalloc-find-extent [-h] addr\naddrAddress of the allocated memory location"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-heap/","title":"Jemalloc heap","text":""},{"location":"commands/jemalloc_heap/jemalloc-heap/#jemalloc-heap","title":"jemalloc-heap","text":""},{"location":"commands/jemalloc_heap/jemalloc-heap/#description","title":"Description","text":"Prints all extents information
"},{"location":"commands/jemalloc_heap/jemalloc-heap/#usage","title":"Usage:","text":"
"},{"location":"commands/jemalloc_heap/jemalloc-heap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: jemalloc-heap [-h]\n-h--helpshow this help message and exit"},{"location":"commands/kernel/binder/","title":"Binder","text":""},{"location":"commands/kernel/binder/#binder","title":"binder","text":""},{"location":"commands/kernel/binder/#description","title":"Description","text":"Show Android Binder information
"},{"location":"commands/kernel/binder/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/binder/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: binder [-h]\n-h--helpshow this help message and exit"},{"location":"commands/kernel/kbase/","title":"Kbase","text":""},{"location":"commands/kernel/kbase/#kbase","title":"kbase","text":""},{"location":"commands/kernel/kbase/#description","title":"Description","text":"Finds the kernel virtual base address.
"},{"location":"commands/kernel/kbase/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/kbase/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: kbase [-h] [-r]\n-h--helpshow this help message and exit-r--rebaserebase loaded symbol file (default: %(default)s)"},{"location":"commands/kernel/kchecksec/","title":"Kchecksec","text":""},{"location":"commands/kernel/kchecksec/#kchecksec","title":"kchecksec","text":""},{"location":"commands/kernel/kchecksec/#description","title":"Description","text":"Checks for kernel hardening configuration options.
"},{"location":"commands/kernel/kchecksec/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/kchecksec/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: kchecksec [-h]\n-h--helpshow this help message and exit"},{"location":"commands/kernel/kcmdline/","title":"Kcmdline","text":""},{"location":"commands/kernel/kcmdline/#kcmdline","title":"kcmdline","text":""},{"location":"commands/kernel/kcmdline/#description","title":"Description","text":"Return the kernel commandline (/proc/cmdline).
"},{"location":"commands/kernel/kcmdline/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/kcmdline/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: kcmdline [-h]\n-h--helpshow this help message and exit"},{"location":"commands/kernel/kconfig/","title":"Kconfig","text":""},{"location":"commands/kernel/kconfig/#kconfig","title":"kconfig","text":""},{"location":"commands/kernel/kconfig/#description","title":"Description","text":"Outputs the kernel config (requires CONFIG_IKCONFIG).
"},{"location":"commands/kernel/kconfig/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/kconfig/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: kconfig [-h] [config_name]\nconfig_nameA config name to search for"},{"location":"commands/kernel/kconfig/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/kernel/klookup/","title":"Klookup","text":""},{"location":"commands/kernel/klookup/#klookup","title":"klookup","text":""},{"location":"commands/kernel/klookup/#description","title":"Description","text":"Lookup kernel symbols
"},{"location":"commands/kernel/klookup/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/klookup/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: klookup [-h] symbol\nsymbolAddress or symbol name to lookup"},{"location":"commands/kernel/klookup/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/kernel/knft-dump/","title":"Knft dump","text":""},{"location":"commands/kernel/knft-dump/#knft-dump","title":"knft-dump","text":""},{"location":"commands/kernel/knft-dump/#description","title":"Description","text":"Dump all nftables: tables, chains, rules, expressions
"},{"location":"commands/kernel/knft-dump/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-dump/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-dump [-h] [nsid]\nnsidNetwork Namespace ID"},{"location":"commands/kernel/knft-dump/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/kernel/knft-list-chains/","title":"Knft list chains","text":""},{"location":"commands/kernel/knft-list-chains/#knft-list-chains","title":"knft-list-chains","text":""},{"location":"commands/kernel/knft-list-chains/#description","title":"Description","text":"Dump netfilter chains form a specific table
"},{"location":"commands/kernel/knft-list-chains/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-chains/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-chains [-h] [--nsid NSID] [table_family] [table_name]\ntable_familyNetfilter table family (inet, ip, ip6, netdev, bridge, arp)table_nameTable name"},{"location":"commands/kernel/knft-list-chains/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-exprs/","title":"Knft list exprs","text":""},{"location":"commands/kernel/knft-list-exprs/#knft-list-exprs","title":"knft-list-exprs","text":""},{"location":"commands/kernel/knft-list-exprs/#description","title":"Description","text":"Dump only expressions from specific rule
"},{"location":"commands/kernel/knft-list-exprs/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-exprs/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-exprs [-h] [--nsid NSID]\n [table_family] [table_name] [chain_name] [rule_id]\ntable_familyTable family, eg: inet, ip, ip6, netdev, bridge, arptable_nameTable namechain_nameChain namerule_idRule Handle ID"},{"location":"commands/kernel/knft-list-exprs/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-flowtables/","title":"Knft list flowtables","text":""},{"location":"commands/kernel/knft-list-flowtables/#knft-list-flowtables","title":"knft-list-flowtables","text":""},{"location":"commands/kernel/knft-list-flowtables/#description","title":"Description","text":"Dump netfilter flowtables from a specific table
"},{"location":"commands/kernel/knft-list-flowtables/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-flowtables/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-flowtables [-h] [--nsid NSID] [table_family] [table_name]\ntable_familyNetfilter table family (inet, ip, ip6, netdev, bridge, arp)table_nameTable name"},{"location":"commands/kernel/knft-list-flowtables/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-objects/","title":"Knft list objects","text":""},{"location":"commands/kernel/knft-list-objects/#knft-list-objects","title":"knft-list-objects","text":""},{"location":"commands/kernel/knft-list-objects/#description","title":"Description","text":"Dump netfilter objects from a specific table
"},{"location":"commands/kernel/knft-list-objects/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-objects/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-objects [-h] [--nsid NSID] [table_family] [table_name]\ntable_familyTable family, eg: inet, ip, ip6, netdev, bridge, arptable_nameTable name"},{"location":"commands/kernel/knft-list-objects/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-rules/","title":"Knft list rules","text":""},{"location":"commands/kernel/knft-list-rules/#knft-list-rules","title":"knft-list-rules","text":""},{"location":"commands/kernel/knft-list-rules/#description","title":"Description","text":"Dump netfilter rules form a specific chain
"},{"location":"commands/kernel/knft-list-rules/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-rules/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-rules [-h] [--nsid NSID]\n [table_family] [table_name] [chain_name]\ntable_familyTable family, eg: inet, ip, ip6, netdev, bridge, arptable_nameTable namechain_nameChain name"},{"location":"commands/kernel/knft-list-rules/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-sets/","title":"Knft list sets","text":""},{"location":"commands/kernel/knft-list-sets/#knft-list-sets","title":"knft-list-sets","text":""},{"location":"commands/kernel/knft-list-sets/#description","title":"Description","text":"Dump netfilter sets from a specific table
"},{"location":"commands/kernel/knft-list-sets/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-sets/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: knft-list-sets [-h] [--nsid NSID] [table_family] [table_name]\ntable_familyTable family, eg: inet, ip, ip6, netdev, bridge, arptable_nameTable name"},{"location":"commands/kernel/knft-list-sets/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/knft-list-tables/","title":"Knft list tables","text":""},{"location":"commands/kernel/knft-list-tables/#knft-list-tables","title":"knft-list-tables","text":""},{"location":"commands/kernel/knft-list-tables/#description","title":"Description","text":"Dump netfliter tables from a specific network namespace
"},{"location":"commands/kernel/knft-list-tables/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/knft-list-tables/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: knft-list-tables [-h] [--nsid NSID]\n-h--helpshow this help message and exit-n--nsidNoneNetwork Namespace ID"},{"location":"commands/kernel/kversion/","title":"Kversion","text":""},{"location":"commands/kernel/kversion/#kversion","title":"kversion","text":""},{"location":"commands/kernel/kversion/#description","title":"Description","text":"Outputs the kernel version (/proc/version).
"},{"location":"commands/kernel/kversion/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/kversion/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: kversion [-h]\n-h--helpshow this help message and exit"},{"location":"commands/kernel/pcplist/","title":"Pcplist","text":""},{"location":"commands/kernel/pcplist/#pcplist","title":"pcplist","text":""},{"location":"commands/kernel/pcplist/#description","title":"Description","text":"Print Per-CPU page list
"},{"location":"commands/kernel/pcplist/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/pcplist/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: pcplist [-h] [zone]\nzone"},{"location":"commands/kernel/pcplist/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/kernel/slab/","title":"Slab","text":""},{"location":"commands/kernel/slab/#slab","title":"slab","text":""},{"location":"commands/kernel/slab/#description","title":"Description","text":"Prints information about the slab allocator
"},{"location":"commands/kernel/slab/#usage","title":"Usage:","text":"
"},{"location":"commands/kernel/slab/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: slab [-h] {list,info,contains} ...\ncommandNone"},{"location":"commands/kernel/slab/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/argc/","title":"Argc","text":""},{"location":"commands/linux_libc_elf/argc/#argc","title":"argc","text":""},{"location":"commands/linux_libc_elf/argc/#description","title":"Description","text":"Prints out the number of arguments.
"},{"location":"commands/linux_libc_elf/argc/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/argc/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: argc [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/argv/","title":"Argv","text":""},{"location":"commands/linux_libc_elf/argv/#argv","title":"argv","text":""},{"location":"commands/linux_libc_elf/argv/#description","title":"Description","text":"Prints out the contents of argv.
"},{"location":"commands/linux_libc_elf/argv/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/argv/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: argv [-h] [i]\niIndex of the argument to print out."},{"location":"commands/linux_libc_elf/argv/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/aslr/","title":"Aslr","text":""},{"location":"commands/linux_libc_elf/aslr/#aslr","title":"aslr","text":""},{"location":"commands/linux_libc_elf/aslr/#description","title":"Description","text":"Check the current ASLR status, or turn it on/off.
Does not take effect until the program is restarted.
"},{"location":"commands/linux_libc_elf/aslr/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/aslr/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: aslr [-h] [{on,off}]\nstateTurn ASLR on or off (takes effect when target is started)"},{"location":"commands/linux_libc_elf/aslr/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/auxv-explore/","title":"Auxv explore","text":""},{"location":"commands/linux_libc_elf/auxv-explore/#auxv-explore","title":"auxv-explore","text":""},{"location":"commands/linux_libc_elf/auxv-explore/#description","title":"Description","text":"Explore and print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv-explore/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/auxv-explore/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: auxv-explore [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/auxv/","title":"Auxv","text":""},{"location":"commands/linux_libc_elf/auxv/#auxv","title":"auxv","text":""},{"location":"commands/linux_libc_elf/auxv/#description","title":"Description","text":"Print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/auxv/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: auxv [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/elfsections/","title":"Elfsections","text":""},{"location":"commands/linux_libc_elf/elfsections/#elfsections","title":"elfsections","text":""},{"location":"commands/linux_libc_elf/elfsections/#description","title":"Description","text":"Prints the section mappings contained in the ELF header.
"},{"location":"commands/linux_libc_elf/elfsections/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/elfsections/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: elfsections [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/envp/","title":"Envp","text":""},{"location":"commands/linux_libc_elf/envp/#envp","title":"envp","text":""},{"location":"commands/linux_libc_elf/envp/#description","title":"Description","text":"Prints out the contents of the environment.
"},{"location":"commands/linux_libc_elf/envp/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/envp/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: envp [-h] [name]\nnameName of the environment variable to see."},{"location":"commands/linux_libc_elf/envp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/errno/","title":"Errno","text":""},{"location":"commands/linux_libc_elf/errno/#errno","title":"errno","text":""},{"location":"commands/linux_libc_elf/errno/#description","title":"Description","text":"Converts errno (or argument) to its string representation.
"},{"location":"commands/linux_libc_elf/errno/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/errno/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: errno [-h] [err]\nerrErrno; if not passed, it is retrieved from __errno_location"},{"location":"commands/linux_libc_elf/errno/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/got/","title":"Got","text":""},{"location":"commands/linux_libc_elf/got/#got","title":"got","text":""},{"location":"commands/linux_libc_elf/got/#description","title":"Description","text":"Show the state of the Global Offset Table.
Examples: got got puts got -p libc got -a
"},{"location":"commands/linux_libc_elf/got/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/got/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: got [-h] [-p PATH_FILTER | -a] [-r] [symbol_filter]\nsymbol_filterFilter results by symbol name. (default: %(default)s)"},{"location":"commands/linux_libc_elf/got/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-p--path`` Filter results by library/objfile path. (default: %(default)s)-a--allProcess all libs/obfjiles including the target executable. (default: %(default)s)-r--show-readonlyAlso display read-only entries (which are filtered out by default). (default: %(default)s)"},{"location":"commands/linux_libc_elf/gotplt/","title":"Gotplt","text":""},{"location":"commands/linux_libc_elf/gotplt/#gotplt","title":"gotplt","text":""},{"location":"commands/linux_libc_elf/gotplt/#description","title":"Description","text":"Prints any symbols found in the .got.plt section if it exists.
"},{"location":"commands/linux_libc_elf/gotplt/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/gotplt/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: gotplt [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/libcinfo/","title":"Libcinfo","text":""},{"location":"commands/linux_libc_elf/libcinfo/#libcinfo","title":"libcinfo","text":""},{"location":"commands/linux_libc_elf/libcinfo/#description","title":"Description","text":"Show libc version and link to its sources
"},{"location":"commands/linux_libc_elf/libcinfo/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/libcinfo/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: libcinfo [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/linkmap/","title":"Linkmap","text":""},{"location":"commands/linux_libc_elf/linkmap/#linkmap","title":"linkmap","text":""},{"location":"commands/linux_libc_elf/linkmap/#description","title":"Description","text":"Show the state of the Link Map
"},{"location":"commands/linux_libc_elf/linkmap/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/linkmap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: linkmap [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/onegadget/","title":"Onegadget","text":""},{"location":"commands/linux_libc_elf/onegadget/#onegadget","title":"onegadget","text":""},{"location":"commands/linux_libc_elf/onegadget/#description","title":"Description","text":"Find gadgets which single-handedly give code execution.
Uses the onegadget tool by david942j.
"},{"location":"commands/linux_libc_elf/onegadget/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/onegadget/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: onegadget [-h] [--show-unsat] [--no-unknown] [-v]\n-h--helpshow this help message and exit--show-unsatShow unsatisfiable gadgets. (default: %(default)s)--no-unknownDo not show unknown gadgets. (default: %(default)s)-v--verboseShow verbose output. (default: %(default)s)"},{"location":"commands/linux_libc_elf/piebase/","title":"Piebase","text":""},{"location":"commands/linux_libc_elf/piebase/#piebase","title":"piebase","text":""},{"location":"commands/linux_libc_elf/piebase/#description","title":"Description","text":"Calculate VA of RVA from PIE base.
"},{"location":"commands/linux_libc_elf/piebase/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/piebase/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: piebase [-h] [offset] [module]\noffsetOffset from PIE base. (default: %(default)s)moduleModule to choose as base. Defaults to the target executable. (default: %(default)s)"},{"location":"commands/linux_libc_elf/piebase/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/plt/","title":"Plt","text":""},{"location":"commands/linux_libc_elf/plt/#plt","title":"plt","text":""},{"location":"commands/linux_libc_elf/plt/#description","title":"Description","text":"Prints any symbols found in the .plt section if it exists.
"},{"location":"commands/linux_libc_elf/plt/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/plt/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: plt [-h]\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/strings/","title":"Strings","text":""},{"location":"commands/linux_libc_elf/strings/#strings","title":"strings","text":""},{"location":"commands/linux_libc_elf/strings/#description","title":"Description","text":"Extracts and displays ASCII strings from readable memory pages of the debugged process.
"},{"location":"commands/linux_libc_elf/strings/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/strings/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: strings [-h] [-n N] [--save-as SAVE_AS] [page_names ...]\npage_namesMapping to search [e.g. libc]. Can be used with multiple mappings [e.g libc heap stack] (default: %(default)s)"},{"location":"commands/linux_libc_elf/strings/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-n4Minimum length of ASCII strings to include (default: %(default)s)--save-asNoneSets the filename for the output of this command [e.g. --save-as='out.txt']"},{"location":"commands/linux_libc_elf/threads/","title":"Threads","text":""},{"location":"commands/linux_libc_elf/threads/#threads","title":"threads","text":""},{"location":"commands/linux_libc_elf/threads/#description","title":"Description","text":"List all threads belonging to the selected inferior.
"},{"location":"commands/linux_libc_elf/threads/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/threads/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: threads [-h] [-c] [num_threads]\nnum_threadsNumber of threads to display. Omit to display all threads."},{"location":"commands/linux_libc_elf/threads/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-c--configRespect context-max-threads config to limit number of threads displayed. (default: %(default)s)"},{"location":"commands/linux_libc_elf/tls/","title":"Tls","text":""},{"location":"commands/linux_libc_elf/tls/#tls","title":"tls","text":""},{"location":"commands/linux_libc_elf/tls/#description","title":"Description","text":"Print out base address of the current Thread Local Storage (TLS).
"},{"location":"commands/linux_libc_elf/tls/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/tls/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: tls [-h] [-p] [-a]\n-h--helpshow this help message and exit-p--pthread-selfTry to get the address of TLS by calling pthread_self(). (default: %(default)s)-a--allDo not truncate the dump output. (default: %(default)s)"},{"location":"commands/linux_libc_elf/track-got/","title":"Track got","text":""},{"location":"commands/linux_libc_elf/track-got/#track-got","title":"track-got","text":""},{"location":"commands/linux_libc_elf/track-got/#description","title":"Description","text":"Controls GOT tracking
"},{"location":"commands/linux_libc_elf/track-got/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/track-got/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: track-got [-h] {enable,disable,info,query} ...\n-h--helpshow this help message and exit"},{"location":"commands/linux_libc_elf/track-heap/","title":"Track heap","text":""},{"location":"commands/linux_libc_elf/track-heap/#track-heap","title":"track-heap","text":""},{"location":"commands/linux_libc_elf/track-heap/#description","title":"Description","text":"Manages the heap tracker.
The heap tracker is a module that tracks usage of the GLibc heap and looks for user errors such as double frees and use after frees.
Currently, the following errors can be detected: - Use After Free
"},{"location":"commands/linux_libc_elf/track-heap/#usage","title":"Usage:","text":"
"},{"location":"commands/linux_libc_elf/track-heap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: track-heap [-h] {enable,disable,toggle-break} ...\n-h--helpshow this help message and exit"},{"location":"commands/memory/distance/","title":"Distance","text":""},{"location":"commands/memory/distance/#distance","title":"distance","text":""},{"location":"commands/memory/distance/#description","title":"Description","text":"Print the distance between the two arguments, or print the offset to the address's page base.
"},{"location":"commands/memory/distance/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/distance/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: distance [-h] a [b]\naThe first address.bThe second address."},{"location":"commands/memory/distance/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/gdt/","title":"Gdt","text":""},{"location":"commands/memory/gdt/#gdt","title":"gdt","text":""},{"location":"commands/memory/gdt/#description","title":"Description","text":"Decode X86-64 GDT entries at address
See also: * https://wiki.osdev.org/Global_Descriptor_Table * https://wiki.osdev.org/GDT_Tutorial
Note: In 64-bit mode, the Base and Limit values are ignored, each descriptor covers the entire linear address space regardless of what they are set to.
"},{"location":"commands/memory/gdt/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/gdt/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: gdt [-h] address [count]\naddressx86-64 GDTR base address (e.g. read from sgdt instruction from [16:79] bits)countNumber of entries to dump (should be (GDTR.size+1)/8) (default: %(default)s)"},{"location":"commands/memory/gdt/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/go-dump/","title":"Go dump","text":""},{"location":"commands/memory/go-dump/#go-dump","title":"go-dump","text":""},{"location":"commands/memory/go-dump/#description","title":"Description","text":"Dumps a Go value of a given type at a specified address.
"},{"location":"commands/memory/go-dump/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/go-dump/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: go-dump [-h] [-x] [-f [DECIMALS]] [-d] [-p] ty address\ntyGo type of value to dump, e.g. map[int]string, or the address of a type to resolve at runtime, e.g. 0x408860addressAddress to dump"},{"location":"commands/memory/go-dump/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-x--hexDisplay non-pointer integers as hex (default: %(default)s)-f--decimalsNoneConfigures the number of decimal places to display for floating points-d--debugShows debug info, like addresses for slice/map elements, slice capacity, etc. (default: %(default)s)-p--prettyEnables pretty printing (default: %(default)s)"},{"location":"commands/memory/go-type/","title":"Go type","text":""},{"location":"commands/memory/go-type/#go-type","title":"go-type","text":""},{"location":"commands/memory/go-type/#description","title":"Description","text":"Dumps a Go runtime reflection type at a specified address.
"},{"location":"commands/memory/go-type/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/go-type/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: go-type [-h] address\naddressAddress to dump"},{"location":"commands/memory/go-type/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/hexdump/","title":"Hexdump","text":""},{"location":"commands/memory/hexdump/#hexdump","title":"hexdump","text":""},{"location":"commands/memory/hexdump/#description","title":"Description","text":"Hexdumps data at the specified address or module name.
"},{"location":"commands/memory/hexdump/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/hexdump/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: hexdump [-h] [address] [count]\naddressAddress or module name to dump (default: %(default)s)countNumber of bytes to dump (default: %(default)s)"},{"location":"commands/memory/hexdump/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/leakfind/","title":"Leakfind","text":""},{"location":"commands/memory/leakfind/#leakfind","title":"leakfind","text":""},{"location":"commands/memory/leakfind/#description","title":"Description","text":"Attempt to find a leak chain given a starting address. Scans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.
Example: leakfind $rsp --page_name=filename --max_offset=0x48 --max_depth=6. This would look for any chains of leaks that point to a section in filename which begin near $rsp, are never 0x48 bytes further from a known pointer, and are a maximum length of 6.
"},{"location":"commands/memory/leakfind/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/leakfind/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: leakfind [-h] [-p [PAGE_NAME]] [-o [MAX_OFFSET]] [-d [MAX_DEPTH]]\n [-s [STEP]] [--negative_offset [NEGATIVE_OFFSET]]\n [address]\naddressStarting address to find a leak chain from (default: %(default)s)"},{"location":"commands/memory/leakfind/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-p--page_nameNoneSubstring required to be part of the name of any found pages-o--max_offset72Max offset to add to addresses when looking for leak (default: %(default)s)-d--max_depth4Maximum depth to follow pointers to (default: %(default)s)-s--step1Step to add between pointers so they are considered. For example, if this is 4 it would only consider pointers at an offset divisible by 4 from the starting pointer (default: %(default)s)--negative_offset0Max negative offset to search before an address when looking for a leak (default: %(default)s)"},{"location":"commands/memory/memfrob/","title":"Memfrob","text":""},{"location":"commands/memory/memfrob/#memfrob","title":"memfrob","text":""},{"location":"commands/memory/memfrob/#description","title":"Description","text":"Memfrobs a region of memory (xor with '*').
"},{"location":"commands/memory/memfrob/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/memfrob/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: memfrob [-h] address count\naddressThe address to start xoring at.countThe number of bytes to xor."},{"location":"commands/memory/memfrob/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/mmap/","title":"Mmap","text":""},{"location":"commands/memory/mmap/#mmap","title":"mmap","text":""},{"location":"commands/memory/mmap/#description","title":"Description","text":"Calls the mmap syscall and prints its resulting address.
Note that the mmap syscall may fail for various reasons (see
man mmap) and, in case of failure, its return value will not be a valid pointer.PROT values: NONE (0), READ (1), WRITE (2), EXEC (4) MAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10), ANONYMOUS (0x20)
Flags and protection values can be either a string containing the names of the flags or permissions or a single number corresponding to the bitwise OR of the protection and flag numbers.
Examples: mmap 0x0 4096 PROT_READ|PROT_WRITE|PROT_EXEC MAP_PRIVATE|MAP_ANONYMOUS -1 0 - Maps a new private+anonymous page with RWX permissions at a location decided by the kernel.
"},{"location":"commands/memory/mmap/#usage","title":"Usage:","text":"mmap 0x0 4096 PROT_READ MAP_PRIVATE 10 0\n - Maps 4096 bytes of the file pointed to by file descriptor number 10 with\n read permission at a location decided by the kernel.\n\nmmap 0xdeadbeef 0x1000\n - Maps a new private+anonymous page with RWX permissions at a page boundary\n near 0xdeadbeef.\n
"},{"location":"commands/memory/mmap/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: mmap [-h] [--quiet] [--force] addr length [prot] [flags] [fd] [offset]\naddrAddress hint to be given to mmap.lengthLength of the mapping, in bytes. Needs to be greater than zero.protProt enum or int as in mmap(2). Eg. \"PROT_READ|PROT_EXEC\" or 7 (for RWX). (default: %(default)s)flagsFlags enum or int as in mmap(2). Eg. \"MAP_PRIVATE|MAP_ANONYMOUS\" or 0x22. (default: %(default)s)fdFile descriptor of the file to be mapped, or -1 if using MAP_ANONYMOUS. (default: %(default)s)offsetOffset from the start of the file, in bytes, if using file based mapping. (default: %(default)s)"},{"location":"commands/memory/mmap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-q--quietDisable address validity warnings and hints (default: %(default)s)-f--forceForce potentially unsafe actions to happen (default: %(default)s)"},{"location":"commands/memory/mprotect/","title":"Mprotect","text":""},{"location":"commands/memory/mprotect/#mprotect","title":"mprotect","text":""},{"location":"commands/memory/mprotect/#description","title":"Description","text":"Calls the mprotect syscall and prints its result value.
Note that the mprotect syscall may fail for various reasons (see
man mprotect) and a non-zero error return value can be decoded with theerrno <value>command.Examples: mprotect $rsp 4096 PROT_READ|PROT_WRITE|PROT_EXEC mprotect $rsp 4096 rwx mprotect $rsp 4096 7 mprotect some_symbol 0x1000 PROT_NONE
"},{"location":"commands/memory/mprotect/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/mprotect/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: mprotect [-h] addr length prot\naddrPage-aligned address to all mprotect on.lengthCount of bytes to call mprotect on. Needs to be multiple of page size.protProt string as in mprotect(2). Eg. \"PROT_READ|PROT_EXEC\", \"rx\", or \"5\""},{"location":"commands/memory/mprotect/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/p2p/","title":"P2p","text":""},{"location":"commands/memory/p2p/#p2p","title":"p2p","text":""},{"location":"commands/memory/p2p/#description","title":"Description","text":"Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
Any chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.
"},{"location":"commands/memory/p2p/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/p2p/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: p2p [-h] mapping_names [mapping_names ...]\nmapping_namesMapping name"},{"location":"commands/memory/p2p/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/probeleak/","title":"Probeleak","text":""},{"location":"commands/memory/probeleak/#probeleak","title":"probeleak","text":""},{"location":"commands/memory/probeleak/#description","title":"Description","text":"Pointer scan for possible offset leaks. Examples: probeleak $rsp 0x64 - leaks 0x64 bytes starting at stack pointer and search for valid pointers probeleak $rsp 0x64 --max-dist 0x10 - as above, but pointers may point 0x10 bytes outside of memory page probeleak $rsp 0x64 --point-to libc --max-ptrs 1 --flags rwx - leaks 0x64 bytes starting at stack pointer and search for one valid pointer which points to a libc rwx page
"},{"location":"commands/memory/probeleak/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/probeleak/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: probeleak [-h] [--max-distance MAX_DISTANCE] [--point-to POINT_TO]\n [--max-ptrs MAX_PTRS] [--flags FLAGS]\n [address] [count]\naddressLeak memory address (default: %(default)s)countLeak size in bytes (default: %(default)s)"},{"location":"commands/memory/probeleak/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--max-distance0Max acceptable distance between memory page boundary and leaked pointer (default: %(default)s)--point-toNoneMapping name of the page that you want the pointers point to--max-ptrs0Stop search after find n pointers, default 0 (default: %(default)s)--flagsNoneflags of the page that you want the pointers point to. [e.g. rwx]"},{"location":"commands/memory/search/","title":"Search","text":""},{"location":"commands/memory/search/#search","title":"search","text":""},{"location":"commands/memory/search/#description","title":"Description","text":"Search memory for byte sequences, strings, pointers, and integer values.
By default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.
"},{"location":"commands/memory/search/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/search/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: search [-h] [-t {byte,short,word,dword,qword,pointer,string,bytes,asm}]\n [-1] [-2] [-4] [-8] [-p] [--asm]\n [--arch {powerpc64,aarch64,powerpc,riscv32,riscv64,sparc64,mips64,msp430,alpha,amd64,sparc,thumb,cris,i386,ia64,m68k,mips,s390,none,avr,arm,vax}]\n [--asmbp] [-x] [-e] [-w] [-s STEP] [-l LIMIT] [-a ALIGNED]\n [--save] [--no-save] [-n] [--trunc-out]\n value [mapping_name]\nvalueValue to search formapping_nameMapping to search [e.g. libc]"},{"location":"commands/memory/search/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-t--typebytesSize of search target (default: %(default)s)-1--byteNoneSearch for a 1-byte integer-2--shortNoneSearch for a 2-byte integer-4--dwordNoneSearch for a 4-byte integer-8--qwordNoneSearch for an 8-byte integer-p--pointerNoneSearch for a pointer-width integer--asmNoneSearch for an assembly instruction--archNoneTarget architecture--asmbpSet breakpoint for found assembly instruction (default: %(default)s)-x--hexTarget is a hex-encoded (for bytes/strings) (default: %(default)s)-e--executableSearch executable segments only (default: %(default)s)-w--writableSearch writable segments only (default: %(default)s)-s--stepNoneStep search address forward to next alignment after each hit (ex: 0x1000)-l--limitNoneMax results before quitting the search. Differs from --trunc-out in that it will not save all search results before quitting-a--alignedNoneResult must be aligned to this byte boundary--saveNoneSave results for further searches with --next. Default comes from config 'auto-save-search'--no-saveNoneInvert --save-n--nextSearch only locations returned by previous search with --save (default: %(default)s)--trunc-outTruncate the output to 20 results. Differs from --limit in that it will first save all search results (default: %(default)s)"},{"location":"commands/memory/telescope/","title":"Telescope","text":""},{"location":"commands/memory/telescope/#telescope","title":"telescope","text":""},{"location":"commands/memory/telescope/#description","title":"Description","text":"Recursively dereferences pointers starting at the specified address.
"},{"location":"commands/memory/telescope/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/telescope/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: telescope [-h] [-r] [-f] [-i] [address] [count]\naddressThe address to telescope at. (default: %(default)s)countThe number of lines to show. (default: %(default)s)"},{"location":"commands/memory/telescope/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-r--reverseShow previous addresses instead of next ones (default: %(default)s)-f--frameShow the stack frame, from rsp to rbp (default: %(default)s)-i--inverseShow the stack reverse growth (default: %(default)s)"},{"location":"commands/memory/vmmap-add/","title":"Vmmap add","text":""},{"location":"commands/memory/vmmap-add/#vmmap-add","title":"vmmap-add","text":""},{"location":"commands/memory/vmmap-add/#description","title":"Description","text":"Add virtual memory map page.
"},{"location":"commands/memory/vmmap-add/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/vmmap-add/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: vmmap-add [-h] start size [flags] [offset]\nstartStarting virtual addresssizeSize of the address space, in bytesflagsFlags set by the ELF file (r - read, w - write, x - executable) (default: %(default)s)offsetOffset into the original ELF file that the data is loaded from (default: %(default)s)"},{"location":"commands/memory/vmmap-add/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/vmmap-clear/","title":"Vmmap clear","text":""},{"location":"commands/memory/vmmap-clear/#vmmap-clear","title":"vmmap-clear","text":""},{"location":"commands/memory/vmmap-clear/#description","title":"Description","text":"Clear the vmmap cache.
"},{"location":"commands/memory/vmmap-clear/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/vmmap-clear/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: vmmap-clear [-h]\n-h--helpshow this help message and exit"},{"location":"commands/memory/vmmap-explore/","title":"Vmmap explore","text":""},{"location":"commands/memory/vmmap-explore/#vmmap-explore","title":"vmmap-explore","text":""},{"location":"commands/memory/vmmap-explore/#description","title":"Description","text":"Explore a page, trying to guess permissions.
"},{"location":"commands/memory/vmmap-explore/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/vmmap-explore/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: vmmap-explore [-h] address\naddressAddress of the page to explore"},{"location":"commands/memory/vmmap-explore/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/vmmap/","title":"Vmmap","text":""},{"location":"commands/memory/vmmap/#vmmap","title":"vmmap","text":""},{"location":"commands/memory/vmmap/#description","title":"Description","text":"Print virtual memory map pages.
Unnamed mappings are named as [anon_%#x] where %#x is high part of their start address. This is useful for filtering with
vmmaporsearchcommands.Known issues with vmmap: For QEMU user targets, the QEMU's gdbstub does not provide memory maps information to GDB until [0] is finished & merged. We try to deal with it without parsing the QEMU process' /proc/$pid/maps file, but if our approach fails, we simply create a [0, 0xffff...] vmmap which is not great and may result in lack of proper colors or inability to search memory with the
searchcommand.For QEMU kernel, we use gdb-pt-dump that parses page tables from the guest by reading /proc/$pid/mem of QEMU process. If this does not work for you, use
set kernel-vmmap-via-page-tables offto refer to our old method of reading vmmap info frommonitor info memcommand exposed by QEMU. Note that the latter may be slower and will not give full vmmaps permission information.For coredump debugging, GDB also lacks all vmmap info but we do our best to get it back by using the
info proc mappingsandmaintenance info sectionscommands.As a last resort, we sometimes try to explore the addresses in CPU registers and if they are readable by GDB, we determine their bounds and create an \"\" vmmap. However, this method is slow and is not used on each GDB stop.
Memory pages can also be added manually with the use of vmmap_add, vmmap_clear and vmmap_load commands. This may be useful for bare metal debugging.
[0] https://lore.kernel.org/all/20220221030910.3203063-1-dominik.b.czarnota@gmail.com/
"},{"location":"commands/memory/vmmap/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/vmmap/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: vmmap [-h] [-w] [-x] [-A LINES_AFTER] [-B LINES_BEFORE] [-C CONTEXT]\n [--gaps]\n [gdbval_or_str]\ngdbval_or_strAddress or module name filter"},{"location":"commands/memory/vmmap/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-w--writableDisplay writable maps only (default: %(default)s)-x--executableDisplay executable maps only (default: %(default)s)-A--lines-after1Number of pages to display after result (default: %(default)s)-B--lines-before1Number of pages to display before result (default: %(default)s)-C--contextNoneNumber of pages to display around the result--gapsDisplay unmapped memory gap information in the memory map. (default: %(default)s)"},{"location":"commands/memory/xinfo/","title":"Xinfo","text":""},{"location":"commands/memory/xinfo/#xinfo","title":"xinfo","text":""},{"location":"commands/memory/xinfo/#description","title":"Description","text":"Shows offsets of the specified address from various useful locations.
"},{"location":"commands/memory/xinfo/#usage","title":"Usage:","text":"
"},{"location":"commands/memory/xinfo/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: xinfo [-h] [address]\naddressAddress to inspect (default: %(default)s)"},{"location":"commands/memory/xinfo/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/memory/xor/","title":"Xor","text":""},{"location":"commands/memory/xor/#xor","title":"xor","text":""},{"location":"commands/memory/xor/#description","title":"Description","text":"XOR
"},{"location":"commands/memory/xor/#usage","title":"Usage:","text":"countbytes ataddresswith the keykey.
"},{"location":"commands/memory/xor/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: xor [-h] address key count\naddressThe address to start xoring at.keyThe key to use.countThe number of bytes to xor."},{"location":"commands/memory/xor/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/asm/","title":"Asm","text":""},{"location":"commands/misc/asm/#asm","title":"asm","text":""},{"location":"commands/misc/asm/#description","title":"Description","text":"Assemble shellcode into bytes
"},{"location":"commands/misc/asm/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/asm/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: asm [-h] [-f {hex,string}]\n [--arch {powerpc64,aarch64,powerpc,riscv32,riscv64,sparc64,mips64,msp430,alpha,amd64,sparc,thumb,cris,i386,ia64,m68k,mips,s390,none,avr,arm,vax}]\n [-v AVOID] [-n] [-z] [-i INFILE]\n [shellcode ...]\nshellcodeAssembler code to assemble (default: %(default)s)"},{"location":"commands/misc/asm/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-f--formathexOutput format (default: %(default)s)--archNoneTarget architecture-v--avoidNoneEncode the shellcode to avoid the listed bytes (provided as hex)-n--newlineNoneEncode the shellcode to avoid newlines-z--zeroNoneEncode the shellcode to avoid NULL bytes-i--infileNoneSpecify input file"},{"location":"commands/misc/checksec/","title":"Checksec","text":""},{"location":"commands/misc/checksec/#checksec","title":"checksec","text":""},{"location":"commands/misc/checksec/#description","title":"Description","text":"Prints out the binary security settings using
"},{"location":"commands/misc/checksec/#usage","title":"Usage:","text":"checksec.
"},{"location":"commands/misc/checksec/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: checksec [-h] [-f FILE]\n-h--helpshow this help message and exit-f--fileNoneSpecify the file to runchecksecon."},{"location":"commands/misc/comm/","title":"Comm","text":""},{"location":"commands/misc/comm/#comm","title":"comm","text":""},{"location":"commands/misc/comm/#description","title":"Description","text":"Put comments in assembly code.
"},{"location":"commands/misc/comm/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/comm/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: comm [-h] [--addr address] comment\ncommentThe text you want to comment"},{"location":"commands/misc/comm/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--addrNoneAddress to write comments"},{"location":"commands/misc/cyclic/","title":"Cyclic","text":""},{"location":"commands/misc/cyclic/#cyclic","title":"cyclic","text":""},{"location":"commands/misc/cyclic/#description","title":"Description","text":"Cyclic pattern creator/finder.
"},{"location":"commands/misc/cyclic/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/cyclic/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: cyclic [-h] [-a charset] [-n length] [-l lookup_value]\n [count] [filename]\ncountNumber of characters to print from the sequence (default: print the entire sequence) (default: %(default)s)filenameName (path) of the file to save the cyclic pattern to (default: %(default)s)"},{"location":"commands/misc/cyclic/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-a--alphabetabcdefghijklmnopqrstuvwxyzThe alphabet to use in the cyclic pattern (default: %(default)s)-n--lengthNoneSize of the unique subsequences (defaults to the pointer size for the current arch)-o--lookupNoneDo a lookup instead of printing the sequence (accepts constant values as well as expressions)"},{"location":"commands/misc/cymbol/","title":"Cymbol","text":""},{"location":"commands/misc/cymbol/#cymbol","title":"cymbol","text":""},{"location":"commands/misc/cymbol/#description","title":"Description","text":"Add, show, load, edit, or delete custom structures in plain C.
"},{"location":"commands/misc/cymbol/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/cymbol/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: cymbol [-h] [-a name] [-f filepath] [-r name] [-e name] [-l name]\n [-s name]\n-h--helpshow this help message and exit-a--addNoneAdd a new custom structure-f--fileNoneAdd a new custom structure from header file-r--removeNoneRemove an existing custom structure-e--editNoneEdit an existing custom structure-l--loadNoneLoad an existing custom structure-s--showNoneShow the source code of an existing custom structure"},{"location":"commands/misc/down/","title":"Down","text":""},{"location":"commands/misc/down/#down","title":"down","text":""},{"location":"commands/misc/down/#description","title":"Description","text":"Select and print stack frame called by this one.
"},{"location":"commands/misc/down/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/down/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: down [-h] [n]\nnThe number of stack frames to go down. (default: %(default)s)"},{"location":"commands/misc/down/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/dt/","title":"Dt","text":""},{"location":"commands/misc/dt/#dt","title":"dt","text":""},{"location":"commands/misc/dt/#description","title":"Description","text":"
"},{"location":"commands/misc/dt/#usage","title":"Usage:","text":"Dump out information on a type (e.g. ucontext_t).\n\nOptionally overlay that information at an address.\n
"},{"location":"commands/misc/dt/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dt [-h] typename [address]\ntypenameThe name of the structure being dumped. Use quotes if the type contains spaces (e.g. \"struct malloc_state\").addressThe address of the structure."},{"location":"commands/misc/dt/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/dumpargs/","title":"Dumpargs","text":""},{"location":"commands/misc/dumpargs/#dumpargs","title":"dumpargs","text":""},{"location":"commands/misc/dumpargs/#description","title":"Description","text":"Prints determined arguments for call instruction.
"},{"location":"commands/misc/dumpargs/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/dumpargs/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: dumpargs [-h] [-f]\n-h--helpshow this help message and exit-f--forceForce displaying of all arguments. (default: %(default)s)"},{"location":"commands/misc/getfile/","title":"Getfile","text":""},{"location":"commands/misc/getfile/#getfile","title":"getfile","text":""},{"location":"commands/misc/getfile/#description","title":"Description","text":"Gets the current file.
"},{"location":"commands/misc/getfile/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/getfile/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: getfile [-h]\n-h--helpshow this help message and exit"},{"location":"commands/misc/hex2ptr/","title":"Hex2ptr","text":""},{"location":"commands/misc/hex2ptr/#hex2ptr","title":"hex2ptr","text":""},{"location":"commands/misc/hex2ptr/#description","title":"Description","text":"Converts a space-separated hex string to a little-endian address.
"},{"location":"commands/misc/hex2ptr/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/hex2ptr/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: hex2ptr [-h] hex_string\nhex_stringHexadecimal string to convert (e.g., '00 70 75 c1 cd ef 59 00')."},{"location":"commands/misc/hex2ptr/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/hijack-fd/","title":"Hijack fd","text":""},{"location":"commands/misc/hijack-fd/#hijack-fd","title":"hijack-fd","text":""},{"location":"commands/misc/hijack-fd/#description","title":"Description","text":"Replace a file descriptor of a debugged process.
The new file descriptor can point to: - a file - a pipe - a socket - a device, etc.
Examples: 1. Redirect STDOUT to a file:
hijack-fd 1 /dev/null- Redirect STDERR to a socket:
hijack-fd 2 tcp://localhost:8888
"},{"location":"commands/misc/hijack-fd/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: hijack-fd [-h] fdnum newfile\nfdnumFile descriptor (FD) number to be replaced with the specified new socket or file.newfileSpecify a file or a socket. For files, the filename must start with/(e.g.,/etc/passwd). For sockets, the following formats are allowed: -127.0.0.1:80(default is TCP) -tcp://[::1]:80-udp://example.com:80-tcp+ipv6://example.com:80"},{"location":"commands/misc/hijack-fd/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/ipi/","title":"Ipi","text":""},{"location":"commands/misc/ipi/#ipi","title":"ipi","text":""},{"location":"commands/misc/ipi/#description","title":"Description","text":"Start an interactive IPython prompt.
"},{"location":"commands/misc/ipi/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/ipi/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: ipi [-h]\n-h--helpshow this help message and exit"},{"location":"commands/misc/patch-list/","title":"Patch list","text":""},{"location":"commands/misc/patch-list/#patch-list","title":"patch-list","text":""},{"location":"commands/misc/patch-list/#description","title":"Description","text":"List all patches.
"},{"location":"commands/misc/patch-list/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/patch-list/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: patch-list [-h]\n-h--helpshow this help message and exit"},{"location":"commands/misc/patch-revert/","title":"Patch revert","text":""},{"location":"commands/misc/patch-revert/#patch-revert","title":"patch-revert","text":""},{"location":"commands/misc/patch-revert/#description","title":"Description","text":"Revert patch at given address.
"},{"location":"commands/misc/patch-revert/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/patch-revert/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: patch-revert [-h] address\naddressAddress to revert patch on"},{"location":"commands/misc/patch-revert/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/patch/","title":"Patch","text":""},{"location":"commands/misc/patch/#patch","title":"patch","text":""},{"location":"commands/misc/patch/#description","title":"Description","text":"Patches given instruction with given code or bytes.
"},{"location":"commands/misc/patch/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/patch/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: patch [-h] [-q] address ins\naddressThe address to patchinsinstruction[s]"},{"location":"commands/misc/patch/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-q--quietdon't print anything (default: %(default)s)"},{"location":"commands/misc/plist/","title":"Plist","text":""},{"location":"commands/misc/plist/#plist","title":"plist","text":""},{"location":"commands/misc/plist/#description","title":"Description","text":"Dumps the elements of a linked list.
This command traverses the linked list beginning at a given element, dumping its contents and the contents of all the elements that come after it in the list. Traversal is configurable and can handle multiple types of linked lists, but will always stop when a cycle is detected.
The path to the first element can be any GDB expression that evaluates to either the first element directly, or a to pointer to it. The next element is the name of the field containing the next pointer, in either the structure itself or in the structure given by --inner.
An address value may be given with --sentinel that signals the end of the list. By default, the value used is NULL (0).
If only one field inside each node is desired, it can be printed exclusively by specifying its name with --field.
This command supports traversing three types of linked lists, classified by how the next pointer can be found in the structure and what type it is: 1 - Next pointer is field of structure, type is the same as structure. 2 - Next pointer is field of inner nested structure, pointed to type is the same as outer structure. 3 - Next pointer is field of inner nested structure, pointed to type is the same as inner structure. Types 2 and 3 require --inner to be specified.
Example 1:
struct node {\n int value;\n struct node *next;\n};\nstruct node node_c = { 2, NULL };\nstruct node node_b = { 1, &node_c };\nstruct node node_a = { 0, &node_b };\npwndbg> plist node_a next 0x4000011050 : { value = 0, next = 0x4000011040 } 0x4000011040 : { value = 1, next = 0x4000011010 } 0x4000011010 : { value = 2, next = 0x0 }
Example 2:
struct node_inner_a {\n struct node_inner_a *next;\n};\nstruct inner_a_node {\n int value;\n struct node_inner_a inner;\n};\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\npwndbg> plist inner_a_node_a -i inner next 0x4000011070 : { value = 0, inner = { next = 0x4000011068 } } 0x4000011060 : { value = 1, inner = { next = 0x4000011028 } } 0x4000011020 : { value = 2, inner = { next = 0x0 } }
Example 3:
struct inner_b_node;\nstruct node_inner_b {\n struct inner_b_node *next;\n};\nstruct inner_b_node {\n int value;\n struct node_inner_b inner;\n};\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\npwndbg> plist inner_b_node_a -i inner next 0x4000011090 : { value = 0, inner = { next = 0x4000011080 } } 0x4000011080 : { value = 1, inner = { next = 0x4000011030 } } 0x4000011030 : { value = 2, inner = { next = 0x0 } }"},{"location":"commands/misc/plist/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/plist/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: plist [-h] [-s SENTINEL] [-i INNER_NAME] [-f FIELD_NAME] [-o OFFSET]\n [-c COUNT]\n path next\npathThe first element of the linked listnextThe name of the field pointing to the next element in the list"},{"location":"commands/misc/plist/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-s--sentinel0The address that stands in for an end of list marker in a non-cyclic list (default: %(default)s)-i--innerNoneThe name of the inner nested structure where the next pointer is stored-f--fieldNoneThe name of the field to be displayed, if only one is desired-o--offset0The offset of the first list element to display. Defaults to zero. (default: %(default)s)-c--countNoneThe number of elements to display. Defaults to the value of dereference-limit."},{"location":"commands/misc/sigreturn/","title":"Sigreturn","text":""},{"location":"commands/misc/sigreturn/#sigreturn","title":"sigreturn","text":""},{"location":"commands/misc/sigreturn/#description","title":"Description","text":"Display the SigreturnFrame at the specific address
"},{"location":"commands/misc/sigreturn/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/sigreturn/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: sigreturn [-h] [-a] [-p] [address]\naddressThe address to read the frame from"},{"location":"commands/misc/sigreturn/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-a--allShow all values in the frame in addition to common registers (default: %(default)s)-p--printShow addresses of frame values (default: %(default)s)"},{"location":"commands/misc/spray/","title":"Spray","text":""},{"location":"commands/misc/spray/#spray","title":"spray","text":""},{"location":"commands/misc/spray/#description","title":"Description","text":"Spray memory with cyclic() generated values
"},{"location":"commands/misc/spray/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/spray/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: spray [-h] [--value VALUE] [-x] addr [length]\naddrAddress to spraylengthLength of byte sequence, when unspecified sprays until the end of vmmap which address belongs to (default: %(default)s)"},{"location":"commands/misc/spray/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--valueNoneValue to spray memory with, when prefixed with '0x' treated as hex string encoded big-endian-x--only-funcptrsSpray only addresses whose values points to executable pages (default: %(default)s)"},{"location":"commands/misc/tips/","title":"Tips","text":""},{"location":"commands/misc/tips/#tips","title":"tips","text":""},{"location":"commands/misc/tips/#description","title":"Description","text":"Shows tips.
"},{"location":"commands/misc/tips/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/tips/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: tips [-h] [-a]\n-h--helpshow this help message and exit-a--allShow all tips. (default: %(default)s)"},{"location":"commands/misc/up/","title":"Up","text":""},{"location":"commands/misc/up/#up","title":"up","text":""},{"location":"commands/misc/up/#description","title":"Description","text":"Select and print stack frame that called this one.
"},{"location":"commands/misc/up/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/up/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: up [-h] [n]\nnThe number of stack frames to go up. (default: %(default)s)"},{"location":"commands/misc/up/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/valist/","title":"Valist","text":""},{"location":"commands/misc/valist/#valist","title":"valist","text":""},{"location":"commands/misc/valist/#description","title":"Description","text":"Dumps the arguments of a va_list.
"},{"location":"commands/misc/valist/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/valist/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: valist [-h] addr [count]\naddrAddress of the va_listcountNumber of arguments to dump (default: %(default)s)"},{"location":"commands/misc/valist/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/misc/vmmap-load/","title":"Vmmap load","text":""},{"location":"commands/misc/vmmap-load/#vmmap-load","title":"vmmap-load","text":""},{"location":"commands/misc/vmmap-load/#description","title":"Description","text":"Load virtual memory map pages from ELF file.
"},{"location":"commands/misc/vmmap-load/#usage","title":"Usage:","text":"
"},{"location":"commands/misc/vmmap-load/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: vmmap-load [-h] [filename]\nfilenameELF filename, by default uses current loaded filename."},{"location":"commands/misc/vmmap-load/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/process/killthreads/","title":"Killthreads","text":""},{"location":"commands/process/killthreads/#killthreads","title":"killthreads","text":""},{"location":"commands/process/killthreads/#description","title":"Description","text":"Kill all or given threads.
Switches to given threads and calls pthread_exit(0) on them. This is performed with scheduler-locking to prevent other threads from operating at the same time.
Killing all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).
"},{"location":"commands/process/killthreads/#usage","title":"Usage:","text":"
"},{"location":"commands/process/killthreads/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: killthreads [-h] [-a] [thread_ids ...]\nthread_idsThread IDs to kill."},{"location":"commands/process/killthreads/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-a--allKill all threads except the current one. (default: %(default)s)"},{"location":"commands/process/pid/","title":"Pid","text":""},{"location":"commands/process/pid/#pid","title":"pid","text":""},{"location":"commands/process/pid/#description","title":"Description","text":"Gets the pid.
"},{"location":"commands/process/pid/#usage","title":"Usage:","text":"
"},{"location":"commands/process/pid/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: pid [-h]\n-h--helpshow this help message and exit"},{"location":"commands/process/procinfo/","title":"Procinfo","text":""},{"location":"commands/process/procinfo/#procinfo","title":"procinfo","text":""},{"location":"commands/process/procinfo/#description","title":"Description","text":"Display information about the running process.
"},{"location":"commands/process/procinfo/#usage","title":"Usage:","text":"
"},{"location":"commands/process/procinfo/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: procinfo [-h]\n-h--helpshow this help message and exit"},{"location":"commands/pwndbg/bugreport/","title":"Bugreport","text":""},{"location":"commands/pwndbg/bugreport/#bugreport","title":"bugreport","text":""},{"location":"commands/pwndbg/bugreport/#description","title":"Description","text":"Generate a bug report.
"},{"location":"commands/pwndbg/bugreport/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/bugreport/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: bugreport [-h] [--run-browser | --use-gh]\n-h--helpshow this help message and exit-b--run-browserOpen browser on github/issues/new (default: %(default)s)-g--use-ghCreate issue using Github CLI (default: %(default)s)"},{"location":"commands/pwndbg/config/","title":"Config","text":""},{"location":"commands/pwndbg/config/#config","title":"config","text":""},{"location":"commands/pwndbg/config/#description","title":"Description","text":"Shows pwndbg-specific configuration.
"},{"location":"commands/pwndbg/config/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/config/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: config [-h] [filter_pattern]\nfilter_patternFilter to apply to config parameters names/descriptions"},{"location":"commands/pwndbg/config/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/pwndbg/configfile/","title":"Configfile","text":""},{"location":"commands/pwndbg/configfile/#configfile","title":"configfile","text":""},{"location":"commands/pwndbg/configfile/#description","title":"Description","text":"Generates a configuration file for the current pwndbg options.
"},{"location":"commands/pwndbg/configfile/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/configfile/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: configfile [-h] [--show-all]\n-h--helpshow this help message and exit--show-allDisplay all configuration options. (default: %(default)s)"},{"location":"commands/pwndbg/memoize/","title":"Memoize","text":""},{"location":"commands/pwndbg/memoize/#memoize","title":"memoize","text":""},{"location":"commands/pwndbg/memoize/#description","title":"Description","text":"Toggles memoization (caching).
Useful for diagnosing caching-related bugs. Decreases performance.
"},{"location":"commands/pwndbg/memoize/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/memoize/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: memoize [-h]\n-h--helpshow this help message and exit"},{"location":"commands/pwndbg/profiler/","title":"Profiler","text":""},{"location":"commands/pwndbg/profiler/#profiler","title":"profiler","text":""},{"location":"commands/pwndbg/profiler/#description","title":"Description","text":"Utilities for profiling pwndbg.
"},{"location":"commands/pwndbg/profiler/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/profiler/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: profiler [-h] {start,stop} ...\ncommandNone"},{"location":"commands/pwndbg/profiler/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/pwndbg/pwndbg/","title":"Pwndbg","text":""},{"location":"commands/pwndbg/pwndbg/#pwndbg","title":"pwndbg","text":""},{"location":"commands/pwndbg/pwndbg/#description","title":"Description","text":"Prints out a list of all pwndbg commands.
"},{"location":"commands/pwndbg/pwndbg/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/pwndbg/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: pwndbg [-h] [--shell | --all] [-c CATEGORY_ | --list-categories]\n [filter_pattern]\nfilter_patternFilter to apply to commands names/docs"},{"location":"commands/pwndbg/pwndbg/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--shellOnly display shell commands (default: %(default)s)--allOnly display shell commands (default: %(default)s)-c--categoryNoneFilter commands by category--list-categoriesList command categories (default: %(default)s)"},{"location":"commands/pwndbg/reinit-pwndbg/","title":"Reinit pwndbg","text":""},{"location":"commands/pwndbg/reinit-pwndbg/#reinit-pwndbg","title":"reinit-pwndbg","text":""},{"location":"commands/pwndbg/reinit-pwndbg/#description","title":"Description","text":"Makes pwndbg reinitialize all state.
"},{"location":"commands/pwndbg/reinit-pwndbg/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/reinit-pwndbg/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: reinit-pwndbg [-h]\n-h--helpshow this help message and exit"},{"location":"commands/pwndbg/reload/","title":"Reload","text":""},{"location":"commands/pwndbg/reload/#reload","title":"reload","text":""},{"location":"commands/pwndbg/reload/#description","title":"Description","text":"Reload pwndbg.
"},{"location":"commands/pwndbg/reload/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/reload/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: reload [-h]\n-h--helpshow this help message and exit"},{"location":"commands/pwndbg/theme/","title":"Theme","text":""},{"location":"commands/pwndbg/theme/#theme","title":"theme","text":""},{"location":"commands/pwndbg/theme/#description","title":"Description","text":"Shows pwndbg-specific theme configuration.
"},{"location":"commands/pwndbg/theme/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/theme/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: theme [-h] [filter_pattern]\nfilter_patternFilter to apply to theme parameters names/descriptions"},{"location":"commands/pwndbg/theme/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/pwndbg/themefile/","title":"Themefile","text":""},{"location":"commands/pwndbg/themefile/#themefile","title":"themefile","text":""},{"location":"commands/pwndbg/themefile/#description","title":"Description","text":"Generates a configuration file for the current pwndbg theme options.
"},{"location":"commands/pwndbg/themefile/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/themefile/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: themefile [-h] [--show-all]\n-h--helpshow this help message and exit--show-allForce displaying of all theme options. (default: %(default)s)"},{"location":"commands/pwndbg/version/","title":"Version","text":""},{"location":"commands/pwndbg/version/#version","title":"version","text":""},{"location":"commands/pwndbg/version/#description","title":"Description","text":"Displays Pwndbg and its important deps versions.
"},{"location":"commands/pwndbg/version/#usage","title":"Usage:","text":"
"},{"location":"commands/pwndbg/version/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: version [-h]\n-h--helpshow this help message and exit"},{"location":"commands/register/cpsr/","title":"Cpsr","text":""},{"location":"commands/register/cpsr/#cpsr","title":"cpsr","text":""},{"location":"commands/register/cpsr/#description","title":"Description","text":"Print out ARM CPSR or xPSR register.
"},{"location":"commands/register/cpsr/#usage","title":"Usage:","text":"
"},{"location":"commands/register/cpsr/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: cpsr [-h] [cpsr_value]\ncpsr_valueParse the given CPSR value instead of the actual one."},{"location":"commands/register/cpsr/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/register/fsbase/","title":"Fsbase","text":""},{"location":"commands/register/fsbase/#fsbase","title":"fsbase","text":""},{"location":"commands/register/fsbase/#description","title":"Description","text":"Prints out the FS base address. See also $fsbase.
"},{"location":"commands/register/fsbase/#usage","title":"Usage:","text":"
"},{"location":"commands/register/fsbase/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: fsbase [-h]\n-h--helpshow this help message and exit"},{"location":"commands/register/gsbase/","title":"Gsbase","text":""},{"location":"commands/register/gsbase/#gsbase","title":"gsbase","text":""},{"location":"commands/register/gsbase/#description","title":"Description","text":"Prints out the GS base address. See also $gsbase.
"},{"location":"commands/register/gsbase/#usage","title":"Usage:","text":"
"},{"location":"commands/register/gsbase/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: gsbase [-h]\n-h--helpshow this help message and exit"},{"location":"commands/register/setflag/","title":"Setflag","text":""},{"location":"commands/register/setflag/#setflag","title":"setflag","text":""},{"location":"commands/register/setflag/#description","title":"Description","text":"Modify the flags register.
"},{"location":"commands/register/setflag/#usage","title":"Usage:","text":"
"},{"location":"commands/register/setflag/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: setflag [-h] flag value\nflagFlag for which you want to change the valuevalueValue to which you want to set the flag - only valid options are 0 and 1"},{"location":"commands/register/setflag/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/stack/canary/","title":"Canary","text":""},{"location":"commands/stack/canary/#canary","title":"canary","text":""},{"location":"commands/stack/canary/#description","title":"Description","text":"Print out the current stack canary.
"},{"location":"commands/stack/canary/#usage","title":"Usage:","text":"
"},{"location":"commands/stack/canary/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: canary [-h] [-a]\n-h--helpshow this help message and exit-a--allPrint out stack canaries for all threads instead of the current thread only. (default: %(default)s)"},{"location":"commands/stack/retaddr/","title":"Retaddr","text":""},{"location":"commands/stack/retaddr/#retaddr","title":"retaddr","text":""},{"location":"commands/stack/retaddr/#description","title":"Description","text":"Print out the stack addresses that contain return addresses.
"},{"location":"commands/stack/retaddr/#usage","title":"Usage:","text":"
"},{"location":"commands/stack/retaddr/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: retaddr [-h]\n-h--helpshow this help message and exit"},{"location":"commands/stack/stack-explore/","title":"Stack explore","text":""},{"location":"commands/stack/stack-explore/#stack-explore","title":"stack-explore","text":""},{"location":"commands/stack/stack-explore/#description","title":"Description","text":"Explore stack from all threads.
"},{"location":"commands/stack/stack-explore/#usage","title":"Usage:","text":"
"},{"location":"commands/stack/stack-explore/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: stack-explore [-h]\n-h--helpshow this help message and exit"},{"location":"commands/stack/stack/","title":"Stack","text":""},{"location":"commands/stack/stack/#stack","title":"stack","text":""},{"location":"commands/stack/stack/#description","title":"Description","text":"Dereferences on stack data with specified count and offset.
"},{"location":"commands/stack/stack/#usage","title":"Usage:","text":"
"},{"location":"commands/stack/stack/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: stack [-h] [-f] [-i] [count] [offset]\ncountnumber of element to dump (default: %(default)s)offsetElement offset from $sp (support negative offset) (default: %(default)s)"},{"location":"commands/stack/stack/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit-f--frameShow the stack frame, from rsp to rbp (default: %(default)s)-i--inverseShow reverse stack growth (default: %(default)s)"},{"location":"commands/stack/stackf/","title":"Stackf","text":""},{"location":"commands/stack/stackf/#stackf","title":"stackf","text":""},{"location":"commands/stack/stackf/#description","title":"Description","text":"Dereferences on stack data, printing the entire stack frame with specified count and offset .
"},{"location":"commands/stack/stackf/#usage","title":"Usage:","text":"
"},{"location":"commands/stack/stackf/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: stackf [-h] [count] [offset]\ncountnumber of element to dump (default: %(default)s)offsetElement offset from $sp (support negative offset) (default: %(default)s)"},{"location":"commands/stack/stackf/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/start/attachp/","title":"Attachp","text":""},{"location":"commands/start/attachp/#attachp","title":"attachp","text":""},{"location":"commands/start/attachp/#description","title":"Description","text":"Attaches to a given pid, process name, process found with partial argv match or to a device file.
This command wraps the original GDB
attachcommand to add the ability to debug a process with a given name or partial name match. In such cases, the process identifier is fetched via thepidof <name>command first. If no matches are found, then it uses theps -eo pid,argscommand to search for partial name matches.Original GDB attach command help: Attach to a process or file outside of GDB. This command attaches to another target, of the same type as your last \"target\" command (\"info files\" will show your target stack). The command may take as argument a process id or a device file. For a process id, you must have permission to send the process a signal, and it must have the same effective uid as the debugger. When using \"attach\" with a process id, the debugger finds the program running in the process, looking first in the current working directory, or (if not found there) using the source file search path (see the \"directory\" command). You can also use the \"file\" command to specify the program, and to load its symbol table.
"},{"location":"commands/start/attachp/#usage","title":"Usage:","text":"
"},{"location":"commands/start/attachp/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: attachp [-h] [--no-truncate] [--retry] [--user USER] [-e] [-a] [target]\ntargetpid, process name, part of cmdline to be matched or device file to attach to (uses current loaded file name if not provided)"},{"location":"commands/start/attachp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit--no-truncatedont truncate command args (default: %(default)s)--retryretry until a target is found (default: %(default)s)--userNoneusername or uid to filter by-e--exactget the pid only for an exact command name match (default: %(default)s)-a--allget pids also for partial cmdline matches etc (default: %(default)s)"},{"location":"commands/start/entry/","title":"Entry","text":""},{"location":"commands/start/entry/#entry","title":"entry","text":""},{"location":"commands/start/entry/#description","title":"Description","text":"Start the debugged program stopping at its entrypoint address.
Note that the entrypoint may not be the first instruction executed by the program. If you want to stop on the first executed instruction, use the GDB's
starticommand.Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable). Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
With no arguments, uses arguments last specified (with \"run\" or \"set args\"). To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
To start the inferior without using a shell, use \"set startup-with-shell off\".
"},{"location":"commands/start/entry/#usage","title":"Usage:","text":"
"},{"location":"commands/start/entry/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: entry [-h] [args ...]\nargsThe arguments to run the binary with."},{"location":"commands/start/entry/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/start/sstart/","title":"Sstart","text":""},{"location":"commands/start/sstart/#sstart","title":"sstart","text":""},{"location":"commands/start/sstart/#description","title":"Description","text":"Alias for 'tbreak __libc_start_main; run'.
"},{"location":"commands/start/sstart/#usage","title":"Usage:","text":"
"},{"location":"commands/start/sstart/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: sstart [-h]\n-h--helpshow this help message and exit"},{"location":"commands/start/start/","title":"Start","text":""},{"location":"commands/start/start/#start","title":"start","text":""},{"location":"commands/start/start/#description","title":"Description","text":"Start the debugged program stopping at the first convenient location from this list: main, _main, start, _start, init or _init. You may specify arguments to give it.
Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable). Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
With no arguments, uses arguments last specified (with \"run\" or \"set args\"). To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
To start the inferior without using a shell, use \"set startup-with-shell off\".
"},{"location":"commands/start/start/#usage","title":"Usage:","text":"
"},{"location":"commands/start/start/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: start [-h] [args ...]\nargsThe arguments to run the binary with."},{"location":"commands/start/start/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/nextcall/","title":"Nextcall","text":""},{"location":"commands/step_next_continue/nextcall/#nextcall","title":"nextcall","text":""},{"location":"commands/step_next_continue/nextcall/#description","title":"Description","text":"Breaks at the next call instruction.
"},{"location":"commands/step_next_continue/nextcall/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/nextcall/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: nextcall [-h] [symbol_regex]\nsymbol_regexA regex matching the name of next symbol to be broken on before calling."},{"location":"commands/step_next_continue/nextcall/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/nextjmp/","title":"Nextjmp","text":""},{"location":"commands/step_next_continue/nextjmp/#nextjmp","title":"nextjmp","text":""},{"location":"commands/step_next_continue/nextjmp/#description","title":"Description","text":"Breaks at the next jump instruction.
"},{"location":"commands/step_next_continue/nextjmp/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/nextjmp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: nextjmp [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/nextproginstr/","title":"Nextproginstr","text":""},{"location":"commands/step_next_continue/nextproginstr/#nextproginstr","title":"nextproginstr","text":""},{"location":"commands/step_next_continue/nextproginstr/#description","title":"Description","text":"Breaks at the next instruction that belongs to the running program.
"},{"location":"commands/step_next_continue/nextproginstr/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/nextproginstr/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: nextproginstr [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/nextret/","title":"Nextret","text":""},{"location":"commands/step_next_continue/nextret/#nextret","title":"nextret","text":""},{"location":"commands/step_next_continue/nextret/#description","title":"Description","text":"Breaks at next return-like instruction.
"},{"location":"commands/step_next_continue/nextret/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/nextret/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: nextret [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/nextsyscall/","title":"Nextsyscall","text":""},{"location":"commands/step_next_continue/nextsyscall/#nextsyscall","title":"nextsyscall","text":""},{"location":"commands/step_next_continue/nextsyscall/#description","title":"Description","text":"Breaks at the next syscall not taking branches.
"},{"location":"commands/step_next_continue/nextsyscall/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/nextsyscall/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: nextsyscall [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/stepover/","title":"Stepover","text":""},{"location":"commands/step_next_continue/stepover/#stepover","title":"stepover","text":""},{"location":"commands/step_next_continue/stepover/#description","title":"Description","text":"Breaks on the instruction after this one.
"},{"location":"commands/step_next_continue/stepover/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/stepover/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: stepover [-h] [addr]\naddrThe address to break after."},{"location":"commands/step_next_continue/stepover/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/stepret/","title":"Stepret","text":""},{"location":"commands/step_next_continue/stepret/#stepret","title":"stepret","text":""},{"location":"commands/step_next_continue/stepret/#description","title":"Description","text":"Breaks at next return-like instruction by 'stepping' to it.
"},{"location":"commands/step_next_continue/stepret/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/stepret/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: stepret [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/stepsyscall/","title":"Stepsyscall","text":""},{"location":"commands/step_next_continue/stepsyscall/#stepsyscall","title":"stepsyscall","text":""},{"location":"commands/step_next_continue/stepsyscall/#description","title":"Description","text":"Breaks at the next syscall by taking branches.
"},{"location":"commands/step_next_continue/stepsyscall/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/stepsyscall/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: stepsyscall [-h]\n-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/stepuntilasm/","title":"Stepuntilasm","text":""},{"location":"commands/step_next_continue/stepuntilasm/#stepuntilasm","title":"stepuntilasm","text":""},{"location":"commands/step_next_continue/stepuntilasm/#description","title":"Description","text":"Breaks on the next matching instruction.
"},{"location":"commands/step_next_continue/stepuntilasm/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/stepuntilasm/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: stepuntilasm [-h] mnemonic [op_str ...]\nmnemonicThe mnemonic of the instructionop_strThe operands of the instruction"},{"location":"commands/step_next_continue/stepuntilasm/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/step_next_continue/xuntil/","title":"Xuntil","text":""},{"location":"commands/step_next_continue/xuntil/#xuntil","title":"xuntil","text":""},{"location":"commands/step_next_continue/xuntil/#description","title":"Description","text":"Continue execution until an address or expression.
"},{"location":"commands/step_next_continue/xuntil/#usage","title":"Usage:","text":"
"},{"location":"commands/step_next_continue/xuntil/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: xuntil [-h] target\ntargetLocation to stop execution at"},{"location":"commands/step_next_continue/xuntil/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/bc/","title":"Bc","text":""},{"location":"commands/windbg/bc/#bc","title":"bc","text":""},{"location":"commands/windbg/bc/#description","title":"Description","text":"Clear the breakpoint with the specified index.
"},{"location":"commands/windbg/bc/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/bc/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: bc [-h] [which]\nwhichIndex of the breakpoint to clear. (default: %(default)s)"},{"location":"commands/windbg/bc/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/bd/","title":"Bd","text":""},{"location":"commands/windbg/bd/#bd","title":"bd","text":""},{"location":"commands/windbg/bd/#description","title":"Description","text":"Disable the breakpoint with the specified index.
"},{"location":"commands/windbg/bd/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/bd/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: bd [-h] [which]\nwhichIndex of the breakpoint to disable. (default: %(default)s)"},{"location":"commands/windbg/bd/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/be/","title":"Be","text":""},{"location":"commands/windbg/be/#be","title":"be","text":""},{"location":"commands/windbg/be/#description","title":"Description","text":"Enable the breakpoint with the specified index.
"},{"location":"commands/windbg/be/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/be/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: be [-h] [which]\nwhichIndex of the breakpoint to enable. (default: %(default)s)"},{"location":"commands/windbg/be/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/bl/","title":"Bl","text":""},{"location":"commands/windbg/bl/#bl","title":"bl","text":""},{"location":"commands/windbg/bl/#description","title":"Description","text":"List breakpoints.
"},{"location":"commands/windbg/bl/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/bl/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: bl [-h]\n-h--helpshow this help message and exit"},{"location":"commands/windbg/bp/","title":"Bp","text":""},{"location":"commands/windbg/bp/#bp","title":"bp","text":""},{"location":"commands/windbg/bp/#description","title":"Description","text":"Set a breakpoint at the specified address.
"},{"location":"commands/windbg/bp/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/bp/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: bp [-h] where\nwhereThe address to break at."},{"location":"commands/windbg/bp/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/da/","title":"Da","text":""},{"location":"commands/windbg/da/#da","title":"da","text":""},{"location":"commands/windbg/da/#description","title":"Description","text":"Dump a string at the specified address.
"},{"location":"commands/windbg/da/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/da/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: da [-h] address [max]\naddressAddress to dumpmaxMaximum string length (default: %(default)s)"},{"location":"commands/windbg/da/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/db/","title":"Db","text":""},{"location":"commands/windbg/db/#db","title":"db","text":""},{"location":"commands/windbg/db/#description","title":"Description","text":"Starting at the specified address, dump N bytes.
"},{"location":"commands/windbg/db/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/db/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: db [-h] address [count]\naddressThe address to dump from.countThe number of bytes to dump. (default: %(default)s)"},{"location":"commands/windbg/db/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/dc/","title":"Dc","text":""},{"location":"commands/windbg/dc/#dc","title":"dc","text":""},{"location":"commands/windbg/dc/#description","title":"Description","text":"Starting at the specified address, hexdump.
"},{"location":"commands/windbg/dc/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/dc/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dc [-h] address [count]\naddressThe address to dump from.countThe number of bytes to hexdump. (default: %(default)s)"},{"location":"commands/windbg/dc/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/dd/","title":"Dd","text":""},{"location":"commands/windbg/dd/#dd","title":"dd","text":""},{"location":"commands/windbg/dd/#description","title":"Description","text":"Starting at the specified address, dump N dwords.
"},{"location":"commands/windbg/dd/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/dd/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dd [-h] address [count]\naddressThe address to dump from.countThe number of dwords to dump. (default: %(default)s)"},{"location":"commands/windbg/dd/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/dds/","title":"Dds","text":""},{"location":"commands/windbg/dds/#dds","title":"dds","text":""},{"location":"commands/windbg/dds/#description","title":"Description","text":"Dump pointers and symbols at the specified address.
"},{"location":"commands/windbg/dds/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/dds/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dds [-h] addr\naddrThe address to dump from."},{"location":"commands/windbg/dds/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/dq/","title":"Dq","text":""},{"location":"commands/windbg/dq/#dq","title":"dq","text":""},{"location":"commands/windbg/dq/#description","title":"Description","text":"Starting at the specified address, dump N qwords.
"},{"location":"commands/windbg/dq/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/dq/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dq [-h] address [count]\naddressThe address to dump from.countThe number of qwords to dump. (default: %(default)s)"},{"location":"commands/windbg/dq/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/ds/","title":"Ds","text":""},{"location":"commands/windbg/ds/#ds","title":"ds","text":""},{"location":"commands/windbg/ds/#description","title":"Description","text":"Dump a string at the specified address.
"},{"location":"commands/windbg/ds/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/ds/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ds [-h] address [max]\naddressAddress to dumpmaxMaximum string length (default: %(default)s)"},{"location":"commands/windbg/ds/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/dw/","title":"Dw","text":""},{"location":"commands/windbg/dw/#dw","title":"dw","text":""},{"location":"commands/windbg/dw/#description","title":"Description","text":"Starting at the specified address, dump N words.
"},{"location":"commands/windbg/dw/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/dw/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: dw [-h] address [count]\naddressThe address to dump from.countThe number of words to dump. (default: %(default)s)"},{"location":"commands/windbg/dw/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/eb/","title":"Eb","text":""},{"location":"commands/windbg/eb/#eb","title":"eb","text":""},{"location":"commands/windbg/eb/#description","title":"Description","text":"Write hex bytes at the specified address.
"},{"location":"commands/windbg/eb/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/eb/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: eb [-h] address [data ...]\naddressThe address to write to.dataThe bytes to write."},{"location":"commands/windbg/eb/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/ed/","title":"Ed","text":""},{"location":"commands/windbg/ed/#ed","title":"ed","text":""},{"location":"commands/windbg/ed/#description","title":"Description","text":"Write hex dwords at the specified address.
"},{"location":"commands/windbg/ed/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/ed/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ed [-h] address [data ...]\naddressThe address to write to.dataThe dwords to write."},{"location":"commands/windbg/ed/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/eq/","title":"Eq","text":""},{"location":"commands/windbg/eq/#eq","title":"eq","text":""},{"location":"commands/windbg/eq/#description","title":"Description","text":"Write hex qwords at the specified address.
"},{"location":"commands/windbg/eq/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/eq/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: eq [-h] address [data ...]\naddressThe address to write to.dataThe qwords to write."},{"location":"commands/windbg/eq/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/ew/","title":"Ew","text":""},{"location":"commands/windbg/ew/#ew","title":"ew","text":""},{"location":"commands/windbg/ew/#description","title":"Description","text":"Write hex words at the specified address.
"},{"location":"commands/windbg/ew/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/ew/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ew [-h] address [data ...]\naddressThe address to write to.dataThe words to write."},{"location":"commands/windbg/ew/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/ez/","title":"Ez","text":""},{"location":"commands/windbg/ez/#ez","title":"ez","text":""},{"location":"commands/windbg/ez/#description","title":"Description","text":"Write a string at the specified address.
"},{"location":"commands/windbg/ez/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/ez/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ez [-h] address data\naddressThe address to write to.dataThe string to write."},{"location":"commands/windbg/ez/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/eza/","title":"Eza","text":""},{"location":"commands/windbg/eza/#eza","title":"eza","text":""},{"location":"commands/windbg/eza/#description","title":"Description","text":"Write a string at the specified address.
"},{"location":"commands/windbg/eza/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/eza/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: eza [-h] address data\naddressThe address to write to.dataThe string to write."},{"location":"commands/windbg/eza/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/go/","title":"Go","text":""},{"location":"commands/windbg/go/#go","title":"go","text":""},{"location":"commands/windbg/go/#description","title":"Description","text":"Windbg compatibility alias for 'continue' command.
"},{"location":"commands/windbg/go/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/go/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: go [-h]\n-h--helpshow this help message and exit"},{"location":"commands/windbg/k/","title":"K","text":""},{"location":"commands/windbg/k/#k","title":"k","text":""},{"location":"commands/windbg/k/#description","title":"Description","text":"Print a backtrace (alias 'bt').
"},{"location":"commands/windbg/k/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/k/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: k [-h]\n-h--helpshow this help message and exit"},{"location":"commands/windbg/ln/","title":"Ln","text":""},{"location":"commands/windbg/ln/#ln","title":"ln","text":""},{"location":"commands/windbg/ln/#description","title":"Description","text":"List the symbols nearest to the provided value.
"},{"location":"commands/windbg/ln/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/ln/#positional-arguments","title":"Positional Arguments","text":"Positional Argument Helpusage: ln [-h] [value]\nvalueThe address you want the name of."},{"location":"commands/windbg/ln/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Help-h--helpshow this help message and exit"},{"location":"commands/windbg/pc/","title":"Pc","text":""},{"location":"commands/windbg/pc/#pc","title":"pc","text":""},{"location":"commands/windbg/pc/#description","title":"Description","text":"Windbg compatibility alias for 'nextcall' command.
"},{"location":"commands/windbg/pc/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/pc/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: pc [-h]\n-h--helpshow this help message and exit"},{"location":"commands/windbg/peb/","title":"Peb","text":""},{"location":"commands/windbg/peb/#peb","title":"peb","text":""},{"location":"commands/windbg/peb/#description","title":"Description","text":"Not be windows.
"},{"location":"commands/windbg/peb/#usage","title":"Usage:","text":"
"},{"location":"commands/windbg/peb/#optional-arguments","title":"Optional Arguments","text":"Short Long Default Helpusage: peb [-h]\n-h--helpshow this help message and exit"},{"location":"misc/binja_integration/","title":"Integrating Binary Ninja with pwndbg","text":""},{"location":"misc/binja_integration/#requirements","title":"Requirements","text":"You need at least the personal edition of Binary Ninja (only tested on version 4.0+) that runs at least Python 3.10 for plugins.
"},{"location":"misc/binja_integration/#setup","title":"Setup","text":"Copy (or symlink)
"},{"location":"misc/binja_integration/#usage","title":"Usage","text":"binja_script.pyto your plugins directory.To start the Binary Ninja integration, open the binary you want to debug in Binary Ninja, then go to
Plugins > pwndbg > Start integration on current view. This will start the XMLRPC server that pwndbg queries for information.Then, inside GDB, run
"},{"location":"misc/binja_integration/#features","title":"Features","text":"set integration-provider binja, which will start the integration. You can runset integration-provider noneto disable it again.The integration currently syncs symbol names, comments, decompilation, function type signatures, and stack variables.
"},{"location":"misc/binja_integration/#commands","title":"Commands","text":"bn-sync: Navigate the Binary Ninja view to the current instructiondecomp ADDR NLINES: Displays the decompilation forNLINESlines at addressADDR.
bn-autosync: If set toyes, every step will automatically runbn-syncbn-il-level: Sets the IL level to use for decompilation. Valid values are:disasm,llil,mlil,hlilbn-rpc-host/bn-rpc-port: The host and port to connect to for the XMLRPC serverbn-timeout: The amount, in seconds, to wait for the XMLRPC server to connect
Pwndbg relies on several environment variables to customize its behavior. Below is a list of these variables and their purposes:
PATH: Standard systemPATHvariable used to locate executables.EDITOR,VISUAL: Used by thecymbolcommand to open an editor.HOME,XDG_CACHE_HOME: Used bylib.tempfileto determine temporary file locations.PWNDBG_VENV_PATH: Specifies the virtual environment path for Pwndbg.PWNDBG_DISABLE_COLORS: Disables colored output in Pwndbg.PWNDBG_LOGLEVEL: Initial log level to use for log messages.OPENAI_API_KEY,ANTHROPIC_API_KEY: Used by theaicommand for accessing respective AI APIs.GITHUB_ACTIONS,RUN_FLAKY: Used bytests_commands.pyto determine the test environment.PWNDBG_PROFILE: Enables profiling for benchmarking.USE_PDB: Enables Python debugger in tests.PWNDBG_LAUNCH_TEST: Used by tests to configure test launching.PWNDBG_ARCH,PWNDBG_KERNEL_TYPE,PWNDBG_KERNEL_VERSION: Used bygdblibkernel tests to specify kernel parameters.SPHINX: Used bydocs/source/conf.py, likely to be removed.PWNLIB_NOTERM=1: Set by Pwndbg to avoid terminal issues with Pwntools.
The
go-dumpcommand can be used to dump Go values during debugging. It takes the formgo-dump type address_expression, and supports many different types with the same syntax as Go: - Integer types:int,int8,int16,int32,int64,int128, and theiruintcounterparts - Misc types:bool,rune,uintptr,string- Floating point types:float32,float64- Complex numbers:complex64,complex128- Interface types:anyforinterface{}(the empty interface), andinterfacefor all non-empty interfaces - Function types:funcptrfor all function types - Pointers:*ELEM- Slices:[]ELEM- Arrays:[LEN]ELEM- Maps:map[KEY][VAL](note that maps in Go are actually pointers to the map, whereas this map is the inner map, so you may need to use*map[KEY]VALto dump a map)Struct types are also supported, but the syntax is slightly different from Go in order to avoid having to compute offsets (and also to support only having partial field information on structs). Struct types are notated as
OFFSET:FIELD_NAME:TYPEtriples separated by semicolons then enclosed withstruct(SIZE){}, e.g.struct(24){0:foo:string;16:bar:int64}to represent the 24-byte Go structstruct { foo string; bar int64 }.Example:
pwndbg> go-dump map[string]int 0xc0000b20f0\n{\"a\": 1, \"b\": 2, \"c\": 3}\n\npwndbg> go-dump any 0xc0000ace40\n([]struct { a int; b string }) [struct {a: 1, b: \"first\"}, struct {a: 2, b: \"second\"}]\n\npwndbg> go-dump struct(24){0:a:int;8:b:string} 0xc000108120\nstruct {a: 1, b: \"first\"}\nSome notable flags include
"},{"location":"misc/go_debugging/#runtime-type-parsing","title":"Runtime Type Parsing","text":"-pto enable pretty printing,-xto display integers in hex,-f DECIMALSto set the number of decimals used to display floats,-dto enable debug printing, which displays memory addresses of everything shown in the dump.Go's compiler emits type objects for every single type used by the program. This is what enables dumping interface values with
go-dumpwithout having to specify any additional type information, and can also be leveraged to dump non-interface values if the type can be located. A good way to locate types is by finding the type pointer passed into heap allocation functions likeruntime.newobjectorruntime.makeslice.After finding the type pointer, the
go-typecommand can be used to inspect a type:pwndbg> go-type 0x49fbc0\n Name: struct { a int; b string }\n Kind: STRUCT\n Size: 24 (0x18)\nAlign: 8\nParse: struct(24){0:a:int;8:b:string}\nField a:\n Offset: 0 (0x0)\n Type name: int\n Type addr: 0x498ce0\nField b:\n Offset: 8 (0x8)\n Type name: string\n Type addr: 0x498aa0\nThe
go-dumpcommand can also take an address to a type instead of the name of a type:
"},{"location":"misc/pycharm_debugging/","title":"Debugging with PyCharm","text":"pwndbg> go-dump 0x49fbc0 0xc000108120\nstruct {a: 1, b: \"first\"}\nIn order to debug code with PyCharm you need to configure remote debugging.
PyCharm will start a remote debugging server which will listen for connections and pwndbg will then connect to that server, on startup.
"},{"location":"misc/pycharm_debugging/#configuring-the-debugging-server","title":"Configuring the debugging server","text":"Select
Run -> Edit Configurationsand follow the instructions there :)- Create a new server with the
+button. - Put your IP in
IDE host nameand select a port number. - Optionally, add a path mapping:
pycharm/pwndbg/dir=machine/pwndbg/dir - Uncheck
suspend after connect
- Select
Run -> Edit Configurationsand install the packages described in that window. pip install pydevd-pycharm~=<your_pycharm_version>- Add the following code somewhere where it will execute on gdb startup:
import pydevd_pycharm\npydevd_pycharm.settrace('<your_IP>', port=<port>, stdoutToServer=True, stderrToServer=True)\n
- Start the debugging server in PyCharm
- Run pwndbg
In order to debug using WSL2, you need to obtain your Windows IP. The easiest way to do that is to run:
and then to pick the value in thecat /etc/resolv.conf\nnameserverline. Then use that IP in theIDE host namefield, when configuring the server. Afterwards, use the same IP inpydevd_pycharm.settrace(...)"},{"location":"reference/pwndbg/","title":"pwndbg","text":""},{"location":"reference/pwndbg/#pwndbg","title":"pwndbg","text":"Modules:
-
aglib\u2013 -
arguments\u2013Allows describing functions, specifically enumerating arguments which
-
auxv\u2013 -
chain\u2013 -
color\u2013 -
commands\u2013 -
dbg\u2013The abstracted debugger interface.
-
decorators\u2013 -
emu\u2013 -
enhance\u2013Given an address in memory which does not contain a pointer elsewhere
-
exception\u2013 -
gdblib\u2013 -
ghidra\u2013 -
glibc\u2013Get information about the GLibc
-
hexdump\u2013Hexdump implementation, ~= stolen from pwntools.
-
integration\u2013 -
lib\u2013 -
log\u2013 -
profiling\u2013 -
radare2\u2013 -
rizin\u2013 -
search\u2013Search the address space for byte patterns.
-
ui\u2013A few helpers for making things print pretty-like.
-
wrappers\u2013
Attributes:
-
config(Config) \u2013 -
__version__\u2013 -
version\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/#pwndbg.__version__","title":"__version__config: Config = Config()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/#pwndbg.version","title":"version__version__ = __version__\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/","title":"pwndbg.aglib","text":""},{"location":"reference/pwndbg/aglib/#pwndbg.aglib","title":"aglib","text":"version = __version__\nModules:
-
arch\u2013 -
argv\u2013 -
ctypes\u2013On-the-fly endianness switching for ctypes structures.
-
disasm\u2013Functionality for disassmebling code at an address, or at an
-
dt\u2013Prints structures in a manner similar to Windbg's \"dt\" command.
-
dynamic\u2013Dynamic linking interface.
-
elf\u2013This file declares types and methods useful for enumerating
-
file\u2013Retrieve files from the debuggee's filesystem. Useful when
-
godbg\u2013 -
heap\u2013 -
kernel\u2013 -
memory\u2013 -
nearpc\u2013 -
next\u2013Commands for setting temporary breakpoints on the next
-
onegadget\u2013 -
proc\u2013Provides values which would be available from /proc which
-
qemu\u2013Determine whether the target is being run under QEMU.
-
regs\u2013Reading register value from the inferior, and provides a
-
remote\u2013Information about whether the debuggee is local (under GDB) or remote
-
shellcode\u2013Shellcode
-
stack\u2013Helpers for finding address mappings which are used as a stack.
-
strings\u2013Functionality for resolving ASCII printable strings within
-
symbol\u2013Looking up addresses for function names / symbols, and
-
tls\u2013Getting Thread Local Storage (TLS) information.
-
typeinfo\u2013Common types.
-
vmmap\u2013 -
vmmap_custom\u2013
Functions:
-
load_aglib\u2013
"},{"location":"reference/pwndbg/aglib/arch/","title":"pwndbg.aglib.arch","text":""},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch","title":"arch","text":"load_aglib()\nFunctions:
-
read_thumb_bit\u2013Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
-
get_thumb_mode_string\u2013 -
update\u2013
Attributes:
-
arch(Arch) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.read_thumb_bit","title":"read_thumb_bit","text":"arch: Arch = Arch('i386', 4, 'little')\nread_thumb_bit() -> int | None\nReturn 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.get_thumb_mode_string","title":"get_thumb_mode_string","text":"
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.update","title":"update","text":"get_thumb_mode_string() -> Literal['arm', 'thumb'] | None\n
"},{"location":"reference/pwndbg/aglib/argv/","title":"pwndbg.aglib.argv","text":""},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv","title":"argv","text":"update() -> None\nFunctions:
-
update\u2013 -
update_state\u2013 -
argc\u2013 -
argv\u2013 -
envc\u2013 -
envp\u2013 -
environ\u2013
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.update_state","title":"update_state","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argc","title":"argc","text":"update_state() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argv","title":"argv","text":"argc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envc","title":"envc","text":"argv(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envp","title":"envp","text":"envc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.environ","title":"environ","text":"envp(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/ctypes/","title":"pwndbg.aglib.ctypes","text":""},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes","title":"ctypes","text":"environ(name: str) -> Value | None\nOn-the-fly endianness switching for ctypes structures.
We cannot make use of ctypes.LittleEndianStructure and ctypes.BigEndianStructure, since these use metaclass hooks to catch fields being set when the class is declared.
We need to catch on the fly. We do this by swapping out the base classes of the Structure type, and incurring a performance penalty for foreign-endianness targets.
Functions:
-
update\u2013
Attributes:
-
module\u2013 -
Structure\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.Structure","title":"Structuremodule = modules[__name__]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.update","title":"update","text":"Structure = LittleEndianStructure\n
"},{"location":"reference/pwndbg/aglib/disasm/","title":"pwndbg.aglib.disasm","text":""},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm","title":"disasm","text":"update() -> None\nFunctionality for disassmebling code at an address, or at an address \u00b1 a few instructions.
Modules:
-
aarch64\u2013 -
arch\u2013 -
arm\u2013 -
instruction\u2013 -
mips\u2013 -
ppc\u2013 -
riscv\u2013 -
sparc\u2013 -
x86\u2013
Functions:
-
enhance_cache_listener\u2013 -
clear_on_reg_mem_change\u2013 -
get_disassembler_cached\u2013 -
get_disassembler\u2013 -
get_one_instruction\u2013If passed an emulator, this will pass it to the DisassemblyAssistant which will
-
one\u2013 -
one_raw\u2013 -
get\u2013 -
can_run_first_emulate\u2013Disable the emulate config variable if we don't have enough memory to use it
-
no_emulate_one\u2013 -
emulate_one\u2013 -
one_with_config\u2013Returns a single Pwndbg Instruction at the current PC.
-
near\u2013Disasms instructions near given
address. Passingemulatemakes use of
Attributes:
-
CapstoneArch\u2013 -
CapstoneEndian\u2013 -
CapstoneMode\u2013 -
CapstoneSyntax\u2013 -
VariableInstructionSizeMax\u2013 -
next_addresses_cache(set[int]) \u2013 -
backward_cache(DefaultDict[int, int]) \u2013 -
computed_instruction_cache(DefaultDict[int, PwndbgInstruction]) \u2013 -
emulated_arm_mode_cache(DefaultDict[int, int]) \u2013 -
first_time_emulate\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.CapstoneEndian","title":"CapstoneEndianCapstoneArch = {\n \"arm\": CS_ARCH_ARM,\n \"armcm\": CS_ARCH_ARM,\n \"aarch64\": CS_ARCH_ARM64,\n \"i386\": CS_ARCH_X86,\n \"i8086\": CS_ARCH_X86,\n \"x86-64\": CS_ARCH_X86,\n \"powerpc\": CS_ARCH_PPC,\n \"mips\": CS_ARCH_MIPS,\n \"sparc\": CS_ARCH_SPARC,\n \"rv32\": CS_ARCH_RISCV,\n \"rv64\": CS_ARCH_RISCV,\n \"s390x\": CS_ARCH_SYSZ,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.CapstoneMode","title":"CapstoneModeCapstoneEndian = {'little': CS_MODE_LITTLE_ENDIAN, 'big': CS_MODE_BIG_ENDIAN}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.CapstoneSyntax","title":"CapstoneSyntaxCapstoneMode = {4: CS_MODE_32, 8: CS_MODE_64}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.VariableInstructionSizeMax","title":"VariableInstructionSizeMaxCapstoneSyntax = {'intel': CS_OPT_SYNTAX_INTEL, 'att': CS_OPT_SYNTAX_ATT}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.next_addresses_cache","title":"next_addresses_cacheVariableInstructionSizeMax = {\n \"i386\": 16,\n \"x86-64\": 16,\n \"i8086\": 16,\n \"mips\": 8,\n \"rv32\": 22,\n \"rv64\": 22,\n \"s390x\": 6,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.backward_cache","title":"backward_cachenext_addresses_cache: set[int] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.computed_instruction_cache","title":"computed_instruction_cachebackward_cache: DefaultDict[int, int] = defaultdict(lambda: None)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.emulated_arm_mode_cache","title":"emulated_arm_mode_cachecomputed_instruction_cache: DefaultDict[int, PwndbgInstruction] = defaultdict(\n lambda: None\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.first_time_emulate","title":"first_time_emulateemulated_arm_mode_cache: DefaultDict[int, int] = defaultdict(lambda: None)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.enhance_cache_listener","title":"enhance_cache_listener","text":"first_time_emulate = True\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.clear_on_reg_mem_change","title":"clear_on_reg_mem_change","text":"enhance_cache_listener() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.get_disassembler_cached","title":"get_disassembler_cached","text":"clear_on_reg_mem_change() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.get_disassembler","title":"get_disassembler","text":"get_disassembler_cached(arch, ptrsize: int, endian, extra=None)\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.get_one_instruction","title":"get_one_instruction","text":"get_disassembler(address)\nget_one_instruction(\n address,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n) -> PwndbgInstruction\nIf passed an emulator, this will pass it to the DisassemblyAssistant which will single_step the emulator to determine the operand values before and after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.one","title":"one","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.one_raw","title":"one_raw","text":"one(\n address=None,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n put_backward_cache=True,\n) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.get","title":"get","text":"one_raw(address=None) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.can_run_first_emulate","title":"can_run_first_emulate","text":"get(\n address,\n instructions=1,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n) -> list[PwndbgInstruction]\ncan_run_first_emulate() -> bool\nDisable the emulate config variable if we don't have enough memory to use it See #1534 And unicorn-engine/unicorn!1743
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.no_emulate_one","title":"no_emulate_one","text":"
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.emulate_one","title":"emulate_one","text":"no_emulate_one()\n
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.one_with_config","title":"one_with_config","text":"emulate_one()\none_with_config()\nReturns a single Pwndbg Instruction at the current PC.
Emulation determined by the
"},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm.near","title":"near","text":"pwndbg.config.emulatesetting.near(\n address,\n instructions=1,\n emulate=False,\n show_prev_insns=True,\n use_cache=False,\n linear=False,\n) -> tuple[list[PwndbgInstruction], int]\nDisasms instructions near given
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/","title":"pwndbg.aglib.disasm.aarch64","text":""},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64","title":"aarch64","text":"address. Passingemulatemakes use of unicorn engine to emulate instructions to predict branches that will be taken.show_prev_insnsmakes this show previously cached instructions (this is mostly used by context's disasm display, so user see what was previously)Classes:
-
DisassemblyAssistant\u2013
Functions:
-
resolve_condition\u2013Given a condition and the NZCV flag bits, determine when the condition is satisfied
Attributes:
-
AARCH64_SINGLE_LOAD_INSTRUCTIONS(dict[int, int | None]) \u2013 -
AARCH64_SINGLE_STORE_INSTRUCTIONS(dict[int, int | None]) \u2013 -
AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS\u2013 -
CONDITIONAL_SELECT_INSTRUCTIONS\u2013 -
AARCH64_EMULATED_ANNOTATIONS\u2013 -
AARCH64_BIT_SHIFT_MAP(dict[int, Callable[[int, int, int], int]]) \u2013 -
AARCH64_EXTEND_MAP(dict[int, Callable[[int], int]]) \u2013 -
AARCH64_MATH_INSTRUCTIONS\u2013 -
assistant\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SINGLE_STORE_INSTRUCTIONS","title":"AARCH64_SINGLE_STORE_INSTRUCTIONSAARCH64_SINGLE_LOAD_INSTRUCTIONS: dict[int, int | None] = {\n ARM64_INS_LDRB: 1,\n ARM64_INS_LDURB: 1,\n ARM64_INS_LDRSB: -1,\n ARM64_INS_LDURSB: -1,\n ARM64_INS_LDRH: 2,\n ARM64_INS_LDURH: 2,\n ARM64_INS_LDRSH: -2,\n ARM64_INS_LDURSH: -2,\n ARM64_INS_LDURSW: -4,\n ARM64_INS_LDRSW: -4,\n ARM64_INS_LDUR: None,\n ARM64_INS_LDR: None,\n ARM64_INS_LDTRB: 1,\n ARM64_INS_LDTRSB: -1,\n ARM64_INS_LDTRH: 2,\n ARM64_INS_LDTRSH: -2,\n ARM64_INS_LDTRSW: -4,\n ARM64_INS_LDTR: None,\n ARM64_INS_LDXRB: 1,\n ARM64_INS_LDXRH: 2,\n ARM64_INS_LDXR: None,\n ARM64_INS_LDARB: 1,\n ARM64_INS_LDARH: 2,\n ARM64_INS_LDAR: None,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS","title":"AARCH64_EXCLUSIVE_STORE_INSTRUCTIONSAARCH64_SINGLE_STORE_INSTRUCTIONS: dict[int, int | None] = {\n ARM64_INS_STRB: 1,\n ARM64_INS_STURB: 1,\n ARM64_INS_STRH: 2,\n ARM64_INS_STURH: 2,\n ARM64_INS_STUR: None,\n ARM64_INS_STR: None,\n ARM64_INS_STTRB: 1,\n ARM64_INS_STTRH: 2,\n ARM64_INS_STTR: None,\n ARM64_INS_STLRB: 1,\n ARM64_INS_STLRH: 2,\n ARM64_INS_STLR: None,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.CONDITIONAL_SELECT_INSTRUCTIONS","title":"CONDITIONAL_SELECT_INSTRUCTIONSAARCH64_EXCLUSIVE_STORE_INSTRUCTIONS = {\n ARM64_INS_STXRB: 1,\n ARM64_INS_STXRH: 2,\n ARM64_INS_STXR: None,\n ARM64_INS_STLXRB: 1,\n ARM64_INS_STLXRH: 2,\n ARM64_INS_STLXR: None,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EMULATED_ANNOTATIONS","title":"AARCH64_EMULATED_ANNOTATIONSCONDITIONAL_SELECT_INSTRUCTIONS = {\n ARM64_INS_CSEL,\n ARM64_INS_CSINC,\n ARM64_INS_CSINV,\n ARM64_INS_CSNEG,\n ARM64_INS_CSET,\n ARM64_INS_CSETM,\n ARM64_INS_CINC,\n ARM64_INS_CINV,\n ARM64_INS_CNEG,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_BIT_SHIFT_MAP","title":"AARCH64_BIT_SHIFT_MAPAARCH64_EMULATED_ANNOTATIONS = CONDITIONAL_SELECT_INSTRUCTIONS | {\n ARM64_INS_SXTB,\n ARM64_INS_SXTH,\n ARM64_INS_SXTW,\n ARM64_INS_UXTB,\n ARM64_INS_UXTH,\n ARM64_INS_UXTW,\n ARM64_INS_RBIT,\n ARM64_INS_CLS,\n ARM64_INS_CLZ,\n ARM64_INS_BFXIL,\n ARM64_INS_UBFIZ,\n ARM64_INS_UBFM,\n ARM64_INS_UBFX,\n ARM64_INS_SBFIZ,\n ARM64_INS_SBFM,\n ARM64_INS_SBFX,\n ARM64_INS_BFI,\n ARM64_INS_NEG,\n ARM64_INS_NEGS,\n ARM64_INS_REV,\n ARM64_INS_BIC,\n ARM64_INS_BICS,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXTEND_MAP","title":"AARCH64_EXTEND_MAPAARCH64_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n ARM64_SFT_LSL: logical_shift_left,\n ARM64_SFT_LSR: logical_shift_right,\n ARM64_SFT_ASR: arithmetic_shift_right,\n ARM64_SFT_ROR: rotate_right,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_MATH_INSTRUCTIONS","title":"AARCH64_MATH_INSTRUCTIONSAARCH64_EXTEND_MAP: dict[int, Callable[[int], int]] = {\n ARM64_EXT_UXTB: lambda x: x & 1 << 8 - 1,\n ARM64_EXT_UXTH: lambda x: x & 1 << 16 - 1,\n ARM64_EXT_UXTW: lambda x: x & 1 << 32 - 1,\n ARM64_EXT_UXTX: lambda x: x,\n ARM64_EXT_SXTB: lambda x: to_signed(x, 8),\n ARM64_EXT_SXTH: lambda x: to_signed(x, 16),\n ARM64_EXT_SXTW: lambda x: to_signed(x, 32),\n ARM64_EXT_SXTX: lambda x: to_signed(x, 64),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.assistant","title":"assistantAARCH64_MATH_INSTRUCTIONS = {\n ARM64_INS_ADD: \"+\",\n ARM64_INS_ADDS: \"+\",\n ARM64_INS_SUB: \"-\",\n ARM64_INS_SUBS: \"-\",\n ARM64_INS_AND: \"&\",\n ARM64_INS_ANDS: \"&\",\n ARM64_INS_ORR: \"&\",\n ARM64_INS_ASR: \">>s\",\n ARM64_INS_ASRV: \">>s\",\n ARM64_INS_EOR: \"^\",\n ARM64_INS_LSL: \"<<\",\n ARM64_INS_LSLV: \"<<\",\n ARM64_INS_LSR: \">>\",\n ARM64_INS_LSRV: \">>\",\n ARM64_INS_UDIV: \"/\",\n ARM64_INS_SDIV: \"/\",\n ARM64_INS_SMULH: \"*\",\n ARM64_INS_SMULL: \"*\",\n ARM64_INS_UMULH: \"*\",\n ARM64_INS_UMULL: \"*\",\n ARM64_INS_MUL: \"*\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant","title":"DisassemblyAssistant","text":"assistant = DisassemblyAssistant('aarch64')\nDisassemblyAssistant(architecture: str)\nBases:
DisassemblyAssistantMethods:
-
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
annotation_handlers(dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.assistants","title":"assistantsannotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n ARM64_INS_MOV: _common_move_annotator,\n ARM64_INS_MOVK: _common_generic_register_destination,\n ARM64_INS_ADR: _common_generic_register_destination,\n ARM64_INS_ADRP: _handle_adrp,\n ARM64_INS_CMP: _common_cmp_annotator_builder(\"cpsr\", \"-\"),\n ARM64_INS_CMN: _common_cmp_annotator_builder(\"cpsr\", \"+\"),\n ARM64_INS_TST: _common_cmp_annotator_builder(\"cpsr\", \"&\"),\n ARM64_INS_CCMP: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n ARM64_INS_CCMN: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.for_current_arch","title":"for_current_archop_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.resolve_condition","title":"resolve_condition","text":"resolve_condition(condition: int, cpsr: int) -> InstructionCondition\nGiven a condition and the NZCV flag bits, determine when the condition is satisfied
The condition is a Capstone constant
"},{"location":"reference/pwndbg/aglib/disasm/arch/","title":"pwndbg.aglib.disasm.arch","text":""},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch","title":"arch","text":"Classes:
-
DisassemblyAssistant\u2013
Functions:
-
syntax_highlight\u2013 -
register_assign\u2013 -
memory_assign\u2013 -
memory_or_register_assign\u2013Used when we don't know until runtime whether a codepath will annotate a register or memory location.
Attributes:
-
DEBUG_ENHANCEMENT\u2013 -
groups\u2013 -
ops\u2013 -
access\u2013 -
DO_NOT_EMULATE\u2013 -
generic_assistant\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.groups","title":"groupsDEBUG_ENHANCEMENT = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.ops","title":"opsgroups = {v: _efor (k, v) in items() if startswith('CS_GRP_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.access","title":"accessops = {v: _sfor (k, v) in items() if startswith('CS_OP_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DO_NOT_EMULATE","title":"DO_NOT_EMULATEaccess = {v: _yfor (k, v) in items() if startswith('CS_AC_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.generic_assistant","title":"generic_assistantDO_NOT_EMULATE = {CS_GRP_INT, CS_GRP_INVALID, CS_GRP_IRET}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant","title":"DisassemblyAssistant","text":"generic_assistant = DisassemblyAssistant(None)\nDisassemblyAssistant(architecture: str)\nMethods:
-
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.for_current_arch","title":"for_current_archop_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.syntax_highlight","title":"syntax_highlight","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.register_assign","title":"register_assign","text":"syntax_highlight(ins)\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_assign","title":"memory_assign","text":"register_assign(left: str, right: str) -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_or_register_assign","title":"memory_or_register_assign","text":"memory_assign(left: str, right: str) -> str\nmemory_or_register_assign(left: str, right: str, mem_assign: bool) -> str\nUsed when we don't know until runtime whether a codepath will annotate a register or memory location.
"},{"location":"reference/pwndbg/aglib/disasm/arm/","title":"pwndbg.aglib.disasm.arm","text":""},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm","title":"arm","text":"Classes:
-
DisassemblyAssistant\u2013
Functions:
-
first_op_is_pc\u2013 -
ops_contain_pc\u2013
Attributes:
-
ARM_BIT_SHIFT_MAP(dict[int, Callable[[int, int, int], int]]) \u2013 -
ARM_SINGLE_LOAD_INSTRUCTIONS\u2013 -
ARM_SINGLE_STORE_INSTRUCTIONS\u2013 -
ARM_EXCLUSIVE_STORE_INSTRUCTIONS\u2013 -
ARM_MATH_INSTRUCTIONS\u2013 -
ARM_SHIFT_INSTRUCTIONS\u2013 -
ARM_CAN_WRITE_TO_PC(dict[int, Callable[[PwndbgInstruction], bool]]) \u2013 -
assistant\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_LOAD_INSTRUCTIONS","title":"ARM_SINGLE_LOAD_INSTRUCTIONSARM_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n ARM_SFT_ASR: arithmetic_shift_right,\n ARM_SFT_LSL: logical_shift_left,\n ARM_SFT_LSR: logical_shift_right,\n ARM_SFT_ROR: rotate_right,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_STORE_INSTRUCTIONS","title":"ARM_SINGLE_STORE_INSTRUCTIONSARM_SINGLE_LOAD_INSTRUCTIONS = {\n ARM_INS_LDRB: 1,\n ARM_INS_LDRSB: -1,\n ARM_INS_LDRH: 2,\n ARM_INS_LDRSH: -2,\n ARM_INS_LDR: 4,\n ARM_INS_LDRBT: 1,\n ARM_INS_LDRSBT: -1,\n ARM_INS_LDRHT: 2,\n ARM_INS_LDRSHT: -2,\n ARM_INS_LDRT: 4,\n ARM_INS_LDREXB: 1,\n ARM_INS_LDREXH: 2,\n ARM_INS_LDREX: 4,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_EXCLUSIVE_STORE_INSTRUCTIONS","title":"ARM_EXCLUSIVE_STORE_INSTRUCTIONSARM_SINGLE_STORE_INSTRUCTIONS = {\n ARM_INS_STRB: 1,\n ARM_INS_STRH: 2,\n ARM_INS_STR: 4,\n ARM_INS_STRBT: 1,\n ARM_INS_STRHT: 2,\n ARM_INS_STRT: 4,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_MATH_INSTRUCTIONS","title":"ARM_MATH_INSTRUCTIONSARM_EXCLUSIVE_STORE_INSTRUCTIONS = {\n ARM_INS_STREXB: 1,\n ARM_INS_STREXH: 2,\n ARM_INS_STREX: 4,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SHIFT_INSTRUCTIONS","title":"ARM_SHIFT_INSTRUCTIONSARM_MATH_INSTRUCTIONS = {\n ARM_INS_ADD: \"+\",\n ARM_INS_ADDW: \"+\",\n ARM_INS_SUB: \"-\",\n ARM_INS_ORR: \"|\",\n ARM_INS_AND: \"&\",\n ARM_INS_EOR: \"^\",\n ARM_INS_UDIV: \"/\",\n ARM_INS_SDIV: \"/\",\n ARM_INS_MUL: \"*\",\n ARM_INS_UMULL: \"*\",\n ARM_INS_SMULL: \"*\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_CAN_WRITE_TO_PC","title":"ARM_CAN_WRITE_TO_PCARM_SHIFT_INSTRUCTIONS = {\n ARM_INS_ASR: \">>s\",\n ARM_INS_LSR: \">>\",\n ARM_INS_LSL: \"<<\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.assistant","title":"assistantARM_CAN_WRITE_TO_PC: dict[int, Callable[[PwndbgInstruction], bool]] = {\n ARM_INS_ADD: first_op_is_pc,\n ARM_INS_SUB: first_op_is_pc,\n ARM_INS_SUBS: first_op_is_pc,\n ARM_INS_MOV: first_op_is_pc,\n ARM_INS_LDR: first_op_is_pc,\n ARM_INS_POP: ops_contain_pc,\n ARM_INS_LDM: ops_contain_pc,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant","title":"DisassemblyAssistant","text":"assistant = DisassemblyAssistant('armcm', 'xpsr')\nDisassemblyAssistant(architecture: str, flags_reg: Literal['cpsr', 'xpsr'])\nBases:
DisassemblyAssistantMethods:
-
read_thumb_bit\u2013 -
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
flags_reg\u2013 -
annotation_handlers(dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.annotation_handlers","title":"annotation_handlersflags_reg = flags_reg\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.assistants","title":"assistantsannotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n ARM_INS_MOV: _common_move_annotator,\n ARM_INS_MOVW: _common_move_annotator,\n ARM_INS_MOVT: _common_generic_register_destination,\n ARM_INS_MVN: _common_generic_register_destination,\n ARM_INS_CMP: _common_cmp_annotator_builder(flags_reg, \"-\"),\n ARM_INS_CMN: _common_cmp_annotator_builder(flags_reg, \"+\"),\n ARM_INS_TST: _common_cmp_annotator_builder(flags_reg, \"&\"),\n ARM_INS_TEQ: _common_cmp_annotator_builder(flags_reg, \"^\"),\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.read_thumb_bit","title":"read_thumb_bit","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.for_current_arch","title":"for_current_archread_thumb_bit(instruction: PwndbgInstruction, emu: Emulator) -> int | None\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.first_op_is_pc","title":"first_op_is_pc","text":"
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ops_contain_pc","title":"ops_contain_pc","text":"first_op_is_pc(i: PwndbgInstruction) -> bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/","title":"pwndbg.aglib.disasm.instruction","text":""},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction","title":"instruction","text":"ops_contain_pc(i: PwndbgInstruction) -> bool\nClasses:
-
InstructionCondition\u2013 -
SplitType\u2013 -
PwndbgInstruction\u2013 -
PwndbgInstructionImpl\u2013 -
EnhancedOperand\u2013 -
ManualPwndbgInstruction\u2013
Functions:
-
boolean_to_instruction_condition\u2013
Attributes:
-
UNCONDITIONAL_JUMP_INSTRUCTIONS(dict[int, set[int]]) \u2013 -
BRANCH_AND_LINK_INSTRUCTIONS(dict[int, set[int]]) \u2013 -
GENERIC_UNCONDITIONAL_JUMP_GROUPS\u2013 -
GENERIC_JUMP_GROUPS\u2013 -
ALL_JUMP_GROUPS\u2013 -
FORWARD_JUMP_GROUP\u2013 -
CAPSTONE_ARCH_MAPPING_STRING\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.BRANCH_AND_LINK_INSTRUCTIONS","title":"BRANCH_AND_LINK_INSTRUCTIONSUNCONDITIONAL_JUMP_INSTRUCTIONS: dict[int, set[int]] = {\n CS_ARCH_X86: {X86_INS_JMP},\n CS_ARCH_MIPS: {\n MIPS_INS_J,\n MIPS_INS_JR,\n MIPS_INS_JAL,\n MIPS_INS_JALR,\n MIPS_INS_BAL,\n MIPS_INS_B,\n },\n CS_ARCH_SPARC: {SPARC_INS_JMP, SPARC_INS_JMPL},\n CS_ARCH_ARM: {ARM_INS_TBB, ARM_INS_TBH},\n CS_ARCH_ARM64: {ARM64_INS_BL, ARM64_INS_BLR, ARM64_INS_BR},\n CS_ARCH_RISCV: {\n RISCV_INS_JAL,\n RISCV_INS_JALR,\n RISCV_INS_C_JAL,\n RISCV_INS_C_JALR,\n RISCV_INS_C_J,\n RISCV_INS_C_JR,\n },\n CS_ARCH_PPC: {PPC_INS_B, PPC_INS_BA, PPC_INS_BL, PPC_INS_BLA},\n CS_ARCH_SYSZ: {SYSZ_INS_B, SYSZ_INS_BAL, SYSZ_INS_BALR},\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.GENERIC_UNCONDITIONAL_JUMP_GROUPS","title":"GENERIC_UNCONDITIONAL_JUMP_GROUPSBRANCH_AND_LINK_INSTRUCTIONS: dict[int, set[int]] = defaultdict(set)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.GENERIC_JUMP_GROUPS","title":"GENERIC_JUMP_GROUPSGENERIC_UNCONDITIONAL_JUMP_GROUPS = {CS_GRP_CALL, CS_GRP_RET, CS_GRP_IRET}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ALL_JUMP_GROUPS","title":"ALL_JUMP_GROUPSGENERIC_JUMP_GROUPS = {CS_GRP_JUMP, CS_GRP_BRANCH_RELATIVE}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.FORWARD_JUMP_GROUP","title":"FORWARD_JUMP_GROUPALL_JUMP_GROUPS = GENERIC_JUMP_GROUPS | GENERIC_UNCONDITIONAL_JUMP_GROUPS\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.CAPSTONE_ARCH_MAPPING_STRING","title":"CAPSTONE_ARCH_MAPPING_STRINGFORWARD_JUMP_GROUP = {CS_GRP_CALL} | GENERIC_JUMP_GROUPS\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition","title":"InstructionCondition","text":"CAPSTONE_ARCH_MAPPING_STRING = {\n CS_ARCH_ARM: \"arm\",\n CS_ARCH_ARM64: \"aarch64\",\n CS_ARCH_X86: \"x86\",\n CS_ARCH_PPC: \"powerpc\",\n CS_ARCH_MIPS: \"mips\",\n CS_ARCH_SPARC: \"sparc\",\n CS_ARCH_RISCV: \"RISCV\",\n}\nBases:
EnumAttributes:
-
TRUE\u2013 -
FALSE\u2013 -
UNDETERMINED\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.FALSE","title":"FALSETRUE = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.UNDETERMINED","title":"UNDETERMINEDFALSE = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType","title":"SplitType","text":"UNDETERMINED = 3\nBases:
EnumAttributes:
-
NO_SPLIT\u2013 -
BRANCH_TAKEN\u2013 -
BRANCH_NOT_TAKEN\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_TAKEN","title":"BRANCH_TAKENNO_SPLIT = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_NOT_TAKEN","title":"BRANCH_NOT_TAKENBRANCH_TAKEN = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction","title":"PwndbgInstruction","text":"BRANCH_NOT_TAKEN = 3\nBases:
ProtocolMethods:
-
op_find\u2013 -
op_count\u2013
Attributes:
-
cs_insn(CsInsn) \u2013 -
address(int) \u2013 -
size(int) \u2013 -
mnemonic(str) \u2013 -
op_str(str) \u2013 -
groups(set[int]) \u2013 -
id(int) \u2013 -
operands(list[EnhancedOperand]) \u2013 -
asm_string(str) \u2013 -
next(int) \u2013 -
target(int) \u2013 -
target_string(str | None) \u2013 -
target_const(bool | None) \u2013 -
condition(InstructionCondition) \u2013 -
declare_conditional(bool | None) \u2013 -
declare_is_unconditional_jump(bool) \u2013 -
force_unconditional_jump_target(bool) \u2013 -
annotation(str | None) \u2013 -
annotation_padding(int | None) \u2013 -
syscall(int | None) \u2013 -
syscall_name(str | None) \u2013 -
causes_branch_delay(bool) \u2013 -
split(SplitType) \u2013 -
emulated(bool) \u2013 -
call_like(bool) \u2013 -
jump_like(bool) \u2013 -
has_jump_target(bool) \u2013 -
is_conditional_jump(bool) \u2013 -
is_unconditional_jump(bool) \u2013 -
is_conditional_jump_taken(bool) \u2013 -
bytes(bytearray) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.address","title":"addresscs_insn: CsInsn\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.size","title":"sizeaddress: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.mnemonic","title":"mnemonicsize: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_str","title":"op_strmnemonic: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.groups","title":"groupsop_str: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.id","title":"idgroups: set[int]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.operands","title":"operandsid: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.asm_string","title":"asm_stringoperands: list[EnhancedOperand]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.next","title":"nextasm_string: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target","title":"targetnext: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_string","title":"target_stringtarget: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_const","title":"target_consttarget_string: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.condition","title":"conditiontarget_const: bool | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.declare_conditional","title":"declare_conditionalcondition: InstructionCondition\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jumpdeclare_conditional: bool | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_targetdeclare_is_unconditional_jump: bool\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation","title":"annotationforce_unconditional_jump_target: bool\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation_padding","title":"annotation_paddingannotation: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall","title":"syscallannotation_padding: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall_name","title":"syscall_namesyscall: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.causes_branch_delay","title":"causes_branch_delaysyscall_name: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.split","title":"splitcauses_branch_delay: bool\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.emulated","title":"emulatedsplit: SplitType\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.call_like","title":"call_likeemulated: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.jump_like","title":"jump_likecall_like: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.has_jump_target","title":"has_jump_targetjump_like: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump","title":"is_conditional_jumphas_jump_target: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jumpis_conditional_jump: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_takenis_unconditional_jump: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.bytes","title":"bytesis_conditional_jump_taken: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_find","title":"op_find","text":"bytes: bytearray\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_count","title":"op_count","text":"op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl","title":"PwndbgInstructionImpl","text":"op_count(op_type: int) -> int\nPwndbgInstructionImpl(cs_insn: CsInsn)\nBases:
PwndbgInstructionMethods:
-
op_find\u2013Get the operand at position @position of all operands having the same type @op_type
-
op_count\u2013Return number of operands having same operand Capstone type 'op_type'
-
__repr__\u2013
Attributes:
-
cs_insn(CsInsn) \u2013The underlying Capstone instruction object.
-
address(int) \u2013 -
size(int) \u2013Length of the instruction
-
mnemonic(str) \u2013Ex: 'MOV'
-
op_str(str) \u2013Ex: 'RAX, RDX'
-
groups(set[int]) \u2013Capstone instruction groups that we belong to.
-
id(int) \u2013The underlying Capstone ID for the instruction
-
operands(list[EnhancedOperand]) \u2013 -
asm_string(str) \u2013The full string representing the instruction -
mov rdi, rspwith appropriate padding. -
next(int) \u2013This is the address that the instruction pointer will be set to after using the \"nexti\" GDB command.
-
target(int) \u2013This is target of instructions that change the PC, regardless of if it's conditional or not,
-
target_string(str | None) \u2013String representation of the target address.
-
target_const(bool | None) \u2013Whether the target is a constant expression
-
condition(InstructionCondition) \u2013Does the condition that the instruction checks for pass?
-
declare_conditional(bool | None) \u2013This field is used to declare if the instruction is a conditional instruction.
-
declare_is_unconditional_jump(bool) \u2013This field is used to declare that this instruction is an unconditional jump.
-
force_unconditional_jump_target(bool) \u2013This asserts that the .target attribute is the real target of the instruction.
-
annotation(str | None) \u2013The string is set in the \"DisassemblyAssistant.enhance\" function.
-
annotation_padding(int | None) \u2013The left adjustment padding that was used to previously print this.
-
syscall(int | None) \u2013The syscall number for this instruction, if it is a syscall. Otherwise None.
-
syscall_name(str | None) \u2013The syscall name as a string
-
causes_branch_delay(bool) \u2013Whether or not this instruction has a single branch delay slot
-
split(SplitType) \u2013The type of split in the disasm display this instruction causes:
-
emulated(bool) \u2013If the enhancement successfully used emulation for this instruction
-
call_like(bool) \u2013True if this is a call-like instruction, meaning either it's a CALL or a branch and link.
-
jump_like(bool) \u2013True if this instruction is \"jump-like\", such as a JUMP, CALL, or RET.
-
has_jump_target(bool) \u2013True if we have determined that this instruction can explicitly change the program counter, and
-
is_conditional_jump(bool) \u2013True if this instruction can change the program counter conditionally.
-
is_unconditional_jump(bool) \u2013True if we know the instruction can change the program counter, and does so unconditionally.
-
is_conditional_jump_taken(bool) \u2013True if this is a conditional jump, and we predicted that we will take the jump
-
bytes(bytearray) \u2013Raw machine instruction bytes
instance-attribute","text":"cs_insn: CsInsn = cs_insn\nThe underlying Capstone instruction object. Only the enhancement code should access the 'cs_insn' property
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.address","title":"addressinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.size","title":"sizeaddress: int = address\ninstance-attribute","text":"size: int = size\nLength of the instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.mnemonic","title":"mnemonicinstance-attribute","text":"mnemonic: str = mnemonic\nEx: 'MOV'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_str","title":"op_strinstance-attribute","text":"op_str: str = op_str\nEx: 'RAX, RDX'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.groups","title":"groupsinstance-attribute","text":"groups: set[int] = set(groups)\nCapstone instruction groups that we belong to. Groups that apply to all architectures: CS_GRP_INVALID | CS_GRP_JUMP | CS_GRP_CALL | CS_GRP_RET | CS_GRP_INT | CS_GRP_IRET | CS_GRP_PRIVILEGE | CS_GRP_BRANCH_RELATIVE
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.id","title":"idinstance-attribute","text":"id: int = id\nThe underlying Capstone ID for the instruction Examples: X86_INS_JMP, X86_INS_CALL, RISCV_INS_C_JAL
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.operands","title":"operandsinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.asm_string","title":"asm_stringoperands: list[EnhancedOperand] = [EnhancedOperand(op) for op in operands]\ninstance-attribute","text":"asm_string: str = f'{mnemonic} {op_str}'\nThe full string representing the instruction -
mov rdi, rspwith appropriate padding.This is syntax highlighted during enhancement.
This is additionally modified during enhancement for the purposes of replacing immediate values with their corresponding symbols
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.next","title":"nextinstance-attribute","text":"next: int = address + size\nThis is the address that the instruction pointer will be set to after using the \"nexti\" GDB command. This means it is the address of the next instruction to be executed in all cases except \"call\" instructions.
Typically, it is
self.address + self.size(the next instruction in memory)If it is a jump and we know it is taken, then it is the value of the jump target.
Not set to \"call\" instruction targets, to indicate we will eventually (probably) return to this address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target","title":"targetinstance-attribute","text":"target: int = None\nThis is target of instructions that change the PC, regardless of if it's conditional or not, and whether or not we take the jump. This includes \"call\" and all other instructions that set the PC
If the instruction is not one that changes the PC, target is set to \"next\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_string","title":"target_stringinstance-attribute","text":"target_string: str | None = None\nString representation of the target address.
Colorized symbol if a symbol exists at address, else colorized address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_const","title":"target_constinstance-attribute","text":"target_const: bool | None = None\nWhether the target is a constant expression
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.condition","title":"conditioninstance-attribute","text":"condition: InstructionCondition = UNDETERMINED\nDoes the condition that the instruction checks for pass?
For example, \"JNE\" jumps if Zero Flag is 0, else it does nothing. \"CMOVA\" conditionally performs a move depending on a flag. See 'condition' function in pwndbg.aglib.disasm.x86 for example on setting this.
UNDETERMINED if we cannot reason about the condition, or if the instruction always executes unconditionally (most instructions).
TRUE if the instruction has a conditional action, and we determine it is taken.
FALSE if the instruction has a conditional action, and we know it is not taken.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.declare_conditional","title":"declare_conditionalinstance-attribute","text":"declare_conditional: bool | None = None\nThis field is used to declare if the instruction is a conditional instruction. In most cases, we can determine this purely based on the instruction ID, and this field is irrelevent. However, in some arches, like Arm, the same instruction can be made conditional by certain instruction attributes. Ex: Arm,
blsinstruction. This is encoded as ab(Capstone ID 11) under the code, with an additional condition code field. In this case, sometimes abinstruction (ID 11) is unconditional (always branches), in other cases it is conditional. We use this field to disambiguate these cases.True if we manually determine this instruction is a conditional instruction False if it's not a conditional instruction None if we don't have a determination (most cases)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.declare_is_unconditional_jump","title":"declare_is_unconditional_jumpinstance-attribute","text":"declare_is_unconditional_jump: bool = False\nThis field is used to declare that this instruction is an unconditional jump. Most of the type, we depend on Capstone groups to check for jump instructions, but sometimes these are lacking, such as in the case of general-purpose instructions where the PC is the destination register, such as Arm
add,sub,ldr, andpopinstructions.In these cases, we want to forcefully state that this instruction mutates the PC, so we set this attribute to True.
This helps in two cases: 1. Disassembly splits 2. Instructions like
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.force_unconditional_jump_target","title":"force_unconditional_jump_targetstepuntilasmwork better, as they detect these as branches to stop at.instance-attribute","text":"force_unconditional_jump_target: bool = False\nThis asserts that the .target attribute is the real target of the instruction. This is only relevent in the edge case that the target is the next instruction in memory (address + size). The normal check for \"target\" checks that the target is NOT the next address in memory, and here we can assert that even if that is the case, we know that the jump really does just go to where self.target is.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation","title":"annotationinstance-attribute","text":"annotation: str | None = None\nThe string is set in the \"DisassemblyAssistant.enhance\" function. It is used in the disasm print view to add context to the instruction, mostly operand value. This string is not used for all cases - if the instruction is a call or a jump, the 'target'. variables is used instead. See 'pwndbg.color.disasm.instruction()' for specific usage.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation_padding","title":"annotation_paddinginstance-attribute","text":"annotation_padding: int | None = None\nThe left adjustment padding that was used to previously print this. We retain it so the output is consistent between prints
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall","title":"syscallinstance-attribute","text":"syscall: int | None = None\nThe syscall number for this instruction, if it is a syscall. Otherwise None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall_name","title":"syscall_nameinstance-attribute","text":"syscall_name: str | None = None\nThe syscall name as a string
Ex: \"openat\", \"read\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.causes_branch_delay","title":"causes_branch_delayinstance-attribute","text":"causes_branch_delay: bool = False\nWhether or not this instruction has a single branch delay slot
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.split","title":"splitinstance-attribute","text":"split: SplitType = NO_SPLIT\nThe type of split in the disasm display this instruction causes:
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.emulated","title":"emulatedNO_SPLIT - no extra spacing between this and the next instruction\nBRANCH_TAKEN - a newline with an arrow pointing down\nBRANCH_NOT_TAKEN - an empty newline\ninstance-attribute","text":"emulated: bool = False\nIf the enhancement successfully used emulation for this instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.call_like","title":"call_likeproperty","text":"call_like: bool\nTrue if this is a call-like instruction, meaning either it's a CALL or a branch and link.
Checking for the CS_GRP_CALL is insufficient, as there are many \"branch and link\" instructions that are not labeled as a call
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.jump_like","title":"jump_likeproperty","text":"jump_like: bool\nTrue if this instruction is \"jump-like\", such as a JUMP, CALL, or RET. Basically, the PC is set to some target by means of this instruction.
It may still be a conditional jump - this property does not indicate whether the jump is taken or not.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.has_jump_target","title":"has_jump_targetproperty","text":"has_jump_target: bool\nTrue if we have determined that this instruction can explicitly change the program counter, and we have determined the jump target.
Edge case - the jump target MAY be the next address in memory - so we check force_unconditional_jump_target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump","title":"is_conditional_jumpproperty","text":"is_conditional_jump: bool\nTrue if this instruction can change the program counter conditionally.
This is used, in part, to determine if the instruction deserves a \"checkmark\" in the disasm view.
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_unconditional_jump","title":"is_unconditional_jumpproperty","text":"is_unconditional_jump: bool\nTrue if we know the instruction can change the program counter, and does so unconditionally.
This includes things like RET, CALL, and JMP (in x86).
This property is used in enhancement to determine certain codepaths when resolving .next for this instruction.
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump_taken","title":"is_conditional_jump_takenproperty","text":"is_conditional_jump_taken: bool\nTrue if this is a conditional jump, and we predicted that we will take the jump
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.bytes","title":"bytesproperty","text":"bytes: bytearray\nRaw machine instruction bytes
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_find","title":"op_find","text":"op_find(op_type: int, position: int) -> EnhancedOperand\nGet the operand at position @position of all operands having the same type @op_type
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_count","title":"op_count","text":"op_count(op_type: int) -> int\nReturn number of operands having same operand Capstone type 'op_type'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.__repr__","title":"__repr__","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand","title":"EnhancedOperand","text":"__repr__() -> str\nEnhancedOperand(cs_op)\nMethods:
-
__repr__\u2013
Attributes:
-
cs_op(Any) \u2013Underlying Capstone operand. Takes on a different value depending on the architecture.
-
before_value(int | None) \u2013The value of the operand before the instruction executes.
-
after_value(int | None) \u2013The value of the operand after the instruction executes.
-
before_value_resolved(int | None) \u2013The 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes.
-
before_value_no_modifiers(int | None) \u2013This is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm.
-
after_value_resolved(int | None) \u2013The 'resolved' value of the operand after the instruction executes.
-
str(str | None) \u2013String representing the operand
-
symbol(str | None) \u2013Colorized symbol name for this operand, if .before_value is set and symbol exists, else None.
-
type(int) \u2013CS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
-
reg(int) \u2013The underlying Capstone ID for the register
-
imm(int) \u2013The immediate value of the operand (if applicable)
-
mem(Any) \u2013Return the underlying Capstone mem object (if applicable)
instance-attribute","text":"cs_op: Any = cs_op\nUnderlying Capstone operand. Takes on a different value depending on the architecture.
x86 = capstone.x86.X86Op, arm = capstone.arm.ArmOp, mips = capstone.mips.MipsOp
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value","title":"before_valueinstance-attribute","text":"before_value: int | None = None\nThe value of the operand before the instruction executes. This is set only if the operand value can be reasoned about.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value","title":"after_valueinstance-attribute","text":"after_value: int | None = None\nThe value of the operand after the instruction executes. Only set when using emulation.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_resolved","title":"before_value_resolvedinstance-attribute","text":"before_value_resolved: int | None = None\nThe 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes. This is the same as before_value if it's not a memory operand, in which cases it's the dereferenced value.
Helpful for cases like
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_no_modifiers","title":"before_value_no_modifierscmp byte ptr [rip + 0x166669], 0, where first operand could be a register or a memory value to dereference, and we want the actual value used.instance-attribute","text":"before_value_no_modifiers: int | None = None\nThis is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm. Capstone bundles the modifier with the operand, and when we are resolving concrete operand values, we apply the modifier. However, in some annotations we need to un-modified raw register value, which is what this field is for.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value_resolved","title":"after_value_resolvedinstance-attribute","text":"after_value_resolved: int | None = None\nThe 'resolved' value of the operand after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.str","title":"strinstance-attribute","text":"str: str | None = ''\nString representing the operand
Ex: \"RAX\", or \"[0x7fffffffd9e8]\". None if value cannot be determined.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.symbol","title":"symbolinstance-attribute","text":"symbol: str | None = None\nColorized symbol name for this operand, if .before_value is set and symbol exists, else None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.type","title":"typeproperty","text":"type: int\nCS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.reg","title":"regproperty","text":"reg: int\nThe underlying Capstone ID for the register
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.imm","title":"immproperty","text":"imm: int\nThe immediate value of the operand (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.mem","title":"memproperty","text":"mem: Any\nReturn the underlying Capstone mem object (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.__repr__","title":"__repr__","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction","title":"ManualPwndbgInstruction","text":"__repr__() -> str\nManualPwndbgInstruction(address: int)\nBases:
PwndbgInstructionGDB/LLDB's built-in disassemblers.
Instances of this class do not go through the 'enhancement' process due to lacking important information provided by Capstone. As a result of this, some of the methods raise NotImplementedError, because if they are called it indicates a bug elsewhere in the codebase.
Methods:
-
op_find\u2013 -
op_count\u2013
Attributes:
-
cs_insn(CsInsn) \u2013 -
address\u2013 -
size\u2013 -
mnemonic\u2013 -
op_str\u2013 -
groups\u2013 -
id\u2013 -
operands\u2013 -
asm_string\u2013 -
next\u2013 -
target\u2013 -
target_string\u2013 -
target_const\u2013 -
condition\u2013 -
declare_conditional\u2013 -
declare_is_unconditional_jump\u2013 -
force_unconditional_jump_target\u2013 -
annotation\u2013 -
annotation_padding\u2013 -
syscall\u2013 -
syscall_name\u2013 -
causes_branch_delay\u2013 -
split\u2013 -
emulated\u2013 -
bytes(bytearray) \u2013 -
call_like(bool) \u2013 -
jump_like(bool) \u2013 -
has_jump_target(bool) \u2013 -
is_conditional_jump(bool) \u2013 -
is_unconditional_jump(bool) \u2013 -
is_conditional_jump_taken(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.address","title":"addresscs_insn: CsInsn = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.size","title":"sizeaddress = address\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.mnemonic","title":"mnemonicsize = ins['length']\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_str","title":"op_strmnemonic = strip()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.groups","title":"groupsop_str = strip() if len(asm) > 1 else ''\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.id","title":"idgroups = set()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.operands","title":"operandsid = -1\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.asm_string","title":"asm_stringoperands = []\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.next","title":"nextasm_string = f'{mnemonic} {op_str}'\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target","title":"targetnext = address + size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_string","title":"target_stringtarget = next\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_const","title":"target_consttarget_string = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.condition","title":"conditiontarget_const = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.declare_conditional","title":"declare_conditionalcondition = UNDETERMINED\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jumpdeclare_conditional = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_targetdeclare_is_unconditional_jump = False\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation","title":"annotationforce_unconditional_jump_target = False\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation_padding","title":"annotation_paddingannotation = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall","title":"syscallannotation_padding = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall_name","title":"syscall_namesyscall = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.causes_branch_delay","title":"causes_branch_delaysyscall_name = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.split","title":"splitcauses_branch_delay = False\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.emulated","title":"emulatedsplit = NO_SPLIT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.bytes","title":"bytesemulated = False\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.call_like","title":"call_likebytes: bytearray\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.jump_like","title":"jump_likecall_like: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.has_jump_target","title":"has_jump_targetjump_like: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump","title":"is_conditional_jumphas_jump_target: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jumpis_conditional_jump: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_takenis_unconditional_jump: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_find","title":"op_find","text":"is_conditional_jump_taken: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_count","title":"op_count","text":"op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.boolean_to_instruction_condition","title":"boolean_to_instruction_condition","text":"op_count(op_type: int) -> int\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/","title":"pwndbg.aglib.disasm.mips","text":""},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips","title":"mips","text":"boolean_to_instruction_condition(condition: bool) -> InstructionCondition\nClasses:
-
DisassemblyAssistant\u2013
Attributes:
-
BRANCH_LIKELY_INSTRUCTIONS\u2013 -
CONDITION_RESOLVERS(dict[int, Callable[[list[int]], bool]]) \u2013 -
MIPS_SIMPLE_DESTINATION_INSTRUCTIONS\u2013 -
MIPS_LOAD_INSTRUCTIONS\u2013 -
MIPS_STORE_INSTRUCTIONS\u2013 -
MIPS_BINARY_OPERATIONS\u2013 -
assistant\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.CONDITION_RESOLVERS","title":"CONDITION_RESOLVERSBRANCH_LIKELY_INSTRUCTIONS = {\n MIPS_INS_BC0TL,\n MIPS_INS_BC1TL,\n MIPS_INS_BC0FL,\n MIPS_INS_BC1FL,\n MIPS_INS_BEQL,\n MIPS_INS_BGEZALL,\n MIPS_INS_BGEZL,\n MIPS_INS_BGTZL,\n MIPS_INS_BLEZL,\n MIPS_INS_BLTZALL,\n MIPS_INS_BLTZL,\n MIPS_INS_BNEL,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_SIMPLE_DESTINATION_INSTRUCTIONS","title":"MIPS_SIMPLE_DESTINATION_INSTRUCTIONSCONDITION_RESOLVERS: dict[int, Callable[[list[int]], bool]] = {\n MIPS_INS_BEQZ: lambda ops: ops[0] == 0,\n MIPS_INS_BNEZ: lambda ops: ops[0] != 0,\n MIPS_INS_BEQ: lambda ops: ops[0] == ops[1],\n MIPS_INS_BNE: lambda ops: ops[0] != ops[1],\n MIPS_INS_BGEZ: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n MIPS_INS_BGEZAL: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n MIPS_INS_BGTZ: lambda ops: to_signed(ops[0], ptrsize * 8) > 0,\n MIPS_INS_BLEZ: lambda ops: to_signed(ops[0], ptrsize * 8) <= 0,\n MIPS_INS_BLTZAL: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n MIPS_INS_BLTZ: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_LOAD_INSTRUCTIONS","title":"MIPS_LOAD_INSTRUCTIONSMIPS_SIMPLE_DESTINATION_INSTRUCTIONS = {\n MIPS_INS_CLO,\n MIPS_INS_CLZ,\n MIPS_INS_DCLO,\n MIPS_INS_DCLZ,\n MIPS_INS_LSA,\n MIPS_INS_DLSA,\n MIPS_INS_MFHI,\n MIPS_INS_MFLO,\n MIPS_INS_SEB,\n MIPS_INS_SEH,\n MIPS_INS_WSBH,\n MIPS_INS_SLT,\n MIPS_INS_SLTI,\n MIPS_INS_SLTIU,\n MIPS_INS_SLTU,\n MIPS_INS_MOVN,\n MIPS_INS_LDL,\n MIPS_INS_LDR,\n MIPS_INS_LWL,\n MIPS_INS_LWR,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_STORE_INSTRUCTIONS","title":"MIPS_STORE_INSTRUCTIONSMIPS_LOAD_INSTRUCTIONS = {\n MIPS_INS_LB: -1,\n MIPS_INS_LBU: 1,\n MIPS_INS_LH: -2,\n MIPS_INS_LHU: 2,\n MIPS_INS_LW: -4,\n MIPS_INS_LWU: 4,\n MIPS_INS_LWPC: -4,\n MIPS_INS_LWUPC: 4,\n MIPS_INS_LD: -8,\n MIPS_INS_LDPC: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_BINARY_OPERATIONS","title":"MIPS_BINARY_OPERATIONSMIPS_STORE_INSTRUCTIONS = {\n MIPS_INS_SB: 1,\n MIPS_INS_SH: 2,\n MIPS_INS_SW: 4,\n MIPS_INS_SD: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.assistant","title":"assistantMIPS_BINARY_OPERATIONS = {\n MIPS_INS_ADD: \"+\",\n MIPS_INS_ADDI: \"+\",\n MIPS_INS_ADDIU: \"+\",\n MIPS_INS_ADDU: \"+\",\n MIPS_INS_DADD: \"+\",\n MIPS_INS_DADDI: \"+\",\n MIPS_INS_DADDIU: \"+\",\n MIPS_INS_DADDU: \"+\",\n MIPS_INS_SUB: \"-\",\n MIPS_INS_SUBU: \"-\",\n MIPS_INS_DSUB: \"-\",\n MIPS_INS_DSUBU: \"-\",\n MIPS_INS_ANDI: \"&\",\n MIPS_INS_AND: \"&\",\n MIPS_INS_ORI: \"|\",\n MIPS_INS_OR: \"|\",\n MIPS_INS_XOR: \"^\",\n MIPS_INS_XORI: \"^\",\n MIPS_INS_SLL: \"<<\",\n MIPS_INS_SLLV: \"<<\",\n MIPS_INS_DSLL: \"<<\",\n MIPS_INS_DSLLV: \"<<\",\n MIPS_INS_SRL: \">>\",\n MIPS_INS_SRLV: \">>\",\n MIPS_INS_DSRL: \">>\",\n MIPS_INS_DSRLV: \">>\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant","title":"DisassemblyAssistant","text":"assistant = DisassemblyAssistant('mips')\nDisassemblyAssistant(architecture: str)\nBases:
DisassemblyAssistantMethods:
-
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
annotation_handlers(dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.assistants","title":"assistantsannotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n MIPS_INS_MOVE: _common_move_annotator,\n MIPS_INS_LI: _common_move_annotator,\n MIPS_INS_LUI: _lui_annotator,\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.for_current_arch","title":"for_current_archop_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/ppc/","title":"pwndbg.aglib.disasm.ppc","text":""},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc","title":"ppc","text":""},{"location":"reference/pwndbg/aglib/disasm/riscv/","title":"pwndbg.aglib.disasm.riscv","text":""},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv","title":"riscv","text":"Classes:
-
DisassemblyAssistant\u2013
Attributes:
-
RISCV_LOAD_INSTRUCTIONS\u2013 -
RISCV_COMPRESSED_LOAD_INSTRUCTIONS\u2013 -
RISCV_STORE_INSTRUCTIONS\u2013 -
RISCV_COMPRESSED_STORE_INSTRUCTIONS\u2013 -
RISCV_MATH_INSTRUCTIONS\u2013 -
RISCV_EMULATED_ANNOTATIONS\u2013 -
assistant_rv32\u2013 -
assistant_rv64\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_COMPRESSED_LOAD_INSTRUCTIONS","title":"RISCV_COMPRESSED_LOAD_INSTRUCTIONSRISCV_LOAD_INSTRUCTIONS = {\n RISCV_INS_LB: -1,\n RISCV_INS_LH: -2,\n RISCV_INS_LW: -4,\n RISCV_INS_LBU: 1,\n RISCV_INS_LHU: 2,\n RISCV_INS_LWU: 4,\n RISCV_INS_LD: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_STORE_INSTRUCTIONS","title":"RISCV_STORE_INSTRUCTIONSRISCV_COMPRESSED_LOAD_INSTRUCTIONS = {\n RISCV_INS_C_LW: -4,\n RISCV_INS_C_LD: 8,\n RISCV_INS_C_LDSP: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_COMPRESSED_STORE_INSTRUCTIONS","title":"RISCV_COMPRESSED_STORE_INSTRUCTIONSRISCV_STORE_INSTRUCTIONS = {\n RISCV_INS_SB: 1,\n RISCV_INS_SH: 2,\n RISCV_INS_SW: 4,\n RISCV_INS_SD: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_MATH_INSTRUCTIONS","title":"RISCV_MATH_INSTRUCTIONSRISCV_COMPRESSED_STORE_INSTRUCTIONS = {\n RISCV_INS_C_SW: 4,\n RISCV_INS_C_SWSP: 4,\n RISCV_INS_C_SD: 8,\n RISCV_INS_C_SDSP: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_EMULATED_ANNOTATIONS","title":"RISCV_EMULATED_ANNOTATIONSRISCV_MATH_INSTRUCTIONS = {\n RISCV_INS_ADDI: \"+\",\n RISCV_INS_ADD: \"+\",\n RISCV_INS_C_ADDI: \"+\",\n RISCV_INS_C_ADD: \"+\",\n RISCV_INS_SUB: \"-\",\n RISCV_INS_C_SUB: \"-\",\n RISCV_INS_XORI: \"^\",\n RISCV_INS_XOR: \"^\",\n RISCV_INS_C_XOR: \"^\",\n RISCV_INS_ORI: \"|\",\n RISCV_INS_OR: \"|\",\n RISCV_INS_C_OR: \"|\",\n RISCV_INS_ANDI: \"&\",\n RISCV_INS_C_ANDI: \"&\",\n RISCV_INS_AND: \"&\",\n RISCV_INS_C_AND: \"&\",\n RISCV_INS_SLLI: \"<<\",\n RISCV_INS_C_SLLI: \"<<\",\n RISCV_INS_SLL: \"<<\",\n RISCV_INS_SRLI: \">>\",\n RISCV_INS_C_SRLI: \">>\",\n RISCV_INS_SRL: \">>\",\n RISCV_INS_SRAI: \">>s\",\n RISCV_INS_C_SRAI: \">>s\",\n RISCV_INS_SRA: \">>s\",\n RISCV_INS_MUL: \"*\",\n RISCV_INS_MULH: \"*\",\n RISCV_INS_MULHSU: \"*\",\n RISCV_INS_MULHU: \"*\",\n RISCV_INS_DIV: \"/\",\n RISCV_INS_DIVU: \"/\",\n RISCV_INS_REM: \"%\",\n RISCV_INS_REMU: \"%\",\n RISCV_INS_C_ADDI4SPN: \"+\",\n RISCV_INS_C_ADDI16SP: \"+\",\n RISCV_INS_ADDIW: \"+\",\n RISCV_INS_ADDW: \"+\",\n RISCV_INS_SUBW: \"-\",\n RISCV_INS_SLLIW: \"<<\",\n RISCV_INS_SLLW: \"<<\",\n RISCV_INS_SRLIW: \">>\",\n RISCV_INS_SRLW: \">>\",\n RISCV_INS_SRAIW: \">>s\",\n RISCV_INS_SRAW: \">>s\",\n RISCV_INS_MULW: \"*\",\n RISCV_INS_DIVW: \"/\",\n RISCV_INS_DIVUW: \"/\",\n RISCV_INS_REMW: \"%\",\n RISCV_INS_REMUW: \"%\",\n RISCV_INS_C_ADDIW: \"+\",\n RISCV_INS_C_ADDW: \"+\",\n RISCV_INS_C_SUBW: \"-\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.assistant_rv32","title":"assistant_rv32RISCV_EMULATED_ANNOTATIONS = {\n RISCV_INS_SLT,\n RISCV_INS_SLTU,\n RISCV_INS_SLTI,\n RISCV_INS_SLTIU,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.assistant_rv64","title":"assistant_rv64assistant_rv32 = DisassemblyAssistant('rv32')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant","title":"DisassemblyAssistant","text":"assistant_rv64 = DisassemblyAssistant('rv64')\nDisassemblyAssistant(architecture)\nBases:
DisassemblyAssistantMethods:
-
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
architecture\u2013 -
annotation_handlers(Dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.annotation_handlers","title":"annotation_handlersarchitecture = architecture\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.assistants","title":"assistantsannotation_handlers: Dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n RISCV_INS_AUIPC: _auipc_annotator,\n RISCV_INS_C_MV: _common_move_annotator,\n RISCV_INS_C_LI: _common_move_annotator,\n RISCV_INS_LUI: _lui_annotator,\n RISCV_INS_C_LUI: _lui_annotator,\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.for_current_arch","title":"for_current_archop_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/sparc/","title":"pwndbg.aglib.disasm.sparc","text":""},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc","title":"sparc","text":"Attributes:
-
SPARC_LOAD_INSTRUCTIONS\u2013 -
SPARC_STORE_INSTRUCTIONS\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc.SPARC_STORE_INSTRUCTIONS","title":"SPARC_STORE_INSTRUCTIONSSPARC_LOAD_INSTRUCTIONS = {\n SPARC_INS_LDUB: 1,\n SPARC_INS_LDSB: 1,\n SPARC_INS_LDUH: 2,\n SPARC_INS_LDSH: 2,\n SPARC_INS_LD: 4,\n SPARC_INS_LDD: 8,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/","title":"pwndbg.aglib.disasm.x86","text":""},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86","title":"x86","text":"SPARC_STORE_INSTRUCTIONS = {\n SPARC_INS_STB: 1,\n SPARC_INS_STH: 2,\n SPARC_INS_ST: 4,\n SPARC_INS_STD: 8,\n}\nClasses:
-
DisassemblyAssistant\u2013
Attributes:
-
groups\u2013 -
ops\u2013 -
regs\u2013 -
access\u2013 -
X86_MATH_INSTRUCTIONS\u2013 -
assistant\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.ops","title":"opsgroups = {v: _ofor (k, v) in items() if startswith('X86_GRP_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.regs","title":"regsops = {v: _Afor (k, v) in items() if startswith('X86_OP_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.access","title":"accessregs = {v: _hfor (k, v) in items() if startswith('X86_REG_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86_MATH_INSTRUCTIONS","title":"X86_MATH_INSTRUCTIONSaccess = {v: _6for (k, v) in items() if startswith('CS_AC_')}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.assistant","title":"assistantX86_MATH_INSTRUCTIONS = {\n X86_INS_ADD: \"+\",\n X86_INS_SUB: \"-\",\n X86_INS_AND: \"&\",\n X86_INS_OR: \"|\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant","title":"DisassemblyAssistant","text":"assistant = DisassemblyAssistant('x86-64')\nDisassemblyAssistant(architecture: str)\nBases:
DisassemblyAssistantMethods:
-
handle_mov\u2013 -
handle_vmovaps\u2013 -
handle_lea\u2013 -
handle_xchg\u2013 -
handle_pop\u2013 -
handle_xor\u2013 -
handle_inc\u2013 -
handle_dec\u2013 -
memory_string_with_components_resolved\u2013 -
for_current_arch\u2013 -
enhance\u2013 -
can_reason_about_process_state\u2013Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump\u2013Debug-only method.
Attributes:
-
annotation_handlers(dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
assistants(dict[str, DisassemblyAssistant]) \u2013 -
op_handlers(dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names(dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.assistants","title":"assistantsannotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n X86_INS_MOV: handle_mov,\n X86_INS_MOVABS: handle_mov,\n X86_INS_MOVZX: handle_mov,\n X86_INS_MOVD: handle_mov,\n X86_INS_MOVQ: handle_mov,\n X86_INS_MOVSXD: handle_mov,\n X86_INS_MOVSX: handle_mov,\n X86_INS_MOVAPS: handle_vmovaps,\n X86_INS_VMOVAPS: handle_vmovaps,\n X86_INS_LEA: handle_lea,\n X86_INS_XCHG: handle_xchg,\n X86_INS_POP: handle_pop,\n X86_INS_CMP: _common_cmp_annotator_builder(\"eflags\", \"-\"),\n X86_INS_TEST: _common_cmp_annotator_builder(\"eflags\", \"&\"),\n X86_INS_XOR: handle_xor,\n X86_INS_INC: handle_inc,\n X86_INS_DEC: handle_dec,\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.op_handlers","title":"op_handlersassistants: dict[str, DisassemblyAssistant] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.op_names","title":"op_namesop_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_mov","title":"handle_mov","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_vmovaps","title":"handle_vmovaps","text":"handle_mov(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_lea","title":"handle_lea","text":"handle_vmovaps(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_xchg","title":"handle_xchg","text":"handle_lea(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_pop","title":"handle_pop","text":"handle_xchg(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_xor","title":"handle_xor","text":"handle_pop(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_inc","title":"handle_inc","text":"handle_xor(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.handle_dec","title":"handle_dec","text":"handle_inc(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.memory_string_with_components_resolved","title":"memory_string_with_components_resolved","text":"handle_dec(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.for_current_arch","title":"for_current_archmemory_string_with_components_resolved(\n instruction: PwndbgInstruction, op: EnhancedOperand\n)\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.enhance","title":"enhancefor_current_arch() -> DisassemblyAssistant\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\ncan_reason_about_process_state(instruction: PwndbgInstruction) -> bool\nDetermine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\nDebug-only method.
"},{"location":"reference/pwndbg/aglib/dt/","title":"pwndbg.aglib.dt","text":""},{"location":"reference/pwndbg/aglib/dt/#pwndbg.aglib.dt","title":"dt","text":"Prints structures in a manner similar to Windbg's \"dt\" command.
Functions:
-
dt\u2013Dump out a structure type Windbg style.
dt(\n name: str = \"\", addr: int | Value | None = None, obj: Value | None = None\n) -> str\nDump out a structure type Windbg style.
"},{"location":"reference/pwndbg/aglib/dynamic/","title":"pwndbg.aglib.dynamic","text":""},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic","title":"dynamic","text":"Dynamic linking interface.
This module provides an interface to analyze various aspects of dynamically linked programs.
It also defines a hook that watches for changes to the link map communicated by ld.so, and exposes an event that other parts of pwndbg can tap into, but one that may have a somewhat obtuse beahvior, due to limitations in GDB. See
r_debug_install_link_map_changed_hookfor more information.Classes:
-
LinkMapEntry\u2013An entry in the link map.
-
DynamicSegment\u2013Parser for the DYNAMIC segment present in a binary image.
-
CStruct\u2013Utility class for reading fields off of C structs.
Functions:
-
is_dynamic\u2013Returns whether the current inferior is dynamic.
-
r_debug_link_map_changed_hook\u2013Hook that gets activated whenever the link map changes.
-
r_debug_install_link_map_changed_hook\u2013Installs the r_debug-based hook to the change event of the link map.
-
r_debug_link_map_changed_add_listener\u2013Install a callback to be called whenever r_debug signal of there being a
-
r_debug_link_map_changed_remove_listener\u2013Removes a listener previously installed with
-
link_map_head\u2013Acquires a reference to the head entry of the link map.
-
link_map\u2013Iterator over all the entries in the link map.
-
elf32_r_sym\u2013Returns the r_sym portion of the r_info relocation field for ELF32.
-
elf32_r_type\u2013Returns the r_type portion of the r_info relocation field for ELF32.
-
elf64_r_sym\u2013Returns the r_sym portion of the r_info relocation field for ELF64.
-
elf64_r_type\u2013Returns the r_type portion of the r_info relocation field for ELF64.
Attributes:
-
R_DEBUG_LINK_MAP_CHANGED_HOOK\u2013 -
R_DEBUG_LINK_MAP_CHANGED_LISTENERS(set[Callable[..., Any]]) \u2013 -
DYNAMIC_SECTION_ALLOW_MULTIPLE\u2013 -
DYNAMIC_SECTION_REQUIRED_TAGS\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.R_DEBUG_LINK_MAP_CHANGED_LISTENERS","title":"R_DEBUG_LINK_MAP_CHANGED_LISTENERSR_DEBUG_LINK_MAP_CHANGED_HOOK = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_ALLOW_MULTIPLE","title":"DYNAMIC_SECTION_ALLOW_MULTIPLER_DEBUG_LINK_MAP_CHANGED_LISTENERS: set[Callable[..., Any]] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_REQUIRED_TAGS","title":"DYNAMIC_SECTION_REQUIRED_TAGSDYNAMIC_SECTION_ALLOW_MULTIPLE = {DT_NEEDED}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry","title":"LinkMapEntry","text":"DYNAMIC_SECTION_REQUIRED_TAGS = {DT_STRTAB, DT_STRSZ, DT_SYMTAB, DT_SYMENT}\nLinkMapEntry(address)\nAn entry in the link map.
Methods:
-
name\u2013The name of the binary image this entry describes.
-
dynamic\u2013The pointer to the memory mapped dynamic segment of the binary image.
-
load_bias\u2013The difference between the addresses in the data structures of the
-
next\u2013The next entry in the chain, if any.
-
prev\u2013The previous entry in the chain, if any.
-
__repr__\u2013
Attributes:
-
link_map\u2013 -
link_map_address\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.link_map_address","title":"link_map_addresslink_map = link_map()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.name","title":"name","text":"link_map_address = address\nname()\nThe name of the binary image this entry describes.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.dynamic","title":"dynamic","text":"dynamic()\nThe pointer to the memory mapped dynamic segment of the binary image.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.load_bias","title":"load_bias","text":"load_bias()\nThe difference between the addresses in the data structures of the binary image and the actual location of the data being pointed to by them in the address space of the inferior. This number will never be negative.
Aditionally, for DYN images, such as PIE executables and shared libraries, this value is the same as the base load address of the image.
The term \"load bias\" comes from the ELF binary format loading procedure in the Linux Kernel.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.next","title":"next","text":"next()\nThe next entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.prev","title":"prev","text":"prev()\nThe previous entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.__repr__","title":"__repr__","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment","title":"DynamicSegment","text":"__repr__() -> str\nDynamicSegment(address, load_bias)\nParser for the DYNAMIC segment present in a binary image.
Methods:
-
jmprel_has_addend\u2013Returns whether the
r_addendfield is available in entries of JMPREL. -
rela_read\u2013Reads the requested field from the entry of the given index in RELA.
-
rel_read\u2013Reads the requested field from the entry of the given index in REL.
-
jmprel_read\u2013Reads the requested field from the entry of the given index in JMPREL.
-
rela_entry_count\u2013Returns the number of RELA entries.
-
rel_entry_count\u2013Returns the number of REL entries.
-
jmprel_entry_count\u2013Returns the number of JMPREL entries.
-
string\u2013Reads the string at index i from the string table.
-
symtab_read\u2013Reads the requested field from the entry of given index in the symbol
-
dyn_array_read\u2013Reads the requested field from the entry of given index in the dynamic
-
dyn_array_read_tag_val\u2013Reads the
d_unfield from the entry of given tag in the dynamic
Attributes:
-
symtab_elem\u2013 -
jmprel_addr\u2013 -
rela_addr\u2013 -
rel_addr\u2013 -
jmprel_elem\u2013 -
rela_elem\u2013 -
rel_elem\u2013 -
jmprel_r_sym_fn\u2013 -
jmprel_r_info_fn\u2013 -
rela_r_sym_fn\u2013 -
rela_r_info_fn\u2013 -
rel_r_sym_fn\u2013 -
rel_r_info_fn\u2013 -
entries\u2013 -
address\u2013 -
load_bias\u2013 -
elf_dyn\u2013 -
entries_by_tag(dict[Any, Any]) \u2013 -
strtab_addr\u2013 -
strtab_size\u2013 -
symtab_addr\u2013 -
has_jmprel\u2013 -
has_rela\u2013 -
has_rel\u2013 -
rela_r_sym\u2013 -
rela_r_type\u2013 -
rel_r_sym\u2013 -
rel_r_type\u2013 -
jmprel_r_sym\u2013 -
jmprel_r_type\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_addr","title":"jmprel_addrsymtab_elem = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_addr","title":"rela_addrjmprel_addr = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_addr","title":"rel_addrrela_addr = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_elem","title":"jmprel_elemrel_addr = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_elem","title":"rela_elemjmprel_elem = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_elem","title":"rel_elemrela_elem = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym_fn","title":"jmprel_r_sym_fnrel_elem = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_info_fn","title":"jmprel_r_info_fnjmprel_r_sym_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym_fn","title":"rela_r_sym_fnjmprel_r_info_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_info_fn","title":"rela_r_info_fnrela_r_sym_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym_fn","title":"rel_r_sym_fnrela_r_info_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_info_fn","title":"rel_r_info_fnrel_r_sym_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries","title":"entriesrel_r_info_fn = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.address","title":"addressentries = count\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.load_bias","title":"load_biasaddress = address\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.elf_dyn","title":"elf_dynload_bias = load_bias\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries_by_tag","title":"entries_by_tagelf_dyn = elf_dyn\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_addr","title":"strtab_addrentries_by_tag: dict[Any, Any] = sections\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_size","title":"strtab_sizestrtab_addr = dyn_array_read_tag_val(DT_STRTAB)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_addr","title":"symtab_addrstrtab_size = dyn_array_read_tag_val(DT_STRSZ)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_jmprel","title":"has_jmprelsymtab_addr = dyn_array_read_tag_val(DT_SYMTAB)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rela","title":"has_relahas_jmprel = (\n DT_JMPREL in sections and DT_PLTREL in sections and DT_PLTRELSZ in sections\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rel","title":"has_relhas_rela = (\n DT_RELA in sections and DT_RELASZ in sections and DT_RELAENT in sections\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym","title":"rela_r_symhas_rel = DT_REL in sections and DT_RELSZ in sections and DT_RELENT in sections\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_type","title":"rela_r_typerela_r_sym = elf32_r_sym\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym","title":"rel_r_symrela_r_type = elf32_r_type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_type","title":"rel_r_typerel_r_sym = elf32_r_sym\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym","title":"jmprel_r_symrel_r_type = elf32_r_type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_type","title":"jmprel_r_typejmprel_r_sym = elf32_r_sym\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_has_addend","title":"jmprel_has_addend","text":"jmprel_r_type = elf32_r_type\njmprel_has_addend()\nReturns whether the
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_read","title":"rela_read","text":"r_addendfield is available in entries of JMPREL.rela_read(i, field)\nReads the requested field from the entry of the given index in RELA.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_read","title":"rel_read","text":"rel_read(i, field)\nReads the requested field from the entry of the given index in REL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_read","title":"jmprel_read","text":"jmprel_read(i, field)\nReads the requested field from the entry of the given index in JMPREL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_entry_count","title":"rela_entry_count","text":"rela_entry_count()\nReturns the number of RELA entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_entry_count","title":"rel_entry_count","text":"rel_entry_count()\nReturns the number of REL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_entry_count","title":"jmprel_entry_count","text":"jmprel_entry_count()\nReturns the number of JMPREL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.string","title":"string","text":"string(i)\nReads the string at index i from the string table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_read","title":"symtab_read","text":"symtab_read(i, field)\nReads the requested field from the entry of given index in the symbol table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read","title":"dyn_array_read","text":"dyn_array_read(i, field)\nReads the requested field from the entry of given index in the dynamic array.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read_tag_val","title":"dyn_array_read_tag_val","text":"dyn_array_read_tag_val(tag)\nReads the
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct","title":"CStruct","text":"d_unfield from the entry of given tag in the dynamic array. Must not be a tag that allows multiple entries.CStruct(fields: list[tuple[str, Type, type]])\nUtility class for reading fields off of C structs.
Without proper debug information it cannot be guaranteed that the calculated field offsets are correct, therefore, reasonable caution should be exercised when using this class. The assumptions made are: - Padding is added between fields so that all internal members are correctly aligned, as long as the struct itself is correctly aligned. - The alignment of the struct is the same as the alignment of its most strictly aligned member. - Padding is added to the end of the struct so that sequentially laid out instances are always correctly aligned. - Stuct sizes must be greater than or equal to 1 byte.
While these assumptions do not apply in all cases, they should be good enough for the structs in ld.so and in the ELF program images.
Methods:
-
link_map\u2013Creates a new instance describing the ABI-stable part of the link_map
-
r_debug\u2013Creates a new instance describing the ABI-stable part of the r_debug
-
elfNN_dyn\u2013Creates a new instance describing the ElfNN_Dyn structure, suitable for
-
elfNN_rel\u2013Creates a new instance describing the ElfNN_Rel structure, suitable for
-
elfNN_rela\u2013Creates a new instance describing the ElfNN_Rela structure, suitable for
-
elf32_sym\u2013Creates a new instance describing the Elf32_Sym srtucture.
-
elf64_sym\u2013Creates a new instance describing the Elf64_Sym structure.
-
read\u2013Reads the field with the given name from the struct instance located at
-
has_field\u2013Returns whether a field with the given name exists in this struct.
Attributes:
-
types(dict[str, Type]) \u2013 -
offsets(dict[str, int]) \u2013 -
converters(dict[str, type]) \u2013 -
size\u2013 -
align\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.offsets","title":"offsetstypes: dict[str, Type] = {}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.converters","title":"convertersoffsets: dict[str, int] = {}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.size","title":"sizeconverters: dict[str, type] = {}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.align","title":"alignsize = current_offset\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.link_map","title":"link_mapalign = alignment\nstaticmethod","text":"link_map()\nCreates a new instance describing the ABI-stable part of the link_map struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.r_debug","title":"r_debugstaticmethod","text":"r_debug()\nCreates a new instance describing the ABI-stable part of the r_debug struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_dyn","title":"elfNN_dynstaticmethod","text":"elfNN_dyn()\nCreates a new instance describing the ElfNN_Dyn structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rel","title":"elfNN_relstaticmethod","text":"elfNN_rel()\nCreates a new instance describing the ElfNN_Rel structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rela","title":"elfNN_relastaticmethod","text":"elfNN_rela()\nCreates a new instance describing the ElfNN_Rela structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf32_sym","title":"elf32_symstaticmethod","text":"elf32_sym()\nCreates a new instance describing the Elf32_Sym srtucture.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf64_sym","title":"elf64_symstaticmethod","text":"elf64_sym()\nCreates a new instance describing the Elf64_Sym structure.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.read","title":"read","text":"read(address, name)\nReads the field with the given name from the struct instance located at the given address.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.has_field","title":"has_field","text":"has_field(name) -> bool\nReturns whether a field with the given name exists in this struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.is_dynamic","title":"is_dynamic","text":"is_dynamic() -> bool\nReturns whether the current inferior is dynamic.
Not all programs are dynamically linked, or even need the dynamic loader at all. Since this module is entirely reliant on at least the presence of the dynamic loader, and really only makes sense for dynamic programs, it should not be used at all with programs that don't participate in dynamic linkage, or when there is a dynamic linker, but we have no way to talk to it.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_hook","title":"r_debug_link_map_changed_hook","text":"r_debug_link_map_changed_hook() -> Callable[[StopPoint], bool]\nHook that gets activated whenever the link map changes.
The r_debug structure, in addition to having a refence to the head of the link map, also has, in its ABI-stable part, a reference to an address that can have a breakpoint attached to it, such that whenever the contents of the link map change, that breakpoint will be triggered1.
We take advantage of that here, by installing our own breakpoint in that location, and watching for trigger events, so that we can notify other bits of pwndbg that the contents of the
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_install_link_map_changed_hook","title":"r_debug_install_link_map_changed_hook","text":"link_map()function will be different.r_debug_install_link_map_changed_hook() -> None\nInstalls the r_debug-based hook to the change event of the link map.
This function is a bit tricky, because ideally we want it to be run as soon as possible, before even the dynamic linker runs, but after both it and the main binary have been mapped into the address space of the inferior. While doing this manually would be trivial - seeing as there is a command in GDB that gives the user control at the exact place we would like -, there does not seem to be a way of easily doing this from inside Python.
Because of this, parts of the code that rely on the hook should try calling this function and firing their own listeners manually at least once.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_add_listener","title":"r_debug_link_map_changed_add_listener","text":"r_debug_link_map_changed_add_listener(handler: Callable[..., Any]) -> None\nInstall a callback to be called whenever r_debug signal of there being a change in the link map link map is triggered.
Keep in mind this function may be called before the hook that calls the listeners is installed, and, until it is installed, no listener callbacks will actually be triggered. See
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_remove_listener","title":"r_debug_link_map_changed_remove_listener","text":"r_debug_install_link_map_changed_hook.r_debug_link_map_changed_remove_listener(handler: Callable[..., Any]) -> None\nRemoves a listener previously installed with r_debug_link_map_changed_add_listener().
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map_head","title":"link_map_head","text":"link_map_head()\nAcquires a reference to the head entry of the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map","title":"link_map","text":"link_map()\nIterator over all the entries in the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_sym","title":"elf32_r_sym","text":"elf32_r_sym(r_info)\nReturns the r_sym portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_type","title":"elf32_r_type","text":"elf32_r_type(r_info)\nReturns the r_type portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_sym","title":"elf64_r_sym","text":"elf64_r_sym(r_info)\nReturns the r_sym portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_type","title":"elf64_r_type","text":"elf64_r_type(r_info)\nReturns the r_type portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/elf/","title":"pwndbg.aglib.elf","text":""},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf","title":"elf","text":"This file declares types and methods useful for enumerating all of the address spaces and permissions of an ELF file in memory.
This is necessary for when access to /proc is restricted, or when working on a BSD system which simply does not have /proc.
Classes:
-
ELFInfo\u2013ELF metadata and structures.
Functions:
-
update\u2013 -
read\u2013 -
get_elf_info\u2013Parse and return ELFInfo.
-
get_elf_info_rebased\u2013Parse and return ELFInfo with all virtual addresses rebased to vaddr
-
get_containing_segments\u2013 -
get_containing_sections\u2013 -
dump_section_by_name\u2013Dump the content of a section from an ELF file, return the start address, size and content.
-
dump_relocations_by_section_name\u2013Dump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
-
exe\u2013Return a loaded ELF header object pointing to the Ehdr of the
-
entry\u2013Return the address of the entry point for the main executable.
-
load\u2013 -
reset_ehdr_type_loaded\u2013 -
get_ehdr\u2013Returns an ehdr object for the ELF pointer points into.
-
get_phdrs\u2013Returns a tuple containing (phnum, phentsize, gdb.Value),
-
iter_phdrs\u2013 -
map\u2013Given a pointer into an ELF module, return a list of all loaded
-
map_inner\u2013
Attributes:
-
module\u2013 -
Ehdr\u2013 -
Phdr\u2013 -
T\u2013 -
ehdr_type_loaded\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Ehdr","title":"Ehdrmodule = modules[__name__]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Phdr","title":"PhdrEhdr = Union[Elf32_Ehdr, Elf64_Ehdr]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.T","title":"TPhdr = Union[Elf32_Phdr, Elf64_Phdr]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ehdr_type_loaded","title":"ehdr_type_loadedT = TypeVar('T', Union[Elf32_Ehdr, Elf64_Ehdr], Union[Elf32_Phdr, Elf64_Phdr])\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo","title":"ELFInfo","text":"ehdr_type_loaded = 0\nBases:
NamedTupleELF metadata and structures.
Attributes:
-
header(dict[str, int | str]) \u2013 -
sections(list[dict[str, int | str]]) \u2013 -
segments(list[dict[str, int | str]]) \u2013 -
is_pic(bool) \u2013 -
is_pie(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.sections","title":"sectionsheader: dict[str, int | str]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.segments","title":"segmentssections: list[dict[str, int | str]]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pic","title":"is_picsegments: list[dict[str, int | str]]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pie","title":"is_pieis_pic: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.update","title":"update","text":"is_pie: bool\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.read","title":"read","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info","title":"get_elf_info","text":"read(typ: T, address: int, blob: bytearray | None = None) -> T\nget_elf_info(filepath: str) -> ELFInfo\nParse and return ELFInfo.
Adds various calculated properties to the ELF header, segments and sections. Such added properties are those with prefix 'x_' in the returned dicts.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info_rebased","title":"get_elf_info_rebased","text":"get_elf_info_rebased(filepath: str, vaddr: int) -> ELFInfo\nParse and return ELFInfo with all virtual addresses rebased to vaddr
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_segments","title":"get_containing_segments","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_sections","title":"get_containing_sections","text":"get_containing_segments(elf_filepath: str, elf_loadaddr: int, vaddr: int)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_section_by_name","title":"dump_section_by_name","text":"get_containing_sections(elf_filepath: str, elf_loadaddr: int, vaddr: int)\ndump_section_by_name(\n filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[int, int, bytes] | None\nDump the content of a section from an ELF file, return the start address, size and content.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[Relocation, ...] | None\nDump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.exe","title":"exe","text":"exe() -> Ehdr | None\nReturn a loaded ELF header object pointing to the Ehdr of the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.entry","title":"entry","text":"entry() -> int\nReturn the address of the entry point for the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.load","title":"load","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.reset_ehdr_type_loaded","title":"reset_ehdr_type_loaded","text":"load(pointer: int) -> Ehdr | None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_ehdr","title":"get_ehdr","text":"reset_ehdr_type_loaded() -> None\nget_ehdr(pointer: int) -> tuple[int | None, Ehdr | None]\nReturns an ehdr object for the ELF pointer points into.
We expect the
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_phdrs","title":"get_phdrs","text":"pointerto be an address from the binary.get_phdrs(pointer: int)\nReturns a tuple containing (phnum, phentsize, gdb.Value), where the gdb.Value object is an ELF Program Header with the architecture-appropriate structure type.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.iter_phdrs","title":"iter_phdrs","text":"
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map","title":"map","text":"iter_phdrs(ehdr: Ehdr)\nmap(pointer: int, objfile: str = '') -> tuple[Page, ...]\nGiven a pointer into an ELF module, return a list of all loaded sections in the ELF.
Returns:
-
tuple[Page, ...]\u2013A sorted list of pwndbg.lib.memory.Page objects
Example:
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map_inner","title":"map_inner","text":">>> pwndbg.aglib.elf.load(pwndbg.aglib.regs.pc)\n[Page('400000-4ef000 r-xp 0'),\n Page('6ef000-6f0000 r--p ef000'),\n Page('6f0000-6ff000 rw-p f0000')]\n>>> pwndbg.aglib.elf.load(0x7ffff77a2000)\n[Page('7ffff75e7000-7ffff77a2000 r-xp 0x1bb000 0'),\n Page('7ffff77a2000-7ffff79a2000 ---p 0x200000 1bb000'),\n Page('7ffff79a2000-7ffff79a6000 r--p 0x4000 1bb000'),\n Page('7ffff79a6000-7ffff79ad000 rw-p 0x7000 1bf000')]\n
"},{"location":"reference/pwndbg/aglib/file/","title":"pwndbg.aglib.file","text":""},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file","title":"file","text":"map_inner(ei_class: int, ehdr: Ehdr, objfile: str) -> tuple[Page, ...]\nRetrieve files from the debuggee's filesystem. Useful when debugging a remote process over SSH or similar, where e.g. /proc/FOO/maps is needed from the remote system.
Functions:
-
reset_remote_files\u2013 -
remote_files_dir\u2013 -
get_proc_exe_file\u2013Returns the local path to the debugged file name.
-
can_download_remote_file\u2013 -
get_file\u2013Downloads the specified file from the system where the current process is
-
get\u2013Retrieves the contents of the specified file on the system
-
readlink\u2013readlink(path) -> str
-
is_vfile_qemu_user_bug\u2013 -
vfile_readlink\u2013Reads the target of a symbolic link on the remote system.
-
vfile_readfile\u2013Reads the entire content of a file on the remote system.
-
vfile_open\u2013Opens a file on the remote system and returns the file descriptor.
-
gdb_memtox_inverse\u2013 -
vfile_pread\u2013Reads data from a file descriptor.
-
vfile_close\u2013Closes a previously opened file descriptor.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.remote_files_dir","title":"remote_files_dir","text":"reset_remote_files() -> None\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_proc_exe_file","title":"get_proc_exe_file","text":"remote_files_dir()\nget_proc_exe_file() -> str\nReturns the local path to the debugged file name.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.can_download_remote_file","title":"can_download_remote_file","text":"
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_file","title":"get_file","text":"can_download_remote_file() -> bool\nget_file(path: str, try_local_path: bool = False) -> str\nDownloads the specified file from the system where the current process is being debugged.
If the
pathis prefixed with \"target:\" the prefix is stripped (to support remote target paths properly).If the
try_local_pathis set toTrueand thepathexists locally and \"target:\" prefix is not present, it will return the local path instead of downloading the file.Returns:
-
str\u2013The local path to the file
get(path: str) -> bytes\nRetrieves the contents of the specified file on the system where the current process is being debugged.
Returns:
-
bytes\u2013A byte array, or None.
readlink(path: str) -> str\nreadlink(path) -> str
Read the link specified by 'path' on the system being debugged.
Handles local, qemu-usermode, and remote debugging cases.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.is_vfile_qemu_user_bug","title":"is_vfile_qemu_user_bug","text":"
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readlink","title":"vfile_readlink","text":"is_vfile_qemu_user_bug() -> bool\nvfile_readlink(pathname: str | bytes) -> bytes\nReads the target of a symbolic link on the remote system.
:param pathname: The path to the symbolic link (string). :param buffer_size: The size of the buffer to read into (integer). :return: The target of the symbolic link as a string.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readfile","title":"vfile_readfile","text":"vfile_readfile(filename: str, chunk_size=1000) -> Iterator[bytes]\nReads the entire content of a file on the remote system.
:param filename: The path to the file (string). :param chunk_size: The number of bytes to read in each iteration (integer). :return: The complete content of the file as bytes.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_open","title":"vfile_open","text":"vfile_open(filename: str, flags: int, mode: int) -> int\nOpens a file on the remote system and returns the file descriptor.
:param filename: The path to the file (string). :param flags: Flags passed to the open call (integer, base 16). These correspond to the constant values in the enum
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.gdb_memtox_inverse","title":"gdb_memtox_inverse","text":"OpenOptionsfrom LLDB\u2019sFile.h, not the traditionalopen(2)flags. :param mode: Mode bits for the file (integer, base 16). :return: File descriptor (integer), or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_pread","title":"vfile_pread","text":"gdb_memtox_inverse(data: bytes) -> bytes\nvfile_pread(fd: int, size: int, offset: int) -> tuple[int, bytes]\nReads data from a file descriptor.
:param fd: File descriptor (integer). :param size: Number of bytes to read (integer, base 16). :param offset: Offset in the file to start reading from (integer, base 16). :return: Tuple of (bytes_read, data) where bytes_read is an integer and data is the binary data.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_close","title":"vfile_close","text":"vfile_close(fd)\nCloses a previously opened file descriptor.
:param fd: File descriptor (integer). :return: None, or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/godbg/","title":"pwndbg.aglib.godbg","text":""},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg","title":"godbg","text":"Classes:
-
FormatOpts\u2013 -
Type\u2013 -
GoTypeKind\u2013 -
GoTypeMeta\u2013 -
BackrefType\u2013A temporary placeholder type used when dumping recursive types, e.g. type a []a
-
BasicType\u2013A primitive Go type.
-
SliceType\u2013A slice type in Go, notated as []inner.
-
PointerType\u2013A pointer type in Go, notated as *inner.
-
ArrayType\u2013An array type in Go, notated as [count]inner.
-
MapType\u2013A map type in Go, notated as map[key]val.
-
StructType\u2013A struct type in Go, notated as struct(SIZE){FIELDS},
-
RuntimeType\u2013A value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS,
Functions:
-
word_size\u2013Gets the Go word size for the current architecture.
-
compute_offsets\u2013Given a list of (size, alignment) for struct field types,
-
compute_named_offsets\u2013Like compute_offsets, but takes in field names and returns a dictionary
-
load_uint\u2013 -
load_int\u2013 -
load_float\u2013 -
emit_warning\u2013 -
get_elf\u2013 -
read_buildversion\u2013Reads a Go runtime.buildVersion string to extract the version.
-
get_go_version\u2013Try to determine the Go version used to compile the binary.
-
get_type_start\u2013Given the address to a type, try to find the moduledata types section containing it.
-
read_varint_str\u2013Read a length-prefix string encoded with Go's variable length encoding.
-
read_type_name\u2013Reads a Go type name given the address to the name.
-
decode_runtime_type\u2013Decodes a runtime reflection type from memory, returning a (meta, type) tuplee.
-
parse_type\u2013
Attributes:
-
line_width\u2013 -
indent_amount\u2013 -
debug_color\u2013 -
hex_digits\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.indent_amount","title":"indent_amountline_width = add_param(\n \"go-dump-line-width\", 80, \"the soft line width for go-dump pretty printing\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.debug_color","title":"debug_colorindent_amount = add_param(\n \"go-dump-indent-amount\", 4, \"the indent amount for go-dump pretty printing\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.hex_digits","title":"hex_digitsdebug_color = add_color_param(\n \"go-dump-debug\",\n \"blue\",\n \"color for 'go-dump' command's debug info when --debug is specified\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts","title":"FormatOptshex_digits = set('0123456789abcdefABCDEFxX')\ndataclass","text":"FormatOpts(\n int_hex: bool = False,\n debug: bool = False,\n pretty: bool = False,\n float_decimals: int | None = None,\n)\nMethods:
-
fmt_int\u2013 -
fmt_float\u2013 -
fmt_str\u2013 -
fmt_bytes\u2013 -
fmt_debug\u2013 -
fmt_elems\u2013 -
fmt_ptr\u2013
Attributes:
-
int_hex(bool) \u2013 -
debug(bool) \u2013 -
pretty(bool) \u2013 -
float_decimals(int | None) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.debug","title":"debugint_hex: bool = False\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.pretty","title":"prettydebug: bool = False\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.float_decimals","title":"float_decimalspretty: bool = False\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_int","title":"fmt_int","text":"float_decimals: int | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_float","title":"fmt_float","text":"fmt_int(val: int) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_str","title":"fmt_str","text":"fmt_float(val: float) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_bytes","title":"fmt_bytes","text":"fmt_str(val: str) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_debug","title":"fmt_debug","text":"fmt_bytes(val: bytes) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_elems","title":"fmt_elems","text":"fmt_debug(val: str, default: str = '') -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_ptr","title":"fmt_ptr","text":"fmt_elems(elems: Iterable[str]) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type","title":"Typefmt_ptr(val: int) -> str\ndataclass","text":"Type(meta: GoTypeMeta | None)\nBases:
ABCMethods:
-
dump\u2013Dump a type from memory given an address and format.
-
size\u2013Returns the size of a type in bytes.
-
get_typename\u2013Returns the typename of a type. Should be reparsable via _parse_ty.
-
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata\u2013Returns a list of lines of additional metadata to dump from the
go-typecommand. -
__str__\u2013
Attributes:
-
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.dump","title":"dumpmeta: GoTypeMeta | None\nabstractmethod","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\nDump a type from memory given an address and format.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.size","title":"sizeabstractmethod","text":"size() -> int\nReturns the size of a type in bytes.
Used for computing array and struct layouts.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.get_typename","title":"get_typenameabstractmethod","text":"get_typename() -> str\nReturns the typename of a type. Should be reparsable via _parse_ty.
Also used to get the string representation.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\nReturns a list of lines of additional metadata to dump from the
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.__str__","title":"__str__","text":"go-typecommand.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind","title":"GoTypeKind","text":"__str__() -> str\nBases:
IntEnumMethods:
-
get_simple_name\u2013
Attributes:
-
INVALID\u2013 -
BOOL\u2013 -
INT\u2013 -
INT8\u2013 -
INT16\u2013 -
INT32\u2013 -
INT64\u2013 -
UINT\u2013 -
UINT8\u2013 -
UINT16\u2013 -
UINT32\u2013 -
UINT64\u2013 -
UINTPTR\u2013 -
FLOAT32\u2013 -
FLOAT64\u2013 -
COMPLEX64\u2013 -
COMPLEX128\u2013 -
ARRAY\u2013 -
CHAN\u2013 -
FUNC\u2013 -
INTERFACE\u2013 -
MAP\u2013 -
POINTER\u2013 -
SLICE\u2013 -
STRING\u2013 -
STRUCT\u2013 -
UNSAFEPOINTER\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.BOOL","title":"BOOLINVALID = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT","title":"INTBOOL = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT8","title":"INT8INT = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT16","title":"INT16INT8 = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT32","title":"INT32INT16 = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT64","title":"INT64INT32 = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT","title":"UINTINT64 = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT8","title":"UINT8UINT = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT16","title":"UINT16UINT8 = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT32","title":"UINT32UINT16 = 9\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT64","title":"UINT64UINT32 = 10\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINTPTR","title":"UINTPTRUINT64 = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT32","title":"FLOAT32UINTPTR = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT64","title":"FLOAT64FLOAT32 = 13\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX64","title":"COMPLEX64FLOAT64 = 14\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX128","title":"COMPLEX128COMPLEX64 = 15\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.ARRAY","title":"ARRAYCOMPLEX128 = 16\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.CHAN","title":"CHANARRAY = 17\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FUNC","title":"FUNCCHAN = 18\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INTERFACE","title":"INTERFACEFUNC = 19\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.MAP","title":"MAPINTERFACE = 20\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.POINTER","title":"POINTERMAP = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.SLICE","title":"SLICEPOINTER = 22\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRING","title":"STRINGSLICE = 23\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRUCT","title":"STRUCTSTRING = 24\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UNSAFEPOINTER","title":"UNSAFEPOINTERSTRUCT = 25\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.get_simple_name","title":"get_simple_name","text":"UNSAFEPOINTER = 26\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta","title":"GoTypeMetaget_simple_name() -> str | None\ndataclass","text":"GoTypeMeta(\n name: str,\n kind: GoTypeKind,\n addr: int,\n size: int = 0,\n align: int = 1,\n direct_iface: bool = False,\n)\nAttributes:
-
name(str) \u2013 -
kind(GoTypeKind) \u2013 -
addr(int) \u2013 -
size(int) \u2013 -
align(int) \u2013 -
direct_iface(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.kind","title":"kindname: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.addr","title":"addrkind: GoTypeKind\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.size","title":"sizeaddr: int\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.align","title":"alignsize: int = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.direct_iface","title":"direct_ifacealign: int = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType","title":"BackrefTypedirect_iface: bool = False\ndataclass","text":"BackrefType(meta: GoTypeMeta | None, key: int)\nBases:
TypeA temporary placeholder type used when dumping recursive types, e.g. type a []a
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata\u2013Returns a list of lines of additional metadata to dump from the
go-typecommand. -
__str__\u2013
Attributes:
-
key(int) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.meta","title":"metakey: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts())\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.is_cyclic","title":"is_cyclic","text":"get_typename() -> str\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\nReturns a list of lines of additional metadata to dump from the
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.__str__","title":"__str__","text":"go-typecommand.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType","title":"BasicType__str__() -> str\ndataclass","text":"BasicType(meta: GoTypeMeta | None, name: str, extra_meta: list[str] = list())\nBases:
TypeA primitive Go type.
Complex numbers are laid out as a real and imaginary part (both floats). Strings are laid out as a pointer and a length.
Methodless interfaces (the interface{} type) are denoted as any, and interfaces with methods are denoted as interface.
Function pointers are denoted as funcptr.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
__post_init__\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
name(str) \u2013 -
sz(int) \u2013 -
extra_meta(list[str]) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.sz","title":"szname: str\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.extra_meta","title":"extra_metasz: int = field(init=False)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.meta","title":"metaextra_meta: list[str] = field(default_factory=list)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__post_init__","title":"__post_init__","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.is_cyclic","title":"is_cyclic","text":"__post_init__() -> None\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType","title":"SliceType__str__() -> str\ndataclass","text":"SliceType(meta: GoTypeMeta | None, inner: Type)\nBases:
TypeA slice type in Go, notated as []inner.
Slices are laid out as a pointer, length, and capacity.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
inner(Type) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.meta","title":"metainner: Type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.is_cyclic","title":"is_cyclic","text":"additional_metadata() -> list[str]\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType","title":"PointerType__str__() -> str\ndataclass","text":"PointerType(meta: GoTypeMeta | None, inner: Type)\nBases:
TypeA pointer type in Go, notated as *inner.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
inner(Type) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.meta","title":"metainner: Type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.is_cyclic","title":"is_cyclic","text":"additional_metadata() -> list[str]\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType","title":"ArrayType__str__() -> str\ndataclass","text":"ArrayType(meta: GoTypeMeta | None, inner: Type, count: int)\nBases:
TypeAn array type in Go, notated as [count]inner.
Arrays are laid out as contiguous data.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
inner(Type) \u2013 -
count(int) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.count","title":"countinner: Type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.meta","title":"metacount: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.is_cyclic","title":"is_cyclic","text":"additional_metadata() -> list[str]\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType","title":"MapType__str__() -> str\ndataclass","text":"MapType(meta: GoTypeMeta | None, key: Type, val: Type)\nBases:
TypeA map type in Go, notated as map[key]val.
Note that maps in Go are actually pointers to the inner map, but the map type printer here directly prints the inner map.
Maps don't have a simple layout, and may reasonably change, but the last change was in 2017, so it probably won't.
The layout assumed is as follows (taken from src/runtime/map.go commit 1b4f1dc):
type hmap struct { count int flags uint8 B uint8 noverflow uint16 hash0 uint32 buckets unsafe.Pointer oldbuckets unsafe.Pointer nevacuate uintptr extra *mapextra }
Methods:
-
field_offsets\u2013 -
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
key(Type) \u2013 -
val(Type) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.val","title":"valkey: Type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.meta","title":"metaval: Type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets","title":"field_offsetsmeta: GoTypeMeta | None\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.dump","title":"dump","text":"field_offsets() -> dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.is_cyclic","title":"is_cyclic","text":"additional_metadata() -> list[str]\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType","title":"StructType__str__() -> str\ndataclass","text":"StructType(\n meta: GoTypeMeta | None,\n fields: list[tuple[str, str | Type, int]],\n sz: int,\n name: str | None = None,\n)\nBases:
TypeA struct type in Go, notated as struct(SIZE){FIELDS}, where SIZE is the size of the struct in bytes, and FIELDS is a semicolon-separated list of OFFSET:NAME:TYPE fields.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
additional_metadata\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
__str__\u2013
Attributes:
-
fields(list[tuple[str, str | Type, int]]) \u2013 -
sz(int) \u2013 -
name(str | None) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.sz","title":"szfields: list[tuple[str, str | Type, int]]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.name","title":"namesz: int\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.meta","title":"metaname: str | None = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.additional_metadata","title":"additional_metadata","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.is_cyclic","title":"is_cyclic","text":"additional_metadata() -> list[str]\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.__str__","title":"__str__","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType","title":"RuntimeType__str__() -> str\ndataclass","text":"RuntimeType(meta: GoTypeMeta | None, sz: int, addr: int)\nBases:
TypeA value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS, where SIZE is the size of the type's value in bytes, and ADDRESS is the address of the type.
This type is useful for serializing cyclic types.
Methods:
-
dump\u2013 -
size\u2013 -
get_typename\u2013 -
is_cyclic\u2013Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata\u2013Returns a list of lines of additional metadata to dump from the
go-typecommand. -
__str__\u2013
Attributes:
-
sz(int) \u2013 -
addr(int) \u2013 -
meta(GoTypeMeta | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.addr","title":"addrsz: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.meta","title":"metaaddr: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.dump","title":"dump","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.size","title":"size","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.get_typename","title":"get_typename","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.is_cyclic","title":"is_cyclic","text":"get_typename() -> str\nis_cyclic() -> bool\nChecks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\nReturns a list of lines of additional metadata to dump from the
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.__str__","title":"__str__","text":"go-typecommand.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.word_size","title":"word_size","text":"__str__() -> str\nword_size() -> int\nGets the Go word size for the current architecture.
Values taken from https://github.com/golang/go/blob/20b79fd5775c39061d949569743912ad5e58b0e7/src/go/types/sizes.go#L233-L252
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_offsets","title":"compute_offsets","text":"compute_offsets(fields: Iterable[tuple[int, int]]) -> list[int]\nGiven a list of (size, alignment) for struct field types, returns a list of field offsets for the struct. The last element will be the offset of the struct's end (the struct size).
Layout computation taken from src/go/types/sizes.go commit 1b4f1dc
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_named_offsets","title":"compute_named_offsets","text":"compute_named_offsets(fields: Iterable[tuple[str, int, int]]) -> dict[str, int]\nLike compute_offsets, but takes in field names and returns a dictionary mapping field name to offset instead.
Also maps in a special $size field with the size of the struct.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_uint","title":"load_uint","text":"
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_int","title":"load_int","text":"load_uint(data: bytes, endian: Literal['little', 'big'] | None = None) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_float","title":"load_float","text":"load_int(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.emit_warning","title":"emit_warning","text":"load_float(data: bytes) -> float\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_elf","title":"get_elf","text":"emit_warning(msg: str)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_buildversion","title":"read_buildversion","text":"get_elf() -> ELFInfo | None\nread_buildversion(addr: int) -> str\nReads a Go runtime.buildVersion string to extract the version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_go_version","title":"get_go_version","text":"get_go_version() -> tuple[int, ...] | None\nTry to determine the Go version used to compile the binary.
None can be returned if the version couldn't be inferred, at which point it's probably best to assume latest version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_type_start","title":"get_type_start","text":"get_type_start(addr: int | None = None) -> int | None\nGiven the address to a type, try to find the moduledata types section containing it.
Necessary to determine the base address that the type name is offset by.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_varint_str","title":"read_varint_str","text":"read_varint_str(addr: int) -> bytes\nRead a length-prefix string encoded with Go's variable length encoding.
Implementation taken from https://github.com/golang/go/blob/9d33956503c0d96c0c5666d374173f7ac9756d98/src/internal/abi/type.go#L640-L649
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_type_name","title":"read_type_name","text":"read_type_name(addr: int) -> bytes\nReads a Go type name given the address to the name.
Go type names are stored as a 1 byte bitfield followed by a varint length prefixed string after 1.17.
Prior to 1.17, they were stored as a 1 byte bitfield followed by a 2 byte length prefixed string.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.decode_runtime_type","title":"decode_runtime_type","text":"decode_runtime_type(\n addr: int, keep_backrefs: bool = False\n) -> tuple[GoTypeMeta, Type | None]\nDecodes a runtime reflection type from memory, returning a (meta, type) tuplee.
The layout assumed is as follows (taken from src/internal/abi/type.go commit 1b4f1dc):
type Type struct { Size_ uintptr PtrBytes uintptr Hash uint32 TFlag TFlag Align_ uint8 FieldAlign_ uint8 Kind_ Kind Equal func(unsafe.Pointer, unsafe.Pointer) bool GCData *byte Str NameOff PtrToThis TypeOff }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.parse_type","title":"parse_type","text":"
"},{"location":"reference/pwndbg/aglib/heap/","title":"pwndbg.aglib.heap","text":""},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap","title":"heap","text":"parse_type(ty: str) -> Type\nModules:
-
heap\u2013 -
jemalloc\u2013 -
ptmalloc\u2013 -
structs\u2013
Functions:
-
add_heap_param\u2013 -
update\u2013 -
reset\u2013 -
resolve_heap\u2013
Attributes:
-
current(MemoryAllocator | None) \u2013 -
main_arena\u2013 -
thread_arena\u2013 -
mp_\u2013 -
tcache\u2013 -
global_max_fast\u2013 -
symbol_list\u2013 -
heap_chain_limit\u2013 -
heap_corruption_check_limit\u2013 -
resolve_heap_via_heuristic\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.main_arena","title":"main_arenacurrent: MemoryAllocator | None = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.thread_arena","title":"thread_arenamain_arena = add_heap_param('main-arena', '0', 'the address of main_arena')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.mp_","title":"mp_thread_arena = add_heap_param(\n \"thread-arena\", \"0\", \"the address pointed by thread_arena\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.tcache","title":"tcachemp_ = add_heap_param('mp', '0', 'the address of mp_')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.global_max_fast","title":"global_max_fasttcache = add_heap_param('tcache', '0', 'the address pointed by tcache')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.symbol_list","title":"symbol_listglobal_max_fast = add_heap_param(\n \"global-max-fast\", \"0\", \"the address of global_max_fast\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_chain_limit","title":"heap_chain_limitsymbol_list = [main_arena, thread_arena, mp_, tcache, global_max_fast]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_corruption_check_limit","title":"heap_corruption_check_limitheap_chain_limit = add_heap_param(\n \"heap-dereference-limit\",\n 8,\n \"number of chunks to dereference in each bin\",\n param_class=PARAM_UINTEGER,\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap_via_heuristic","title":"resolve_heap_via_heuristicheap_corruption_check_limit = add_heap_param(\n \"heap-corruption-check-limit\",\n 64,\n \"amount of chunks to traverse for the bin corruption check\",\n param_class=PARAM_UINTEGER,\n help_docstring=\"\\nThe bins are traversed both forwards and backwards.\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.add_heap_param","title":"add_heap_param","text":"resolve_heap_via_heuristic = add_heap_param(\n \"resolve-heap-via-heuristic\",\n \"auto\",\n \"the strategy to resolve heap via heuristic\",\n help_docstring=\"resolve-heap-via-heuristic can be:\\nauto - pwndbg will try to use heuristics if debug symbols are missing\\nforce - pwndbg will always try to use heuristics, even if debug symbols are available\\nnever - pwndbg will never use heuristics to resolve the heap\\n\\nIf the output of the heap related command produces errors with heuristics, you can try manually setting the libc symbol addresses.\\nFor this, see the `heap_config` command output and set the `main_arena`, `mp_`, `global_max_fast`, `tcache` and `thread_arena` addresses.\\n\\nNote: pwndbg will generate more reliable results with proper debug symbols.\\nTherefore, when debug symbols are missing, you should try to install them first if you haven't already.\\n\\nThey can probably be installed via the package manager of your choice.\\nSee also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html\\n\\nE.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and 32-bit binaries):\\nsudo apt-get install libc6-dbg\\nsudo dpkg --add-architecture i386\\nsudo apt-get install libc-dbg:i386\\n\\nIf you used setup.sh on Arch based distro you'll need to do a power cycle or set environment variable manually like this: export DEBUGINFOD_URLS=https://debuginfod.archlinux.org\\n\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"auto\", \"force\", \"never\"],\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.update","title":"update","text":"add_heap_param(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.reset","title":"reset","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap","title":"resolve_heap","text":"reset() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/heap/","title":"pwndbg.aglib.heap.heap","text":""},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap","title":"heap","text":"resolve_heap(is_first_run: bool = False) -> None\nClasses:
-
MemoryAllocator\u2013Heap abstraction layer.
Heap abstraction layer.
Methods:
-
summarize\u2013Returns a textual summary of the specified address.
-
containing\u2013Returns the address of the allocation which contains 'address'.
-
is_initialized\u2013Returns whether the allocator is initialized or not.
-
libc_has_debug_syms\u2013Returns whether the libc has debug symbols or not.
summarize(address: int, **kwargs: Any) -> str\nReturns a textual summary of the specified address.
Parameters:
-
address(int) \u2013Address of the heap block to summarize.
Returns:
-
str\u2013A string.
containing(address: int) -> int\nReturns the address of the allocation which contains 'address'.
Parameters:
-
address(int) \u2013Address to look up.
Returns:
-
int\u2013An integer.
is_initialized() -> bool\nReturns whether the allocator is initialized or not.
Returns:
-
bool\u2013A boolean.
libc_has_debug_syms() -> bool\nReturns whether the libc has debug symbols or not.
Returns:
-
bool\u2013A boolean.
Classes:
-
RTree\u2013RTree is used by jemalloc to keep track of extents that are allocated by jemalloc.
-
Extent\u2013Concept of extent (edata) is similar to chunk in glibc malloc but allocation algorithm differs a lot.
Functions:
-
mask\u2013 -
lg_floor_1\u2013 -
lg_floor_2\u2013 -
lg_floor_4\u2013 -
lg_floor_8\u2013 -
lg_floor_16\u2013 -
lg_floor_32\u2013 -
lg_floor_64\u2013 -
lg_floor\u2013 -
lg_ceil\u2013
Attributes:
-
LG_VADDR\u2013 -
LG_PAGE\u2013 -
MALLOCX_ARENA_BITS\u2013 -
LG_SIZEOF_PTR\u2013 -
RTREE_NHIB\u2013 -
RTREE_NLIB\u2013 -
RTREE_NSB\u2013 -
RTREE_HEIGHT\u2013 -
LG_QUANTUM\u2013 -
SC_LG_TINY_MIN\u2013 -
SC_NTINY\u2013 -
SC_LG_NGROUP\u2013 -
SC_NGROUP\u2013 -
SC_NPSEUDO\u2013 -
SC_PTR_BITS\u2013 -
SC_LG_BASE_MAX\u2013 -
SC_LG_FIRST_REGULAR_BASE\u2013 -
SC_NREGULAR\u2013 -
SC_NSIZES\u2013 -
SC_LG_SLAB_MAXREGS\u2013 -
EDATA_BITS_ARENA_WIDTH\u2013 -
EDATA_BITS_ARENA_SHIFT\u2013 -
EDATA_BITS_ARENA_MASK\u2013 -
EDATA_BITS_SLAB_WIDTH\u2013 -
EDATA_BITS_SLAB_SHIFT\u2013 -
EDATA_BITS_SLAB_MASK\u2013 -
EDATA_BITS_COMMITTED_WIDTH\u2013 -
EDATA_BITS_COMMITTED_SHIFT\u2013 -
EDATA_BITS_COMMITTED_MASK\u2013 -
EDATA_BITS_PAI_WIDTH\u2013 -
EDATA_BITS_PAI_SHIFT\u2013 -
EDATA_BITS_PAI_MASK\u2013 -
EDATA_BITS_ZEROED_WIDTH\u2013 -
EDATA_BITS_ZEROED_SHIFT\u2013 -
EDATA_BITS_ZEROED_MASK\u2013 -
EDATA_BITS_GUARDED_WIDTH\u2013 -
EDATA_BITS_GUARDED_SHIFT\u2013 -
EDATA_BITS_GUARDED_MASK\u2013 -
EDATA_BITS_STATE_WIDTH\u2013 -
EDATA_BITS_STATE_SHIFT\u2013 -
EDATA_BITS_STATE_MASK\u2013 -
EDATA_BITS_SZIND_WIDTH\u2013 -
EDATA_BITS_SZIND_SHIFT\u2013 -
EDATA_BITS_SZIND_MASK\u2013 -
EDATA_BITS_NFREE_WIDTH\u2013 -
EDATA_BITS_NFREE_SHIFT\u2013 -
EDATA_BITS_NFREE_MASK\u2013 -
EDATA_BITS_BINSHARD_WIDTH\u2013 -
EDATA_BITS_BINSHARD_SHIFT\u2013 -
EDATA_BITS_BINSHARD_MASK\u2013 -
EDATA_BITS_IS_HEAD_WIDTH\u2013 -
EDATA_BITS_IS_HEAD_SHIFT\u2013 -
EDATA_BITS_IS_HEAD_MASK\u2013 -
rtree_levels\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_PAGE","title":"LG_PAGELG_VADDR = 48\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.MALLOCX_ARENA_BITS","title":"MALLOCX_ARENA_BITSLG_PAGE = 12\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_SIZEOF_PTR","title":"LG_SIZEOF_PTRMALLOCX_ARENA_BITS = 12\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NHIB","title":"RTREE_NHIBLG_SIZEOF_PTR = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NLIB","title":"RTREE_NLIBRTREE_NHIB = 1 << LG_SIZEOF_PTR + 3 - LG_VADDR\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NSB","title":"RTREE_NSBRTREE_NLIB = LG_PAGE\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_HEIGHT","title":"RTREE_HEIGHTRTREE_NSB = LG_VADDR - RTREE_NLIB\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_QUANTUM","title":"LG_QUANTUMRTREE_HEIGHT = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_TINY_MIN","title":"SC_LG_TINY_MINLG_QUANTUM = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NTINY","title":"SC_NTINYSC_LG_TINY_MIN = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_NGROUP","title":"SC_LG_NGROUPSC_NTINY = LG_QUANTUM - SC_LG_TINY_MIN\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NGROUP","title":"SC_NGROUPSC_LG_NGROUP = 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NPSEUDO","title":"SC_NPSEUDOSC_NGROUP = 1 << SC_LG_NGROUP\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_PTR_BITS","title":"SC_PTR_BITSSC_NPSEUDO = SC_NGROUP\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_BASE_MAX","title":"SC_LG_BASE_MAXSC_PTR_BITS = 1 << LG_SIZEOF_PTR * 8\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_FIRST_REGULAR_BASE","title":"SC_LG_FIRST_REGULAR_BASESC_LG_BASE_MAX = SC_PTR_BITS - 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NREGULAR","title":"SC_NREGULARSC_LG_FIRST_REGULAR_BASE = LG_QUANTUM + SC_LG_NGROUP\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NSIZES","title":"SC_NSIZESSC_NREGULAR = SC_NGROUP * SC_LG_BASE_MAX - SC_LG_FIRST_REGULAR_BASE + 1 - 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_SLAB_MAXREGS","title":"SC_LG_SLAB_MAXREGSSC_NSIZES = SC_NTINY + SC_NPSEUDO + SC_NREGULAR\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_WIDTH","title":"EDATA_BITS_ARENA_WIDTHSC_LG_SLAB_MAXREGS = LG_PAGE - SC_LG_TINY_MIN\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_SHIFT","title":"EDATA_BITS_ARENA_SHIFTEDATA_BITS_ARENA_WIDTH = MALLOCX_ARENA_BITS\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_MASK","title":"EDATA_BITS_ARENA_MASKEDATA_BITS_ARENA_SHIFT = 0\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_WIDTH","title":"EDATA_BITS_SLAB_WIDTHEDATA_BITS_ARENA_MASK = mask(EDATA_BITS_ARENA_WIDTH, EDATA_BITS_ARENA_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_SHIFT","title":"EDATA_BITS_SLAB_SHIFTEDATA_BITS_SLAB_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_MASK","title":"EDATA_BITS_SLAB_MASKEDATA_BITS_SLAB_SHIFT = EDATA_BITS_ARENA_WIDTH + EDATA_BITS_ARENA_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_WIDTH","title":"EDATA_BITS_COMMITTED_WIDTHEDATA_BITS_SLAB_MASK = mask(EDATA_BITS_SLAB_WIDTH, EDATA_BITS_SLAB_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_SHIFT","title":"EDATA_BITS_COMMITTED_SHIFTEDATA_BITS_COMMITTED_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_MASK","title":"EDATA_BITS_COMMITTED_MASKEDATA_BITS_COMMITTED_SHIFT = EDATA_BITS_SLAB_WIDTH + EDATA_BITS_SLAB_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_WIDTH","title":"EDATA_BITS_PAI_WIDTHEDATA_BITS_COMMITTED_MASK = mask(\n EDATA_BITS_COMMITTED_WIDTH, EDATA_BITS_COMMITTED_SHIFT\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_SHIFT","title":"EDATA_BITS_PAI_SHIFTEDATA_BITS_PAI_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_MASK","title":"EDATA_BITS_PAI_MASKEDATA_BITS_PAI_SHIFT = EDATA_BITS_COMMITTED_WIDTH + EDATA_BITS_COMMITTED_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_WIDTH","title":"EDATA_BITS_ZEROED_WIDTHEDATA_BITS_PAI_MASK = mask(EDATA_BITS_PAI_WIDTH, EDATA_BITS_PAI_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_SHIFT","title":"EDATA_BITS_ZEROED_SHIFTEDATA_BITS_ZEROED_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_MASK","title":"EDATA_BITS_ZEROED_MASKEDATA_BITS_ZEROED_SHIFT = EDATA_BITS_PAI_WIDTH + EDATA_BITS_PAI_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_WIDTH","title":"EDATA_BITS_GUARDED_WIDTHEDATA_BITS_ZEROED_MASK = mask(EDATA_BITS_ZEROED_WIDTH, EDATA_BITS_ZEROED_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_SHIFT","title":"EDATA_BITS_GUARDED_SHIFTEDATA_BITS_GUARDED_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_MASK","title":"EDATA_BITS_GUARDED_MASKEDATA_BITS_GUARDED_SHIFT = EDATA_BITS_ZEROED_WIDTH + EDATA_BITS_ZEROED_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_WIDTH","title":"EDATA_BITS_STATE_WIDTHEDATA_BITS_GUARDED_MASK = mask(\n EDATA_BITS_GUARDED_WIDTH, EDATA_BITS_GUARDED_SHIFT\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_SHIFT","title":"EDATA_BITS_STATE_SHIFTEDATA_BITS_STATE_WIDTH = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_MASK","title":"EDATA_BITS_STATE_MASKEDATA_BITS_STATE_SHIFT = EDATA_BITS_GUARDED_WIDTH + EDATA_BITS_GUARDED_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_WIDTH","title":"EDATA_BITS_SZIND_WIDTHEDATA_BITS_STATE_MASK = mask(EDATA_BITS_STATE_WIDTH, EDATA_BITS_STATE_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_SHIFT","title":"EDATA_BITS_SZIND_SHIFTEDATA_BITS_SZIND_WIDTH = lg_ceil(SC_NSIZES)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_MASK","title":"EDATA_BITS_SZIND_MASKEDATA_BITS_SZIND_SHIFT = EDATA_BITS_STATE_WIDTH + EDATA_BITS_STATE_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_WIDTH","title":"EDATA_BITS_NFREE_WIDTHEDATA_BITS_SZIND_MASK = mask(EDATA_BITS_SZIND_WIDTH, EDATA_BITS_SZIND_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_SHIFT","title":"EDATA_BITS_NFREE_SHIFTEDATA_BITS_NFREE_WIDTH = SC_LG_SLAB_MAXREGS + 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_MASK","title":"EDATA_BITS_NFREE_MASKEDATA_BITS_NFREE_SHIFT = EDATA_BITS_SZIND_WIDTH + EDATA_BITS_SZIND_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_WIDTH","title":"EDATA_BITS_BINSHARD_WIDTHEDATA_BITS_NFREE_MASK = mask(EDATA_BITS_NFREE_WIDTH, EDATA_BITS_NFREE_SHIFT)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_SHIFT","title":"EDATA_BITS_BINSHARD_SHIFTEDATA_BITS_BINSHARD_WIDTH = 6\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_MASK","title":"EDATA_BITS_BINSHARD_MASKEDATA_BITS_BINSHARD_SHIFT = EDATA_BITS_NFREE_WIDTH + EDATA_BITS_NFREE_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_WIDTH","title":"EDATA_BITS_IS_HEAD_WIDTHEDATA_BITS_BINSHARD_MASK = mask(\n EDATA_BITS_BINSHARD_WIDTH, EDATA_BITS_BINSHARD_SHIFT\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_SHIFT","title":"EDATA_BITS_IS_HEAD_SHIFTEDATA_BITS_IS_HEAD_WIDTH = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_MASK","title":"EDATA_BITS_IS_HEAD_MASKEDATA_BITS_IS_HEAD_SHIFT = EDATA_BITS_BINSHARD_WIDTH + EDATA_BITS_BINSHARD_SHIFT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.rtree_levels","title":"rtree_levelsEDATA_BITS_IS_HEAD_MASK = mask(\n EDATA_BITS_IS_HEAD_WIDTH, EDATA_BITS_IS_HEAD_SHIFT\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree","title":"RTree","text":"rtree_levels = [\n [{\"bits\": RTREE_NSB, \"cumbits\": RTREE_NHIB + RTREE_NSB}],\n [\n {\"bits\": RTREE_NSB // 2, \"cumbits\": RTREE_NHIB + RTREE_NSB // 2},\n {\n \"bits\": RTREE_NSB // 2 + RTREE_NSB % 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB,\n },\n ],\n [\n {\"bits\": RTREE_NSB // 3, \"cumbits\": RTREE_NHIB + RTREE_NSB // 3},\n {\n \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 // 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB // 3 * 2 + RTREE_NSB % 3 // 2,\n },\n {\n \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 - RTREE_NSB % 3 // 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB,\n },\n ],\n]\nRTree(addr: int)\nRTree is used by jemalloc to keep track of extents that are allocated by jemalloc. Since extent data is not stored in a doubly linked list, rtree is used to find the extent belonging to a pointer that is being freed. Implementation of rtree is similar to Linux Radix tree: https://lwn.net/Articles/175432/
Methods:
-
get_rtree\u2013 -
lookup_hard\u2013Lookup the key in the rtree and return the value.
Attributes:
-
root\u2013 -
extents\u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.extents","title":"extentsroot\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.get_rtree","title":"get_rtreeextents\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leaf_maskbits","title":"__rtree_leaf_maskbits","text":"get_rtree() -> RTree\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leafkey","title":"__rtree_leafkey","text":"__rtree_leaf_maskbits(level)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__subkey","title":"__subkey","text":"__rtree_leafkey(key: int, level: int) -> int\n__subkey(key: int, level: int) -> int\nReturn a portion of the key that is used to find the node/leaf in the rtree at a specific level. Source: https://github.com/jemalloc/jemalloc/blob/5b72ac098abce464add567869d082f2097bd59a2/include/jemalloc/internal/rtree.h#L161
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__alignment_addr2base","title":"__alignment_addr2basestaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.lookup_hard","title":"lookup_hard","text":"__alignment_addr2base(addr, alignment=64)\nlookup_hard(key: int)\nLookup the key in the rtree and return the value.
How it works: - Jemalloc stores the extent address in the rtree as a node and to find a specific node we need a address key.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent","title":"Extent","text":"Extent(addr: int)\nConcept of extent (edata) is similar to chunk in glibc malloc but allocation algorithm differs a lot. - Extents are used to manage memory blocks (including jemalloc metadata) where extents sizes can vary but each block is always a multiple of the page size. - jemalloc will either allocate one large class request or multiple small class request (called slab) depending on request size. - Unlike chunks in glibc malloc, extents are not doubly linked list but are managed using rtree. - This tree is mostly used during deallocation to find the extent belonging to a pointer that is being freed. - Extents are also not stored as a header structure but externally (therefore extent metadata and actually mapped data may be very far apart).
Attributes:
-
size\u2013May be larger in case of large size class allocation when cache_oblivious is enabled.
-
extent_address(int) \u2013Address of the extent data structure (not the actual memory).
-
allocated_address(int) \u2013Starting address of allocated memory
-
bsize(int) \u2013 -
bits(int) \u2013 -
bitfields(dict[str, int]) \u2013Extract bitfields
-
state_name(str) \u2013 -
has_slab(bool) \u2013Returns True if the extent is used for small size classes.
-
is_free(bool) \u2013Returns True if the extent is free.
-
pai(str) \u2013Page Allocator Interface
property","text":"size\nMay be larger in case of large size class allocation when cache_oblivious is enabled.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.extent_address","title":"extent_addressproperty","text":"extent_address: int\nAddress of the extent data structure (not the actual memory).
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.allocated_address","title":"allocated_addressproperty","text":"allocated_address: int\nStarting address of allocated memory cache-oblivious large allocation alignment: When a large class allocation is made, jemalloc selects the closest size class that can fit the request and allocates that size + 4 KiB (0x1000). However, the pointer returned to user is randomized between the 'base' and 'base + 4 KiB' (0x1000) range. Source code: https://github.com/jemalloc/jemalloc/blob/a25b9b8ba91881964be3083db349991bbbbf1661/include/jemalloc/internal/arena_inlines_b.h#L505
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bsize","title":"bsizeproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bits","title":"bitsbsize: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bitfields","title":"bitfieldsbits: int\nproperty","text":"bitfields: dict[str, int]\nExtract bitfields
arena_ind: Arena from which this extent came, or all 1 bits if unassociated. slab: The slab flag indicates whether the extent is used for a slab of small regions. This helps differentiate small size classes, and it indicates whether interior pointers can be looked up via iealloc(). committed: The committed flag indicates whether physical memory is committed to the extent, whether explicitly or implicitly as on a system that overcommits and satisfies physical memory needs on demand via soft page faults. pai: The pai flag is an extent_pai_t. zeroed: The zeroed flag is used by extent recycling code to track whether memory is zero-filled. guarded: The guarded flag is used by the sanitizer to track whether the extent has page guards around it. state: The state flag is an extent_state_t. szind: The szind flag indicates usable size class index for allocations residing in this extent, regardless of whether the extent is a slab. Extent size and usable size often differ even for non-slabs, either due to sz_large_pad or promotion of sampled small regions. nfree: Number of free regions in slab. bin_shard: The shard of the bin from which this extent came.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.state_name","title":"state_nameproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.has_slab","title":"has_slabstate_name: str\nproperty","text":"has_slab: bool\nReturns True if the extent is used for small size classes. Reference for size in Table 1 at https://jemalloc.net/jemalloc.3.html At time of writing, allocations <= 0x3800 are considered as small allocations and has slabs.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.is_free","title":"is_freeproperty","text":"is_free: bool\nReturns True if the extent is free.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.pai","title":"paiproperty","text":"pai: str\nPage Allocator Interface
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.mask","title":"mask","text":"
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_1","title":"lg_floor_1","text":"mask(current_field_width, current_field_shift)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_2","title":"lg_floor_2","text":"lg_floor_1(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_4","title":"lg_floor_4","text":"lg_floor_2(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_8","title":"lg_floor_8","text":"lg_floor_4(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_16","title":"lg_floor_16","text":"lg_floor_8(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_32","title":"lg_floor_32","text":"lg_floor_16(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_64","title":"lg_floor_64","text":"lg_floor_32(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor","title":"lg_floor","text":"lg_floor_64(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_ceil","title":"lg_ceil","text":"lg_floor(x)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/","title":"pwndbg.aglib.heap.ptmalloc","text":""},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc","title":"ptmalloc","text":"lg_ceil(x)\nClasses:
-
BinType\u2013 -
Bin\u2013 -
Bins\u2013 -
ChunkField\u2013 -
Chunk\u2013 -
Heap\u2013 -
Arena\u2013 -
GlibcMemoryAllocator\u2013 -
DebugSymsHeap\u2013 -
SymbolUnresolvableError\u2013 -
HeuristicHeap\u2013
Functions:
-
heap_for_ptr\u2013Round a pointer to a chunk down to find its corresponding heap_info
-
fetch_chunk_metadata\u2013
Attributes:
-
PREV_INUSE\u2013 -
IS_MMAPPED\u2013 -
NON_MAIN_ARENA\u2013 -
SIZE_BITS\u2013 -
NONCONTIGUOUS_BIT\u2013 -
TheType\u2013 -
TheValue\u2013 -
HEAP_MAX_SIZE(int) \u2013 -
NBINS\u2013 -
BINMAPSIZE\u2013 -
TCACHE_MAX_BINS\u2013 -
NFASTBINS\u2013 -
NSMALLBINS\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.IS_MMAPPED","title":"IS_MMAPPEDPREV_INUSE = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NON_MAIN_ARENA","title":"NON_MAIN_ARENAIS_MMAPPED = 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SIZE_BITS","title":"SIZE_BITSNON_MAIN_ARENA = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NONCONTIGUOUS_BIT","title":"NONCONTIGUOUS_BITSIZE_BITS = PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheType","title":"TheTypeNONCONTIGUOUS_BIT = 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheValue","title":"TheValueTheType = TypeVar('TheType', Type, Type[CStruct2GDB])\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HEAP_MAX_SIZE","title":"HEAP_MAX_SIZETheValue = TypeVar('TheValue', Value, CStruct2GDB)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NBINS","title":"NBINSHEAP_MAX_SIZE: int = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BINMAPSIZE","title":"BINMAPSIZENBINS = 128\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TCACHE_MAX_BINS","title":"TCACHE_MAX_BINSBINMAPSIZE = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NFASTBINS","title":"NFASTBINSTCACHE_MAX_BINS = 64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NSMALLBINS","title":"NSMALLBINSNFASTBINS = 10\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType","title":"BinType","text":"NSMALLBINS = 64\nBases:
str,EnumMethods:
-
valid_fields\u2013
Attributes:
-
TCACHE\u2013 -
FAST\u2013 -
SMALL\u2013 -
LARGE\u2013 -
UNSORTED\u2013 -
NOT_IN_BIN\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.FAST","title":"FASTTCACHE = 'tcachebins'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.SMALL","title":"SMALLFAST = 'fastbins'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.LARGE","title":"LARGESMALL = 'smallbins'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.UNSORTED","title":"UNSORTEDLARGE = 'largebins'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.NOT_IN_BIN","title":"NOT_IN_BINUNSORTED = 'unsortedbin'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.valid_fields","title":"valid_fields","text":"NOT_IN_BIN = 'not_in_bin'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin","title":"Bin","text":"valid_fields() -> list[str]\nBin(\n fd_chain: list[int],\n bk_chain: list[int] | None = None,\n count: int | None = None,\n is_corrupted: bool = False,\n)\nMethods:
-
contains_chunk\u2013 -
size_to_display_name\u2013
Attributes:
-
fd_chain\u2013 -
bk_chain\u2013 -
count\u2013 -
is_corrupted\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.bk_chain","title":"bk_chainfd_chain = fd_chain\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.count","title":"countbk_chain = bk_chain\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.is_corrupted","title":"is_corruptedcount = count\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.contains_chunk","title":"contains_chunk","text":"is_corrupted = is_corrupted\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.size_to_display_name","title":"size_to_display_namecontains_chunk(chunk: int) -> bool\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins","title":"Bins","text":"size_to_display_name(size: int | str) -> str\nBins(bin_type: BinType)\nMethods:
-
contains_chunk\u2013
Attributes:
-
bins(OrderedDict[int | str, Bin]) \u2013 -
bin_type\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.bin_type","title":"bin_typebins: OrderedDict[int | str, Bin] = OrderedDict()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.contains_chunk","title":"contains_chunk","text":"bin_type = bin_type\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField","title":"ChunkField","text":"contains_chunk(size: int, chunk: int)\nBases:
int,EnumAttributes:
-
PREV_SIZE\u2013 -
SIZE\u2013 -
FD\u2013 -
BK\u2013 -
FD_NEXTSIZE\u2013 -
BK_NEXTSIZE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.SIZE","title":"SIZEPREV_SIZE = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD","title":"FDSIZE = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK","title":"BKFD = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD_NEXTSIZE","title":"FD_NEXTSIZEBK = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK_NEXTSIZE","title":"BK_NEXTSIZEFD_NEXTSIZE = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk","title":"Chunk","text":"BK_NEXTSIZE = 6\nChunk(addr: int, heap: Heap | None = None, arena: Arena | None = None)\nMethods:
-
next_chunk\u2013 -
__contains__\u2013This allow us to avoid extra constructions like 'if start_addr <= ptr < end_addr', etc.
Attributes:
-
__slots__\u2013 -
address\u2013 -
prev_size(int | None) \u2013 -
size(int | None) \u2013 -
real_size(int | None) \u2013 -
flags(dict[str, bool] | None) \u2013 -
non_main_arena(bool | None) \u2013 -
is_mmapped(bool | None) \u2013 -
prev_inuse(bool | None) \u2013 -
fd\u2013 -
bk\u2013 -
fd_nextsize\u2013 -
bk_nextsize\u2013 -
heap(Heap) \u2013 -
arena(Arena | None) \u2013 -
is_top_chunk\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.address","title":"address__slots__ = (\n \"_gdbValue\",\n \"address\",\n \"_prev_size\",\n \"_size\",\n \"_real_size\",\n \"_flags\",\n \"_non_main_arena\",\n \"_is_mmapped\",\n \"_prev_inuse\",\n \"_fd\",\n \"_bk\",\n \"_fd_nextsize\",\n \"_bk_nextsize\",\n \"_heap\",\n \"_arena\",\n \"_is_top_chunk\",\n)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_size","title":"prev_sizeaddress = int(address)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.size","title":"sizeprev_size: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.real_size","title":"real_sizesize: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.flags","title":"flagsreal_size: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.non_main_arena","title":"non_main_arenaflags: dict[str, bool] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_mmapped","title":"is_mmappednon_main_arena: bool | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_inuse","title":"prev_inuseis_mmapped: bool | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd","title":"fdprev_inuse: bool | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk","title":"bkfd\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd_nextsize","title":"fd_nextsizebk\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk_nextsize","title":"bk_nextsizefd_nextsize\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.heap","title":"heapbk_nextsize\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.arena","title":"arenaheap: Heap\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_top_chunk","title":"is_top_chunkarena: Arena | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__match_renamed_field","title":"__match_renamed_field","text":"is_top_chunk\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.next_chunk","title":"next_chunk","text":"__match_renamed_field(field: str)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__contains__","title":"__contains__","text":"next_chunk()\n__contains__(addr: int) -> bool\nThis allow us to avoid extra constructions like 'if start_addr <= ptr < end_addr', etc.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap","title":"Heap","text":"Heap(addr: int, arena: Arena | None = None)\n1) main_arena - uses the sbrk heap 2) non-main arena - heap starts after its heap_info struct (and possibly an arena) 3) non-contiguous main_arena - just a memory region 4) no arena - for fake/mmapped chunks
Methods:
-
__iter__\u2013 -
__contains__\u2013 -
__str__\u2013
Attributes:
-
__slots__\u2013 -
arena\u2013 -
start(int) \u2013 -
end(int) \u2013 -
first_chunk\u2013 -
prev\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.arena","title":"arena__slots__ = (\n \"_gdbValue\",\n \"arena\",\n \"_memory_region\",\n \"start\",\n \"end\",\n \"_prev\",\n \"first_chunk\",\n)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.start","title":"startarena = main_arena if arena is None else arena\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.end","title":"endstart: int = start\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.first_chunk","title":"first_chunkend: int = end\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.prev","title":"prevfirst_chunk = Chunk(start)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__iter__","title":"__iter__","text":"prev\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__contains__","title":"__contains__","text":"__iter__()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__str__","title":"__str__","text":"__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena","title":"Arena","text":"__str__() -> str\nArena(addr: int)\nMethods:
-
fastbins\u2013 -
__str__\u2013
Attributes:
-
__slots__\u2013 -
address\u2013 -
is_main_arena(bool) \u2013 -
mutex(int | None) \u2013 -
flags(int | None) \u2013 -
non_contiguous(bool | None) \u2013 -
have_fastchunks(int | None) \u2013 -
top(int | None) \u2013 -
fastbinsY(list[int]) \u2013 -
bins(list[int]) \u2013 -
binmap(list[int]) \u2013 -
next(int | None) \u2013 -
next_free(int | None) \u2013 -
system_mem(int | None) \u2013 -
active_heap(Heap) \u2013 -
heaps\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.address","title":"address__slots__ = (\n \"_gdbValue\",\n \"address\",\n \"_is_main_arena\",\n \"_top\",\n \"_active_heap\",\n \"_heaps\",\n \"_mutex\",\n \"_flags\",\n \"_non_contiguous\",\n \"_have_fastchunks\",\n \"_fastbinsY\",\n \"_bins\",\n \"_binmap\",\n \"_next\",\n \"_next_free\",\n \"_system_mem\",\n)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.is_main_arena","title":"is_main_arenaaddress = int(address)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.mutex","title":"mutexis_main_arena: bool\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.flags","title":"flagsmutex: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.non_contiguous","title":"non_contiguousflags: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.have_fastchunks","title":"have_fastchunksnon_contiguous: bool | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.top","title":"tophave_fastchunks: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbinsY","title":"fastbinsYtop: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.bins","title":"binsfastbinsY: list[int]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.binmap","title":"binmapbins: list[int]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next","title":"nextbinmap: list[int]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next_free","title":"next_freenext: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.system_mem","title":"system_memnext_free: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.active_heap","title":"active_heapsystem_mem: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.heaps","title":"heapsactive_heap: Heap\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbins","title":"fastbins","text":"heaps\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.__str__","title":"__str__","text":"fastbins() -> Bins\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator","title":"GlibcMemoryAllocator","text":"__str__() -> str\nGlibcMemoryAllocator()\nBases:
MemoryAllocator,Generic[TheType, TheValue]Methods:
-
largebin_reverse_lookup\u2013Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index\u2013 -
can_be_resolved\u2013 -
has_tcache\u2013 -
chunk_flags\u2013 -
chunk_key_offset\u2013Find the index of a field in the malloc_chunk struct.
-
get_heap\u2013 -
get_tcache\u2013 -
get_sbrk_heap_region\u2013 -
get_region\u2013Find the memory map containing 'addr'.
-
get_bins\u2013 -
fastbin_index\u2013 -
fastbins\u2013Returns: chain or None
-
tcachebins\u2013Returns: tuple(chain, count) or None
-
check_chain_corrupted\u2013Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at\u2013Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin\u2013 -
smallbins\u2013 -
largebins\u2013 -
largebin_index_32\u2013Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big\u2013Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64\u2013Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index\u2013Pick the appropriate largebin_index_ function for this architecture.
-
is_initialized\u2013 -
is_statically_linked\u2013 -
libc_has_debug_syms\u2013The
struct malloc_chunkcomes from debugging symbols and it will not be there -
summarize\u2013Returns a textual summary of the specified address.
-
containing\u2013Returns the address of the allocation which contains 'address'.
Attributes:
-
largebin_reverse_lookup_32\u2013 -
largebin_reverse_lookup_32_big\u2013 -
largebin_reverse_lookup_64\u2013 -
main_arena(Arena | None) \u2013 -
arenas(tuple[Arena, ...]) \u2013Return a tuple of all current arenas.
-
thread_arena(Arena | None) \u2013 -
thread_cache(TheValue | None) \u2013 -
mp(TheValue | None) \u2013 -
global_max_fast(int | None) \u2013 -
heap_info(TheType | None) \u2013 -
malloc_chunk(TheType | None) \u2013 -
malloc_state(TheType | None) \u2013 -
tcache_perthread_struct(TheType | None) \u2013 -
tcache_entry(TheType | None) \u2013 -
mallinfo(TheType | None) \u2013 -
malloc_par(TheType | None) \u2013 -
malloc_alignment(int) \u2013Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz(int) \u2013Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask(int) \u2013Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize(int) \u2013Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size(int) \u2013Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded(bool) \u2013Is malloc operating within a multithreaded environment.
-
tcache_next_offset(int) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_biglargebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.main_arena","title":"main_arenalargebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.arenas","title":"arenasmain_arena: Arena | None\nproperty","text":"arenas: tuple[Arena, ...]\nReturn a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_arena","title":"thread_arenaproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_cache","title":"thread_cachethread_arena: Arena | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mp","title":"mpthread_cache: TheValue | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.global_max_fast","title":"global_max_fastmp: TheValue | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.heap_info","title":"heap_infoglobal_max_fast: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_chunk","title":"malloc_chunkheap_info: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_state","title":"malloc_statemalloc_chunk: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_perthread_struct","title":"tcache_perthread_structmalloc_state: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_entry","title":"tcache_entrytcache_perthread_struct: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mallinfo","title":"mallinfotcache_entry: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_par","title":"malloc_parmallinfo: TheType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_alignment","title":"malloc_alignmentmalloc_par: TheType | None\nproperty","text":"malloc_alignment: int\nCorresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.size_sz","title":"size_szproperty","text":"size_sz: int\nCorresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_align_mask","title":"malloc_align_maskproperty","text":"malloc_align_mask: int\nCorresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.minsize","title":"minsizeproperty","text":"minsize: int\nCorresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.min_chunk_size","title":"min_chunk_sizeproperty","text":"min_chunk_size: int\nCorresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.multithreaded","title":"multithreadedproperty","text":"multithreaded: bool\nIs malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_next_offset","title":"tcache_next_offsetproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"tcache_next_offset: int\nlargebin_reverse_lookup(index: int) -> int\nPick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.can_be_resolved","title":"can_be_resolved","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.has_tcache","title":"has_tcache","text":"can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_flags","title":"chunk_flags","text":"has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_key_offset","title":"chunk_key_offset","text":"chunk_flags(size: int) -> tuple[int, int, int]\nchunk_key_offset(key: str) -> int | None\nFind the index of a field in the malloc_chunk struct.
64bit exampleprev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_heap","title":"get_heap","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_tcache","title":"get_tcache","text":"get_heap(addr: int) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_tcache(tcache_addr: int | None = None) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_region","title":"get_region","text":"get_sbrk_heap_region() -> Page | None\nget_region(addr: int | Value | None) -> Page | None\nFind the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_bins","title":"get_bins","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbin_index","title":"fastbin_index","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbins","title":"fastbins","text":"fastbin_index(size: int)\nfastbins(arena_addr: int | None = None) -> Bins | None\nReturns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\nReturns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\nChecks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\nModeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.unsortedbin","title":"unsortedbin","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.smallbins","title":"smallbins","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebins","title":"largebins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32","title":"largebin_index_32","text":"largebins(arena_addr: int | None = None) -> Bins | None\nlargebin_index_32(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\nPick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_initialized","title":"is_initialized","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_statically_linked","title":"is_statically_linked","text":"is_initialized()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.libc_has_debug_syms","title":"libc_has_debug_syms","text":"is_statically_linked() -> bool\nlibc_has_debug_syms() -> bool\nThe
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.summarize","title":"summarize","text":"struct malloc_chunkcomes from debugging symbols and it will not be there for statically linked binariessummarize(address: int, **kwargs: Any) -> str\nReturns a textual summary of the specified address.
Parameters:
-
address(int) \u2013Address of the heap block to summarize.
Returns:
-
str\u2013A string.
containing(address: int) -> int\nReturns the address of the allocation which contains 'address'.
Parameters:
-
address(int) \u2013Address to look up.
Returns:
-
int\u2013An integer.
DebugSymsHeap()\nBases:
GlibcMemoryAllocator[Type, Value]Methods:
-
has_tcache\u2013 -
get_heap\u2013Find & read the heap_info struct belonging to the chunk at 'addr'.
-
get_tcache\u2013 -
get_sbrk_heap_region\u2013Return a Page object representing the sbrk heap region.
-
is_initialized\u2013 -
summarize\u2013Returns a textual summary of the specified address.
-
containing\u2013Returns the address of the allocation which contains 'address'.
-
libc_has_debug_syms\u2013The
struct malloc_chunkcomes from debugging symbols and it will not be there -
largebin_reverse_lookup\u2013Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index\u2013 -
chunk_flags\u2013 -
chunk_key_offset\u2013Find the index of a field in the malloc_chunk struct.
-
get_region\u2013Find the memory map containing 'addr'.
-
get_bins\u2013 -
fastbin_index\u2013 -
fastbins\u2013Returns: chain or None
-
tcachebins\u2013Returns: tuple(chain, count) or None
-
check_chain_corrupted\u2013Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at\u2013Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin\u2013 -
smallbins\u2013 -
largebins\u2013 -
largebin_index_32\u2013Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big\u2013Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64\u2013Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index\u2013Pick the appropriate largebin_index_ function for this architecture.
-
is_statically_linked\u2013
Attributes:
-
can_be_resolved\u2013 -
main_arena(Arena | None) \u2013 -
thread_arena(Arena | None) \u2013 -
thread_cache(Value | None) \u2013Locate a thread's tcache struct. If it doesn't have one, use the main
-
mp(Value | None) \u2013 -
global_max_fast(int | None) \u2013 -
heap_info(Type | None) \u2013 -
malloc_chunk(Type | None) \u2013 -
malloc_state(Type | None) \u2013 -
tcache_perthread_struct(Type | None) \u2013 -
tcache_entry(Type | None) \u2013 -
mallinfo(Type | None) \u2013 -
malloc_par(Type | None) \u2013 -
largebin_reverse_lookup_32\u2013 -
largebin_reverse_lookup_32_big\u2013 -
largebin_reverse_lookup_64\u2013 -
arenas(tuple[Arena, ...]) \u2013Return a tuple of all current arenas.
-
malloc_alignment(int) \u2013Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz(int) \u2013Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask(int) \u2013Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize(int) \u2013Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size(int) \u2013Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded(bool) \u2013Is malloc operating within a multithreaded environment.
-
tcache_next_offset(int) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.main_arena","title":"main_arenacan_be_resolved = libc_has_debug_syms\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_arena","title":"thread_arenamain_arena: Arena | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_cache","title":"thread_cachethread_arena: Arena | None\nproperty","text":"thread_cache: Value | None\nLocate a thread's tcache struct. If it doesn't have one, use the main thread's tcache.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mp","title":"mpproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.global_max_fast","title":"global_max_fastmp: Value | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.heap_info","title":"heap_infoglobal_max_fast: int | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_chunk","title":"malloc_chunkheap_info: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_state","title":"malloc_statemalloc_chunk: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_perthread_struct","title":"tcache_perthread_structmalloc_state: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_entry","title":"tcache_entrytcache_perthread_struct: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mallinfo","title":"mallinfotcache_entry: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_par","title":"malloc_parmallinfo: Type | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32malloc_par: Type | None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_biglargebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.arenas","title":"arenaslargebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nproperty","text":"arenas: tuple[Arena, ...]\nReturn a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_alignment","title":"malloc_alignmentproperty","text":"malloc_alignment: int\nCorresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.size_sz","title":"size_szproperty","text":"size_sz: int\nCorresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_align_mask","title":"malloc_align_maskproperty","text":"malloc_align_mask: int\nCorresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.minsize","title":"minsizeproperty","text":"minsize: int\nCorresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.min_chunk_size","title":"min_chunk_sizeproperty","text":"min_chunk_size: int\nCorresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.multithreaded","title":"multithreadedproperty","text":"multithreaded: bool\nIs malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_next_offset","title":"tcache_next_offsetproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.has_tcache","title":"has_tcache","text":"tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_heap","title":"get_heap","text":"has_tcache() -> bool\nget_heap(addr: int) -> Value | None\nFind & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_tcache","title":"get_tcache","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_tcache(tcache_addr: int | Value | None = None) -> Value | None\nget_sbrk_heap_region() -> Page | None\nReturn a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_initialized","title":"is_initialized","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.summarize","title":"summarize","text":"is_initialized() -> bool\nsummarize(address: int, **kwargs: Any) -> str\nReturns a textual summary of the specified address.
Parameters:
-
address(int) \u2013Address of the heap block to summarize.
Returns:
-
str\u2013A string.
containing(address: int) -> int\nReturns the address of the allocation which contains 'address'.
Parameters:
-
address(int) \u2013Address to look up.
Returns:
-
int\u2013An integer.
libc_has_debug_syms() -> bool\nThe
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"struct malloc_chunkcomes from debugging symbols and it will not be there for statically linked binarieslargebin_reverse_lookup(index: int) -> int\nPick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_flags","title":"chunk_flags","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_key_offset","title":"chunk_key_offset","text":"chunk_flags(size: int) -> tuple[int, int, int]\nchunk_key_offset(key: str) -> int | None\nFind the index of a field in the malloc_chunk struct.
64bit exampleprev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_region","title":"get_region","text":"get_region(addr: int | Value | None) -> Page | None\nFind the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_bins","title":"get_bins","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbin_index","title":"fastbin_index","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbins","title":"fastbins","text":"fastbin_index(size: int)\nfastbins(arena_addr: int | None = None) -> Bins | None\nReturns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\nReturns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\nChecks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\nModeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.unsortedbin","title":"unsortedbin","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.smallbins","title":"smallbins","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebins","title":"largebins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32","title":"largebin_index_32","text":"largebins(arena_addr: int | None = None) -> Bins | None\nlargebin_index_32(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\nPick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_statically_linked","title":"is_statically_linked","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SymbolUnresolvableError","title":"SymbolUnresolvableError","text":"is_statically_linked() -> bool\nSymbolUnresolvableError(symbol: str)\nBases:
ExceptionAttributes:
-
symbol\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap","title":"HeuristicHeap","text":"symbol = symbol\nHeuristicHeap()\nBases:
GlibcMemoryAllocator[Type['pwndbg.aglib.heap.structs.CStruct2GDB'], 'pwndbg.aglib.heap.structs.CStruct2GDB']Methods:
-
can_be_resolved\u2013 -
has_tcache\u2013 -
prompt_for_brute_force_thread_arena_permission\u2013Check if the user wants to brute force the thread_arena's value.
-
prompt_for_brute_force_thread_cache_permission\u2013Check if the user wants to brute force the tcache's value.
-
prompt_for_tls_address\u2013Check if we can determine the TLS address and return it.
-
brute_force_tls_reference_in_got_section\u2013Brute force the TLS-reference in the .got section to that can pass the validator.
-
brute_force_thread_local_variable_near_tls_base\u2013Brute force the thread-local variable near the TLS base address that can pass the validator.
-
get_heap\u2013Find & read the heap_info struct belonging to the chunk at 'addr'.
-
get_tcache\u2013 -
get_sbrk_heap_region\u2013Return a Page object representing the sbrk heap region.
-
is_initialized\u2013 -
summarize\u2013Returns a textual summary of the specified address.
-
containing\u2013Returns the address of the allocation which contains 'address'.
-
libc_has_debug_syms\u2013The
struct malloc_chunkcomes from debugging symbols and it will not be there -
largebin_reverse_lookup\u2013Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index\u2013 -
chunk_flags\u2013 -
chunk_key_offset\u2013Find the index of a field in the malloc_chunk struct.
-
get_region\u2013Find the memory map containing 'addr'.
-
get_bins\u2013 -
fastbin_index\u2013 -
fastbins\u2013Returns: chain or None
-
tcachebins\u2013Returns: tuple(chain, count) or None
-
check_chain_corrupted\u2013Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at\u2013Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin\u2013 -
smallbins\u2013 -
largebins\u2013 -
largebin_index_32\u2013Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big\u2013Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64\u2013Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index\u2013Pick the appropriate largebin_index_ function for this architecture.
-
is_statically_linked\u2013
Attributes:
-
struct_module(ModuleType | None) \u2013 -
main_arena(Arena | None) \u2013 -
thread_arena(Arena | None) \u2013 -
thread_cache('pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None) \u2013Locate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first,
-
mp('pwndbg.aglib.heap.structs.CStruct2GDB') \u2013 -
global_max_fast(int) \u2013 -
heap_info(type['pwndbg.aglib.heap.structs.HeapInfo'] | None) \u2013 -
malloc_chunk(type['pwndbg.aglib.heap.structs.MallocChunk'] | None) \u2013 -
malloc_state(type['pwndbg.aglib.heap.structs.MallocState'] | None) \u2013 -
tcache_perthread_struct(type['pwndbg.aglib.heap.structs.TcachePerthreadStruct'] | None) \u2013 -
tcache_entry(type['pwndbg.aglib.heap.structs.TcacheEntry'] | None) \u2013 -
mallinfo(type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None) \u2013 -
malloc_par(type['pwndbg.aglib.heap.structs.MallocPar'] | None) \u2013 -
largebin_reverse_lookup_32\u2013 -
largebin_reverse_lookup_32_big\u2013 -
largebin_reverse_lookup_64\u2013 -
arenas(tuple[Arena, ...]) \u2013Return a tuple of all current arenas.
-
malloc_alignment(int) \u2013Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz(int) \u2013Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask(int) \u2013Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize(int) \u2013Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size(int) \u2013Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded(bool) \u2013Is malloc operating within a multithreaded environment.
-
tcache_next_offset(int) \u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.main_arena","title":"main_arenastruct_module: ModuleType | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_arena","title":"thread_arenamain_arena: Arena | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_cache","title":"thread_cachethread_arena: Arena | None\nproperty","text":"thread_cache: 'pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None\nLocate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first, and if that fails, we guess it's at the first chunk of the heap.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mp","title":"mpproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.global_max_fast","title":"global_max_fastmp: 'pwndbg.aglib.heap.structs.CStruct2GDB'\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.heap_info","title":"heap_infoglobal_max_fast: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_chunk","title":"malloc_chunkheap_info: type['pwndbg.aglib.heap.structs.HeapInfo'] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_state","title":"malloc_statemalloc_chunk: type['pwndbg.aglib.heap.structs.MallocChunk'] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_perthread_struct","title":"tcache_perthread_structmalloc_state: type['pwndbg.aglib.heap.structs.MallocState'] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_entry","title":"tcache_entrytcache_perthread_struct: (\n type[\"pwndbg.aglib.heap.structs.TcachePerthreadStruct\"] | None\n)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mallinfo","title":"mallinfotcache_entry: type['pwndbg.aglib.heap.structs.TcacheEntry'] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_par","title":"malloc_parmallinfo: type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32malloc_par: type['pwndbg.aglib.heap.structs.MallocPar'] | None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_biglargebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.arenas","title":"arenaslargebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\nproperty","text":"arenas: tuple[Arena, ...]\nReturn a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_alignment","title":"malloc_alignmentproperty","text":"malloc_alignment: int\nCorresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.size_sz","title":"size_szproperty","text":"size_sz: int\nCorresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_align_mask","title":"malloc_align_maskproperty","text":"malloc_align_mask: int\nCorresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.minsize","title":"minsizeproperty","text":"minsize: int\nCorresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.min_chunk_size","title":"min_chunk_sizeproperty","text":"min_chunk_size: int\nCorresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.multithreaded","title":"multithreadedproperty","text":"multithreaded: bool\nIs malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_next_offset","title":"tcache_next_offsetproperty","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.can_be_resolved","title":"can_be_resolved","text":"tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.has_tcache","title":"has_tcache","text":"can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_arena_permission","title":"prompt_for_brute_force_thread_arena_permission","text":"has_tcache() -> bool\nprompt_for_brute_force_thread_arena_permission() -> bool\nCheck if the user wants to brute force the thread_arena's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_cache_permission","title":"prompt_for_brute_force_thread_cache_permission","text":"prompt_for_brute_force_thread_cache_permission() -> bool\nCheck if the user wants to brute force the tcache's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_tls_address","title":"prompt_for_tls_address","text":"prompt_for_tls_address() -> int\nCheck if we can determine the TLS address and return it.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_tls_reference_in_got_section","title":"brute_force_tls_reference_in_got_section","text":"brute_force_tls_reference_in_got_section(\n tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\nBrute force the TLS-reference in the .got section to that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_thread_local_variable_near_tls_base","title":"brute_force_thread_local_variable_near_tls_base","text":"brute_force_thread_local_variable_near_tls_base(\n tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\nBrute force the thread-local variable near the TLS base address that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_heap","title":"get_heap","text":"get_heap(addr: int) -> 'pwndbg.aglib.heap.structs.HeapInfo' | None\nFind & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_tcache","title":"get_tcache","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_tcache(\n tcache_addr: int | None = None,\n) -> \"pwndbg.aglib.heap.structs.TcachePerthreadStruct\" | None\nget_sbrk_heap_region() -> Page\nReturn a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES. This heuristic version requires some sanity checks and may raise SymbolUnresolvableError if malloc's
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_initialized","title":"is_initialized","text":"mp_struct can't be resolved.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.summarize","title":"summarize","text":"is_initialized() -> bool\nsummarize(address: int, **kwargs: Any) -> str\nReturns a textual summary of the specified address.
Parameters:
-
address(int) \u2013Address of the heap block to summarize.
Returns:
-
str\u2013A string.
containing(address: int) -> int\nReturns the address of the allocation which contains 'address'.
Parameters:
-
address(int) \u2013Address to look up.
Returns:
-
int\u2013An integer.
libc_has_debug_syms() -> bool\nThe
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"struct malloc_chunkcomes from debugging symbols and it will not be there for statically linked binarieslargebin_reverse_lookup(index: int) -> int\nPick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_flags","title":"chunk_flags","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_key_offset","title":"chunk_key_offset","text":"chunk_flags(size: int) -> tuple[int, int, int]\nchunk_key_offset(key: str) -> int | None\nFind the index of a field in the malloc_chunk struct.
64bit exampleprev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_region","title":"get_region","text":"get_region(addr: int | Value | None) -> Page | None\nFind the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_bins","title":"get_bins","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbin_index","title":"fastbin_index","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbins","title":"fastbins","text":"fastbin_index(size: int)\nfastbins(arena_addr: int | None = None) -> Bins | None\nReturns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\nReturns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\nChecks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\nModeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.unsortedbin","title":"unsortedbin","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.smallbins","title":"smallbins","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebins","title":"largebins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32","title":"largebin_index_32","text":"largebins(arena_addr: int | None = None) -> Bins | None\nlargebin_index_32(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\nModeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\nPick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_statically_linked","title":"is_statically_linked","text":"
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.heap_for_ptr","title":"heap_for_ptr","text":"is_statically_linked() -> bool\nheap_for_ptr(ptr: int) -> int\nRound a pointer to a chunk down to find its corresponding heap_info struct, the pointer must point inside a heap which does not belong to the main arena.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.fetch_chunk_metadata","title":"fetch_chunk_metadata","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/","title":"pwndbg.aglib.heap.structs","text":""},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs","title":"structs","text":"fetch_chunk_metadata(\n address: int, include_only_fields: set[ChunkField] | None = None\n)\nClasses:
-
c_pvoid\u2013Represents a pointer.
-
c_size_t\u2013Represents a size_t.
-
FakeGDBField\u2013Fake gdb.Field for compatibility
-
CStruct2GDB\u2013 -
c_malloc_state_2_26\u2013This class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
-
c_malloc_state_2_12\u2013This class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
-
c_malloc_state_2_27\u2013This class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
-
MallocState\u2013This class represents malloc_state struct with interface compatible with
pwndbg.dbg_mod.Value. -
c_heap_info\u2013This class represents heap_info struct as a ctypes struct.
-
HeapInfo\u2013This class represents heap_info struct with interface compatible with
pwndbg.dbg_mod.Value. -
c_malloc_chunk\u2013This class represents malloc_chunk struct as a ctypes struct.
-
MallocChunk\u2013This class represents malloc_chunk struct with interface compatible with
pwndbg.dbg_mod.Value. -
c_tcache_perthread_struct_2_29\u2013This class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
-
c_tcache_perthread_struct_2_30\u2013This class represents the tcache_perthread_struct for GLIBC >= 2.30 as a ctypes struct.
-
TcachePerthreadStruct\u2013This class represents tcache_perthread_struct with interface compatible with
pwndbg.dbg_mod.Value. -
c_tcache_entry_2_28\u2013This class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
-
c_tcache_entry_2_29\u2013This class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
-
TcacheEntry\u2013This class represents the tcache_entry struct with interface compatible with
pwndbg.dbg_mod.Value. -
c_malloc_par_2_23\u2013This class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
-
c_malloc_par_2_12\u2013This class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
-
c_malloc_par_2_24\u2013This class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
-
c_malloc_par_2_26\u2013This class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
-
c_malloc_par_2_35\u2013This class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
-
MallocPar\u2013This class represents the malloc_par struct with interface compatible with
pwndbg.dbg_mod.Value.
Functions:
-
request2size\u2013 -
fastbin_index\u2013
Attributes:
-
GLIBC_VERSION\u2013 -
SIZE_SZ\u2013 -
MINSIZE\u2013 -
MALLOC_ALIGN\u2013 -
long_double_alignment\u2013 -
MALLOC_ALIGN_MASK\u2013 -
MAX_FAST_SIZE\u2013 -
NBINS\u2013 -
BINMAPSIZE\u2013 -
TCACHE_MAX_BINS\u2013 -
NFASTBINS\u2013 -
PTR\u2013 -
SIZE_T\u2013 -
DEFAULT_TOP_PAD\u2013 -
DEFAULT_MMAP_MAX\u2013 -
DEFAULT_MMAP_THRESHOLD\u2013 -
DEFAULT_TRIM_THRESHOLD\u2013 -
DEFAULT_PAGE_SIZE\u2013 -
TCACHE_FILL_COUNT\u2013 -
C2GDB_MAPPING\u2013 -
DEFAULT_MP_\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_SZ","title":"SIZE_SZGLIBC_VERSION = get_version()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MINSIZE","title":"MINSIZESIZE_SZ = ptrsize\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN","title":"MALLOC_ALIGNMINSIZE = ptrsize * 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.long_double_alignment","title":"long_double_alignmentMALLOC_ALIGN = 16\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN_MASK","title":"MALLOC_ALIGN_MASKlong_double_alignment = alignof\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MAX_FAST_SIZE","title":"MAX_FAST_SIZEMALLOC_ALIGN_MASK = MALLOC_ALIGN - 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NBINS","title":"NBINSMAX_FAST_SIZE = 80 * SIZE_SZ // 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.BINMAPSIZE","title":"BINMAPSIZENBINS = 128\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_MAX_BINS","title":"TCACHE_MAX_BINSBINMAPSIZE = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NFASTBINS","title":"NFASTBINSTCACHE_MAX_BINS = 64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.PTR","title":"PTRNFASTBINS = fastbin_index(request2size(MAX_FAST_SIZE)) + 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_T","title":"SIZE_TPTR = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TOP_PAD","title":"DEFAULT_TOP_PADSIZE_T = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_MAX","title":"DEFAULT_MMAP_MAXDEFAULT_TOP_PAD = 131072\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_THRESHOLD","title":"DEFAULT_MMAP_THRESHOLDDEFAULT_MMAP_MAX = 65536\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TRIM_THRESHOLD","title":"DEFAULT_TRIM_THRESHOLDDEFAULT_MMAP_THRESHOLD = 128 * 1024\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_PAGE_SIZE","title":"DEFAULT_PAGE_SIZEDEFAULT_TRIM_THRESHOLD = 128 * 1024\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_FILL_COUNT","title":"TCACHE_FILL_COUNTDEFAULT_PAGE_SIZE = 4096\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.C2GDB_MAPPING","title":"C2GDB_MAPPINGTCACHE_FILL_COUNT = 7\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MP_","title":"DEFAULT_MP_C2GDB_MAPPING = {\n c_char: char,\n c_int8: int8,\n c_int16: int16,\n c_int32: int32,\n c_int64: int64,\n c_uint8: uint8,\n c_uint16: uint16,\n c_uint32: uint32,\n c_uint64: uint64,\n c_pvoid: pvoid,\n c_size_t: size_t,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_pvoid","title":"c_pvoid","text":"DEFAULT_MP_ = _c_struct()\nBases:
PTRRepresents a pointer.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_size_t","title":"c_size_t","text":"Bases:
SIZE_TRepresents a size_t.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField","title":"FakeGDBField","text":"FakeGDBField(\n bitpos: int,\n name: str | None,\n type,\n parent_type,\n enumval: int | None = None,\n artificial: bool = False,\n is_base_class: bool = False,\n bitsize: int = 0,\n)\nFake gdb.Field for compatibility
Attributes:
-
bitpos\u2013 -
name\u2013 -
type\u2013 -
parent_type\u2013 -
enumval\u2013 -
artificial\u2013 -
is_base_class\u2013 -
bitsize\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.name","title":"namebitpos = bitpos\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.type","title":"typename = name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.parent_type","title":"parent_typetype = type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.enumval","title":"enumvalparent_type = parent_type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.artificial","title":"artificialenumval = enumval\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.is_base_class","title":"is_base_classartificial = artificial\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.bitsize","title":"bitsizeis_base_class = is_base_class\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB","title":"CStruct2GDB","text":"bitsize = bitsize\nCStruct2GDB(address: int)\nMethods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_26","title":"c_malloc_state_2_26","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
https://github.com/bminor/glibc/blob/1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369/malloc/malloc.c#L1678-L1716
struct malloc_state { /* Serialize access. */ __libc_lock_define (, mutex);
/* Flags (formerly in max_fast). */\nint flags;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas. Access to this field is serialized\n by free_list_lock in arena.c. */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena. 0 if the arena is on\n the free list. Access to this field is serialized by\n free_list_lock in arena.c. */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena. */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12","title":"c_malloc_state_2_12","text":"Bases:
StructureThis class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2362-L2400
struct malloc_state { /* Serialize access. */ mutex_t mutex;
/* Flags (formerly in max_fast). */ int flags;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--if-thread_stats","title":"if THREAD_STATS","text":"/* Statistics for locking. Only used if THREAD_STATS is defined. */ long stat_lock_direct, stat_lock_loop, stat_lock_wait;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif","title":"endif","text":"/* Fastbins */ mfastbinptr fastbinsY[NFASTBINS];
/* Base of the topmost chunk -- not otherwise kept in a bin */ mchunkptr top;
/* The remainder from the most recent split of a small request */ mchunkptr last_remainder;
/* Normal bins packed as described above */ mchunkptr bins[NBINS * 2 - 2];
/* Bitmap of bins */ unsigned int binmap[BINMAPSIZE];
/* Linked list */ struct malloc_state *next;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"/* Linked list for free arenas. */ struct malloc_state *next_free;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif_1","title":"endif","text":"/* Memory allocated from the system in this arena. */ INTERNAL_SIZE_T system_mem; INTERNAL_SIZE_T max_system_mem; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_27","title":"c_malloc_state_2_27","text":"Bases:
StructureThis class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1831
struct malloc_state { /* Serialize access. */ __libc_lock_define (, mutex);
/* Flags (formerly in max_fast). */\nint flags;\n\n/* Set if the fastbin chunks contain recently inserted free blocks. */\n/* Note this is a bool but not all targets support atomics on booleans. */\nint have_fastchunks;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas. Access to this field is serialized\n by free_list_lock in arena.c. */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena. 0 if the arena is on\n the free list. Access to this field is serialized by\n free_list_lock in arena.c. */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena. */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState","title":"MallocState","text":"MallocState(address: int)\nBases:
CStruct2GDBThis class represents malloc_state struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_heap_info","title":"c_heap_info","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents heap_info struct as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/arena.c#L53
typedef struct _heap_info { mstate ar_ptr; /* Arena for this heap. / struct _heap_info *prev; / Previous heap. / size_t size; / Current size in bytes. / size_t mprotect_size; / Size in bytes that has been mprotected PROT_READ|PROT_WRITE. / / Make sure the following data is properly aligned, particularly that sizeof (heap_info) + 2 * SIZE_SZ is a multiple of MALLOC_ALIGNMENT. */ char pad[-6 * SIZE_SZ & MALLOC_ALIGN_MASK]; } heap_info;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo","title":"HeapInfo","text":"HeapInfo(address: int)\nBases:
CStruct2GDBThis class represents heap_info struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_chunk","title":"c_malloc_chunk","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents malloc_chunk struct as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1154
struct malloc_chunk {
INTERNAL_SIZE_T mchunk_prev_size; /* Size of previous chunk (if free). */\nINTERNAL_SIZE_T mchunk_size; /* Size in bytes, including overhead. */\n\nstruct malloc_chunk* fd; /* double links -- used only if free. */\nstruct malloc_chunk* bk;\n\n/* Only used for large blocks: pointer to next larger size. */\nstruct malloc_chunk* fd_nextsize; /* double links -- used only if free. */\nstruct malloc_chunk* bk_nextsize;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk","title":"MallocChunk","text":"MallocChunk(address: int)\nBases:
CStruct2GDBThis class represents malloc_chunk struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_29","title":"c_tcache_perthread_struct_2_29","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.29/malloc/malloc.c#L2916
typedef struct tcache_perthread_struct { char counts[TCACHE_MAX_BINS]; tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_30","title":"c_tcache_perthread_struct_2_30","text":"Bases:
StructureThis class represents the tcache_perthread_struct for GLIBC >= 2.30 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3025
typedef struct tcache_perthread_struct { uint16_t counts[TCACHE_MAX_BINS]; tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct","title":"TcachePerthreadStruct","text":"TcachePerthreadStruct(address: int)\nBases:
CStruct2GDBThis class represents tcache_perthread_struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_28","title":"c_tcache_entry_2_28","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.28/malloc/malloc.c#L2888
typedef struct tcache_entry { struct tcache_entry *next; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_29","title":"c_tcache_entry_2_29","text":"Bases:
StructureThis class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3013
typedef struct tcache_entry { struct tcache_entry next; / This field exists to detect double frees. */ uintptr_t key; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry","title":"TcacheEntry","text":"TcacheEntry(address: int)\nBases:
CStruct2GDBThis class represents the tcache_entry struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_23","title":"c_malloc_par_2_23","text":"pwndbg.dbg_mod.Typeinterface.Bases:
StructureThis class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.23/malloc/malloc.c#L1726
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets it manually, at which point we need to disable any dynamic behavior. */ int no_dyn_threshold;
/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T sbrked_mem;/ /INTERNAL_SIZE_T max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem; /* only kept for NO_THREADS */
/* First address handed out by MORECORE/sbrk. */ char *sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12","title":"c_malloc_par_2_12","text":"Bases:
StructureThis class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2402-L2433
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--endif","title":"endif","text":"/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets it manually, at which point we need to disable any dynamic behavior. */ int no_dyn_threshold;
/* Cache malloc_getpagesize */ unsigned int pagesize;
/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T sbrked_mem;/ /INTERNAL_SIZE_T max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem; /* only kept for NO_THREADS */
/* First address handed out by MORECORE/sbrk. / char sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_24","title":"c_malloc_par_2_24","text":"Bases:
StructureThis class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.25/malloc/malloc.c#L1690 https://github.com/bminor/glibc/blob/glibc-2.24/malloc/malloc.c#L1719
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26","title":"c_malloc_par_2_26","text":"Bases:
StructureThis class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1875
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--if-use_tcache","title":"if USE_TCACHE","text":"/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--endif","title":"endif","text":"/* Maximum number of buckets to use. */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket. */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n aren't used to prefill the cache. */\nsize_t tcache_unsorted_limit;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35","title":"c_malloc_par_2_35","text":"Bases:
StructureThis class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.35/malloc/malloc.c#L1874
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-have_tunables","title":"if HAVE_TUNABLES","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif","title":"endif","text":"/* Transparent Large Page support. */\nINTERNAL_SIZE_T thp_pagesize;\n/* A value different than 0 means to align mmap allocation to hp_pagesize\n add hp_flags on flags. */\nINTERNAL_SIZE_T hp_pagesize;\nint hp_flags;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-use_tcache","title":"if USE_TCACHE","text":"/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif_1","title":"endif","text":"/* Maximum number of buckets to use. */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket. */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n aren't used to prefill the cache. */\nsize_t tcache_unsorted_limit;\n};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar","title":"MallocPar","text":"MallocPar(address: int)\nBases:
CStruct2GDBThis class represents the malloc_par struct with interface compatible with
pwndbg.dbg_mod.Value.Methods:
-
__int__\u2013Returns the address of the C struct.
-
__getitem__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__getattr__\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
__eq__\u2013 -
value_to_human_readable\u2013Returns a string representation of the C struct like
pwndbg.dbg_mod.Valuedoes. -
read_field\u2013Returns the value of the specified field as a
pwndbg.dbg_mod.Value. -
unqualified\u2013Returns cls to make it compatible with the
gdb.types.has_field()interface. -
fields\u2013Return fields of the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
keys\u2013Return a list of the names of the fields in the struct to make it compatible with the
pwndbg.dbg_mod.Typeinterface. -
get_field_address\u2013Returns the address of the specified field.
-
get_field_offset\u2013Returns the offset of the specified field.
-
items\u2013Returns a tuple of (field name, field value) pairs.
-
has_field\u2013Checks whether a field exists to make it compatible with the
pwndbg.dbg_mod.Typeinterface.
Attributes:
-
sizeof\u2013 -
code\u2013 -
address\u2013 -
type\u2013Returns type(self) to make it compatible with the
pwndbg.dbg_mod.Valueinterface.
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.code","title":"codesizeof = sizeof(_c_struct)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.address","title":"addresscode = STRUCT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.type","title":"typeaddress = address\nproperty","text":"type\nReturns type(self) to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__int__","title":"__int__","text":"pwndbg.dbg_mod.Valueinterface.__int__() -> int\nReturns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getattr__","title":"__getattr__","text":"pwndbg.dbg_mod.Value.__getattr__(key: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__eq__","title":"__eq__","text":"pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.value_to_human_readable","title":"value_to_human_readable","text":"__eq__(other: Any) -> bool\nvalue_to_human_readable() -> str\nReturns a string representation of the C struct like
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.read_field","title":"read_field","text":"pwndbg.dbg_mod.Valuedoes.read_field(field: str) -> Value\nReturns the value of the specified field as a
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.unqualified","title":"unqualifiedpwndbg.dbg_mod.Value.classmethod","text":"unqualified()\nReturns cls to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.fields","title":"fieldsgdb.types.has_field()interface.classmethod","text":"fields() -> list[FakeGDBField]\nReturn fields of the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.keys","title":"keyspwndbg.dbg_mod.Typeinterface.classmethod","text":"keys() -> list[str]\nReturn a list of the names of the fields in the struct to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_address","title":"get_field_address","text":"pwndbg.dbg_mod.Typeinterface.get_field_address(field: str) -> int\nReturns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_offset","title":"get_field_offsetclassmethod","text":"get_field_offset(field: str) -> int\nReturns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\nReturns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.has_field","title":"has_fieldclassmethod","text":"has_field(field: str) -> bool\nChecks whether a field exists to make it compatible with the
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.request2size","title":"request2size","text":"pwndbg.dbg_mod.Typeinterface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.fastbin_index","title":"fastbin_index","text":"request2size(req: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/","title":"pwndbg.aglib.kernel","text":""},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel","title":"kernel","text":"fastbin_index(size: int) -> int\nModules:
-
kallsyms\u2013 -
macros\u2013 -
nftables\u2013 -
rbtree\u2013 -
slab\u2013 -
vmmap\u2013
Classes:
-
ArchOps\u2013 -
x86Ops\u2013 -
i386Ops\u2013 -
x86_64Ops\u2013 -
Aarch64Ops\u2013
Functions:
-
BIT\u2013 -
has_debug_syms\u2013 -
requires_kconfig\u2013 -
requires_debug_syms\u2013 -
nproc\u2013Returns the number of processing units available, similar to nproc(1)
-
get_first_kernel_ro\u2013Returns the first kernel mapping which contains the linux_banner
-
load_kconfig\u2013 -
kconfig\u2013 -
kcmdline\u2013 -
kversion\u2013 -
krelease\u2013 -
is_kaslr_enabled\u2013 -
kbase\u2013 -
get_idt_entries\u2013Retrieves the IDT entries from memory.
-
arch_ops\u2013 -
page_size\u2013 -
per_cpu\u2013 -
virt_to_phys\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013 -
pfn_to_virt\u2013 -
virt_to_pfn\u2013 -
paging_enabled\u2013 -
num_numa_nodes\u2013Returns the number of NUMA nodes that are online on the system
Attributes:
-
P\u2013 -
D\u2013 -
T\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.D","title":"DP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.T","title":"TD = TypeVar('D')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps","title":"ArchOps","text":"T = TypeVar('T')\nBases:
ABCMethods:
-
page_size\u2013 -
per_cpu\u2013 -
virt_to_phys\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
virt_to_pfn\u2013 -
pfn_to_virt\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013
abstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.per_cpu","title":"per_cpupage_size() -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_phys","title":"virt_to_physper_cpu(addr: Value, cpu=None) -> Value\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_virt","title":"phys_to_virtvirt_to_phys(virt: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_pfn","title":"phys_to_pfnphys_to_virt(phys: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_phys","title":"pfn_to_physphys_to_pfn(phys: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_page","title":"pfn_to_pagepfn_to_phys(pfn: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_pfn","title":"page_to_pfnpfn_to_page(phys: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_pfn","title":"virt_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_virt","title":"pfn_to_virt","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_page","title":"phys_to_page","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops","title":"x86Ops","text":"page_to_virt(page: int) -> int\nBases:
ArchOpsMethods:
-
page_size\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
paging_enabled\u2013 -
per_cpu\u2013 -
virt_to_phys\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
virt_to_pfn\u2013 -
pfn_to_virt\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013
Attributes:
-
ptr_size(int) \u2013 -
page_shift(int) \u2013 -
page_offset(int) \u2013
abstractmethodproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_shift","title":"page_shiftptr_size: int\nabstractmethodproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_offset","title":"page_offsetpage_shift: int\nabstractmethodproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_size","title":"page_size","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_virt","title":"phys_to_virt","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_phys","title":"pfn_to_phys","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.paging_enabled","title":"paging_enabledpfn_to_phys(pfn: int) -> int\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.per_cpu","title":"per_cpupaging_enabled() -> bool\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_phys","title":"virt_to_physper_cpu(addr: Value, cpu=None) -> Value\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_page","title":"pfn_to_pagevirt_to_phys(virt: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_pfn","title":"page_to_pfnpfn_to_page(phys: int) -> int\nabstractmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_pfn","title":"virt_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_virt","title":"pfn_to_virt","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_page","title":"phys_to_page","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops","title":"i386Ops","text":"page_to_virt(page: int) -> int\ni386Ops()\nBases:
x86OpsMethods:
-
virt_to_phys\u2013 -
per_cpu\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
page_size\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
virt_to_pfn\u2013 -
pfn_to_virt\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013 -
paging_enabled\u2013
Attributes:
-
START_KERNEL_map\u2013 -
ptr_size(int) \u2013 -
page_offset(int) \u2013 -
page_shift(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.ptr_size","title":"ptr_sizeSTART_KERNEL_map = _PAGE_OFFSET\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_offset","title":"page_offsetptr_size: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_shift","title":"page_shiftpage_offset: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_phys","title":"virt_to_phys","text":"page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.per_cpu","title":"per_cpu","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_page","title":"pfn_to_page","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_pfn","title":"page_to_pfn","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_size","title":"page_size","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_virt","title":"phys_to_virt","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_phys","title":"pfn_to_phys","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_pfn","title":"virt_to_pfn","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_virt","title":"pfn_to_virt","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_page","title":"phys_to_page","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.paging_enabled","title":"paging_enabledpage_to_virt(page: int) -> int\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops","title":"x86_64Ops","text":"paging_enabled() -> bool\nx86_64Ops()\nBases:
x86OpsMethods:
-
per_cpu\u2013 -
virt_to_phys\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
cpu_feature_capability\u2013 -
uses_5lvl_paging\u2013 -
page_size\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
virt_to_pfn\u2013 -
pfn_to_virt\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013 -
paging_enabled\u2013
Attributes:
-
VMEMMAP_START\u2013 -
STRUCT_PAGE_SIZE\u2013 -
STRUCT_PAGE_SHIFT\u2013 -
START_KERNEL_map\u2013 -
phys_base\u2013 -
ptr_size(int) \u2013 -
page_offset(int) \u2013 -
page_shift(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZEVMEMMAP_START = 18434359174734282752\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFTSTRUCT_PAGE_SIZE = sizeof\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.START_KERNEL_map","title":"START_KERNEL_mapSTRUCT_PAGE_SHIFT = int(log2(STRUCT_PAGE_SIZE))\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_base","title":"phys_baseSTART_KERNEL_map = 18446744071562067968\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.ptr_size","title":"ptr_sizephys_base = 16777216\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_offset","title":"page_offsetptr_size: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_shift","title":"page_shiftpage_offset: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.per_cpu","title":"per_cpu","text":"page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_phys","title":"virt_to_phys","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_page","title":"pfn_to_page","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_pfn","title":"page_to_pfn","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.cpu_feature_capability","title":"cpu_feature_capabilitypage_to_pfn(page: int) -> int\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.uses_5lvl_paging","title":"uses_5lvl_pagingcpu_feature_capability(feature: int) -> bool\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_size","title":"page_size","text":"uses_5lvl_paging() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_virt","title":"phys_to_virt","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_phys","title":"pfn_to_phys","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_pfn","title":"virt_to_pfn","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_virt","title":"pfn_to_virt","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_page","title":"phys_to_page","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.paging_enabled","title":"paging_enabledpage_to_virt(page: int) -> int\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops","title":"Aarch64Ops","text":"paging_enabled() -> bool\nAarch64Ops()\nBases:
ArchOpsMethods:
-
page_size\u2013 -
per_cpu\u2013 -
virt_to_phys\u2013 -
phys_to_virt\u2013 -
phys_to_pfn\u2013 -
pfn_to_phys\u2013 -
pfn_to_page\u2013 -
page_to_pfn\u2013 -
paging_enabled\u2013 -
virt_to_pfn\u2013 -
pfn_to_virt\u2013 -
phys_to_page\u2013 -
page_to_phys\u2013 -
virt_to_page\u2013 -
page_to_virt\u2013
Attributes:
-
STRUCT_PAGE_SIZE\u2013 -
STRUCT_PAGE_SHIFT\u2013 -
VA_BITS\u2013 -
PAGE_SHIFT\u2013 -
PHYS_OFFSET\u2013 -
PAGE_OFFSET\u2013 -
VMEMMAP_SHIFT\u2013 -
VMEMMAP_START\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFTSTRUCT_PAGE_SIZE = sizeof\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VA_BITS","title":"VA_BITSSTRUCT_PAGE_SHIFT = int(log2(STRUCT_PAGE_SIZE))\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PAGE_SHIFT","title":"PAGE_SHIFTVA_BITS = int(kconfig()['ARM64_VA_BITS'])\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PHYS_OFFSET","title":"PHYS_OFFSETPAGE_SHIFT = int(kconfig()['CONFIG_ARM64_PAGE_SHIFT'])\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PAGE_OFFSET","title":"PAGE_OFFSETPHYS_OFFSET = u(addr)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VMEMMAP_SHIFT","title":"VMEMMAP_SHIFTPAGE_OFFSET = -1 << VA_BITS + 2 ** 64\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VMEMMAP_START","title":"VMEMMAP_STARTVMEMMAP_SHIFT = PAGE_SHIFT - STRUCT_PAGE_SHIFT\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_size","title":"page_size","text":"VMEMMAP_START = -1 << VA_BITS - VMEMMAP_SHIFT % 1 << 64\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.per_cpu","title":"per_cpu","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_phys","title":"virt_to_phys","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_virt","title":"phys_to_virt","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_phys","title":"pfn_to_phys","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_page","title":"pfn_to_page","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_pfn","title":"page_to_pfn","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.paging_enabled","title":"paging_enabledpage_to_pfn(page: int) -> int\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_pfn","title":"virt_to_pfn","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_virt","title":"pfn_to_virt","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_page","title":"phys_to_page","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.BIT","title":"BIT","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.has_debug_syms","title":"has_debug_syms","text":"BIT(shift: int)\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_kconfig","title":"requires_kconfig","text":"has_debug_syms() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_debug_syms","title":"requires_debug_syms","text":"requires_kconfig(\n default: D = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.nproc","title":"nproc","text":"requires_debug_syms(\n default: D = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\nnproc() -> int\nReturns the number of processing units available, similar to nproc(1)
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.get_first_kernel_ro","title":"get_first_kernel_ro","text":"get_first_kernel_ro() -> Page | None\nReturns the first kernel mapping which contains the linux_banner
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.load_kconfig","title":"load_kconfig","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kconfig","title":"kconfig","text":"load_kconfig() -> Kconfig | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kcmdline","title":"kcmdline","text":"kconfig() -> Kconfig | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kversion","title":"kversion","text":"kcmdline() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.krelease","title":"krelease","text":"kversion() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.is_kaslr_enabled","title":"is_kaslr_enabled","text":"krelease() -> tuple[int, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kbase","title":"kbase","text":"is_kaslr_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.get_idt_entries","title":"get_idt_entries","text":"kbase() -> int | None\nget_idt_entries() -> list[IDTEntry]\nRetrieves the IDT entries from memory.
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.arch_ops","title":"arch_ops","text":"
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_size","title":"page_size","text":"arch_ops() -> ArchOps\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.per_cpu","title":"per_cpu","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_phys","title":"virt_to_phys","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_virt","title":"phys_to_virt","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_phys","title":"pfn_to_phys","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_page","title":"pfn_to_page","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_pfn","title":"page_to_pfn","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_page","title":"phys_to_page","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_phys","title":"page_to_phys","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_page","title":"virt_to_page","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_virt","title":"page_to_virt","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_virt","title":"pfn_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_pfn","title":"virt_to_pfn","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.paging_enabled","title":"paging_enabled","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.num_numa_nodes","title":"num_numa_nodes","text":"paging_enabled() -> bool\nnum_numa_nodes() -> int\nReturns the number of NUMA nodes that are online on the system
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/","title":"pwndbg.aglib.kernel.kallsyms","text":""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms","title":"kallsyms","text":"Classes:
-
Kallsyms\u2013- linux_banner >= 6.4
Functions:
-
get\u2013
Kallsyms()\n- linux_banner >= 6.4
- ... <= 6.4
- kallsyms_offsets
- kallsyms_relative_base
- kallsyms_num_syms
- kallsyms_names
- kallsyms_markers
- kallsyms_token_table
- kallsyms_token_index
- kallsyms_offsets >= 6.4
- kallsyms_relative_base >= 6.4
Methods:
-
find_token_table\u2013This function searches for the kallsyms_token_table structure in the kernel memory.
-
find_token_index\u2013This function searches for the kallsyms_token_index structure in the kernel memory
-
find_markers\u2013This function searches for the kallsyms_markers structure in the kernel memory
-
find_num_syms\u2013This function searches for the kallsyms_num_syms variable in the kernel memory
-
find_offsets\u2013This function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory
-
find_relative_base\u2013This function searches for the kallsyms_relative_base variable in the kernel memory.
-
find_names\u2013 -
get_kernel_addresses\u2013 -
parse_symbol_table\u2013 -
get_token_table\u2013 -
find_names_uncompressed\u2013 -
find_markers_uncompressed\u2013This function searches for the kallsyms_markers structure in the kernel memory
Attributes:
-
kallsyms(dict[str, tuple[int, str]]) \u2013 -
kbase\u2013 -
r_base\u2013 -
kernel_ro_mem\u2013 -
kernel_version\u2013 -
is_offsets\u2013 -
rbase_offset\u2013 -
is_big_endian\u2013 -
token_table\u2013 -
is_uncompressed\u2013 -
markers\u2013 -
token_index\u2013 -
num_syms\u2013 -
offsets\u2013 -
names\u2013 -
kernel_addresses\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kbase","title":"kbasekallsyms: dict[str, tuple[int, str]] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.r_base","title":"r_basekbase = kbase()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_ro_mem","title":"kernel_ro_memr_base = vaddr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_version","title":"kernel_versionkernel_ro_mem = read(vaddr, memsz)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_offsets","title":"is_offsetskernel_version = krelease()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.rbase_offset","title":"rbase_offsetis_offsets = False\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_big_endian","title":"is_big_endianrbase_offset = 0\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_table","title":"token_tableis_big_endian = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_uncompressed","title":"is_uncompressedtoken_table = find_token_table()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.markers","title":"markersis_uncompressed = False\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_index","title":"token_indexmarkers = find_markers_uncompressed()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.num_syms","title":"num_symstoken_index = find_token_index()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.offsets","title":"offsetsnum_syms = find_num_syms()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.names","title":"namesoffsets = find_offsets()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_addresses","title":"kernel_addressesnames = find_names()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_table","title":"find_token_table","text":"kernel_addresses = get_kernel_addresses()\nfind_token_table() -> int\nThis function searches for the kallsyms_token_table structure in the kernel memory. The kallsyms_token_table contains 256 zero-terminated tokens from which symbol names are built. Example structure: 0xffffffff827b2f00: \"mm\" 0xffffffff827b2f03: \"tim\" 0xffffffff827b2f07: \"bu\" 0xffffffff827b2f0a: \"ode_\" 0xffffffff827b2f0f: \"robestub\" 0xffffffff827b2fdb: \"0\" 0xffffffff827b2fdd: \"1\" 0xffffffff827b2fdf: \"2\" 0xffffffff827b2fe1: \"3\" 0xffffffff827b2fe3: \"4\" 0xffffffff827b2fe5: \"5\" 0xffffffff827b2fe7: \"6\" 0xffffffff827b2fe9: \"7\" 0xffffffff827b2feb: \"8\" 0xffffffff827b2fed: \"9\""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_index","title":"find_token_index","text":"
find_token_index() -> int | None\nThis function searches for the kallsyms_token_index structure in the kernel memory starting at kallsyms_token_table. The token index table provides offsets into the kallsyms_token_table for each 256 byte-valued sub-table. The kallsyms_token_index is typically located immediately after the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b3288: 0x0000 0x0003 0x0007 0x000a 0x000f 0x0018 0x001f 0x0023 0xffffffff827b3298: 0x0027 0x0031 0x0035 0x0038 0x003b 0x0043 0x0047 0x004a 0xffffffff827b32a8: 0x004f 0x0053 0x0056 0x0059 0x005d 0x0061 0x0067 0x006b 0xffffffff827b32b8: 0x006e 0x0071 0x0076 0x007c 0x0080 0x0088 0x008b 0x008f 0xffffffff827b32c8: 0x0094 0x0098 0x009b 0x009f 0x00a3 0x00a8 0x00ab 0x00b0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers","title":"find_markers","text":"find_markers() -> int | None\nThis function searches for the kallsyms_markers structure in the kernel memory starting at kallsyms_token_table and search backwards. The markers table contains offsets to the corresponding symbol name for each kernel symbol. The kallsyms_markers table is typically located immediately before the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b2430: 0x00000000 0x00000b2a 0x00001762 0x000023f6 0xffffffff827b2440: 0x00002fe4 0x00003c9d 0x0000487c 0x000056fd 0xffffffff827b2450: 0x00006597 0x000073b9 0x000081be 0x00008f21 0xffffffff827b2460: 0x00009c94 0x0000a958 0x0000b632 0x0000c193 0xffffffff827b2470: 0x0000ce0b 0x0000db98 0x0000ea3e 0x0000f80a 0xffffffff827b2480: 0x000105be 0x000112d3 0x00011f8c 0x00012d75 0xffffffff827b2490: 0x0001384d 0x0001446e 0x00015138 0x00015d8c
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_num_syms","title":"find_num_syms","text":"find_num_syms()\nThis function searches for the kallsyms_num_syms variable in the kernel memory starting at kallsyms_markers. The kallsyms_num_syms holds the number of kernel symbols in the symbol table. The kallsyms_num_syms variable is typically located before the kallsyms_names table in the kernel's read-only data section. In newer kernel versions the kallsyms_num_syms is immediately behind the linux_banner and in older version its behind kallsyms_base_relative or kallsyms_addresses (it depends on CONFIG_KALLSYMS_BASE_RELATIVE y/n)
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_offsets","title":"find_offsets","text":"find_offsets()\nThis function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory starting at kallsyms_token_index. The offsets/addresses table containts offsets / addresses of each symbol in the kernel. The kallsyms_addresses is typically located before the kallsyms_num_syms variable in the kernel's read-only data section. Example structure: 0xffffffff827b3488: 0x00000000 0x00000000 0x00001000 0x00002000 0xffffffff827b3498: 0x00006000 0x0000b000 0x0000c000 0x0000d000 0xffffffff827b34a8: 0x00015000 0x00015008 0x00015010 0x00015018 0xffffffff827b34b8: 0x00015020 0x00015022 0x00015030 0x00015050 0xffffffff827b34c8: 0x00015450 0x00015460 0x00015860 0x00015888 0xffffffff827b34d8: 0x00015890 0x00015898 0x000158a0 0x000159c0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_relative_base","title":"find_relative_base","text":"find_relative_base()\nThis function searches for the kallsyms_relative_base variable in the kernel memory. The relative base is used to calculate the actual virtual addresses of symbols from their offsets in the kallsyms_offsets table. The kallsyms_relative_base variable is typically located after the kallsyms_offsets table in the kernel's read-only data section.
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names","title":"find_names","text":"
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_kernel_addresses","title":"get_kernel_addresses","text":"find_names()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.parse_symbol_table","title":"parse_symbol_table","text":"get_kernel_addresses()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_token_table","title":"get_token_table","text":"parse_symbol_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names_uncompressed","title":"find_names_uncompressed","text":"get_token_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers_uncompressed","title":"find_markers_uncompressed","text":"find_names_uncompressed()\nfind_markers_uncompressed()\nThis function searches for the kallsyms_markers structure in the kernel memory Original Source: https://github.com/marin-m/vmlinux-to-elf/blob/master/vmlinux_to_elf/kallsyms_finder.py
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.get","title":"get","text":"
"},{"location":"reference/pwndbg/aglib/kernel/macros/","title":"pwndbg.aglib.kernel.macros","text":""},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros","title":"macros","text":"get() -> dict[str, tuple[int, str]]\nFunctions:
-
container_of\u2013 -
for_each_entry\u2013 -
swab\u2013 -
compound_head\u2013returns the head page of compound pages
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.for_each_entry","title":"for_each_entry","text":"container_of(ptr: int, typename: str, fieldname: str) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.swab","title":"swab","text":"for_each_entry(head: Value, typename: str, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.compound_head","title":"compound_head","text":"swab(x: int) -> int\ncompound_head(page: Value) -> Value\nreturns the head page of compound pages
"},{"location":"reference/pwndbg/aglib/kernel/nftables/","title":"pwndbg.aglib.kernel.nftables","text":""},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables","title":"nftables","text":"Classes:
-
NftFields\u2013 -
Expr\u2013 -
Rule\u2013 -
ChainHook\u2013 -
Chain\u2013 -
Set\u2013 -
Object\u2013 -
FlowtableHook\u2013 -
Flowtable\u2013 -
Table\u2013 -
Nftables\u2013
Functions:
-
catch_error\u2013 -
get_init_net_namespace\u2013
Attributes:
-
NFPROTO_INET\u2013 -
NFPROTO_IPV4\u2013 -
NFPROTO_ARP\u2013 -
NFPROTO_NETDEV\u2013 -
NFPROTO_BRIDGE\u2013 -
NFPROTO_IPV6\u2013 -
nftables_table_family\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV4","title":"NFPROTO_IPV4NFPROTO_INET = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_ARP","title":"NFPROTO_ARPNFPROTO_IPV4 = 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_NETDEV","title":"NFPROTO_NETDEVNFPROTO_ARP = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_BRIDGE","title":"NFPROTO_BRIDGENFPROTO_NETDEV = 5\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV6","title":"NFPROTO_IPV6NFPROTO_BRIDGE = 7\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.nftables_table_family","title":"nftables_table_familyNFPROTO_IPV6 = 10\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields","title":"NftFields","text":"nftables_table_family = {\n \"inet\": NFPROTO_INET,\n \"ip\": NFPROTO_IPV4,\n \"arp\": NFPROTO_ARP,\n \"netdev\": NFPROTO_NETDEV,\n \"bridge\": NFPROTO_BRIDGE,\n \"ip6\": NFPROTO_IPV6,\n}\nBases:
objectMethods:
-
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr","title":"Expr","text":"print_fields(nested: int = 0, keys: list[str] = None)\nExpr(addr: Value)\nMethods:
-
print_expr_iptables\u2013 -
print_expr_nftables\u2013 -
print\u2013
Attributes:
-
expr_name(str) \u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_iptables","title":"print_expr_iptables","text":"expr_name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_nftables","title":"print_expr_nftables","text":"print_expr_iptables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print","title":"print","text":"print_expr_nftables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule","title":"Rule","text":"print(print_nested: bool = True)\nRule(addr: Value, chain: 'Chain')\nBases:
NftFieldsMethods:
-
find\u2013 -
iter_exprs\u2013 -
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
handle(int) \u2013 -
userdata(bytearray) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.userdata","title":"userdatahandle: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.find","title":"finduserdata: bytearray\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.iter_exprs","title":"iter_exprs","text":"find(\n table_name: str,\n table_family: int,\n chain_name: str,\n rule_id: int,\n nsid: int | None = None,\n) -> Iterator[\"Rule\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print","title":"print","text":"iter_exprs() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook","title":"ChainHook","text":"print_fields(nested: int = 0, keys: list[str] = None)\nChainHook(parent: 'Chain')\nBases:
NftFieldsMethods:
-
is_netdev\u2013 -
get_netdevs\u2013 -
nested_print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
hooknum(int) \u2013 -
priority(int) \u2013 -
dev(str) \u2013 -
devs(list[str]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.priority","title":"priorityhooknum: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.dev","title":"devpriority: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.devs","title":"devsdev: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.is_netdev","title":"is_netdev","text":"devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_netdevs","title":"get_netdevs","text":"is_netdev() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.nested_print","title":"nested_print","text":"get_netdevs() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.__getattr__","title":"__getattr__","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain","title":"Chain","text":"print_fields(nested: int = 0, keys: list[str] = None)\nChain(addr: Value)\nBases:
NftFieldsMethods:
-
find\u2013 -
iter_rules\u2013 -
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
bound(int) \u2013 -
genmask(int) \u2013 -
handle(int) \u2013 -
use(int) \u2013 -
flags(int) \u2013 -
name(str) \u2013 -
hook(ChainHook) \u2013 -
userdata(bytearray) \u2013 -
policy(int) \u2013 -
type(str) \u2013 -
table('Table') \u2013 -
basechain(Value | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.genmask","title":"genmaskbound: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.handle","title":"handlegenmask: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.use","title":"usehandle: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.flags","title":"flagsuse: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.name","title":"nameflags: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.hook","title":"hookname: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.userdata","title":"userdatahook: ChainHook = ChainHook(self)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.policy","title":"policyuserdata: bytearray\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.type","title":"typepolicy: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.table","title":"tabletype: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.basechain","title":"basechaintable: 'Table'\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.find","title":"findbasechain: Value | None\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.iter_rules","title":"iter_rules","text":"find(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n nsid: int | None = None,\n) -> Iterator[\"Chain\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print","title":"print","text":"iter_rules() -> Iterator[Rule]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set","title":"Set","text":"print_fields(nested: int = 0, keys: list[str] = None)\nSet(addr: Value)\nBases:
NftFieldsMethods:
-
iter_expr\u2013 -
iter_elems\u2013 -
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
use(int) \u2013 -
dead(int) \u2013 -
genmask(int) \u2013 -
field_count(int) \u2013 -
num_exprs(int) \u2013 -
name(str) \u2013 -
flags(int) \u2013 -
ktype(int) \u2013 -
klen(int) \u2013 -
dtype(int) \u2013 -
dlen(int) \u2013 -
policy(int) \u2013 -
timeout(int) \u2013 -
gc_int(int) \u2013 -
objtype(int) \u2013 -
handle(int) \u2013 -
nelems(int) \u2013 -
desc_size(int) \u2013 -
desc_concat(list[int]) \u2013 -
table('Table') \u2013 -
userdata(bytearray) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dead","title":"deaduse: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.genmask","title":"genmaskdead: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.field_count","title":"field_countgenmask: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.num_exprs","title":"num_exprsfield_count: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.name","title":"namenum_exprs: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.flags","title":"flagsname: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.ktype","title":"ktypeflags: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.klen","title":"klenktype: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dtype","title":"dtypeklen: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dlen","title":"dlendtype: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.policy","title":"policydlen: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.timeout","title":"timeoutpolicy: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.gc_int","title":"gc_inttimeout: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.objtype","title":"objtypegc_int: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.handle","title":"handleobjtype: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.nelems","title":"nelemshandle: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_size","title":"desc_sizenelems: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_concat","title":"desc_concatdesc_size: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.table","title":"tabledesc_concat: list[int]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.userdata","title":"userdatatable: 'Table'\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_expr","title":"iter_expr","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_elems","title":"iter_elems","text":"iter_expr() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print","title":"print","text":"iter_elems() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object","title":"Object","text":"print_fields(nested: int = 0, keys: list[str] = None)\nObject(addr: Value)\nBases:
NftFieldsMethods:
-
iter_data\u2013 -
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
genmask(int) \u2013 -
use(int) \u2013 -
handle(int) \u2013 -
type(int) \u2013 -
name(str) \u2013 -
table('Table') \u2013 -
userdata(bytearray) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.use","title":"usegenmask: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.handle","title":"handleuse: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.type","title":"typehandle: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.name","title":"nametype: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.table","title":"tablename: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.userdata","title":"userdatatable: 'Table'\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.iter_data","title":"iter_data","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print","title":"print","text":"iter_data() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook","title":"FlowtableHook","text":"print_fields(nested: int = 0, keys: list[str] = None)\nFlowtableHook(parent: 'Flowtable')\nBases:
NftFieldsMethods:
-
nested_print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
hooknum(int) \u2013 -
priority(int) \u2013 -
devs(list[str]) \u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.priority","title":"priorityhooknum: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.devs","title":"devspriority: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.nested_print","title":"nested_print","text":"devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.__getattr__","title":"__getattr__","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable","title":"Flowtable","text":"print_fields(nested: int = 0, keys: list[str] = None)\nFlowtable(addr: Value)\nBases:
NftFieldsMethods:
-
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
genmask(int) \u2013 -
name(str) \u2013 -
use(int) \u2013 -
handle(int) \u2013 -
hook(FlowtableHook) \u2013 -
table('Table') \u2013 -
flags(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.name","title":"namegenmask: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.use","title":"usename: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.handle","title":"handleuse: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.hook","title":"hookhandle: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.table","title":"tablehook: FlowtableHook = FlowtableHook(self)\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.flags","title":"flagstable: 'Table'\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print","title":"print","text":"flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table","title":"Table","text":"print_fields(nested: int = 0, keys: list[str] = None)\nTable(addr: Value)\nBases:
NftFieldsMethods:
-
find\u2013 -
iter_chains\u2013 -
iter_sets\u2013 -
iter_flowtables\u2013 -
iter_objects\u2013 -
nested_print\u2013 -
print\u2013 -
__getattr__\u2013 -
get_hook_list_dev_names\u2013 -
print_fields\u2013
Attributes:
-
family(int) \u2013 -
genmask(int) \u2013 -
name(str) \u2013 -
handle(int) \u2013 -
use(int) \u2013 -
flags(int) \u2013 -
nlpid(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.genmask","title":"genmaskfamily: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.name","title":"namegenmask: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.handle","title":"handlename: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.use","title":"usehandle: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.flags","title":"flagsuse: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nlpid","title":"nlpidflags: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.find","title":"findnlpid: int\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_chains","title":"iter_chains","text":"find(\n table_name: str | None = None,\n table_family: int | None = None,\n nsid: int | None = None,\n) -> Iterator[\"Table\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_sets","title":"iter_sets","text":"iter_chains() -> Iterator[Chain]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_flowtables","title":"iter_flowtables","text":"iter_sets() -> Iterator[Set]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_objects","title":"iter_objects","text":"iter_flowtables() -> Iterator[Flowtable]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nested_print","title":"nested_print","text":"iter_objects() -> Iterator[Object]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print","title":"print","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.__getattr__","title":"__getattr__","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.get_hook_list_dev_names","title":"get_hook_list_dev_names__getattr__(name: str)\nclassmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print_fields","title":"print_fields","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables","title":"Nftables","text":"print_fields(nested: int = 0, keys: list[str] = None)\nNftables(addr: Value)\nMethods:
-
find\u2013 -
iter_tables\u2013 -
print\u2013
classmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.iter_tables","title":"iter_tables","text":"find(nsid: int | None = None) -> 'Nftables' | None\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.print","title":"print","text":"iter_tables() -> Iterator[Table]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.catch_error","title":"catch_error","text":"print()\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.get_init_net_namespace","title":"get_init_net_namespace","text":"catch_error(func)\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/","title":"pwndbg.aglib.kernel.rbtree","text":""},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree","title":"rbtree","text":"get_init_net_namespace() -> Value\nFunctions:
-
init\u2013 -
for_each_rb_entry\u2013 -
rb_first\u2013 -
rb_last\u2013 -
rb_parent\u2013 -
rb_empty_node\u2013 -
rb_next\u2013 -
rb_prev\u2013
Attributes:
-
rb_root_type(Type) \u2013 -
rb_node_type(Type) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_node_type","title":"rb_node_typerb_root_type: Type = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.init","title":"init","text":"rb_node_type: Type = None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.for_each_rb_entry","title":"for_each_rb_entry","text":"init()\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_first","title":"rb_first","text":"for_each_rb_entry(\n root: Value, typename: str, fieldname: str\n) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_last","title":"rb_last","text":"rb_first(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_parent","title":"rb_parent","text":"rb_last(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_empty_node","title":"rb_empty_node","text":"rb_parent(node: Value) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_next","title":"rb_next","text":"rb_empty_node(node: Value) -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_prev","title":"rb_prev","text":"rb_next(node: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/","title":"pwndbg.aglib.kernel.slab","text":""},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab","title":"slab","text":"rb_prev(node: Value) -> Value | None\nClasses:
-
Freelist\u2013 -
SlabCache\u2013 -
CpuCache\u2013 -
NodeCache\u2013 -
Slab\u2013
Functions:
-
caches\u2013 -
get_cache\u2013 -
slab_struct_type\u2013 -
oo_order\u2013 -
oo_objects\u2013 -
get_flags_list\u2013 -
find_containing_slab_cache\u2013Find the slab cache associated with the provided address.
Attributes:
-
OO_SHIFT\u2013 -
OO_MASK\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.OO_MASK","title":"OO_MASKOO_SHIFT = 16\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist","title":"Freelist","text":"OO_MASK = 1 << OO_SHIFT - 1\nFreelist(start_addr: int, offset: int, random: int = 0)\nMethods:
-
__iter__\u2013 -
__int__\u2013 -
__len__\u2013 -
find_next\u2013
Attributes:
-
start_addr\u2013 -
offset\u2013 -
random\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.offset","title":"offsetstart_addr = start_addr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.random","title":"randomoffset = offset\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__iter__","title":"__iter__","text":"random = random\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__int__","title":"__int__","text":"__iter__() -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__len__","title":"__len__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.find_next","title":"find_next","text":"__len__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache","title":"SlabCache","text":"find_next(addr: int) -> int\nSlabCache(slab_cache: Value)\nAttributes:
-
address(int) \u2013 -
name(str) \u2013 -
offset(int) \u2013 -
random(int) \u2013 -
size(int) \u2013 -
object_size(int) \u2013 -
align(int) \u2013 -
flags(list[str]) \u2013 -
cpu_cache(CpuCache) \u2013returns cpu cache associated to current thread
-
cpu_caches(Generator[CpuCache, None, None]) \u2013returns cpu caches for all cpus
-
node_caches(Generator[NodeCache, None, None]) \u2013returns node caches for all NUMA nodes
-
cpu_partial(int) \u2013 -
inuse(int) \u2013 -
oo_order\u2013 -
oo_objects\u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.name","title":"nameaddress: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.offset","title":"offsetname: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.random","title":"randomoffset: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.size","title":"sizerandom: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.object_size","title":"object_sizesize: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.align","title":"alignobject_size: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.flags","title":"flagsalign: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_cache","title":"cpu_cacheflags: list[str]\nproperty","text":"cpu_cache: CpuCache\nreturns cpu cache associated to current thread
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_caches","title":"cpu_cachesproperty","text":"cpu_caches: Generator[CpuCache, None, None]\nreturns cpu caches for all cpus
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.node_caches","title":"node_cachesproperty","text":"node_caches: Generator[NodeCache, None, None]\nreturns node caches for all NUMA nodes
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_partial","title":"cpu_partialproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.inuse","title":"inusecpu_partial: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.__oo_x","title":"__oo_xinuse: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_order","title":"oo_order__oo_x: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_objects","title":"oo_objectsoo_order\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache","title":"CpuCache","text":"oo_objects\nCpuCache(cpu_cache: Value, slab_cache: SlabCache, cpu: int)\nAttributes:
-
slab_cache\u2013 -
cpu\u2013 -
address(int) \u2013 -
freelist(Freelist) \u2013 -
active_slab(Slab | None) \u2013 -
partial_slabs(list[Slab]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.cpu","title":"cpuslab_cache = slab_cache\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.address","title":"addresscpu = cpu\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.freelist","title":"freelistaddress: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.active_slab","title":"active_slabfreelist: Freelist\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.partial_slabs","title":"partial_slabsactive_slab: Slab | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache","title":"NodeCache","text":"partial_slabs: list[Slab]\nNodeCache(node_cache: Value, slab_cache: SlabCache, node: int)\nAttributes:
-
slab_cache\u2013 -
node\u2013 -
address(int) \u2013 -
partial_slabs(list[Slab]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.node","title":"nodeslab_cache = slab_cache\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.address","title":"addressnode = node\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.partial_slabs","title":"partial_slabsaddress: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab","title":"Slab","text":"partial_slabs: list[Slab]\nSlab(\n slab: Value,\n cpu_cache: CpuCache | None,\n slab_cache: SlabCache,\n is_partial: bool = False,\n)\nAttributes:
-
cpu_cache\u2013 -
slab_cache\u2013 -
is_partial\u2013 -
slab_address(int) \u2013 -
virt_address(int) \u2013 -
object_count(int) \u2013 -
objects(Generator[int, None, None]) \u2013 -
frozen(int) \u2013 -
inuse(int) \u2013 -
slabs(int) \u2013 -
pobjects(int) \u2013 -
freelist(Freelist) \u2013 -
freelists(list[Freelist]) \u2013 -
free_objects(set[int]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_cache","title":"slab_cachecpu_cache = cpu_cache\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.is_partial","title":"is_partialslab_cache = slab_cache\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_address","title":"slab_addressis_partial = is_partial\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.virt_address","title":"virt_addressslab_address: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.object_count","title":"object_countvirt_address: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.objects","title":"objectsobject_count: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.frozen","title":"frozenobjects: Generator[int, None, None]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.inuse","title":"inusefrozen: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slabs","title":"slabsinuse: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.pobjects","title":"pobjectsslabs: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.freelist","title":"freelistpobjects: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.freelists","title":"freelistsfreelist: Freelist\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.free_objects","title":"free_objectsfreelists: list[Freelist]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.caches","title":"caches","text":"free_objects: set[int]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_cache","title":"get_cache","text":"caches() -> Generator[SlabCache, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.slab_struct_type","title":"slab_struct_type","text":"get_cache(target_name: str) -> SlabCache | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_order","title":"oo_order","text":"slab_struct_type() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_objects","title":"oo_objects","text":"oo_order(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_flags_list","title":"get_flags_list","text":"oo_objects(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.find_containing_slab_cache","title":"find_containing_slab_cache","text":"get_flags_list(flags: int) -> list[str]\nfind_containing_slab_cache(addr: int) -> SlabCache | None\nFind the slab cache associated with the provided address.
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/","title":"pwndbg.aglib.kernel.vmmap","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap","title":"vmmap","text":"Classes:
-
QemuMachine\u2013
Functions:
-
kernel_vmmap_via_page_tables\u2013 -
kernel_vmmap_via_monitor_info_mem\u2013Returns Linux memory maps information by parsing
monitor info memoutput -
kernel_vmmap\u2013
Attributes:
-
monitor_info_mem_not_warned\u2013 -
kernel_vmmap_mode\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_mode","title":"kernel_vmmap_modemonitor_info_mem_not_warned = True\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine","title":"QemuMachine","text":"kernel_vmmap_mode = add_param(\n \"kernel-vmmap\",\n \"page-tables\",\n \"the method to get vmmap information when debugging via QEMU kernel\",\n help_docstring=\"kernel-vmmap can be:\\npage-tables - read /proc/$qemu-pid/mem to parse kernel page tables to render vmmap\\nmonitor - use QEMU's `monitor info mem` to render vmmap\\nnone - disable vmmap rendering; useful if rendering is particularly slow\\n\\nNote that the page-tables method will require the QEMU kernel process to be on the same machine and within the same PID namespace. Running QEMU kernel and GDB in different Docker containers will not work. Consider running both containers with --pid=host (meaning they will see and so be able to interact with all processes on the machine).\\n\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"page-tables\", \"monitor\", \"none\"],\n)\nQemuMachine()\nBases:
MachineMethods:
-
__del__\u2013 -
search_pids_for_file\u2013 -
get_qemu_pid\u2013 -
read_physical_memory\u2013 -
read_register\u2013
Attributes:
-
pid\u2013 -
file\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.file","title":"filepid = get_qemu_pid()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.__del__","title":"__del__","text":"file = open(f'/proc/{pid}/mem', O_RDONLY)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.search_pids_for_file","title":"search_pids_for_file__del__()\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.get_qemu_pid","title":"get_qemu_pidsearch_pids_for_file(pids: list[str], filename: str) -> str | None\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_physical_memory","title":"read_physical_memory","text":"get_qemu_pid()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_register","title":"read_register","text":"read_physical_memory(physical_address: int, length: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_page_tables","title":"kernel_vmmap_via_page_tables","text":"read_register(register_name: str) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem","title":"kernel_vmmap_via_monitor_info_mem","text":"kernel_vmmap_via_page_tables() -> tuple[Page, ...]\nkernel_vmmap_via_monitor_info_mem() -> tuple[Page, ...]\nReturns Linux memory maps information by parsing
monitor info memoutput from QEMU kernel GDB stub. Works only on X86/X64/RISC-V as this is what QEMU supports.Consider using the
kernel_vmmap_via_page_tablesmethod as it is probably more reliable/better.See also: !685 (TODO: revisit with future QEMU versions)
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--example-output-from-the-command","title":"Example output from the command:","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--pwndbg-monitor-info-mem","title":"pwndbg> monitor info mem","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903580000000-ffff903580099000-0000000000099000-rw","title":"ffff903580000000-ffff903580099000 0000000000099000 -rw","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903580099000-ffff90358009b000-0000000000002000-r-","title":"ffff903580099000-ffff90358009b000 0000000000002000 -r-","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff90358009b000-ffff903582200000-0000000002165000-rw","title":"ffff90358009b000-ffff903582200000 0000000002165000 -rw","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903582200000-ffff903582803000-0000000000603000-r-","title":"ffff903582200000-ffff903582803000 0000000000603000 -r-","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap","title":"kernel_vmmap","text":"
"},{"location":"reference/pwndbg/aglib/memory/","title":"pwndbg.aglib.memory","text":""},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory","title":"memory","text":"kernel_vmmap() -> tuple[Page, ...]\nFunctions:
-
read\u2013read(addr, count, partial=False) -> bytearray
-
readtype\u2013readtype(type, addr) -> int
-
write\u2013write(addr, data)
-
peek\u2013peek(address) -> bytearray
-
is_readable_address\u2013is_readable_address(address) -> bool
-
poke\u2013poke(address)
-
string\u2013Reads a null-terminated string from memory.
-
byte\u2013byte(addr) -> int
-
uchar\u2013uchar(addr) -> int
-
ushort\u2013ushort(addr) -> int
-
uint\u2013uint(addr) -> int
-
pvoid\u2013pvoid(addr) -> int
-
u8\u2013u8(addr) -> int
-
u16\u2013u16(addr) -> int
-
u32\u2013u32(addr) -> int
-
u64\u2013u64(addr) -> int
-
u\u2013u(addr, size=None) -> int
-
s8\u2013s8(addr) -> int
-
s16\u2013s16(addr) -> int
-
s32\u2013s32(addr) -> int
-
s64\u2013s64(addr) -> int
-
cast_pointer\u2013Create a Value containing given address and cast it to the pointer of specified type
-
get_typed_pointer\u2013Look up a type by name if necessary and return a Value of addr cast to that type
-
get_typed_pointer_value\u2013Read the pointer value of addr cast to type specified by type_name
-
find_upper_boundary\u2013find_upper_boundary(addr, max_pages=1024) -> int
-
find_lower_boundary\u2013find_lower_boundary(addr, max_pages=1024) -> int
-
update_min_addr\u2013 -
fetch_struct_as_dictionary\u2013 -
pack_struct_into_dictionary\u2013 -
convert_pwndbg_value_to_python_value\u2013 -
resolve_renamed_struct_field\u2013
Attributes:
-
GdbDict\u2013 -
MMAP_MIN_ADDR\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.MMAP_MIN_ADDR","title":"MMAP_MIN_ADDRGdbDict = Dict[str, Union['GdbDict', int]]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.read","title":"read","text":"MMAP_MIN_ADDR = 32768\nread(addr: int, count: int, partial: bool = False) -> bytearray\nread(addr, count, partial=False) -> bytearray
Read memory from the program being debugged.
Parameters:
-
addr(int) \u2013Address to read
-
count(int) \u2013Number of bytes to read
-
partial(bool, default:False) \u2013Whether less than
countbytes can be returned
Returns:
-
bytearray\u2013bytearrayThe memory at the specified address, -
bytearray\u2013or
None.
readtype(type: Type, addr: int) -> int\nreadtype(type, addr) -> int
Reads an integer-type (e.g.
uint64) and returns a Python native integer representation of the same.Parameters:
-
type(Type) \u2013GDB type to read
-
addr(int) \u2013Address at which the value to be read resides
Returns:
-
int\u2013int
write(addr: int, data: str | bytes | bytearray) -> None\nwrite(addr, data)
Writes data into the memory of the process being debugged.
Parameters:
-
addr(int) \u2013Address to write
-
data(str | bytes | bytearray) \u2013Data to write
peek(address: int) -> bytearray | None\npeek(address) -> bytearray
Read one byte from the specified address.
Parameters:
-
address(int) \u2013Address to read
Returns:
-
bytearray | None\u2013bytearrayA single byte of data, orNoneif the -
bytearray | None\u2013address cannot be read.
is_readable_address(address: int) -> bool\nis_readable_address(address) -> bool
Check if the address can be read by GDB.
Parameters:
-
address(int) \u2013Address to read
Returns:
-
bool\u2013bool: Whether the address is readable.
poke(address: int) -> bool\npoke(address)
Checks whether an address is writable.
Parameters:
-
address(int) \u2013Address to check
Returns:
-
bool\u2013bool: Whether the address is writable.
string(addr: int, max: int = 4096) -> bytearray\nReads a null-terminated string from memory.
Parameters:
-
addr(int) \u2013Address to read from
-
max(int, default:4096) \u2013Maximum string length (default 4096)
Returns:
-
bytearray\u2013An empty bytearray, or a NULL-terminated bytearray.
byte(addr: int) -> int\nbyte(addr) -> int
Read one byte at the specified address
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uchar","title":"uchar","text":"uchar(addr: int) -> int\nuchar(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.ushort","title":"ushort","text":"unsigned charat the specified address.ushort(addr: int) -> int\nushort(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uint","title":"uint","text":"unisgned shortat the specified address.uint(addr: int) -> int\nuint(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.pvoid","title":"pvoid","text":"unsigned intat the specified address.pvoid(addr: int) -> int\npvoid(addr) -> int
Read one pointer from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u8","title":"u8","text":"u8(addr: int) -> int\nu8(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u16","title":"u16","text":"uint8_tfrom the specified address.u16(addr: int) -> int\nu16(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u32","title":"u32","text":"uint16_tfrom the specified address.u32(addr: int) -> int\nu32(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u64","title":"u64","text":"uint32_tfrom the specified address.u64(addr: int) -> int\nu64(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u","title":"u","text":"uint64_tfrom the specified address.u(addr: int, size: int | None = None) -> int\nu(addr, size=None) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s8","title":"s8","text":"unsignedinteger from the specified address, with the bit-width specified bysize, which defaults to the pointer width.s8(addr: int) -> int\ns8(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s16","title":"s16","text":"int8_tfrom the specified addresss16(addr: int) -> int\ns16(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s32","title":"s32","text":"int16_tfrom the specified address.s32(addr: int) -> int\ns32(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s64","title":"s64","text":"int32_tfrom the specified address.s64(addr: int) -> int\ns64(addr) -> int
Read one
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.cast_pointer","title":"cast_pointer","text":"int64_tfrom the specified address.cast_pointer(type: Type, addr: int | Value) -> Value\nCreate a Value containing given address and cast it to the pointer of specified type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer","title":"get_typed_pointer","text":"get_typed_pointer(type: str | Type, addr: int | Value) -> Value\nLook up a type by name if necessary and return a Value of addr cast to that type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer_value","title":"get_typed_pointer_value","text":"get_typed_pointer_value(type_name: str | Type, addr: int | Value) -> Value\nRead the pointer value of addr cast to type specified by type_name
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_upper_boundary","title":"find_upper_boundary","text":"find_upper_boundary(addr: int, max_pages: int = 1024) -> int\nfind_upper_boundary(addr, max_pages=1024) -> int
Brute-force search the upper boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_lower_boundary","title":"find_lower_boundary","text":"find_lower_boundary(addr: int, max_pages: int = 1024) -> int\nfind_lower_boundary(addr, max_pages=1024) -> int
Brute-force search the lower boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.update_min_addr","title":"update_min_addr","text":"
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.fetch_struct_as_dictionary","title":"fetch_struct_as_dictionary","text":"update_min_addr() -> None\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.pack_struct_into_dictionary","title":"pack_struct_into_dictionary","text":"fetch_struct_as_dictionary(\n struct_name: str,\n struct_address: int | Value,\n include_only_fields: set[str] | None = None,\n exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.convert_pwndbg_value_to_python_value","title":"convert_pwndbg_value_to_python_value","text":"pack_struct_into_dictionary(\n fetched_struct: Value,\n include_only_fields: set[str] | None = None,\n exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.resolve_renamed_struct_field","title":"resolve_renamed_struct_field","text":"convert_pwndbg_value_to_python_value(dbg_value: Value) -> int | GdbDict\n
"},{"location":"reference/pwndbg/aglib/nearpc/","title":"pwndbg.aglib.nearpc","text":""},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc","title":"nearpc","text":"resolve_renamed_struct_field(\n struct_name: str, possible_field_names: set[str]\n) -> str\nFunctions:
-
ljust_padding\u2013 -
nearpc\u2013Disassemble near a specified address.
Attributes:
-
c\u2013 -
nearpc_branch_marker\u2013 -
nearpc_branch_marker_contiguous\u2013 -
nearpc_lines\u2013 -
show_args\u2013 -
show_comments\u2013 -
show_opcode_bytes\u2013 -
opcode_separator_bytes\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker","title":"nearpc_branch_markerc = ColorConfig(\n \"nearpc\",\n [\n ColorParamSpec(\"symbol\", \"normal\", \"color for nearpc command (symbol)\"),\n ColorParamSpec(\n \"address\", \"normal\", \"color for nearpc command (address)\"\n ),\n ColorParamSpec(\n \"prefix\", \"none\", \"color for nearpc command (prefix marker)\"\n ),\n ColorParamSpec(\n \"breakpoint\", \"red\", \"color for nearpc command (breakpoint marker)\"\n ),\n ColorParamSpec(\n \"syscall-name\",\n \"red\",\n \"color for nearpc command (resolved syscall name)\",\n ),\n ColorParamSpec(\n \"argument\", \"bold\", \"color for nearpc command (target argument)\"\n ),\n ColorParamSpec(\n \"integration-comments\",\n \"bold\",\n \"color for nearpc command (integration comments)\",\n ),\n ColorParamSpec(\n \"branch-marker\",\n \"normal\",\n \"color for nearpc command (branch marker line)\",\n ),\n ],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker_contiguous","title":"nearpc_branch_marker_contiguousnearpc_branch_marker = add_param(\n \"nearpc-branch-marker\", \" \u2193\", \"branch marker line for nearpc command\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_lines","title":"nearpc_linesnearpc_branch_marker_contiguous = add_param(\n \"nearpc-branch-marker-contiguous\",\n \" \",\n \"contiguous branch marker line for nearpc command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_args","title":"show_argsnearpc_lines = add_param(\n \"nearpc-lines\",\n 10,\n \"number of additional lines to print for the nearpc command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_comments","title":"show_commentsshow_args = add_param(\n \"nearpc-show-args\", True, \"whether to show call arguments below instruction\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_opcode_bytes","title":"show_opcode_bytesshow_comments = add_param(\n \"nearpc-integration-comments\",\n True,\n \"whether to show comments from integration provider\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.opcode_separator_bytes","title":"opcode_separator_bytesshow_opcode_bytes = add_param(\n \"nearpc-num-opcode-bytes\",\n 0,\n \"number of opcode bytes to print for each instruction\",\n param_class=PARAM_ZUINTEGER,\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.ljust_padding","title":"ljust_padding","text":"opcode_separator_bytes = add_param(\n \"nearpc-opcode-separator-bytes\",\n 1,\n \"number of spaces between opcode bytes\",\n param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc","title":"nearpc","text":"ljust_padding(lst)\nnearpc(\n pc: int = None,\n lines: int = None,\n emulate=False,\n repeat=False,\n use_cache=False,\n linear=False,\n) -> list[str]\nDisassemble near a specified address.
The
"},{"location":"reference/pwndbg/aglib/next/","title":"pwndbg.aglib.next","text":""},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next","title":"next","text":"linearargument specifies if we should disassemble linearly in memory, or take jumps into accountCommands for setting temporary breakpoints on the next instruction of some type (call, branch, etc.)
Functions:
-
next_int\u2013If there is a syscall in the current basic black,
-
next_branch\u2013 -
next_matching_until_branch\u2013Finds the next instruction that matches the arguments between the given
-
break_next_branch\u2013 -
break_next_interrupt\u2013 -
break_next_call\u2013 -
break_next_ret\u2013 -
break_on_next_matching_instruction\u2013Breaks on next instuction that matches the arguments.
-
break_on_program_code\u2013Breaks on next instruction that belongs to process' objfile code
-
break_on_next\u2013
Attributes:
-
interrupts\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_int","title":"next_int","text":"interrupts = {CS_GRP_INT}\nnext_int(address=None)\nIf there is a syscall in the current basic black, return the instruction of the one closest to $PC.
Otherwise, return None.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_branch","title":"next_branch","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_matching_until_branch","title":"next_matching_until_branch","text":"next_branch(address=None)\nnext_matching_until_branch(address=None, mnemonic=None, op_str=None)\nFinds the next instruction that matches the arguments between the given address and the branch closest to it.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_branch","title":"break_next_branchasync","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_interrupt","title":"break_next_interruptbreak_next_branch(ec: ExecutionController, address=None)\nasync","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_call","title":"break_next_callbreak_next_interrupt(ec: ExecutionController, address=None)\nasync","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_ret","title":"break_next_retbreak_next_call(ec: ExecutionController, symbol_regex=None)\nasync","text":"
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next_matching_instruction","title":"break_on_next_matching_instructionbreak_next_ret(ec: ExecutionController, address=None)\nasync","text":"break_on_next_matching_instruction(\n ec: ExecutionController, mnemonic=None, op_str=None\n) -> bool\nBreaks on next instuction that matches the arguments.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_program_code","title":"break_on_program_codeasync","text":"break_on_program_code(ec: ExecutionController) -> bool\nBreaks on next instruction that belongs to process' objfile code
:return: True for success, False when process ended or when pc is not at the code or if a signal occurred
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next","title":"break_on_nextasync","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/","title":"pwndbg.aglib.onegadget","text":""},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget","title":"onegadget","text":"break_on_next(ec: ExecutionController, address=None) -> None\nClasses:
-
CheckSatResult\u2013 -
Lambda\u2013Modified from onegadget's Lambda class
Functions:
-
colorize_reg\u2013 -
colorize_integer\u2013 -
colorize_psuedo_code\u2013Colorize the pseudo code of onegadget
-
compute_file_hash\u2013Compute the MD5 hash of the file, return the hash
-
run_onegadget\u2013Run onegadget and return the output
-
parse_expression\u2013Parse expression, return the result, colorized string and error message
-
check_stack_argv\u2013Check argv that's on the stack, return the result and the message
-
check_non_stack_argv\u2013Check argv that's not on the stack, return the result and the message
-
check_argv\u2013Check argv, return the result and the message
-
check_envp\u2013Check envp, return the result and the message
-
check_constraint\u2013Parse constraint, return the result and the message
-
check_gadget\u2013Check status of each gadget, return the gadget's status
-
find_gadgets\u2013Find gadgets by parsing the output of onegadget, return there's any valid gadget
Attributes:
-
ADDRESS_WRITABLE_PATTERN\u2013 -
WRITABLE_COLON_PATTERN\u2013 -
EQUAL_NULL_PATTERN\u2013 -
VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN\u2013 -
VALID_ARGV_PATTERN\u2013 -
VALID_ENVP_PATTERN\u2013 -
IS_ALIGNED_PATTERN\u2013 -
IS_GOT_ADDRESS_PATTERN\u2013 -
CAST_PATTERN\u2013 -
XMM_SHIFT\u2013 -
CONSTRAINT_SEPARATOR\u2013 -
CAST_DEREF_MAPPING\u2013 -
CAST_MAPPING\u2013 -
ONEGADGET_COLOR\u2013 -
ONEGADGET_CACHEDIR\u2013 -
SAT\u2013 -
UNSAT\u2013 -
UNKNOWN\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.WRITABLE_COLON_PATTERN","title":"WRITABLE_COLON_PATTERNADDRESS_WRITABLE_PATTERN = compile('address(?:es)? (.*) (?:is|are) writable')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.EQUAL_NULL_PATTERN","title":"EQUAL_NULL_PATTERNWRITABLE_COLON_PATTERN = compile('writable: (.*)')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN","title":"VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERNEQUAL_NULL_PATTERN = compile('(.*) == NULL')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ARGV_PATTERN","title":"VALID_ARGV_PATTERNVALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN = compile('(.*) <= 0')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ENVP_PATTERN","title":"VALID_ENVP_PATTERNVALID_ARGV_PATTERN = compile('(.+) is a valid argv')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_ALIGNED_PATTERN","title":"IS_ALIGNED_PATTERNVALID_ENVP_PATTERN = compile('(.+) is a valid envp')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_GOT_ADDRESS_PATTERN","title":"IS_GOT_ADDRESS_PATTERNIS_ALIGNED_PATTERN = compile('(.+) & 0xf == (\\\\d+)')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_PATTERN","title":"CAST_PATTERNIS_GOT_ADDRESS_PATTERN = compile('(.+) is the GOT address of libc')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.XMM_SHIFT","title":"XMM_SHIFTCAST_PATTERN = compile('^\\\\([s|u]\\\\d+\\\\)')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CONSTRAINT_SEPARATOR","title":"CONSTRAINT_SEPARATORXMM_SHIFT = ' >> '\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_DEREF_MAPPING","title":"CAST_DEREF_MAPPINGCONSTRAINT_SEPARATOR = ' || '\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_MAPPING","title":"CAST_MAPPINGCAST_DEREF_MAPPING = {\n \"(u16)\": u16,\n \"(s16)\": s16,\n \"(u32)\": u32,\n \"(s32)\": s32,\n \"(u64)\": u64,\n \"(s64)\": s64,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_COLOR","title":"ONEGADGET_COLORCAST_MAPPING = {\n \"(u16)\": lambda x: value,\n \"(s16)\": lambda x: value,\n \"(u32)\": lambda x: value,\n \"(s32)\": lambda x: value,\n \"(u64)\": lambda x: value,\n \"(s64)\": lambda x: value,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_CACHEDIR","title":"ONEGADGET_CACHEDIRONEGADGET_COLOR = {\n \"light_green\": lambda x: colorize(x, \"\\x1b[38;5;82m\"),\n \"light_purple\": lambda x: colorize(x, \"\\x1b[38;5;153m\"),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.SAT","title":"SATONEGADGET_CACHEDIR = cachedir('onegadget')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNSAT","title":"UNSATSAT = SAT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNKNOWN","title":"UNKNOWNUNSAT = UNSAT\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult","title":"CheckSatResult","text":"UNKNOWN = UNKNOWN\nBases:
EnumMethods:
-
__str__\u2013 -
__and__\u2013 -
__or__\u2013
Attributes:
-
SAT\u2013 -
UNSAT\u2013 -
UNKNOWN\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNSAT","title":"UNSATSAT = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNKNOWN","title":"UNKNOWNUNSAT = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__str__","title":"__str__","text":"UNKNOWN = -1\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__and__","title":"__and__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__or__","title":"__or__","text":"__and__(other: CheckSatResult) -> CheckSatResult\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda","title":"Lambda","text":"__or__(other: CheckSatResult) -> CheckSatResult\nLambda(obj: str | Lambda)\nModified from onegadget's Lambda class
https://github.com/david942j/one_gadget/blob/65ce1dade70bf89e7496346ccf452ce5b2d139b3/lib/one_gadget/emulators/lambda.rb#L13
Methods:
-
__add__\u2013 -
__sub__\u2013 -
__str__\u2013 -
__repr__\u2013 -
deref\u2013 -
deref_\u2013 -
ref\u2013 -
evaluate\u2013 -
parse\u2013 -
mem_obj\u2013
Attributes:
-
immi\u2013 -
obj\u2013 -
deref_count\u2013 -
gdb_expr(str) \u2013 -
color_str(str) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.obj","title":"objimmi = 0\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_count","title":"deref_countobj = obj\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.gdb_expr","title":"gdb_exprderef_count = 0\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.color_str","title":"color_strgdb_expr: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__add__","title":"__add__","text":"color_str: str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__sub__","title":"__sub__","text":"__add__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__str__","title":"__str__","text":"__sub__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__repr__","title":"__repr__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref","title":"deref","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_","title":"deref_","text":"deref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.ref","title":"ref","text":"deref_() -> None\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.evaluate","title":"evaluate","text":"ref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.parse","title":"parseevaluate(context: dict[Any, Any]) -> int | Lambda\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.mem_obj","title":"mem_objparse(argument: str, predefined: dict[Any, Any] = {}) -> int | Lambda\nstaticmethod","text":"
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_reg","title":"colorize_reg","text":"mem_obj(arg: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_integer","title":"colorize_integer","text":"colorize_reg(x: object) -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_psuedo_code","title":"colorize_psuedo_code","text":"colorize_integer(x: object) -> str\ncolorize_psuedo_code(code: str) -> str\nColorize the pseudo code of onegadget
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.compute_file_hash","title":"compute_file_hash","text":"compute_file_hash(filename: str) -> str\nCompute the MD5 hash of the file, return the hash
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.run_onegadget","title":"run_onegadget","text":"run_onegadget() -> str\nRun onegadget and return the output
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.parse_expression","title":"parse_expression","text":"parse_expression(expr: str) -> tuple[int | None, str, str | None]\nParse expression, return the result, colorized string and error message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_stack_argv","title":"check_stack_argv","text":"check_stack_argv(expr: str) -> tuple[CheckSatResult, str]\nCheck argv that's on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_non_stack_argv","title":"check_non_stack_argv","text":"check_non_stack_argv(expr: str) -> tuple[CheckSatResult, str]\nCheck argv that's not on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_argv","title":"check_argv","text":"check_argv(expr: str) -> tuple[CheckSatResult, str]\nCheck argv, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_envp","title":"check_envp","text":"check_envp(expr: str) -> tuple[bool, str]\nCheck envp, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_constraint","title":"check_constraint","text":"check_constraint(constraint: str) -> tuple[CheckSatResult, str]\nParse constraint, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_gadget","title":"check_gadget","text":"check_gadget(\n gadget: str,\n show_unsat: bool = False,\n no_unknown: bool = False,\n verbose: bool = False,\n) -> CheckSatResult\nCheck status of each gadget, return the gadget's status
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.find_gadgets","title":"find_gadgets","text":"find_gadgets(\n show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> dict[CheckSatResult, int]\nFind gadgets by parsing the output of onegadget, return there's any valid gadget
"},{"location":"reference/pwndbg/aglib/proc/","title":"pwndbg.aglib.proc","text":""},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc","title":"proc","text":"Provides values which would be available from /proc which are not fulfilled by other modules and some process/gdb flow related information.
Classes:
-
module\u2013
Functions:
-
OnlyWhenRunning\u2013 -
OnlyWhenQemuKernel\u2013 -
OnlyWithArch\u2013
Attributes:
-
P\u2013 -
T\u2013 -
pid(int) \u2013 -
tid(int) \u2013 -
thread_id(int) \u2013 -
alive(bool) \u2013 -
stopped_with_signal(bool) \u2013 -
exe(str | None) \u2013 -
binary_base_addr(int) \u2013 -
binary_vmmap(tuple[Page, ...]) \u2013 -
tether\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.pid","title":"pidT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tid","title":"tidpid: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.thread_id","title":"thread_idtid: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.alive","title":"alivethread_id: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.stopped_with_signal","title":"stopped_with_signalalive: bool\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.exe","title":"exestopped_with_signal: bool\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_base_addr","title":"binary_base_addrexe: str | None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_vmmap","title":"binary_vmmapbinary_base_addr: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tether","title":"tetherbinary_vmmap: tuple[Page, ...]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module","title":"module","text":"tether = modules[__name__]\nBases:
ModuleTypeMethods:
-
dump_elf_data_section\u2013Dump .data section of current process's ELF file
-
dump_relocations_by_section_name\u2013Dump relocations of a section by section name of current process's ELF file
-
get_section_address_by_name\u2013Find section address of current process by section name
-
OnlyWhenRunning\u2013 -
OnlyWhenQemuKernel\u2013 -
OnlyWithArch\u2013Decorates function to work only with the specified archictectures.
Attributes:
-
pid(int) \u2013 -
tid(int) \u2013 -
thread_id(int) \u2013 -
alive(bool) \u2013Informs whether the process has a thread. However, note that it will
-
stopped_with_signal(bool) \u2013Returns whether the program has stopped with a signal
-
exe(str | None) \u2013Returns the executed file path.
-
binary_base_addr(int) \u2013 -
binary_vmmap(tuple[Page, ...]) \u2013
property","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.tid","title":"tidpid: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.thread_id","title":"thread_idtid: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.alive","title":"alivethread_id: int\nproperty","text":"alive: bool\nInforms whether the process has a thread. However, note that it will still return True for a segfaulted thread. To detect that, consider using the
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.stopped_with_signal","title":"stopped_with_signalstopped_with_signalmethod.property","text":"stopped_with_signal: bool\nReturns whether the program has stopped with a signal
Can be used to detect segfaults (but will also detect other signals)
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.exe","title":"exeproperty","text":"exe: str | None\nReturns the executed file path.
On remote targets, this path may not exist locally.
If you need the locally referenced file use
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_base_addr","title":"binary_base_addrgdb.current_process().filenameproperty","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_vmmap","title":"binary_vmmapbinary_base_addr: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_elf_data_section","title":"dump_elf_data_section","text":"binary_vmmap: tuple[Page, ...]\ndump_elf_data_section() -> tuple[int, int, bytes] | None\nDump .data section of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n section_name: str,\n) -> tuple[Relocation, ...] | None\nDump relocations of a section by section name of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.get_section_address_by_name","title":"get_section_address_by_name","text":"get_section_address_by_name(section_name: str) -> int\nFind section address of current process by section name
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenRunning","title":"OnlyWhenRunning","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWithArch","title":"OnlyWithArch","text":"OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T | None]\nOnlyWithArch(\n arch_names: list[str],\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\nDecorates function to work only with the specified archictectures.
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenRunning","title":"OnlyWhenRunning","text":"
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWithArch","title":"OnlyWithArch","text":"OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/aglib/qemu/","title":"pwndbg.aglib.qemu","text":""},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu","title":"qemu","text":"OnlyWithArch(\n arch_names: list[str],\n) -> Callable[[Callable[..., T]], Callable[..., T | None]]\nDetermine whether the target is being run under QEMU.
Functions:
-
is_qemu\u2013 -
is_usermode\u2013 -
is_qemu_usermode\u2013Returns
Trueif the target remote is being run under -
is_qemu_kernel\u2013 -
is_old_qemu_user\u2013 -
exec_file_supported\u2013Returns
Trueif the remote target understands the 'qXfer:exec-file:read' packet.
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_usermode","title":"is_usermode","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_usermode","title":"is_qemu_usermode","text":"is_usermode() -> bool\nis_qemu_usermode() -> bool\nReturns
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_kernel","title":"is_qemu_kernel","text":"Trueif the target remote is being run under QEMU usermode emulation.
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_old_qemu_user","title":"is_old_qemu_user","text":"is_qemu_kernel() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.exec_file_supported","title":"exec_file_supported","text":"is_old_qemu_user() -> bool\nexec_file_supported() -> bool\nReturns
"},{"location":"reference/pwndbg/aglib/regs/","title":"pwndbg.aglib.regs","text":""},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs","title":"regs","text":"Trueif the remote target understands the 'qXfer:exec-file:read' packet. A check for this feature is done in vmmap code, to warn against running legacy Qemu versions.Reading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
Classes:
-
module\u2013
Functions:
-
regs_in_frame\u2013 -
get_register\u2013 -
get_qemu_register\u2013 -
update_last\u2013
Attributes:
-
PTRACE_ARCH_PRCTL\u2013 -
ARCH_GET_FS\u2013 -
ARCH_GET_GS\u2013 -
gpr(tuple[str, ...]) \u2013 -
common(list[str]) \u2013 -
frame(str | None) \u2013 -
retaddr(tuple[str, ...]) \u2013 -
flags(dict[str, BitFlags]) \u2013 -
extra_flags(dict[str, BitFlags]) \u2013 -
stack(str) \u2013 -
retval(str | None) \u2013 -
all(list[str]) \u2013 -
changed(list[str]) \u2013 -
fsbase(int) \u2013 -
gsbase(int) \u2013 -
current(RegisterSet) \u2013 -
fix(Callable[[str], str]) \u2013 -
items(Callable[[], Generator[tuple[str, Any], None, None]]) \u2013 -
previous(dict[str, int]) \u2013 -
last(dict[str, int]) \u2013 -
pc(int | None) \u2013 -
tether\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_FS","title":"ARCH_GET_FSPTRACE_ARCH_PRCTL = 30\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_GS","title":"ARCH_GET_GSARCH_GET_FS = 4099\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gpr","title":"gprARCH_GET_GS = 4100\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.common","title":"commongpr: tuple[str, ...]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.frame","title":"framecommon: list[str]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retaddr","title":"retaddrframe: str | None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.flags","title":"flagsretaddr: tuple[str, ...]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.extra_flags","title":"extra_flagsflags: dict[str, BitFlags]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.stack","title":"stackextra_flags: dict[str, BitFlags]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retval","title":"retvalstack: str\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.all","title":"allretval: str | None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.changed","title":"changedall: list[str]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fsbase","title":"fsbasechanged: list[str]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gsbase","title":"gsbasefsbase: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.current","title":"currentgsbase: int\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fix","title":"fixcurrent: RegisterSet\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.items","title":"itemsfix: Callable[[str], str]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.previous","title":"previousitems: Callable[[], Generator[tuple[str, Any], None, None]]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.last","title":"lastprevious: dict[str, int]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.pc","title":"pclast: dict[str, int]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.tether","title":"tetherpc: int | None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module","title":"module","text":"tether = modules[__name__]\nBases:
ModuleTypeMethods:
-
read_reg\u2013 -
__getattr__\u2013 -
__setattr__\u2013 -
__getitem__\u2013 -
__contains__\u2013 -
__iter__\u2013 -
fix\u2013 -
items\u2013 -
__repr__\u2013
Attributes:
-
previous(dict[str, int]) \u2013 -
last(dict[str, int]) \u2013 -
current(RegisterSet) \u2013 -
gpr(tuple[str, ...]) \u2013 -
common(list[str]) \u2013 -
frame(str | None) \u2013 -
retaddr(tuple[str, ...]) \u2013 -
flags(dict[str, BitFlags]) \u2013 -
extra_flags(dict[str, BitFlags]) \u2013 -
stack(str) \u2013 -
retval(str | None) \u2013 -
all(set[str]) \u2013 -
reg_sets\u2013 -
changed(list[str]) \u2013 -
idt(int) \u2013 -
idt_limit(int) \u2013 -
fsbase(int) \u2013 -
gsbase(int) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.last","title":"lastprevious: dict[str, int] = {}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.current","title":"currentlast: dict[str, int] = {}\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gpr","title":"gprcurrent: RegisterSet\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.common","title":"commongpr: tuple[str, ...]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.frame","title":"framecommon: list[str]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retaddr","title":"retaddrframe: str | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.flags","title":"flagsretaddr: tuple[str, ...]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.extra_flags","title":"extra_flagsflags: dict[str, BitFlags]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.stack","title":"stackextra_flags: dict[str, BitFlags]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retval","title":"retvalstack: str\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.all","title":"allretval: str | None\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.reg_sets","title":"reg_setsall: set[str]\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.changed","title":"changedreg_sets = reg_sets\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt","title":"idtchanged: list[str]\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt_limit","title":"idt_limitidt: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fsbase","title":"fsbaseidt_limit: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gsbase","title":"gsbasefsbase: int\nproperty","text":"
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.read_reg","title":"read_reg","text":"gsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__getattr__","title":"__getattr__","text":"read_reg(reg: str, frame: Frame | None = None) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__setattr__","title":"__setattr__","text":"__getattr__(attr: str) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__getitem__","title":"__getitem__","text":"__setattr__(attr: str, val: Any) -> None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__contains__","title":"__contains__","text":"__getitem__(item: Any) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__iter__","title":"__iter__","text":"__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fix","title":"fix","text":"__iter__() -> Iterator[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.items","title":"items","text":"fix(expression: str) -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__repr__","title":"__repr__","text":"items() -> Generator[tuple[str, Any], None, None]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.regs_in_frame","title":"regs_in_frame","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_register","title":"get_register","text":"regs_in_frame(frame: Frame) -> Registers\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_qemu_register","title":"get_qemu_register","text":"get_register(name: str, frame: Frame | None = None) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.update_last","title":"update_last","text":"get_qemu_register(name: str) -> int | None\n
"},{"location":"reference/pwndbg/aglib/remote/","title":"pwndbg.aglib.remote","text":""},{"location":"reference/pwndbg/aglib/remote/#pwndbg.aglib.remote","title":"remote","text":"update_last() -> None\nInformation about whether the debuggee is local (under GDB) or remote (under GDBSERVER or QEMU stub).
Functions:
-
is_remote\u2013
"},{"location":"reference/pwndbg/aglib/shellcode/","title":"pwndbg.aglib.shellcode","text":""},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode","title":"shellcode","text":"is_remote() -> bool\nShellcode
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
Functions:
-
exec_syscall\u2013Tries executing the given syscall in the context of the inferior.
-
exec_shellcode\u2013Tries executing the given blob of machine code in the current context of the
async","text":"exec_syscall(\n ec: ExecutionController,\n syscall,\n arg0=None,\n arg1=None,\n arg2=None,\n arg3=None,\n arg4=None,\n arg5=None,\n disable_breakpoints=False,\n)\nTries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode","title":"exec_shellcodeasync","text":"exec_shellcode(\n ec: ExecutionController,\n blob,\n restore_context=True,\n disable_breakpoints=False,\n)\nTries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode--safety","title":"Safety","text":"Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/aglib/stack/","title":"pwndbg.aglib.stack","text":""},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack","title":"stack","text":"Helpers for finding address mappings which are used as a stack.
Generally not needed, except under qemu-user and for when binaries do things to remap the stack (e.g. pwnies' postit).
Functions:
-
find\u2013Returns a pwndbg.lib.memory.Page object which corresponds to given address stack
-
find_upper_stack_boundary\u2013 -
get\u2013For each running thread, return the known address range for its stack
-
current\u2013Returns the bounds for the stack for the current thread.
-
is_executable\u2013 -
callstack\u2013Return the address of the return address for the current frame.
Attributes:
-
auto_explore\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find","title":"find","text":"auto_explore = add_param(\n \"auto-explore-stack\",\n \"warn\",\n \"stack exploration; it may be really slow.\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\nfind(address: int) -> Page | None\nReturns a pwndbg.lib.memory.Page object which corresponds to given address stack or None if it does not exist
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find_upper_stack_boundary","title":"find_upper_stack_boundary","text":"
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.get","title":"get","text":"find_upper_stack_boundary(stack_ptr: int, max_pages: int = 1024) -> int\nget() -> dict[int, Page]\nFor each running thread, return the known address range for its stack Returns a dict which should never be modified (since its cached)
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.current","title":"current","text":"current() -> Page | None\nReturns the bounds for the stack for the current thread.
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.is_executable","title":"is_executable","text":"
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.callstack","title":"callstack","text":"is_executable() -> bool\ncallstack() -> list[int]\nReturn the address of the return address for the current frame.
"},{"location":"reference/pwndbg/aglib/strings/","title":"pwndbg.aglib.strings","text":""},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings","title":"strings","text":"Functionality for resolving ASCII printable strings within the debuggee's address space.
Functions:
-
update_length\u2013Unfortunately there's not a better way to get at this info.
-
get\u2013Returns a printable C-string from address.
-
yield_in_page\u2013Yields strings of length >= n found in a given vmmap page
Attributes:
-
length\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.update_length","title":"update_length","text":"length = 15\nupdate_length() -> None\nUnfortunately there's not a better way to get at this info.
gdb.execute('show print elements', from_tty=False, to_string=True) 'Limit on string chars or array elements to print is 21.\\n'
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.get","title":"get","text":"get(\n address: int, maxlen: int | None = None, maxread: int | None = None\n) -> str | None\nReturns a printable C-string from address.
Returns
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.yield_in_page","title":"yield_in_page","text":"Noneif string contains non-printable chars or if themaxlenlength data does not end up with a null byte.yield_in_page(page: Page, n=4) -> Iterator[str]\nYields strings of length >= n found in a given vmmap page
"},{"location":"reference/pwndbg/aglib/symbol/","title":"pwndbg.aglib.symbol","text":""},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol","title":"symbol","text":"Looking up addresses for function names / symbols, and vice-versa.
Functions:
-
lookup_symbol_addr\u2013 -
lookup_symbol_value\u2013 -
lookup_symbol\u2013Returns the address of the given
symbol, cast-ed to the appropriate symbol type. -
lookup_frame_symbol\u2013Returns the address of the given
symbol, cast-ed to the appropriate symbol type. -
resolve_addr\u2013Resolves an address to its corresponding symbol name, if available.
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol_value","title":"lookup_symbol_value","text":"lookup_symbol_addr(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> int | None\n
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol_value(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> int | None\nlookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\nReturns the address of the given
symbol, cast-ed to the appropriate symbol type.This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only) Typedef names (if you need please use aglib.typeinfo.load) - (gdb only) Enum values (if you need please use aglib.typeinfo.enum_member)
The lookup order is as follows (default): 1. Global scope within the current module 2. Global static scope within the current module 3. Global scope in other modules 4. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"lookup_frame_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\nReturns the address of the given
symbol, cast-ed to the appropriate symbol type.This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only, please don't use) Typedef names - (gdb only, please don't use) Enum values
The lookup order is as follows: 1. Local scope 2. Global scope within the current module 3. Global static scope within the current module 4. Global scope in other modules 5. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.resolve_addr","title":"resolve_addr","text":"resolve_addr(addr: int) -> str | None\nResolves an address to its corresponding symbol name, if available.
Note: - This function does not resolve TLS (Thread-Local Storage) addresses or addresses with local scope.
Resolution is performed in the following order: - Global scope symbols.
"},{"location":"reference/pwndbg/aglib/tls/","title":"pwndbg.aglib.tls","text":""},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls","title":"tls","text":"Getting Thread Local Storage (TLS) information.
Functions:
-
find_address_with_pthread_self\u2013Get the base address of the Thread Local Storage (TLS) for the current thread using
-
find_address_with_register\u2013Get the base address of the Thread Local Storage (TLS) for the current thread using
__call_pthread_self() -> int\nRetrieve the address of the
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_pthread_self","title":"find_address_with_pthread_self","text":"struct pthread_tfor the current thread by calling pthread_self(). This address can be used to locate the base address of the Thread Local Storage (TLS).find_address_with_pthread_self() -> int\nGet the base address of the Thread Local Storage (TLS) for the current thread using the pthread_self() function. The returned address points to the
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_register","title":"find_address_with_register","text":"struct tcbhead_t, which serves as the header for TLS and thread-specific metadata.find_address_with_register() -> int\nGet the base address of the Thread Local Storage (TLS) for the current thread using a CPU register. The returned address points to the
"},{"location":"reference/pwndbg/aglib/typeinfo/","title":"pwndbg.aglib.typeinfo","text":""},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo","title":"typeinfo","text":"struct tcbhead_t, which is the entry point for TLS and thread-specific metadata.Common types.
Functions:
-
lookup_types\u2013 -
update\u2013 -
load\u2013Load a symbol; note that new symbols can be added with
add-symbol-filefunctionality -
get_type\u2013
Attributes:
-
module\u2013 -
char(Type) \u2013 -
ulong(Type) \u2013 -
long(Type) \u2013 -
uchar(Type) \u2013 -
ushort(Type) \u2013 -
uint(Type) \u2013 -
void(Type) \u2013 -
uint8(Type) \u2013 -
uint16(Type) \u2013 -
uint32(Type) \u2013 -
uint64(Type) \u2013 -
unsigned(dict[int, Type]) \u2013 -
int8(Type) \u2013 -
int16(Type) \u2013 -
int32(Type) \u2013 -
int64(Type) \u2013 -
signed(dict[int, Type]) \u2013 -
pvoid(Type) \u2013 -
ppvoid(Type) \u2013 -
pchar(Type) \u2013 -
ptrsize(int) \u2013 -
ptrdiff(Type) \u2013 -
size_t(Type) \u2013 -
ssize_t(Type) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.char","title":"charmodule = modules[__name__]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ulong","title":"ulongchar: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.long","title":"longulong: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uchar","title":"ucharlong: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ushort","title":"ushortuchar: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint","title":"uintushort: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.void","title":"voiduint: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint8","title":"uint8void: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint16","title":"uint16uint8: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint32","title":"uint32uint16: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint64","title":"uint64uint32: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.unsigned","title":"unsigneduint64: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int8","title":"int8unsigned: dict[int, Type]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int16","title":"int16int8: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int32","title":"int32int16: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int64","title":"int64int32: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.signed","title":"signedint64: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pvoid","title":"pvoidsigned: dict[int, Type]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ppvoid","title":"ppvoidpvoid: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pchar","title":"pcharppvoid: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrsize","title":"ptrsizepchar: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrdiff","title":"ptrdiffptrsize: int = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.size_t","title":"size_tptrdiff: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ssize_t","title":"ssize_tsize_t: Type\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.lookup_types","title":"lookup_types","text":"ssize_t: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.update","title":"update","text":"lookup_types(*types: str) -> Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.load","title":"load","text":"update() -> None\nload(name: str) -> Type | None\nLoad a symbol; note that new symbols can be added with
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.get_type","title":"get_type","text":"add-symbol-filefunctionality
"},{"location":"reference/pwndbg/aglib/vmmap/","title":"pwndbg.aglib.vmmap","text":""},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap","title":"vmmap","text":"get_type(size: int) -> Type\nFunctions:
-
get\u2013 -
find\u2013
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.find","title":"find","text":"get() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/","title":"pwndbg.aglib.vmmap_custom","text":""},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom","title":"vmmap_custom","text":"find(address: int | Value | None) -> Page | None\nFunctions:
-
clear_warn_cache\u2013 -
get_custom_pages\u2013Returns a tuple of
Pageobjects representing the memory mappings of the -
add_custom_page\u2013 -
clear_custom_page\u2013 -
explore\u2013Given a potential address, check to see what permissions it has.
-
get_memory_flags\u2013 -
find_boundaries\u2013Given a single address, find all contiguous pages
Attributes:
-
explored_pages(list[Page]) \u2013 -
custom_pages(list[Page]) \u2013 -
auto_explore\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.custom_pages","title":"custom_pagesexplored_pages: list[Page] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.auto_explore","title":"auto_explorecustom_pages: list[Page] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_warn_cache","title":"clear_warn_cache","text":"auto_explore = add_param(\n \"auto-explore-pages\",\n \"warn\",\n \"whether to try to infer page permissions when memory maps are missing\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"yes\", \"warn\", \"no\"],\n help_docstring=\"\\nThis command can cause errors.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_custom_pages","title":"get_custom_pages","text":"clear_warn_cache()\nget_custom_pages() -> tuple[Page, ...]\nReturns a tuple of
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.add_custom_page","title":"add_custom_page","text":"Pageobjects representing the memory mappings of the target, sorted by virtual address ascending.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_custom_page","title":"clear_custom_page","text":"add_custom_page(page: Page) -> None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.explore","title":"explore","text":"clear_custom_page() -> None\nexplore(address_maybe: int) -> Page | None\nGiven a potential address, check to see what permissions it has.
Returns:
-
Page | None\u2013Page object
Adds the Page object to a persistent list of pages which are only reset when the process dies. This means pages which are added this way will not be removed when unmapped.
Also assumes the entire contiguous section has the same permission.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_memory_flags","title":"get_memory_flags","text":"
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.find_boundaries","title":"find_boundaries","text":"get_memory_flags(address_maybe: int) -> int | None\nfind_boundaries(addr: int, name: str = '', min: int = 0) -> Page\nGiven a single address, find all contiguous pages which are mapped.
"},{"location":"reference/pwndbg/arguments/","title":"pwndbg.arguments","text":""},{"location":"reference/pwndbg/arguments/#pwndbg.arguments","title":"arguments","text":"Allows describing functions, specifically enumerating arguments which may be passed in a combination of registers and stack values.
Functions:
-
get\u2013Returns an array containing the arguments to the current function,
-
argname\u2013 -
argument\u2013Returns the nth argument, as if $pc were a 'call' or 'bl' type
-
arguments\u2013Yields (arg_name, arg_value) tuples for arguments from a given ABI.
-
format_args\u2013
get(instruction: PwndbgInstruction) -> list[tuple[Argument, int]]\nReturns an array containing the arguments to the current function, if $pc is a 'call', 'bl', or 'jalr' type instruction.
Otherwise, returns None.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argname","title":"argname","text":"
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argument","title":"argument","text":"argname(n: int, abi: ABI | None = None) -> str\nargument(n: int, abi: ABI | None = None) -> int\nReturns the nth argument, as if $pc were a 'call' or 'bl' type instruction. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.arguments","title":"arguments","text":"arguments(abi: ABI | None = None)\nYields (arg_name, arg_value) tuples for arguments from a given ABI. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.format_args","title":"format_args","text":"
"},{"location":"reference/pwndbg/auxv/","title":"pwndbg.auxv","text":""},{"location":"reference/pwndbg/auxv/#pwndbg.auxv","title":"auxv","text":"format_args(instruction: PwndbgInstruction) -> list[str]\nFunctions:
-
get\u2013 -
procfs_auxv\u2013 -
use_info_auxv\u2013 -
explore_stack_auxv\u2013 -
walk_stack2\u2013
Attributes:
-
auto_explore\u2013 -
example_info_auxv_linux\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.example_info_auxv_linux","title":"example_info_auxv_linuxauto_explore = add_param(\n \"auto-explore-auxv\",\n \"warn\",\n \"stack exploration for AUXV information; it may be really slow.\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.get","title":"get","text":"example_info_auxv_linux = '\\n33 AT_SYSINFO_EHDR System-supplied DSO\\'s ELF header 0x7ffff7ffa000\\n16 AT_HWCAP Machine-dependent CPU capability hints 0xfabfbff\\n6 AT_PAGESZ System page size 4096\\n17 AT_CLKTCK Frequency of times() 100\\n3 AT_PHDR Program headers for program 0x400040\\n4 AT_PHENT Size of program header entry 56\\n5 AT_PHNUM Number of program headers 9\\n7 AT_BASE Base address of interpreter 0x7ffff7dda000\\n8 AT_FLAGS Flags 0x0\\n9 AT_ENTRY Entry point of program 0x42020b\\n11 AT_UID Real user ID 1000\\n12 AT_EUID Effective user ID 1000\\n13 AT_GID Real group ID 1000\\n14 AT_EGID Effective group ID 1000\\n23 AT_SECURE Boolean, was exec setuid-like? 0\\n25 AT_RANDOM Address of 16 random bytes 0x7fffffffdb39\\n31 AT_EXECFN File name of executable 0x7fffffffefee \"/bin/bash\"\\n15 AT_PLATFORM String identifying platform 0x7fffffffdb49 \"x86_64\"\\n0 AT_NULL End of vector 0x0\\n'\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.procfs_auxv","title":"procfs_auxv","text":"get() -> AUXV\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.use_info_auxv","title":"use_info_auxv","text":"procfs_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.explore_stack_auxv","title":"explore_stack_auxv","text":"use_info_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.walk_stack2","title":"walk_stack2","text":"explore_stack_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/chain/","title":"pwndbg.chain","text":""},{"location":"reference/pwndbg/chain/#pwndbg.chain","title":"chain","text":"walk_stack2(offset: int = 0) -> AUXV\nFunctions:
-
get\u2013Recursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
-
format\u2013Recursively dereferences an address into string representation, or convert the list representation
Attributes:
-
LIMIT\u2013 -
c\u2013 -
config_arrow_left\u2013 -
config_arrow_right\u2013 -
config_contiguous\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.c","title":"cLIMIT = add_param(\n \"dereference-limit\", 5, \"max number of pointers to dereference in a chain\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_left","title":"config_arrow_leftc = ColorConfig(\n \"chain\",\n [\n ColorParamSpec(\"arrow\", \"normal\", \"color of chain formatting (arrow)\"),\n ColorParamSpec(\n \"contiguous-marker\",\n \"normal\",\n \"color of chain formatting (contiguous marker)\",\n ),\n ],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_right","title":"config_arrow_rightconfig_arrow_left = add_param(\n \"chain-arrow-left\", \"\u25c2\u2014\", \"left arrow of chain formatting\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_contiguous","title":"config_contiguousconfig_arrow_right = add_param(\n \"chain-arrow-right\", \"\u2014\u25b8\", \"right arrow of chain formatting\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.get","title":"get","text":"config_contiguous = add_param(\n \"chain-contiguous-marker\", \"...\", \"contiguous marker of chain formatting\"\n)\nget(\n address: int | None,\n limit: int = LIMIT,\n offset: int = 0,\n hard_stop: int | None = None,\n hard_end: int = 0,\n include_start: bool = True,\n safe_linking: bool = False,\n) -> list[int] | None\nRecursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
Parameters:
-
address(int | None) \u2013the first address to begin dereferencing
-
limit(int, default:LIMIT) \u2013number of valid pointers
-
offset(int, default:0) \u2013offset into the address to get the next pointer
-
hard_stop(int | None, default:None) \u2013address to stop at
-
hard_end(int, default:0) \u2013value to append when hard_stop is reached
-
include_start(bool, default:True) \u2013whether to include starting address or not
-
safe_linking(bool, default:False) \u2013whether this chain use safe-linking
Returns:
-
list[int] | None\u2013A list representing pointers of each
addressand reference
format(\n value: int | list[int] | None,\n limit: int = LIMIT,\n code: bool = True,\n offset: int = 0,\n hard_stop: int | None = None,\n hard_end: int = 0,\n safe_linking: bool = False,\n enhance_string_len: int | None = None,\n) -> str\nRecursively dereferences an address into string representation, or convert the list representation of address dereferences into string representation.
Parameters:
-
value(int | list[int] | None) \u2013Either the starting address to be sent to get, or the result of get (a list)
-
limit(int, default:LIMIT) \u2013Number of valid pointers
-
code(bool, default:True) \u2013Hint that indicates the value may be an instruction
-
offset(int, default:0) \u2013Offset into the address to get the next pointer
-
hard_stop(int | None, default:None) \u2013Value to stop on
-
hard_end(int, default:0) \u2013Value to append when hard_stop is reached: null, value of hard stop, a string.
-
safe_linking(bool, default:False) \u2013whether this chain use safe-linking
-
enhance_string_len(int | None, default:None) \u2013The length of string to display for enhancement of the last pointer
Returns: A string representing pointers of each address and reference Strings format: 0x0804a10 \u2014\u25b8 0x08061000 \u25c2\u2014 0x41414141
"},{"location":"reference/pwndbg/color/","title":"pwndbg.color","text":""},{"location":"reference/pwndbg/color/#pwndbg.color","title":"color","text":"Modules:
-
context\u2013 -
disasm\u2013 -
enhance\u2013 -
hexdump\u2013 -
memory\u2013 -
message\u2013 -
syntax_highlight\u2013 -
telescope\u2013 -
theme\u2013
Classes:
-
ColorParamSpec\u2013 -
ColorConfig\u2013
Functions:
-
normal\u2013 -
black\u2013 -
red\u2013 -
green\u2013 -
yellow\u2013 -
blue\u2013 -
purple\u2013 -
cyan\u2013 -
light_gray\u2013 -
foreground\u2013 -
gray\u2013 -
light_red\u2013 -
light_green\u2013 -
light_yellow\u2013 -
light_blue\u2013 -
light_purple\u2013 -
light_cyan\u2013 -
white\u2013 -
bold\u2013 -
underline\u2013 -
colorize\u2013 -
unstylize\u2013 -
generateColorFunctionInner\u2013 -
generateColorFunction\u2013 -
strip\u2013 -
terminateWith\u2013 -
ljust_colored\u2013 -
rjust_colored\u2013
Attributes:
-
NORMAL\u2013 -
BLACK\u2013 -
RED\u2013 -
GREEN\u2013 -
YELLOW\u2013 -
BLUE\u2013 -
PURPLE\u2013 -
CYAN\u2013 -
LIGHT_GREY\u2013 -
LIGHT_GRAY\u2013 -
FOREGROUND\u2013 -
GREY\u2013 -
GRAY\u2013 -
LIGHT_RED\u2013 -
LIGHT_GREEN\u2013 -
LIGHT_YELLOW\u2013 -
LIGHT_BLUE\u2013 -
LIGHT_PURPLE\u2013 -
LIGHT_CYAN\u2013 -
WHITE\u2013 -
BOLD\u2013 -
UNDERLINE\u2013 -
none\u2013 -
ansi_escape_8bit\u2013 -
disable_colors\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLACK","title":"BLACKNORMAL = '\\x1b[0m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.RED","title":"REDBLACK = '\\x1b[30m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREEN","title":"GREENRED = '\\x1b[31m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.YELLOW","title":"YELLOWGREEN = '\\x1b[32m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLUE","title":"BLUEYELLOW = '\\x1b[33m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.PURPLE","title":"PURPLEBLUE = '\\x1b[34m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.CYAN","title":"CYANPURPLE = '\\x1b[35m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREY","title":"LIGHT_GREYCYAN = '\\x1b[36m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GRAY","title":"LIGHT_GRAYLIGHT_GREY = '\\x1b[37m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.FOREGROUND","title":"FOREGROUNDLIGHT_GRAY = '\\x1b[37m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREY","title":"GREYFOREGROUND = '\\x1b[39m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.GRAY","title":"GRAYGREY = '\\x1b[90m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_RED","title":"LIGHT_REDGRAY = '\\x1b[90m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREEN","title":"LIGHT_GREENLIGHT_RED = '\\x1b[91m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_YELLOW","title":"LIGHT_YELLOWLIGHT_GREEN = '\\x1b[92m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_BLUE","title":"LIGHT_BLUELIGHT_YELLOW = '\\x1b[93m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_PURPLE","title":"LIGHT_PURPLELIGHT_BLUE = '\\x1b[94m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_CYAN","title":"LIGHT_CYANLIGHT_PURPLE = '\\x1b[95m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.WHITE","title":"WHITELIGHT_CYAN = '\\x1b[96m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.BOLD","title":"BOLDWHITE = '\\x1b[97m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.UNDERLINE","title":"UNDERLINEBOLD = '\\x1b[1m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.none","title":"noneUNDERLINE = '\\x1b[4m'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.ansi_escape_8bit","title":"ansi_escape_8bitnone = str\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.disable_colors","title":"disable_colorsansi_escape_8bit = compile(\n \"(?:\\\\x1B[@-Z\\\\\\\\-_]|[\\\\x80-\\\\x9A\\\\x9C-\\\\x9F]|(?:\\\\x1B\\\\[|\\\\x9B)[0-?]*[ -/]*[@-~])\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec","title":"ColorParamSpec","text":"disable_colors = add_param(\n \"disable-colors\",\n bool(get(\"PWNDBG_DISABLE_COLORS\")),\n \"whether to color the output or not\",\n)\nBases:
NamedTupleAttributes:
-
name(str) \u2013 -
default(str) \u2013 -
doc(str) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.default","title":"defaultname: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.doc","title":"docdefault: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorConfig","title":"ColorConfig","text":"doc: str\nColorConfig(namespace: str, params: list[ColorParamSpec])\nMethods:
-
__getattr__\u2013
"},{"location":"reference/pwndbg/color/#pwndbg.color.normal","title":"normal","text":"__getattr__(attr: str) -> Callable[[str], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.black","title":"black","text":"normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.red","title":"red","text":"black(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.green","title":"green","text":"red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.yellow","title":"yellow","text":"green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.blue","title":"blue","text":"yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.purple","title":"purple","text":"blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.cyan","title":"cyan","text":"purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_gray","title":"light_gray","text":"cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.foreground","title":"foreground","text":"light_gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.gray","title":"gray","text":"foreground(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_red","title":"light_red","text":"gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_green","title":"light_green","text":"light_red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_yellow","title":"light_yellow","text":"light_green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_blue","title":"light_blue","text":"light_yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_purple","title":"light_purple","text":"light_blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_cyan","title":"light_cyan","text":"light_purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.white","title":"white","text":"light_cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.bold","title":"bold","text":"white(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.underline","title":"underline","text":"bold(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.colorize","title":"colorize","text":"underline(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.unstylize","title":"unstylize","text":"colorize(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunctionInner","title":"generateColorFunctionInner","text":"unstylize(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunction","title":"generateColorFunction","text":"generateColorFunctionInner(\n old: Callable[[object], str], new: Callable[[str], str]\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.strip","title":"strip","text":"generateColorFunction(\n config: str | Parameter,\n _globals: dict[str, Callable[[str], str]] = globals(),\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.terminateWith","title":"terminateWith","text":"strip(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ljust_colored","title":"ljust_colored","text":"terminateWith(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.rjust_colored","title":"rjust_colored","text":"ljust_colored(x: str, length: int, char: str = ' ') -> str\n
"},{"location":"reference/pwndbg/color/context/","title":"pwndbg.color.context","text":""},{"location":"reference/pwndbg/color/context/#pwndbg.color.context","title":"context","text":"rjust_colored(x: str, length: int, char: str = ' ')\nFunctions:
-
prefix\u2013 -
highlight\u2013 -
register\u2013 -
register_changed\u2013 -
flag_bracket\u2013 -
flag_value\u2013 -
flag_set\u2013 -
flag_unset\u2013 -
flag_changed\u2013 -
banner\u2013 -
banner_title\u2013 -
comment\u2013 -
format_flags\u2013
Attributes:
-
config_prefix_color\u2013 -
config_highlight_color\u2013 -
config_register_color\u2013 -
config_flag_value_color\u2013 -
config_flag_bracket_color\u2013 -
config_flag_set_color\u2013 -
config_flag_unset_color\u2013 -
config_flag_changed_color\u2013 -
config_banner_color\u2013 -
config_banner_title\u2013 -
config_register_changed_color\u2013 -
config_register_changed_marker\u2013 -
config_comment\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_highlight_color","title":"config_highlight_colorconfig_prefix_color = add_color_param(\n \"code-prefix-color\",\n \"none\",\n \"color for 'context code' command (prefix marker)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_color","title":"config_register_colorconfig_highlight_color = add_color_param(\n \"highlight-color\", \"green,bold\", \"color added to highlights like source/pc\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_value_color","title":"config_flag_value_colorconfig_register_color = add_color_param(\n \"context-register-color\", \"bold\", \"color for registers label\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_bracket_color","title":"config_flag_bracket_colorconfig_flag_value_color = add_color_param(\n \"context-flag-value-color\",\n \"none\",\n \"color for flags register (register value)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_set_color","title":"config_flag_set_colorconfig_flag_bracket_color = add_color_param(\n \"context-flag-bracket-color\", \"none\", \"color for flags register (bracket)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_unset_color","title":"config_flag_unset_colorconfig_flag_set_color = add_color_param(\n \"context-flag-set-color\",\n \"green,bold\",\n \"color for flags register (flag set)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_changed_color","title":"config_flag_changed_colorconfig_flag_unset_color = add_color_param(\n \"context-flag-unset-color\", \"red\", \"color for flags register (flag unset)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_color","title":"config_banner_colorconfig_flag_changed_color = add_color_param(\n \"context-flag-changed-color\",\n \"underline\",\n \"color for flags register (flag changed)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_title","title":"config_banner_titleconfig_banner_color = add_color_param(\n \"banner-color\", \"blue\", \"color for banner line\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_color","title":"config_register_changed_colorconfig_banner_title = add_color_param(\n \"banner-title-color\", \"none\", \"color for banner title\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_marker","title":"config_register_changed_markerconfig_register_changed_color = add_color_param(\n \"context-register-changed-color\",\n \"red\",\n \"color for registers label (change marker)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_comment","title":"config_commentconfig_register_changed_marker = add_param(\n \"context-register-changed-marker\", \"*\", \"change marker for registers label\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.prefix","title":"prefix","text":"config_comment = add_color_param('comment-color', 'gray', 'color for comment')\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.highlight","title":"highlight","text":"prefix(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register","title":"register","text":"highlight(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register_changed","title":"register_changed","text":"register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_bracket","title":"flag_bracket","text":"register_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_value","title":"flag_value","text":"flag_bracket(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_set","title":"flag_set","text":"flag_value(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_unset","title":"flag_unset","text":"flag_set(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_changed","title":"flag_changed","text":"flag_unset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner","title":"banner","text":"flag_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner_title","title":"banner_title","text":"banner(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.comment","title":"comment","text":"banner_title(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.format_flags","title":"format_flags","text":"comment(x: object) -> str\n
"},{"location":"reference/pwndbg/color/disasm/","title":"pwndbg.color.disasm","text":""},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm","title":"disasm","text":"format_flags(value: int | None, flags: BitFlags, last: int | None = None)\nFunctions:
-
one_instruction\u2013 -
instructions_and_padding\u2013
Attributes:
-
c\u2013 -
MIN_SPACING\u2013 -
WHITESPACE_LIMIT\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.MIN_SPACING","title":"MIN_SPACINGc = ColorConfig(\n \"disasm\",\n [\n ColorParamSpec(\n \"branch\", \"bold\", \"color for disasm (branch/call instruction)\"\n )\n ],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.WHITESPACE_LIMIT","title":"WHITESPACE_LIMITMIN_SPACING = 5\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.one_instruction","title":"one_instruction","text":"WHITESPACE_LIMIT = 20\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.instructions_and_padding","title":"instructions_and_padding","text":"one_instruction(ins: PwndbgInstruction) -> str\n
"},{"location":"reference/pwndbg/color/enhance/","title":"pwndbg.color.enhance","text":""},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance","title":"enhance","text":"instructions_and_padding(instructions: list[PwndbgInstruction]) -> list[str]\nFunctions:
-
integer\u2013 -
string\u2013 -
comment\u2013 -
unknown\u2013
Attributes:
-
config_integer_color\u2013 -
config_string_color\u2013 -
config_comment_color\u2013 -
config_unknown_color\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_string_color","title":"config_string_colorconfig_integer_color = add_color_param(\n \"enhance-integer-value-color\", \"none\", \"color of value enhance (integer)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_comment_color","title":"config_comment_colorconfig_string_color = add_color_param(\n \"enhance-string-value-color\", \"none\", \"color of value enhance (string)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_unknown_color","title":"config_unknown_colorconfig_comment_color = add_color_param(\n \"enhance-comment-color\", \"none\", \"color of value enhance (comment)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.integer","title":"integer","text":"config_unknown_color = add_color_param(\n \"enhance-unknown-color\", \"none\", \"color of value enhance (unknown value)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.string","title":"string","text":"integer(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.comment","title":"comment","text":"string(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.unknown","title":"unknown","text":"comment(x)\n
"},{"location":"reference/pwndbg/color/hexdump/","title":"pwndbg.color.hexdump","text":""},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump","title":"hexdump","text":"unknown(x)\nFunctions:
-
normal\u2013 -
printable\u2013 -
zero\u2013 -
special\u2013 -
offset\u2013 -
address\u2013 -
separator\u2013 -
highlight_group_lsb\u2013
Attributes:
-
config_normal\u2013 -
config_printable\u2013 -
config_zero\u2013 -
config_special\u2013 -
config_offset\u2013 -
config_address\u2013 -
config_separator\u2013 -
config_highlight_group_lsb\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_printable","title":"config_printableconfig_normal = add_color_param(\n \"hexdump-normal-color\", \"none\", \"color for hexdump command (normal bytes)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_zero","title":"config_zeroconfig_printable = add_color_param(\n \"hexdump-printable-color\",\n \"bold\",\n \"color for hexdump command (printable characters)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_special","title":"config_specialconfig_zero = add_color_param(\n \"hexdump-zero-color\", \"red\", \"color for hexdump command (zero bytes)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_offset","title":"config_offsetconfig_special = add_color_param(\n \"hexdump-special-color\",\n \"yellow\",\n \"color for hexdump command (special bytes)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_address","title":"config_addressconfig_offset = add_color_param(\n \"hexdump-offset-color\", \"none\", \"color for hexdump command (offset label)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_separator","title":"config_separatorconfig_address = add_color_param(\n \"hexdump-address-color\", \"none\", \"color for hexdump command (address label)\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_highlight_group_lsb","title":"config_highlight_group_lsbconfig_separator = add_color_param(\n \"hexdump-separator-color\",\n \"none\",\n \"color for hexdump command (group separator)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.normal","title":"normal","text":"config_highlight_group_lsb = add_param(\n \"hexdump-highlight-group-lsb\",\n \"underline\",\n \"highlight LSB of each group\",\n help_docstring=\"Applies only if hexdump-use-big-endian actually changes byte order.\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.printable","title":"printable","text":"normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.zero","title":"zero","text":"printable(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.special","title":"special","text":"zero(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.offset","title":"offset","text":"special(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.address","title":"address","text":"offset(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.separator","title":"separator","text":"address(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.highlight_group_lsb","title":"highlight_group_lsb","text":"separator(x: str) -> str\n
"},{"location":"reference/pwndbg/color/memory/","title":"pwndbg.color.memory","text":""},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory","title":"memory","text":"highlight_group_lsb(x: str) -> str\nFunctions:
-
get_address_and_symbol\u2013Convert and colorize address 0x7ffff7fcecd0 to string
0x7ffff7fcecd0 (_dl_fini) -
get_address_or_symbol\u2013Convert and colorize address to symbol if it can be resolved, else return colorized address
-
attempt_colorized_symbol\u2013Convert address to colorized symbol (if symbol is there), else None
-
get\u2013Returns a colorized string representing the provided address.
-
legend\u2013
Attributes:
-
ColorFunction\u2013 -
c\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.c","title":"cColorFunction = Callable[[str], str]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_and_symbol","title":"get_address_and_symbol","text":"c = ColorConfig(\n \"memory\",\n [\n ColorParamSpec(\"stack\", \"yellow\", \"color for stack memory\"),\n ColorParamSpec(\"heap\", \"blue\", \"color for heap memory\"),\n ColorParamSpec(\"code\", \"red\", \"color for executable memory\"),\n ColorParamSpec(\"data\", \"purple\", \"color for all other writable memory\"),\n ColorParamSpec(\"rodata\", \"normal\", \"color for all read only memory\"),\n ColorParamSpec(\"wx\", \"underline\", \"color added to all WX memory\"),\n ColorParamSpec(\n \"guard\", \"cyan\", \"color added to all guard pages (no perms)\"\n ),\n ],\n)\nget_address_and_symbol(address: int) -> str\nConvert and colorize address 0x7ffff7fcecd0 to string
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_or_symbol","title":"get_address_or_symbol","text":"0x7ffff7fcecd0 (_dl_fini)If no symbol exists for the address, return colorized addressget_address_or_symbol(address: int) -> str\nConvert and colorize address to symbol if it can be resolved, else return colorized address
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.attempt_colorized_symbol","title":"attempt_colorized_symbol","text":"attempt_colorized_symbol(address: int) -> str | None\nConvert address to colorized symbol (if symbol is there), else None
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get","title":"get","text":"get(\n address: int | Value | Any,\n text: str | None = None,\n prefix: str | None = None,\n) -> str\nReturns a colorized string representing the provided address.
Parameters:
-
address(int | Value | Any) \u2013Address to look up
-
text(str | None, default:None) \u2013Optional text to use in place of the address in the return value string.
-
prefix(str | None, default:None) \u2013Optional text to set at beginning in the return value string.
"},{"location":"reference/pwndbg/color/message/","title":"pwndbg.color.message","text":""},{"location":"reference/pwndbg/color/message/#pwndbg.color.message","title":"message","text":"legend()\nFunctions:
-
on\u2013 -
off\u2013 -
notice\u2013 -
hint\u2013 -
success\u2013 -
debug\u2013 -
info\u2013 -
warn\u2013 -
error\u2013 -
system\u2013 -
exit\u2013 -
breakpoint\u2013 -
signal\u2013 -
prompt\u2013 -
alive_prompt\u2013 -
readline_escape\u2013
Attributes:
-
config_status_on_color\u2013 -
config_status_off_color\u2013 -
config_notice_color\u2013 -
config_hint_color\u2013 -
config_success_color\u2013 -
config_debug_color\u2013 -
config_info_color\u2013 -
config_warning_color\u2013 -
config_error_color\u2013 -
config_system_color\u2013 -
config_exit_color\u2013 -
config_breakpoint_color\u2013 -
config_signal_color\u2013 -
config_prompt_color(Parameter) \u2013 -
config_prompt_alive_color(Parameter) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_status_off_color","title":"config_status_off_colorconfig_status_on_color = add_color_param(\n \"message-status-on-color\", \"green\", \"color of on status messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_notice_color","title":"config_notice_colorconfig_status_off_color = add_color_param(\n \"message-status-off-color\", \"red\", \"color of off status messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_hint_color","title":"config_hint_colorconfig_notice_color = add_color_param(\n \"message-notice-color\", \"purple\", \"color of notice messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_success_color","title":"config_success_colorconfig_hint_color = add_color_param(\n \"message-hint-color\", \"yellow\", \"color of hint and marker messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_debug_color","title":"config_debug_colorconfig_success_color = add_color_param(\n \"message-success-color\", \"green\", \"color of success messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_info_color","title":"config_info_colorconfig_debug_color = add_color_param(\n \"message-debug-color\", \"blue\", \"color of debug messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_warning_color","title":"config_warning_colorconfig_info_color = add_color_param(\n \"message-info-color\", \"white\", \"color of info messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_error_color","title":"config_error_colorconfig_warning_color = add_color_param(\n \"message-warning-color\", \"yellow\", \"color of warning messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_system_color","title":"config_system_colorconfig_error_color = add_color_param(\n \"message-error-color\", \"red\", \"color of error messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_exit_color","title":"config_exit_colorconfig_system_color = add_color_param(\n \"message-system-color\", \"light-red\", \"color of system messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_breakpoint_color","title":"config_breakpoint_colorconfig_exit_color = add_color_param(\n \"message-exit-color\", \"red\", \"color of exit messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_signal_color","title":"config_signal_colorconfig_breakpoint_color = add_color_param(\n \"message-breakpoint-color\", \"yellow\", \"color of breakpoint messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_color","title":"config_prompt_colorconfig_signal_color = add_color_param(\n \"message-signal-color\", \"bold,red\", \"color of signal messages\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_alive_color","title":"config_prompt_alive_colorconfig_prompt_color: Parameter = add_color_param(\n \"prompt-color\", \"bold,red\", \"prompt color\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.on","title":"on","text":"config_prompt_alive_color: Parameter = add_color_param(\n \"prompt-alive-color\", \"bold,green\", \"prompt alive color\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.off","title":"off","text":"on(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.notice","title":"notice","text":"off(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.hint","title":"hint","text":"notice(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.success","title":"success","text":"hint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.debug","title":"debug","text":"success(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.info","title":"info","text":"debug(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.warn","title":"warn","text":"info(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.error","title":"error","text":"warn(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.system","title":"system","text":"error(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.exit","title":"exit","text":"system(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.breakpoint","title":"breakpoint","text":"exit(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.signal","title":"signal","text":"breakpoint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.prompt","title":"prompt","text":"signal(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.alive_prompt","title":"alive_prompt","text":"prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.readline_escape","title":"readline_escape","text":"alive_prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/syntax_highlight/","title":"pwndbg.color.syntax_highlight","text":""},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight","title":"syntax_highlight","text":"readline_escape(func_message: Callable[[str], str], text: str) -> str\nFunctions:
-
check_style\u2013 -
syntax_highlight\u2013
Attributes:
-
style\u2013 -
formatter\u2013 -
pwntools_lexer\u2013 -
lexer_cache(dict[str, Any]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.formatter","title":"formatterstyle = add_param(\n \"syntax-highlight-style\",\n \"monokai\",\n \"source code / assembly syntax highlight stylename of pygments module\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.pwntools_lexer","title":"pwntools_lexerformatter = Terminal256Formatter(style=str(style))\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.lexer_cache","title":"lexer_cachepwntools_lexer = PwntoolsLexer()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.check_style","title":"check_style","text":"lexer_cache: dict[str, Any] = {}\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.syntax_highlight","title":"syntax_highlight","text":"check_style() -> None\n
"},{"location":"reference/pwndbg/color/telescope/","title":"pwndbg.color.telescope","text":""},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope","title":"telescope","text":"syntax_highlight(code: str, filename: str = '.asm') -> str\nFunctions:
-
offset\u2013 -
register\u2013 -
separator\u2013 -
delimiter\u2013 -
repeating_marker\u2013
Attributes:
-
offset_color\u2013 -
register_color\u2013 -
offset_separator_color\u2013 -
offset_delimiter_color\u2013 -
repeating_marker_color\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register_color","title":"register_coloroffset_color = add_color_param(\n \"telescope-offset-color\",\n \"normal\",\n \"color of the telescope command (offset prefix)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_separator_color","title":"offset_separator_colorregister_color = add_color_param(\n \"telescope-register-color\",\n \"bold\",\n \"color of the telescope command (register)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_delimiter_color","title":"offset_delimiter_coloroffset_separator_color = add_color_param(\n \"telescope-offset-separator-color\",\n \"normal\",\n \"color of the telescope command (offset separator)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker_color","title":"repeating_marker_coloroffset_delimiter_color = add_color_param(\n \"telescope-offset-delimiter-color\",\n \"normal\",\n \"color of the telescope command (offset delimiter)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset","title":"offset","text":"repeating_marker_color = add_color_param(\n \"telescope-repeating-marker-color\",\n \"normal\",\n \"color of the telescope command (repeating values marker)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register","title":"register","text":"offset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.separator","title":"separator","text":"register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.delimiter","title":"delimiter","text":"separator(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker","title":"repeating_marker","text":"delimiter(x: object) -> str\n
"},{"location":"reference/pwndbg/color/theme/","title":"pwndbg.color.theme","text":""},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme","title":"theme","text":"repeating_marker(x: object) -> str\nClasses:
-
ColorParameter\u2013
Functions:
-
add_param\u2013 -
add_color_param\u2013
ColorParameter(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: str = \"config\",\n)\nBases:
ParameterMethods:
-
add_update_listener\u2013 -
revert_default\u2013 -
attr_name\u2013Returns the attribute name associated with this config option,
-
__getattr__\u2013 -
pretty_val\u2013Convert a value this object could contain to its pretty string representation.
-
pretty\u2013 -
pretty_default\u2013 -
__int__\u2013 -
__str__\u2013 -
__bool__\u2013 -
__eq__\u2013 -
__lt__\u2013 -
__add__\u2013 -
__radd__\u2013 -
__sub__\u2013 -
__rsub__\u2013 -
__mul__\u2013 -
__rmul__\u2013 -
__div__\u2013 -
__floordiv__\u2013 -
__pow__\u2013 -
__mod__\u2013 -
__len__\u2013
Attributes:
-
name\u2013 -
default\u2013 -
param_class\u2013 -
set_show_doc\u2013 -
help_docstring\u2013 -
enum_sequence\u2013 -
scope\u2013 -
update_listeners(list[Callable[[Any], None]]) \u2013 -
value(Any) \u2013 -
is_changed(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.default","title":"defaultname = name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.param_class","title":"param_classdefault = default\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.set_show_doc","title":"set_show_docparam_class = param_class or PARAM_CLASSES[type(default)]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.help_docstring","title":"help_docstringset_show_doc = strip()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.enum_sequence","title":"enum_sequencehelp_docstring = strip()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.scope","title":"scopeenum_sequence = enum_sequence\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.update_listeners","title":"update_listenersscope = scope\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.value","title":"valueupdate_listeners: list[Callable[[Any], None]] = []\npropertywritable","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.is_changed","title":"is_changedvalue: Any\nproperty","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.add_update_listener","title":"add_update_listener","text":"is_changed: bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.revert_default","title":"revert_default","text":"add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.attr_name","title":"attr_name","text":"revert_default() -> None\nattr_name() -> str\nReturns the attribute name associated with this config option, i.e.
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__getattr__","title":"__getattr__","text":"my-confighas the attribute namemy_config
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_val","title":"pretty_val","text":"__getattr__(name: str)\npretty_val(val: Any) -> str\nConvert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty","title":"pretty","text":"
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_default","title":"pretty_default","text":"pretty() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__int__","title":"__int__","text":"pretty_default() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__str__","title":"__str__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__bool__","title":"__bool__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__eq__","title":"__eq__","text":"__bool__() -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__lt__","title":"__lt__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__add__","title":"__add__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__radd__","title":"__radd__","text":"__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__sub__","title":"__sub__","text":"__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rsub__","title":"__rsub__","text":"__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mul__","title":"__mul__","text":"__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rmul__","title":"__rmul__","text":"__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__div__","title":"__div__","text":"__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__floordiv__","title":"__floordiv__","text":"__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__pow__","title":"__pow__","text":"__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mod__","title":"__mod__","text":"__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__len__","title":"__len__","text":"__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_param","title":"add_param","text":"__len__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_color_param","title":"add_color_param","text":"add_param(\n name: str,\n default: Any,\n set_show_doc: str,\n color_param: bool = False,\n *,\n help_docstring: str = \"\",\n) -> Parameter\n
"},{"location":"reference/pwndbg/commands/","title":"pwndbg.commands","text":""},{"location":"reference/pwndbg/commands/#pwndbg.commands","title":"commands","text":"add_color_param(name: str, default: Any, set_show_doc: str) -> Parameter\nModules:
-
ai\u2013This command sends information on the current debugging context to OpenAI's
-
argv\u2013 -
aslr\u2013 -
asm\u2013 -
attachp\u2013 -
auxv\u2013 -
binder\u2013 -
binja\u2013 -
binja_functions\u2013 -
branch\u2013 -
canary\u2013 -
checksec\u2013 -
comments\u2013 -
config\u2013Dumps all pwndbg-specific configuration points.
-
context\u2013 -
cpsr\u2013 -
cyclic\u2013 -
cymbol\u2013Add, load, show, edit, or delete symbols for custom structures.
-
dev\u2013 -
distance\u2013 -
dt\u2013 -
dumpargs\u2013 -
elf\u2013 -
flags\u2013 -
gdt\u2013 -
ghidra\u2013 -
godbg\u2013 -
got\u2013 -
got_tracking\u2013 -
hex2ptr\u2013 -
hexdump\u2013 -
hijack_fd\u2013 -
ida\u2013 -
ignore\u2013Ignoring a breakpoint
-
integration\u2013 -
ipython_interactive\u2013Command to start an interactive IPython prompt.
-
jemalloc\u2013 -
kbase\u2013 -
kchecksec\u2013 -
kcmdline\u2013 -
kconfig\u2013 -
killthreads\u2013 -
klookup\u2013 -
knft\u2013 -
kversion\u2013 -
leakfind\u2013Find a chain of leaks given some starting address.
-
libcinfo\u2013 -
linkmap\u2013 -
memoize\u2013 -
misc\u2013 -
mmap\u2013 -
mprotect\u2013 -
nearpc\u2013 -
next\u2013Stepping until an event occurs
-
onegadget\u2013 -
p2p\u2013 -
patch\u2013 -
pcplist\u2013 -
peda\u2013 -
pie\u2013 -
plist\u2013 -
probeleak\u2013 -
procinfo\u2013 -
profiler\u2013Utilities for profiling pwndbg.
-
ptmalloc2\u2013 -
ptmalloc2_tracking\u2013 -
radare2\u2013 -
reload\u2013 -
retaddr\u2013 -
rizin\u2013 -
rop\u2013 -
ropper\u2013 -
search\u2013 -
segments\u2013 -
shell\u2013Wrapper for shell commands.
-
sigreturn\u2013 -
slab\u2013Commands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
-
spray\u2013 -
start\u2013Launches the target process after setting a breakpoint at a convenient
-
strings\u2013 -
telescope\u2013Prints out pointer chains starting at some address in memory.
-
tips\u2013 -
tls\u2013Command to print the information of the current Thread Local Storage (TLS).
-
valist\u2013 -
version\u2013Implements version and bugreport commands.
-
vmmap\u2013Command to print the virtual memory map a la /proc/self/maps.
-
windbg\u2013Compatibility functionality for Windbg users.
-
xinfo\u2013 -
xor\u2013
Classes:
-
CommandCategory\u2013 -
Command\u2013Generic command wrapper
-
ArgparsedCommand\u2013Adds documentation and offloads parsing for a Command via argparse
Functions:
-
fix\u2013Fix a single command-line argument coming from the CLI.
-
fix_reraise\u2013 -
fix_reraise_arg\u2013fix_reraise wrapper for evaluating command arguments
-
fix_int\u2013 -
fix_int_reraise\u2013 -
fix_int_reraise_arg\u2013fix_int_reraise wrapper for evaluating command arguments
-
func_name\u2013 -
OnlyWhenLocal\u2013 -
OnlyWithFile\u2013 -
OnlyWhenQemuKernel\u2013 -
OnlyWhenUserspace\u2013 -
OnlyWithKernelDebugSyms\u2013 -
OnlyWhenPagingEnabled\u2013 -
OnlyWhenRunning\u2013 -
OnlyWithTcache\u2013 -
OnlyWhenHeapIsInitialized\u2013 -
OnlyWithResolvedHeapSyms\u2013 -
sloppy_gdb_parse\u2013This function should be used as
argparse.ArgumentParser.add_argument method'stypehelper. -
AddressExpr\u2013Parses an address expression. Returns an int.
-
HexOrAddressExpr\u2013Parses string as hexadecimal int or an address expression. Returns an int.
-
load_commands\u2013
Attributes:
-
log\u2013 -
T\u2013 -
P\u2013 -
commands(list[Command]) \u2013 -
command_names(set[str]) \u2013 -
GDB_BUILTIN_COMMANDS\u2013 -
pwndbg_is_reloading\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.T","title":"Tlog = getLogger(__name__)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.P","title":"PT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.commands","title":"commandsP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.command_names","title":"command_namescommands: list[Command] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.GDB_BUILTIN_COMMANDS","title":"GDB_BUILTIN_COMMANDScommand_names: set[str] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.pwndbg_is_reloading","title":"pwndbg_is_reloadingGDB_BUILTIN_COMMANDS = commands()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory","title":"CommandCategory","text":"pwndbg_is_reloading = False\nBases:
str,EnumAttributes:
-
START\u2013 -
NEXT\u2013 -
CONTEXT\u2013 -
PTMALLOC2\u2013 -
JEMALLOC\u2013 -
BREAKPOINT\u2013 -
MEMORY\u2013 -
STACK\u2013 -
REGISTER\u2013 -
PROCESS\u2013 -
LINUX\u2013 -
DISASS\u2013 -
MISC\u2013 -
KERNEL\u2013 -
INTEGRATIONS\u2013 -
WINDBG\u2013 -
PWNDBG\u2013 -
SHELL\u2013 -
DEV\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.NEXT","title":"NEXTSTART = 'Start'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.CONTEXT","title":"CONTEXTNEXT = 'Step/Next/Continue'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PTMALLOC2","title":"PTMALLOC2CONTEXT = 'Context'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.JEMALLOC","title":"JEMALLOCPTMALLOC2 = 'GLibc ptmalloc2 Heap'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.BREAKPOINT","title":"BREAKPOINTJEMALLOC = 'jemalloc Heap'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MEMORY","title":"MEMORYBREAKPOINT = 'Breakpoint'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.STACK","title":"STACKMEMORY = 'Memory'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.REGISTER","title":"REGISTERSTACK = 'Stack'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PROCESS","title":"PROCESSREGISTER = 'Register'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.LINUX","title":"LINUXPROCESS = 'Process'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DISASS","title":"DISASSLINUX = 'Linux/libc/ELF'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MISC","title":"MISCDISASS = 'Disassemble'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.KERNEL","title":"KERNELMISC = 'Misc'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.INTEGRATIONS","title":"INTEGRATIONSKERNEL = 'Kernel'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.WINDBG","title":"WINDBGINTEGRATIONS = 'Integrations'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PWNDBG","title":"PWNDBGWINDBG = 'WinDbg'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.SHELL","title":"SHELLPWNDBG = 'pwndbg'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DEV","title":"DEVSHELL = 'Shell'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command","title":"Command","text":"DEV = 'Developer'\nCommand(\n function: Callable[..., str | None],\n prefix: bool = False,\n command_name: str | None = None,\n shell: bool = False,\n is_alias: bool = False,\n aliases: list[str] = [],\n category: CommandCategory = MISC,\n doc: str | None = None,\n)\nGeneric command wrapper
Methods:
-
split_args\u2013Split a command-line string from the user into arguments.
-
invoke\u2013Invoke the command with an argument string
-
check_repeated\u2013Keep a record of all commands which come from the TTY.
-
__call__\u2013
Attributes:
-
builtin_override_whitelist(set[str]) \u2013 -
history(dict[int, str]) \u2013 -
is_alias\u2013 -
aliases\u2013 -
category\u2013 -
shell\u2013 -
doc\u2013 -
handle\u2013 -
function\u2013 -
__name__\u2013 -
repeat\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.history","title":"historybuiltin_override_whitelist: set[str] = {\n \"up\",\n \"down\",\n \"search\",\n \"pwd\",\n \"start\",\n \"starti\",\n \"ignore\",\n}\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.is_alias","title":"is_aliashistory: dict[int, str] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.aliases","title":"aliasesis_alias = is_alias\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.category","title":"categoryaliases = aliases\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.shell","title":"shellcategory = category\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.doc","title":"docshell = shell\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.handle","title":"handledoc = doc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.function","title":"functionhandle = add_command(command_name, _handler, doc)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.__name__","title":"__name__function = function\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.repeat","title":"repeat__name__ = command_name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.split_args","title":"split_args","text":"repeat = False\nsplit_args(argument: str) -> tuple[list[str], dict[Any, Any]]\nSplit a command-line string from the user into arguments.
This is only used by pwndbg/commands/shell.py which is deprecated. Usually _ArgparsedCommand.split_args is called.
Returns:
-
list[str]\u2013A
(tuple, dict), in the form of*args, **kwargs. -
dict[Any, Any]\u2013The contents of the tuple/dict are undefined.
invoke(argument: str, from_tty: bool) -> None\nInvoke the command with an argument string
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.check_repeated","title":"check_repeated","text":"check_repeated(argument: str, from_tty: bool) -> bool\nKeep a record of all commands which come from the TTY.
Returns:
-
bool\u2013True if this command was executed by the user just hitting \"enter\".
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand","title":"ArgparsedCommand","text":"__call__(*args: Any, **kwargs: Any) -> str | None\nArgparsedCommand(\n parser_or_desc: str | ArgumentParser,\n category: CommandCategory,\n command_name: str | None = None,\n aliases: list[str] = [],\n only_debuggers: set[DebuggerType] = None,\n exclude_debuggers: set[DebuggerType] = None,\n)\nAdds documentation and offloads parsing for a Command via argparse
Methods:
-
__call__\u2013
Attributes:
-
parser\u2013 -
aliases\u2013 -
category\u2013 -
only_debuggers\u2013 -
exclude_debuggers\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand.aliases","title":"aliasesparser = ArgumentParser(description=parser_or_desc)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand.category","title":"categoryaliases = aliases\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand.only_debuggers","title":"only_debuggerscategory = category\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand.exclude_debuggers","title":"exclude_debuggersonly_debuggers = only_debuggers\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.ArgparsedCommand.__call__","title":"__call__","text":"exclude_debuggers = exclude_debuggers\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix","title":"fix","text":"__call__(function: Callable[..., Any]) -> _ArgparsedCommand\nfix(\n arg: str | Value,\n sloppy: bool = False,\n quiet: bool = True,\n reraise: bool = False,\n) -> str | Value | None\nFix a single command-line argument coming from the CLI.
Parameters:
-
arg(str | Value) \u2013Original string representation (e.g. '0', '$rax', '$rax+44')
-
sloppy(bool, default:False) \u2013If
argcannot be evaluated, returnarg. (default: False) -
quiet(bool, default:True) \u2013If an error occurs, suppress it. (default: True)
-
reraise(bool, default:False) \u2013If an error occurs, raise the exception. (default: False)
Returns:
-
str | Value | None\u2013Ideally a
Valueobject. May return astrifsloppy==True. -
str | Value | None\u2013May return
Noneifsloppy == False and reraise == False.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_reraise_arg","title":"fix_reraise_arg","text":"fix_reraise(*a, **kw) -> str | Value | None\nfix_reraise_arg(arg) -> Value\nfix_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int","title":"fix_int","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise","title":"fix_int_reraise","text":"fix_int(*a, **kw) -> int\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise_arg","title":"fix_int_reraise_arg","text":"fix_int_reraise(*a, **kw) -> int\nfix_int_reraise_arg(arg) -> int\nfix_int_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.func_name","title":"func_name","text":"
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenLocal","title":"OnlyWhenLocal","text":"func_name(function: Callable[P, T]) -> str\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithFile","title":"OnlyWithFile","text":"OnlyWhenLocal(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWithFile(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenUserspace","title":"OnlyWhenUserspace","text":"OnlyWhenQemuKernel(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithKernelDebugSyms","title":"OnlyWithKernelDebugSyms","text":"OnlyWhenUserspace(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenPagingEnabled","title":"OnlyWhenPagingEnabled","text":"OnlyWithKernelDebugSyms(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenRunning","title":"OnlyWhenRunning","text":"OnlyWhenPagingEnabled(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithTcache","title":"OnlyWithTcache","text":"OnlyWhenRunning(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenHeapIsInitialized","title":"OnlyWhenHeapIsInitialized","text":"OnlyWithTcache(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithResolvedHeapSyms","title":"OnlyWithResolvedHeapSyms","text":"OnlyWhenHeapIsInitialized(\n function: Callable[P, T],\n) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.sloppy_gdb_parse","title":"sloppy_gdb_parse","text":"OnlyWithResolvedHeapSyms(function: Callable[P, T]) -> Callable[P, T | None]\nsloppy_gdb_parse(s: str) -> int | str\nThis function should be used as
argparse.ArgumentParser.add_argument method'stypehelper.This makes the type being parsed as gdb value and if that parsing fails, a string is returned.
:param s: String. :return: Whatever gdb.parse_and_eval returns or string.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.AddressExpr","title":"AddressExpr","text":"AddressExpr(s: str) -> int\nParses an address expression. Returns an int.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.HexOrAddressExpr","title":"HexOrAddressExpr","text":"HexOrAddressExpr(s: str) -> int\nParses string as hexadecimal int or an address expression. Returns an int. (e.g. '1234' will return 0x1234)
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.load_commands","title":"load_commands","text":"
"},{"location":"reference/pwndbg/commands/ai/","title":"pwndbg.commands.ai","text":""},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai","title":"ai","text":"load_commands() -> None\nThis command sends information on the current debugging context to OpenAI's GPT-3 large language model and asks it a question supplied by the user. It then displays GPT-3's response to that question to the user.
Functions:
-
set_dummy_mode\u2013 -
get_openai_api_key\u2013 -
get_anthropic_api_key\u2013 -
get_ollama_endpoint\u2013 -
build_prompt\u2013 -
flatten_prompt\u2013 -
build_context_prompt_body\u2013 -
build_command_prompt_body\u2013 -
query_openai_chat\u2013 -
query_openai_completions\u2013 -
query\u2013 -
query_anthropic\u2013 -
query_ollama\u2013 -
get_openai_models\u2013 -
ai\u2013
Attributes:
-
last_question(list[str]) \u2013 -
last_answer(list[str]) \u2013 -
last_pc\u2013 -
last_command\u2013 -
dummy\u2013 -
verbosity\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_answer","title":"last_answerlast_question: list[str] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_pc","title":"last_pclast_answer: list[str] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_command","title":"last_commandlast_pc = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.dummy","title":"dummylast_command = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.verbosity","title":"verbositydummy = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.parser","title":"parserverbosity = 0\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.set_dummy_mode","title":"set_dummy_mode","text":"parser = ArgumentParser(\n description=\"Ask GPT-3 a question about the current debugging context.\"\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_api_key","title":"get_openai_api_key","text":"set_dummy_mode(d=True) -> None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_anthropic_api_key","title":"get_anthropic_api_key","text":"get_openai_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_ollama_endpoint","title":"get_ollama_endpoint","text":"get_anthropic_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_prompt","title":"build_prompt","text":"get_ollama_endpoint()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.flatten_prompt","title":"flatten_prompt","text":"build_prompt(question, command=None)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_context_prompt_body","title":"build_context_prompt_body","text":"flatten_prompt(conversation)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_command_prompt_body","title":"build_command_prompt_body","text":"build_context_prompt_body()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_chat","title":"query_openai_chat","text":"build_command_prompt_body(command)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_completions","title":"query_openai_completions","text":"query_openai_chat(\n prompt, model=\"gpt-3.5-turbo\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query","title":"query","text":"query_openai_completions(\n prompt, model=\"text-davinci-003\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_anthropic","title":"query_anthropic","text":"query(prompt, model='text-davinci-003', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_ollama","title":"query_ollama","text":"query_anthropic(prompt, model='claude-v1', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_models","title":"get_openai_models","text":"query_ollama(prompt, model='mistral', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.ai","title":"ai","text":"get_openai_models()\n
"},{"location":"reference/pwndbg/commands/argv/","title":"pwndbg.commands.argv","text":""},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv","title":"argv","text":"ai(\n question,\n model,\n temperature,\n max_tokens,\n verbose,\n list_models=False,\n command=None,\n) -> None\nFunctions:
-
argc\u2013 -
argv\u2013 -
envp\u2013Prints out the contents of the environment.
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argc","title":"argc","text":"parser = ArgumentParser(\n description=\"Prints out the contents of the environment.\"\n)\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argv","title":"argv","text":"argc() -> None\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.envp","title":"envp","text":"argv(i: int = None) -> None\nenvp(name: str = None)\nPrints out the contents of the environment.
"},{"location":"reference/pwndbg/commands/aslr/","title":"pwndbg.commands.aslr","text":""},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr","title":"aslr","text":"Functions:
-
check_aslr\u2013Detects the ASLR status. Returns True, False or None.
-
aslr\u2013
Attributes:
-
options\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.parser","title":"parseroptions = {'on': 'off', 'off': 'on'}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.check_aslr","title":"check_aslr","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nCheck the current ASLR status, or turn it on/off.\\n\\nDoes not take effect until the program is restarted.\\n\",\n)\ncheck_aslr() -> tuple[bool | None, str]\nDetects the ASLR status. Returns True, False or None.
None is returned when we can't detect ASLR.
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.aslr","title":"aslr","text":"
"},{"location":"reference/pwndbg/commands/asm/","title":"pwndbg.commands.asm","text":""},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm","title":"asm","text":"aslr(state=None) -> None\nFunctions:
-
asm\u2013
Attributes:
-
parser\u2013 -
input_group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.input_group","title":"input_groupparser = ArgumentParser(description='Assemble shellcode into bytes')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.asm","title":"asm","text":"input_group = add_mutually_exclusive_group(required=True)\n
"},{"location":"reference/pwndbg/commands/attachp/","title":"pwndbg.commands.attachp","text":""},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp","title":"attachp","text":"asm(shellcode, format, arch, avoid, infile) -> None\nFunctions:
-
find_pids\u2013 -
attachp\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.find_pids","title":"find_pids","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description='Attaches to a given pid, process name, process found with partial argv match or to a device file.\\n\\nThis command wraps the original GDB `attach` command to add the ability\\nto debug a process with a given name or partial name match. In such cases,\\nthe process identifier is fetched via the `pidof <name>` command first. If no\\nmatches are found, then it uses the `ps -eo pid,args` command to search for\\npartial name matches.\\n\\nOriginal GDB attach command help:\\n Attach to a process or file outside of GDB.\\n This command attaches to another target, of the same type as your last\\n \"target\" command (\"info files\" will show your target stack).\\n The command may take as argument a process id or a device file.\\n For a process id, you must have permission to send the process a signal,\\n and it must have the same effective uid as the debugger.\\n When using \"attach\" with a process id, the debugger finds the\\n program running in the process, looking first in the current working\\n directory, or (if not found there) using the source file search path\\n (see the \"directory\" command). You can also use the \"file\" command\\n to specify the program, and to load its symbol table.',\n)\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.attachp","title":"attachp","text":"find_pids(target, user, exact, all)\n
"},{"location":"reference/pwndbg/commands/auxv/","title":"pwndbg.commands.auxv","text":""},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv","title":"auxv","text":"attachp(target, no_truncate, retry, exact, all, user=None) -> None\nFunctions:
-
auxv\u2013 -
auxv_explore\u2013
"},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv.auxv_explore","title":"auxv_explore","text":"auxv() -> None\n
"},{"location":"reference/pwndbg/commands/binder/","title":"pwndbg.commands.binder","text":""},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder","title":"binder","text":"auxv_explore() -> None\nClasses:
-
IndentContextManager\u2013 -
BinderVisitor\u2013
Functions:
-
for_each_transaction\u2013 -
for_each_hlist_entry\u2013 -
binder\u2013
Attributes:
-
log\u2013 -
addrc\u2013 -
fieldnamec\u2013 -
fieldvaluec\u2013 -
typenamec\u2013 -
node_types\u2013 -
entry_field_names\u2013 -
rb_node_field_names\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.addrc","title":"addrclog = getLogger(__name__)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldnamec","title":"fieldnamecaddrc = green\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldvaluec","title":"fieldvaluecfieldnamec = blue\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.typenamec","title":"typenamecfieldvaluec = yellow\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.node_types","title":"node_typestypenamec = red\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.entry_field_names","title":"entry_field_namesnode_types = {\n \"waiting_threads\": \"struct binder_thread\",\n \"todo\": \"struct binder_work\",\n \"refs\": \"struct binder_ref\",\n \"threads\": \"struct binder_thread\",\n \"nodes\": \"struct binder_node\",\n \"refs_by_node\": \"struct binder_ref\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.rb_node_field_names","title":"rb_node_field_namesentry_field_names = {\n \"waiting_threads\": \"waiting_thread_node\",\n \"todo\": \"entry\",\n \"refs\": \"node_entry\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.parser","title":"parserrb_node_field_names = {\n \"threads\": \"rb_node\",\n \"nodes\": \"rb_node\",\n \"refs_by_node\": \"rb_node_node\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager","title":"IndentContextManager","text":"parser = ArgumentParser(description='Show Android Binder information')\nIndentContextManager()\nMethods:
-
__enter__\u2013 -
__exit__\u2013
Attributes:
-
indent\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__enter__","title":"__enter__","text":"indent = 0\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__exit__","title":"__exit__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor","title":"BinderVisitor","text":"__exit__(exc_type, exc_value, exc_tb)\nBinderVisitor(procs_addr)\nMethods:
-
format_rb_tree\u2013 -
format_list\u2013 -
visit\u2013 -
format_proc\u2013 -
format_thread\u2013 -
format_transaction\u2013 -
format_node\u2013 -
format_ref\u2013 -
format_work\u2013 -
print_object\u2013 -
format_spinlock\u2013
Attributes:
-
indent\u2013 -
addr\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.addr","title":"addrindent = IndentContextManager()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_rb_tree","title":"format_rb_tree","text":"addr = get_typed_pointer_value('struct hlist_head', procs_addr)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_list","title":"format_list","text":"format_rb_tree(field: str, value: Value) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.visit","title":"visit","text":"format_list(field: str, value: Value, typename: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_proc","title":"format_proc","text":"visit()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_thread","title":"format_thread","text":"format_proc(proc: Value, only_heading=False)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_transaction","title":"format_transaction","text":"format_thread(thread: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_node","title":"format_node","text":"format_transaction(transaction: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_ref","title":"format_ref","text":"format_node(node: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_work","title":"format_work","text":"format_ref(ref: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.print_object","title":"print_object","text":"format_work(work: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_spinlock","title":"format_spinlock","text":"print_object(obj: Value)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_transaction","title":"for_each_transaction","text":"format_spinlock(lock: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_hlist_entry","title":"for_each_hlist_entry","text":"for_each_transaction(addr: Value, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.binder","title":"binder","text":"for_each_hlist_entry(head: Value, typename, field) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binja/","title":"pwndbg.commands.binja","text":""},{"location":"reference/pwndbg/commands/binja/#pwndbg.commands.binja","title":"binja","text":"binder()\nFunctions:
-
bn_sync\u2013Synchronize Binary Ninja's cursor with GDB
bn_sync(*args) -> None\nSynchronize Binary Ninja's cursor with GDB
"},{"location":"reference/pwndbg/commands/binja_functions/","title":"pwndbg.commands.binja_functions","text":""},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions","title":"binja_functions","text":"Functions:
-
bn_sym\u2013Lookup a symbol's address by name from Binary Ninja.
-
bn_var\u2013Lookup a stack variable's address by name from Binary Ninja.
-
bn_eval\u2013Parse and evaluate a Binary Ninja expression.
bn_sym(name_val: Value) -> int | None\nLookup a symbol's address by name from Binary Ninja.
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_var","title":"bn_var","text":"bn_var(name_val: Value) -> int | None\nLookup a stack variable's address by name from Binary Ninja.
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_eval","title":"bn_eval","text":"bn_eval(expr: Value) -> int | None\nParse and evaluate a Binary Ninja expression.
Docs: https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView.parse_expression
Adds all registers in the current register set as magic variables (e.g. $rip). Also adds a $piebase magic variable with the computed executable base.
"},{"location":"reference/pwndbg/commands/branch/","title":"pwndbg.commands.branch","text":""},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch","title":"branch","text":"Classes:
-
BreakOnConditionalBranch\u2013A breakpoint that only stops the inferior if a given branch is taken or not taken.
Functions:
-
break_if_taken\u2013 -
break_if_not_taken\u2013 -
install_breakpoint\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch","title":"BreakOnConditionalBranch","text":"parser = ArgumentParser(description='Breaks on a branch if it is not taken.')\nBreakOnConditionalBranch(instruction: PwndbgInstruction, taken: bool)\nBases:
BreakpointA breakpoint that only stops the inferior if a given branch is taken or not taken.
Methods:
-
should_stop\u2013 -
stop\u2013
Attributes:
-
instruction\u2013 -
taken\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.taken","title":"takeninstruction = instruction\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.should_stop","title":"should_stop","text":"taken = taken\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.stop","title":"stop","text":"should_stop()\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_taken","title":"break_if_taken","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_not_taken","title":"break_if_not_taken","text":"break_if_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.install_breakpoint","title":"install_breakpoint","text":"break_if_not_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/canary/","title":"pwndbg.commands.canary","text":""},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary","title":"canary","text":"install_breakpoint(branch, taken: bool) -> None\nFunctions:
-
canary_value\u2013 -
canary\u2013
Attributes:
-
DEFAULT_NUM_CANARIES_TO_DISPLAY\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.parser","title":"parserDEFAULT_NUM_CANARIES_TO_DISPLAY = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary_value","title":"canary_value","text":"parser = ArgumentParser(description='Print out the current stack canary.')\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary","title":"canary","text":"canary_value()\n
"},{"location":"reference/pwndbg/commands/checksec/","title":"pwndbg.commands.checksec","text":""},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec","title":"checksec","text":"canary(all) -> None\nFunctions:
-
checksec\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec.checksec","title":"checksec","text":"parser = ArgumentParser(\n description=\"Prints out the binary security settings using `checksec`.\"\n)\n
"},{"location":"reference/pwndbg/commands/comments/","title":"pwndbg.commands.comments","text":""},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments","title":"comments","text":"checksec(file: str) -> None\nFunctions:
-
comm\u2013 -
init\u2013
Attributes:
-
parser\u2013 -
file_lists(dict[str, dict[str, str]]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.file_lists","title":"file_listsparser = ArgumentParser(description='Put comments in assembly code.')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.comm","title":"comm","text":"file_lists: dict[str, dict[str, str]] = {}\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.init","title":"init","text":"comm(addr=None, comment=None) -> None\n
"},{"location":"reference/pwndbg/commands/config/","title":"pwndbg.commands.config","text":""},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config","title":"config","text":"init() -> None\nDumps all pwndbg-specific configuration points.
Functions:
-
print_row\u2013 -
extend_value_with_default\u2013 -
get_config_parameters\u2013 -
display_config\u2013 -
config\u2013 -
theme\u2013 -
configfile\u2013 -
themefile\u2013 -
configfile_print_scope\u2013
Attributes:
-
configfile_parser\u2013 -
parser\u2013 -
themefile_parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.parser","title":"parserconfigfile_parser = ArgumentParser(\n description=\"Generates a configuration file for the current pwndbg options.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile_parser","title":"themefile_parserparser = ArgumentParser(\n description=\"Shows pwndbg-specific theme configuration.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.print_row","title":"print_row","text":"themefile_parser = ArgumentParser(\n description=\"Generates a configuration file for the current pwndbg theme options.\"\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.extend_value_with_default","title":"extend_value_with_default","text":"print_row(\n name: str,\n value: str,\n default: str,\n set_show_doc: str,\n ljust_optname: int,\n ljust_doc: int,\n empty_space: int = 2,\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.get_config_parameters","title":"get_config_parameters","text":"extend_value_with_default(value, default)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.display_config","title":"display_config","text":"get_config_parameters(scope, filter_pattern)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.config","title":"config","text":"display_config(\n filter_pattern: str, scope: str, has_file_command: bool = True\n) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.theme","title":"theme","text":"config(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile","title":"configfile","text":"theme(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile","title":"themefile","text":"configfile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile_print_scope","title":"configfile_print_scope","text":"themefile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/context/","title":"pwndbg.commands.context","text":""},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context","title":"context","text":"configfile_print_scope(scope: str, show_all: bool = False) -> None\nClasses:
-
StdOutput\u2013A context manager wrapper to give stdout
-
FileOutput\u2013A context manager wrapper to reopen files on enter
-
CallOutput\u2013A context manager which calls a function on write
Functions:
-
clear_screen\u2013Clear the screen by moving the cursor to top-left corner and
-
reserve_lines_maybe\u2013Scroll the terminal up a few lines to reduce shaking
-
validate_context_sections\u2013 -
output\u2013Creates a context manager corresponding to configured context output
-
contextoutput\u2013 -
resetcontextoutput\u2013 -
history_size_changed\u2013 -
serve_context_history\u2013 -
history_handle_unchanged_contents\u2013 -
contextprev\u2013 -
contextnext\u2013 -
contextsearch\u2013 -
contextwatch\u2013 -
contextunwatch\u2013 -
context_expressions\u2013 -
context_ghidra\u2013Print out the source of the current function decompiled by ghidra.
-
context\u2013Print out the current register, instruction, and stack context.
-
calculate_padding_to_align\u2013Calculates the number of spaces to append to reach the next alignment.
-
compact_regs\u2013 -
context_regs\u2013 -
context_heap_tracker\u2013 -
regs\u2013Print out all registers and enhance the information.
-
get_regs\u2013 -
try_emulate_if_bug_disable\u2013 -
context_disasm\u2013 -
get_highlight_source\u2013 -
get_filename_and_formatted_source\u2013Returns formatted, lines limited and highlighted source as list
-
context_code\u2013 -
context_stack\u2013 -
context_backtrace\u2013 -
context_args\u2013 -
get_thread_status\u2013 -
context_threads\u2013 -
save_signal\u2013 -
context_last_signal\u2013
Attributes:
-
log\u2013 -
T\u2013 -
P\u2013 -
c\u2013 -
config_reserve_lines\u2013 -
config_clear_screen\u2013 -
config_output\u2013 -
config_context_sections\u2013 -
config_max_threads_display\u2013 -
outputs(dict[str, str]) \u2013 -
output_settings(DefaultDict[str, dict[str, Any]]) \u2013 -
banner_arg\u2013 -
context_history(DefaultDict[str, list[list[str]]]) \u2013 -
selected_history_index(int | None) \u2013 -
context_history_size\u2013 -
expressions\u2013 -
config_context_ghidra\u2013 -
parser\u2013 -
disasm_lines\u2013 -
source_disasm_lines\u2013 -
should_decompile\u2013 -
stack_lines\u2013 -
backtrace_lines\u2013 -
backtrace_frame_label\u2013 -
last_signal(list[str]) \u2013 -
thread_status_messages\u2013 -
context_sections\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.T","title":"Tlog = getLogger(__name__)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.P","title":"PT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.c","title":"cP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_reserve_lines","title":"config_reserve_linesc = ColorConfig(\n \"backtrace\",\n [\n ColorParamSpec(\n \"prefix\", \"none\", \"color for prefix of current backtrace label\"\n ),\n ColorParamSpec(\"address\", \"none\", \"color for backtrace (address)\"),\n ColorParamSpec(\"symbol\", \"none\", \"color for backtrace (symbol)\"),\n ColorParamSpec(\n \"frame-label\", \"none\", \"color for backtrace (frame label)\"\n ),\n ],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_clear_screen","title":"config_clear_screenconfig_reserve_lines = add_param(\n \"context-reserve-lines\",\n \"if-ctx-fits\",\n \"when to reserve lines after the prompt to reduce context shake\",\n help_docstring='\\nThe \"if-ctx-fits\" setting only reserves lines if the whole context would still fit vertically in the current terminal window.\\nIt doesn\\'t take into account line-wrapping due to insufficient terminal width.\\n',\n param_class=PARAM_ENUM,\n enum_sequence=[\"never\", \"if-ctx-fits\", \"always\"],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_output","title":"config_outputconfig_clear_screen = add_param(\n \"context-clear-screen\",\n False,\n \"whether to clear the screen before printing the context\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_sections","title":"config_context_sectionsconfig_output = add_param(\n \"context-output\",\n \"stdout\",\n 'where pwndbg should output (\"stdout\" or file/tty).',\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_max_threads_display","title":"config_max_threads_displayconfig_context_sections = add_param(\n \"context-sections\",\n \"regs disasm code ghidra stack backtrace expressions threads heap_tracker\",\n \"which context sections are displayed (controls order)\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.outputs","title":"outputsconfig_max_threads_display = add_param(\n \"context-max-threads\",\n 4,\n \"maximum number of threads displayed by the context command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output_settings","title":"output_settingsoutputs: dict[str, str] = {}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.banner_arg","title":"banner_argoutput_settings: DefaultDict[str, dict[str, Any]] = defaultdict(dict)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history","title":"context_historybanner_arg = add_argument(\n \"banner\",\n type=str,\n nargs=\"?\",\n default=\"both\",\n help=\"Where a banner should be placed: both, top , bottom, none\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.selected_history_index","title":"selected_history_indexcontext_history: DefaultDict[str, list[list[str]]] = defaultdict(list)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history_size","title":"context_history_sizeselected_history_index: int | None = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.expressions","title":"expressionscontext_history_size = add_param(\n \"context-history-size\", 50, \"number of context history entries to store\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_ghidra","title":"config_context_ghidraexpressions = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.parser","title":"parserconfig_context_ghidra = add_param(\n \"context-ghidra\",\n \"never\",\n \"when to try to decompile the current function with ghidra\",\n help_docstring=\"Doing this is slow and requires radare2/r2pipe or rizin/rzpipe.\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"always\", \"never\", \"if-no-source\"],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.disasm_lines","title":"disasm_linesparser = ArgumentParser(\n description=\"Print out all registers and enhance the information.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.source_disasm_lines","title":"source_disasm_linesdisasm_lines = add_param(\n \"context-disasm-lines\",\n 10,\n \"number of additional lines to print in the disasm context\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.should_decompile","title":"should_decompilesource_disasm_lines = add_param(\n \"context-code-lines\",\n 10,\n \"number of source code lines to print by the context command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.stack_lines","title":"stack_linesshould_decompile = add_param(\n \"context-integration-decompile\",\n True,\n \"whether context should fall back to decompilation with no source code\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_lines","title":"backtrace_linesstack_lines = add_param(\n \"context-stack-lines\", 8, \"number of lines to print in the stack context\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_frame_label","title":"backtrace_frame_labelbacktrace_lines = add_param(\n \"context-backtrace-lines\",\n 8,\n \"number of lines to print in the backtrace context\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.last_signal","title":"last_signalbacktrace_frame_label = add_param(\n \"backtrace-frame-label\", \"\", \"frame number label for backtrace\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.thread_status_messages","title":"thread_status_messageslast_signal: list[str] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_sections","title":"context_sectionsthread_status_messages = {\n \"running\": light_green(\"running\"),\n \"stopped\": yellow(\"stopped\"),\n \"exited\": gray(\"exited \"),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput","title":"StdOutput","text":"context_sections = {\n \"a\": context_args,\n \"r\": context_regs,\n \"d\": context_disasm,\n \"s\": context_stack,\n \"b\": context_backtrace,\n \"c\": context_code,\n}\nA context manager wrapper to give stdout
Methods:
-
__enter__\u2013 -
__exit__\u2013 -
__hash__\u2013 -
__eq__\u2013
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__exit__","title":"__exit__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__hash__","title":"__hash__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__eq__","title":"__eq__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput","title":"FileOutput","text":"__eq__(other) -> bool\nFileOutput(*args)\nA context manager wrapper to reopen files on enter
Methods:
-
__enter__\u2013 -
__exit__\u2013 -
__hash__\u2013 -
__eq__\u2013
Attributes:
-
args\u2013 -
handle\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.handle","title":"handleargs = args\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__enter__","title":"__enter__","text":"handle = None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__exit__","title":"__exit__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__hash__","title":"__hash__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__eq__","title":"__eq__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput","title":"CallOutput","text":"__eq__(other)\nCallOutput(func)\nA context manager which calls a function on write
Methods:
-
__enter__\u2013 -
__exit__\u2013 -
__hash__\u2013 -
__eq__\u2013 -
write\u2013 -
writelines\u2013 -
flush\u2013 -
isatty\u2013
Attributes:
-
func\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__enter__","title":"__enter__","text":"func = func\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__exit__","title":"__exit__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__hash__","title":"__hash__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__eq__","title":"__eq__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.write","title":"write","text":"__eq__(other)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.writelines","title":"writelines","text":"write(data) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.flush","title":"flush","text":"writelines(lines_iterable) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.isatty","title":"isatty","text":"flush()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.clear_screen","title":"clear_screen","text":"isatty()\nclear_screen(out=stdout) -> None\nClear the screen by moving the cursor to top-left corner and clearing the content. Different terminals may act differently
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.reserve_lines_maybe","title":"reserve_lines_maybe","text":"reserve_lines_maybe(cmd_lines: int) -> None\nScroll the terminal up a few lines to reduce shaking when repeatedly printing the context.
Only do this if the context would still fit on the screen.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.validate_context_sections","title":"validate_context_sections","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output","title":"output","text":"validate_context_sections() -> None\noutput(section: str)\nCreates a context manager corresponding to configured context output
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextoutput","title":"contextoutput","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.resetcontextoutput","title":"resetcontextoutput","text":"contextoutput(section, path, clearing, banner='both', width: int = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_size_changed","title":"history_size_changed","text":"resetcontextoutput(section)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.serve_context_history","title":"serve_context_history","text":"history_size_changed() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_handle_unchanged_contents","title":"history_handle_unchanged_contents","text":"serve_context_history(\n function: Callable[P, list[str]],\n) -> Callable[P, list[str]]\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextprev","title":"contextprev","text":"history_handle_unchanged_contents() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextnext","title":"contextnext","text":"contextprev(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextsearch","title":"contextsearch","text":"contextnext(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextwatch","title":"contextwatch","text":"contextsearch(needle, section) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextunwatch","title":"contextunwatch","text":"contextwatch(expression, cmd) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_expressions","title":"context_expressions","text":"contextunwatch(num) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_ghidra","title":"context_ghidra","text":"context_expressions(target=stdout, with_banner=True, width=None)\ncontext_ghidra(target=stdout, with_banner=True, width=None)\nPrint out the source of the current function decompiled by ghidra.
The context-ghidra config parameter is used to configure whether to always, never or only show the context if no source is available.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context","title":"context","text":"context(subcontext=None, enabled=None) -> None\nPrint out the current register, instruction, and stack context.
Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.calculate_padding_to_align","title":"calculate_padding_to_align","text":"calculate_padding_to_align(length, align)\nCalculates the number of spaces to append to reach the next alignment. The next alignment point is given by \"x * align >= length\".
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.compact_regs","title":"compact_regs","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_regs","title":"context_regs","text":"compact_regs(regs, width=None, target=stdout)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_heap_tracker","title":"context_heap_tracker","text":"context_regs(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.regs","title":"regs","text":"context_heap_tracker(target=stdout, with_banner=True, width=None)\nregs(regs=[]) -> None\nPrint out all registers and enhance the information.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_regs","title":"get_regs","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.try_emulate_if_bug_disable","title":"try_emulate_if_bug_disable","text":"get_regs(regs: list[str] = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_disasm","title":"context_disasm","text":"try_emulate_if_bug_disable(handler: Callable[[], T]) -> T\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_highlight_source","title":"get_highlight_source","text":"context_disasm(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_filename_and_formatted_source","title":"get_filename_and_formatted_source","text":"get_highlight_source(filename: str) -> tuple[str, ...]\nget_filename_and_formatted_source()\nReturns formatted, lines limited and highlighted source as list or if it isn't there - an empty list
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_code","title":"context_code","text":"
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_stack","title":"context_stack","text":"context_code(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_backtrace","title":"context_backtrace","text":"context_stack(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_args","title":"context_args","text":"context_backtrace(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_thread_status","title":"get_thread_status","text":"context_args(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_threads","title":"context_threads","text":"get_thread_status(thread)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.save_signal","title":"save_signal","text":"context_threads(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_last_signal","title":"context_last_signal","text":"save_signal(signal) -> None\n
"},{"location":"reference/pwndbg/commands/cpsr/","title":"pwndbg.commands.cpsr","text":""},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr","title":"cpsr","text":"context_last_signal(with_banner=True, target=stdout, width=None)\nFunctions:
-
cpsr\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr.cpsr","title":"cpsr","text":"parser = ArgumentParser(description='Print out ARM CPSR or xPSR register.')\n
"},{"location":"reference/pwndbg/commands/cyclic/","title":"pwndbg.commands.cyclic","text":""},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic","title":"cyclic","text":"cpsr(cpsr_value=None) -> None\nFunctions:
-
cyclic_cmd\u2013
Attributes:
-
parser\u2013 -
group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.group","title":"groupparser = ArgumentParser(description='Cyclic pattern creator/finder.')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.cyclic_cmd","title":"cyclic_cmd","text":"group = add_mutually_exclusive_group(required=False)\n
"},{"location":"reference/pwndbg/commands/cymbol/","title":"pwndbg.commands.cymbol","text":""},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol","title":"cymbol","text":"cyclic_cmd(\n alphabet, length: int | None, lookup, count=100, filename=\"\"\n) -> None\nAdd, load, show, edit, or delete symbols for custom structures.
For the generation of the symbols g++/gcc is being used under the hood.
In case of remote debugging a binary which is not native to your architecture it is advised to configure the 'gcc-config-path' config parameter to your own cross-platform gnu gcc compiled toolchain for your target architecture.
You are advised to configure the 'cymbol-editor' config parameter to the path of your favorite text editor. Otherwise cymbol exapnds $EDITOR and $VISUAL environment variables to find the path to the default text editor.
Functions:
-
unload_loaded_symbol\u2013 -
OnlyWhenStructFileExists\u2013 -
generate_debug_symbols\u2013 -
add_custom_structure\u2013 -
add_structure_from_header\u2013 -
edit_custom_structure\u2013 -
remove_custom_structure\u2013 -
load_custom_structure\u2013 -
show_custom_structure\u2013 -
cymbol\u2013
Attributes:
-
P\u2013 -
T\u2013 -
gcc_compiler_path\u2013 -
cymbol_editor\u2013 -
loaded_symbols(dict[str, str]) \u2013 -
pwndbg_cachedir\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.gcc_compiler_path","title":"gcc_compiler_pathT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol_editor","title":"cymbol_editorgcc_compiler_path = add_param(\n \"gcc-compiler-path\",\n \"\",\n \"path to the gcc/g++ toolchain for generating imported symbols\",\n param_class=PARAM_OPTIONAL_FILENAME,\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.loaded_symbols","title":"loaded_symbolscymbol_editor = add_param(\n \"cymbol-editor\",\n \"\",\n \"path to the editor for editing custom structures\",\n param_class=PARAM_OPTIONAL_FILENAME,\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.pwndbg_cachedir","title":"pwndbg_cachedirloaded_symbols: dict[str, str] = {}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.parser","title":"parserpwndbg_cachedir = cachedir('custom-symbols')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.unload_loaded_symbol","title":"unload_loaded_symbol","text":"parser = ArgumentParser(\n description=\"Add, show, load, edit, or delete custom structures in plain C.\"\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.OnlyWhenStructFileExists","title":"OnlyWhenStructFileExists","text":"unload_loaded_symbol(custom_structure_name: str) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.generate_debug_symbols","title":"generate_debug_symbols","text":"OnlyWhenStructFileExists(\n func: _OnlyWhenStructFileExists,\n) -> _OnlyWhenStructFileExists\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_custom_structure","title":"add_custom_structure","text":"generate_debug_symbols(\n custom_structure_path: str,\n pwndbg_debug_symbols_output_file: str | None = None,\n) -> str | None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_structure_from_header","title":"add_structure_from_header","text":"add_custom_structure(custom_structure_name: str) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.edit_custom_structure","title":"edit_custom_structure","text":"add_structure_from_header(\n header_file: str, custom_structure_name: str = None\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.remove_custom_structure","title":"remove_custom_structure","text":"edit_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.load_custom_structure","title":"load_custom_structure","text":"remove_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.show_custom_structure","title":"show_custom_structure","text":"load_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol","title":"cymbol","text":"show_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/dev/","title":"pwndbg.commands.dev","text":""},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev","title":"dev","text":"cymbol(\n add: str, file: str, remove: str, edit: str, load: str, show: str\n) -> None\nFunctions:
-
dev_dump_instruction\u2013 -
log_level\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.dev_dump_instruction","title":"dev_dump_instruction","text":"parser = ArgumentParser(description='Set the log level.')\n
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.log_level","title":"log_level","text":"dev_dump_instruction(\n address=None, force_emulate=False, no_emulate=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/distance/","title":"pwndbg.commands.distance","text":""},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance","title":"distance","text":"log_level(level: str) -> None\nFunctions:
-
distance\u2013Print the distance between the two arguments
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance.distance","title":"distance","text":"parser = ArgumentParser(\n description=\"Print the distance between the two arguments, or print the offset to the address's page base.\"\n)\ndistance(a, b) -> None\nPrint the distance between the two arguments
"},{"location":"reference/pwndbg/commands/dt/","title":"pwndbg.commands.dt","text":""},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt","title":"dt","text":"Functions:
-
dt\u2013Dump out information on a type (e.g. ucontext_t).
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt.dt","title":"dt","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\n Dump out information on a type (e.g. ucontext_t).\\n\\n Optionally overlay that information at an address.\\n \",\n)\ndt(typename: str, address: int | None = None) -> None\nDump out information on a type (e.g. ucontext_t).
Optionally overlay that information at an address.
"},{"location":"reference/pwndbg/commands/dumpargs/","title":"pwndbg.commands.dumpargs","text":""},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs","title":"dumpargs","text":"Functions:
-
dumpargs\u2013 -
call_args\u2013Returns list of resolved call argument strings for display.
-
all_args\u2013Returns list of all argument strings for display.
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.dumpargs","title":"dumpargs","text":"parser = ArgumentParser(\n description=\"Prints determined arguments for call instruction.\"\n)\n
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.call_args","title":"call_args","text":"dumpargs(force: bool = False) -> None\ncall_args() -> list[str]\nReturns list of resolved call argument strings for display. Attempts to resolve the target and determine the number of arguments. Should be used only when being on a call instruction.
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.all_args","title":"all_args","text":"all_args() -> list[str]\nReturns list of all argument strings for display.
"},{"location":"reference/pwndbg/commands/elf/","title":"pwndbg.commands.elf","text":""},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf","title":"elf","text":"Functions:
-
elfsections\u2013 -
gotplt\u2013 -
plt\u2013 -
get_section_bounds\u2013 -
print_symbols_in_section\u2013 -
get_symbols_in_region\u2013
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.gotplt","title":"gotplt","text":"elfsections() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.plt","title":"plt","text":"gotplt() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_section_bounds","title":"get_section_bounds","text":"plt() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.print_symbols_in_section","title":"print_symbols_in_section","text":"get_section_bounds(section_name)\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_symbols_in_region","title":"get_symbols_in_region","text":"print_symbols_in_section(section_name, filter_text='') -> None\n
"},{"location":"reference/pwndbg/commands/flags/","title":"pwndbg.commands.flags","text":""},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags","title":"flags","text":"get_symbols_in_region(start, end, filter_text='')\nFunctions:
-
setflag\u2013
Attributes:
-
description\u2013 -
epilog\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.epilog","title":"epilogdescription = 'Modify the flags register.'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.parser","title":"parserepilog = \"Examples:\\n On X86/X64:\\n setflag ZF 1 -- set zero flag\\n setflag CF 0 -- unset carry flag\\n\\n On ARM:\\n setflag Z 0 -- unset the Z cpsr/xpsr flag\\n\\n To see flags registers:\\n info reg eflags -- on x86/x64\\n info reg cpsr/xpsr -- on ARM (specific register may vary)\\n\\n(This command supports flags registers that are defined for architectures in the pwndbg/regs.py file)\\n \"\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.setflag","title":"setflag","text":"parser = ArgumentParser(\n description=description, epilog=epilog, formatter_class=RawTextHelpFormatter\n)\n
"},{"location":"reference/pwndbg/commands/gdt/","title":"pwndbg.commands.gdt","text":""},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt","title":"gdt","text":"setflag(flag: str, value: int) -> None\nFunctions:
-
gdt\u2013 -
decode_gdt_entry\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.gdt","title":"gdt","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Decode X86-64 GDT entries at address\\n\\nSee also:\\n* https://wiki.osdev.org/Global_Descriptor_Table\\n* https://wiki.osdev.org/GDT_Tutorial\\n\\nNote:\\nIn 64-bit mode, the Base and Limit values are ignored, each descriptor covers the entire linear address space regardless of what they are set to.\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.decode_gdt_entry","title":"decode_gdt_entry","text":"gdt(address, count) -> None\n
"},{"location":"reference/pwndbg/commands/ghidra/","title":"pwndbg.commands.ghidra","text":""},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra","title":"ghidra","text":"decode_gdt_entry(value)\nFunctions:
-
ghidra\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra.ghidra","title":"ghidra","text":"parser = ArgumentParser(description='Decompile a given function using Ghidra.')\n
"},{"location":"reference/pwndbg/commands/godbg/","title":"pwndbg.commands.godbg","text":""},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg","title":"godbg","text":"ghidra(func) -> None\nFunctions:
-
go_dump\u2013 -
go_type\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_dump","title":"go_dump","text":"parser = ArgumentParser(\n description=\"Dumps a Go runtime reflection type at a specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_type","title":"go_type","text":"go_dump(\n ty: str,\n address: int,\n hex: bool,\n decimals: int | None,\n debug: bool,\n pretty: bool,\n) -> None\n
"},{"location":"reference/pwndbg/commands/got/","title":"pwndbg.commands.got","text":""},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got","title":"got","text":"go_type(address: int) -> None\nFunctions:
-
got\u2013
Attributes:
-
parser\u2013 -
group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.group","title":"groupparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Show the state of the Global Offset Table.\\n\\nExamples:\\n got\\n got puts\\n got -p libc\\n got -a\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.got","title":"got","text":"group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/got_tracking/","title":"pwndbg.commands.got_tracking","text":""},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking","title":"got_tracking","text":"got(\n path_filter: str, all_: bool, accept_readonly: bool, symbol_filter: str\n) -> None\nFunctions:
-
columns\u2013Print data formatted into distinct columns.
-
track_got\u2013 -
got_report\u2013Prints out a report of the current status of the GOT tracker.
-
got_tracking_status\u2013Prints out information about a single GOT tracking entry.
Attributes:
-
parser\u2013 -
subparsers\u2013 -
enable\u2013 -
disable\u2013 -
report\u2013 -
status\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.subparsers","title":"subparsersparser = ArgumentParser(description='Controls GOT tracking')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.enable","title":"enablesubparsers = add_subparsers(\n required=True,\n description=\"Used to disable and query information about the tracker\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.disable","title":"disableenable = add_parser('enable', help='Enable GOT parsing')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.report","title":"reportdisable = add_parser('disable', help='Disable GOT tracking')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.status","title":"statusreport = add_parser('info', help='Give an overview of the GOT tracker')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.columns","title":"columns","text":"status = add_parser(\n \"query\",\n help=\"Queries detailed tracking information about a single entry in the GOT\",\n)\ncolumns(rows, colors=None) -> None\nPrint data formatted into distinct columns.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.track_got","title":"track_got","text":"
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_report","title":"got_report","text":"track_got(mode=None, soname=None, writable=False, fnname=None, address=None)\ngot_report(soname='.*', writable=False, fnname='.*') -> None\nPrints out a report of the current status of the GOT tracker.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_tracking_status","title":"got_tracking_status","text":"got_tracking_status(address) -> None\nPrints out information about a single GOT tracking entry.
"},{"location":"reference/pwndbg/commands/hex2ptr/","title":"pwndbg.commands.hex2ptr","text":""},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr","title":"hex2ptr","text":"Functions:
-
hex2ptr\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr.hex2ptr","title":"hex2ptr","text":"parser = ArgumentParser(\n description=\"Converts a space-separated hex string to a little-endian address.\"\n)\n
"},{"location":"reference/pwndbg/commands/hexdump/","title":"pwndbg.commands.hexdump","text":""},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump","title":"hexdump","text":"hex2ptr(hex_string) -> None\nFunctions:
-
address_or_module_name\u2013 -
hexdump\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.address_or_module_name","title":"address_or_module_name","text":"parser = ArgumentParser(\n description=\"Hexdumps data at the specified address or module name.\"\n)\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.hexdump","title":"hexdump","text":"address_or_module_name(s) -> int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/","title":"pwndbg.commands.hijack_fd","text":""},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd","title":"hijack_fd","text":"hexdump(address, count=hexdump_bytes) -> None\nClasses:
-
ShellcodeRegs\u2013 -
ParsedSocket\u2013
Functions:
-
get_shellcode_regs\u2013 -
stack_size_alignment\u2013 -
asm_replace_file\u2013 -
asm_replace_socket\u2013 -
exec_shellcode_with_stack\u2013 -
parse_socket\u2013 -
parse_file_or_socket\u2013 -
hijack_fd\u2013
Attributes:
-
parser\u2013 -
PARSED_FILE_ARG\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.PARSED_FILE_ARG","title":"PARSED_FILE_ARGparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Replace a file descriptor of a debugged process.\\n\\nThe new file descriptor can point to:\\n- a file\\n- a pipe\\n- a socket\\n- a device, etc.\\n\\nExamples:\\n1. Redirect STDOUT to a file:\\n `hijack-fd 1 /dev/null`\\n\\n2. Redirect STDERR to a socket:\\n `hijack-fd 2 tcp://localhost:8888`\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs","title":"ShellcodeRegs","text":"PARSED_FILE_ARG = Tuple[Optional[ParsedSocket], Optional[str]]\nBases:
NamedTupleAttributes:
-
newfd(str) \u2013 -
syscall_ret(str) \u2013 -
stack(str) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.syscall_ret","title":"syscall_retnewfd: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.stack","title":"stacksyscall_ret: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket","title":"ParsedSocket","text":"stack: str\nBases:
NamedTupleAttributes:
-
protocol(Literal['tcp', 'udp']) \u2013 -
ip_version(Literal['ipv4', 'ipv6']) \u2013 -
address(str) \u2013 -
port(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.ip_version","title":"ip_versionprotocol: Literal['tcp', 'udp']\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.address","title":"addressip_version: Literal['ipv4', 'ipv6']\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.port","title":"portaddress: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.get_shellcode_regs","title":"get_shellcode_regs","text":"port: int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.stack_size_alignment","title":"stack_size_alignment","text":"get_shellcode_regs() -> ShellcodeRegs\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_file","title":"asm_replace_file","text":"stack_size_alignment(s: int) -> int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_socket","title":"asm_replace_socket","text":"asm_replace_file(replace_fd: int, filename: str) -> tuple[int, str]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.exec_shellcode_with_stack","title":"exec_shellcode_with_stackasm_replace_socket(\n replace_fd: int, socket_data: ParsedSocket\n) -> tuple[int, str]\nasync","text":"
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_socket","title":"parse_socket","text":"exec_shellcode_with_stack(ec: ExecutionController, blob, stack_size: int)\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_file_or_socket","title":"parse_file_or_socket","text":"parse_socket(url: str) -> ParsedSocket\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.hijack_fd","title":"hijack_fd","text":"parse_file_or_socket(s: str) -> PARSED_FILE_ARG\n
"},{"location":"reference/pwndbg/commands/ida/","title":"pwndbg.commands.ida","text":""},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida","title":"ida","text":"hijack_fd(fdnum: int, newfile: PARSED_FILE_ARG) -> None\nFunctions:
-
j\u2013Synchronize IDA's cursor with GDB
-
up\u2013Select and print stack frame that called this one.
-
down\u2013Select and print stack frame called by this one.
-
save_ida\u2013Save the IDA database
-
ida\u2013Evaluate ida.LocByName() on the supplied value.
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.j","title":"j","text":"parser = ArgumentParser(\n description=\"Select and print stack frame called by this one.\"\n)\nj(*args) -> None\nSynchronize IDA's cursor with GDB
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.up","title":"up","text":"up(n=1) -> None\nSelect and print stack frame that called this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.down","title":"down","text":"down(n=1) -> None\nSelect and print stack frame called by this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.save_ida","title":"save_ida","text":"save_ida() -> None\nSave the IDA database
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.ida","title":"ida","text":"ida(name)\nEvaluate ida.LocByName() on the supplied value.
"},{"location":"reference/pwndbg/commands/ignore/","title":"pwndbg.commands.ignore","text":""},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore","title":"ignore","text":"Ignoring a breakpoint
Functions:
-
ignore\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore.ignore","title":"ignore","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Set ignore-count of breakpoint number N to COUNT.\\n\\nWhile the ignore count is positive, execution will not stop on the breakpoint.\\n\\nBy default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.\",\n)\n
"},{"location":"reference/pwndbg/commands/integration/","title":"pwndbg.commands.integration","text":""},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration","title":"integration","text":"ignore(bpnum, count) -> None\nFunctions:
-
decomp\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration.decomp","title":"decomp","text":"parser = ArgumentParser(\n description=\"Use the current integration to decompile code near an address.\"\n)\n
"},{"location":"reference/pwndbg/commands/ipython_interactive/","title":"pwndbg.commands.ipython_interactive","text":""},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive","title":"ipython_interactive","text":"decomp(addr: int | None, lines: int | None) -> None\nCommand to start an interactive IPython prompt.
Functions:
-
switch_to_ipython_env\u2013We need to change stdout/stderr to the default ones, otherwise we can't use tab or autocomplete
-
ipi\u2013
switch_to_ipython_env()\nWe need to change stdout/stderr to the default ones, otherwise we can't use tab or autocomplete
"},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive.ipi","title":"ipi","text":"
"},{"location":"reference/pwndbg/commands/jemalloc/","title":"pwndbg.commands.jemalloc","text":""},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc","title":"jemalloc","text":"ipi() -> None\nFunctions:
-
jemalloc_find_extent\u2013 -
jemalloc_extent_info\u2013 -
jemalloc_heap\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_find_extent","title":"jemalloc_find_extent","text":"parser = ArgumentParser(description='Prints all extents information')\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_extent_info","title":"jemalloc_extent_info","text":"jemalloc_find_extent(addr) -> None\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_heap","title":"jemalloc_heap","text":"jemalloc_extent_info(addr, verbose=False, header=True) -> bool\n
"},{"location":"reference/pwndbg/commands/kbase/","title":"pwndbg.commands.kbase","text":""},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase","title":"kbase","text":"jemalloc_heap() -> None\nFunctions:
-
kbase\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase.kbase","title":"kbase","text":"parser = ArgumentParser(description='Finds the kernel virtual base address.')\n
"},{"location":"reference/pwndbg/commands/kchecksec/","title":"pwndbg.commands.kchecksec","text":""},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec","title":"kchecksec","text":"kbase(rebase=False) -> None\nClasses:
-
Option\u2013
Functions:
-
kchecksec\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option","title":"Option","text":"parser = ArgumentParser(\n description=\"Checks for kernel hardening configuration options.\"\n)\nBases:
NamedTupleAttributes:
-
name(str) \u2013 -
desired(bool) \u2013 -
cmdline_option(str) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.desired","title":"desiredname: str\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.cmdline_option","title":"cmdline_optiondesired: bool = True\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.kchecksec","title":"kchecksec","text":"cmdline_option: str = None\n
"},{"location":"reference/pwndbg/commands/kcmdline/","title":"pwndbg.commands.kcmdline","text":""},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline","title":"kcmdline","text":"kchecksec() -> None\nFunctions:
-
kcmdline\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline.kcmdline","title":"kcmdline","text":"parser = ArgumentParser(\n description=\"Return the kernel commandline (/proc/cmdline).\"\n)\n
"},{"location":"reference/pwndbg/commands/kconfig/","title":"pwndbg.commands.kconfig","text":""},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig","title":"kconfig","text":"kcmdline() -> None\nFunctions:
-
kconfig\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig.kconfig","title":"kconfig","text":"parser = ArgumentParser(\n description=\"Outputs the kernel config (requires CONFIG_IKCONFIG).\"\n)\n
"},{"location":"reference/pwndbg/commands/killthreads/","title":"pwndbg.commands.killthreads","text":""},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads","title":"killthreads","text":"kconfig(config_name=None) -> None\nFunctions:
-
killthreads\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads.killthreads","title":"killthreads","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Kill all or given threads.\\n\\nSwitches to given threads and calls pthread_exit(0) on them.\\nThis is performed with scheduler-locking to prevent other threads from operating at the same time.\\n\\nKilling all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/klookup/","title":"pwndbg.commands.klookup","text":""},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup","title":"klookup","text":"killthreads(thread_ids: list[int] | None = None, all: bool = False) -> None\nFunctions:
-
klookup\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup.klookup","title":"klookup","text":"parser = ArgumentParser(description='Lookup kernel symbols')\n
"},{"location":"reference/pwndbg/commands/knft/","title":"pwndbg.commands.knft","text":""},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft","title":"knft","text":"klookup(symbol: str) -> None\nFunctions:
-
parse_nft_family\u2013 -
knft_dump\u2013 -
knft_list_tables\u2013 -
knft_list_chains\u2013 -
knft_list_rules\u2013 -
knft_list_exprs\u2013 -
knft_list_sets\u2013 -
knft_list_objects\u2013 -
knft_list_flowtables\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.parse_nft_family","title":"parse_nft_family","text":"parser = ArgumentParser(\n description=\"Dump netfilter flowtables from a specific table\"\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_dump","title":"knft_dump","text":"parse_nft_family(s: str) -> int\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_tables","title":"knft_list_tables","text":"knft_dump(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_chains","title":"knft_list_chains","text":"knft_list_tables(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_rules","title":"knft_list_rules","text":"knft_list_chains(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_exprs","title":"knft_list_exprs","text":"knft_list_rules(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_sets","title":"knft_list_sets","text":"knft_list_exprs(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n rule_id: int | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_objects","title":"knft_list_objects","text":"knft_list_sets(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_flowtables","title":"knft_list_flowtables","text":"knft_list_objects(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/kversion/","title":"pwndbg.commands.kversion","text":""},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion","title":"kversion","text":"knft_list_flowtables(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\nFunctions:
-
kversion\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion.kversion","title":"kversion","text":"parser = ArgumentParser(\n description=\"Outputs the kernel version (/proc/version).\"\n)\n
"},{"location":"reference/pwndbg/commands/leakfind/","title":"pwndbg.commands.leakfind","text":""},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind","title":"leakfind","text":"kversion() -> None\nFind a chain of leaks given some starting address.
Functions:
-
get_rec_addr_string\u2013 -
dbg_print_map\u2013 -
leakfind\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.get_rec_addr_string","title":"get_rec_addr_string","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nAttempt to find a leak chain given a starting address.\\nScans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.\\n\\nExample: leakfind $rsp --page_name=filename --max_offset=0x48 --max_depth=6. This would look for any chains of leaks that point to a section in filename which begin near $rsp, are never 0x48 bytes further from a known pointer, and are a maximum length of 6.\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.dbg_print_map","title":"dbg_print_map","text":"get_rec_addr_string(addr, visited_map)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.leakfind","title":"leakfind","text":"dbg_print_map(maps) -> None\n
"},{"location":"reference/pwndbg/commands/libcinfo/","title":"pwndbg.commands.libcinfo","text":""},{"location":"reference/pwndbg/commands/libcinfo/#pwndbg.commands.libcinfo","title":"libcinfo","text":"leakfind(\n address=None,\n page_name=None,\n max_offset: int = 64,\n max_depth: int = 4,\n step: int = 1,\n negative_offset: int = 0,\n)\nFunctions:
-
libcinfo\u2013
"},{"location":"reference/pwndbg/commands/linkmap/","title":"pwndbg.commands.linkmap","text":""},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap","title":"linkmap","text":"libcinfo()\nFunctions:
-
linkmap\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap.linkmap","title":"linkmap","text":"parser = ArgumentParser(description='Show the state of the Link Map')\n
"},{"location":"reference/pwndbg/commands/memoize/","title":"pwndbg.commands.memoize","text":""},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize","title":"memoize","text":"linkmap() -> None\nFunctions:
-
memoize\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize.memoize","title":"memoize","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nToggles memoization (caching).\\n\\nUseful for diagnosing caching-related bugs. Decreases performance.\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/misc/","title":"pwndbg.commands.misc","text":""},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc","title":"misc","text":"memoize() -> None\nFunctions:
-
errno_\u2013 -
pwndbg_\u2013 -
list_and_filter_commands\u2013
Attributes:
-
parser\u2013 -
group\u2013 -
cat_group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.group","title":"groupparser = ArgumentParser(description=\"Prints out a list of all pwndbg commands.\")\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.cat_group","title":"cat_groupgroup = add_mutually_exclusive_group()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.errno_","title":"errno_","text":"cat_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.pwndbg_","title":"pwndbg_","text":"errno_(err) -> None\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.list_and_filter_commands","title":"list_and_filter_commands","text":"pwndbg_(filter_pattern, shell, all_, category_, list_categories) -> None\n
"},{"location":"reference/pwndbg/commands/mmap/","title":"pwndbg.commands.mmap","text":""},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap","title":"mmap","text":"list_and_filter_commands(filter_str, pwndbg_cmds=True, shell_cmds=False)\nFunctions:
-
prot_str_to_val\u2013Heuristic to convert PROT_EXEC|PROT_WRITE to integer value.
-
flag_str_to_val\u2013Heuristic to convert MAP_SHARED|MAP_FIXED to integer value.
-
parse_str_or_int\u2013Try parsing a string with one of the parsers above or by converting it to
-
mmap\u2013
Attributes:
-
parser\u2013 -
prot_dict\u2013 -
flag_dict\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_dict","title":"prot_dictparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nCalls the mmap syscall and prints its resulting address.\\n\\nNote that the mmap syscall may fail for various reasons\\n(see `man mmap`) and, in case of failure, its return value\\nwill not be a valid pointer.\\n\\nPROT values: NONE (0), READ (1), WRITE (2), EXEC (4)\\nMAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10),\\n ANONYMOUS (0x20)\\n\\nFlags and protection values can be either a string containing the names of the\\nflags or permissions or a single number corresponding to the bitwise OR of the\\nprotection and flag numbers.\\n\\nExamples:\\n mmap 0x0 4096 PROT_READ|PROT_WRITE|PROT_EXEC MAP_PRIVATE|MAP_ANONYMOUS -1 0\\n - Maps a new private+anonymous page with RWX permissions at a location\\n decided by the kernel.\\n\\n mmap 0x0 4096 PROT_READ MAP_PRIVATE 10 0\\n - Maps 4096 bytes of the file pointed to by file descriptor number 10 with\\n read permission at a location decided by the kernel.\\n\\n mmap 0xdeadbeef 0x1000\\n - Maps a new private+anonymous page with RWX permissions at a page boundary\\n near 0xdeadbeef.\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_dict","title":"flag_dictprot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_str_to_val","title":"prot_str_to_val","text":"flag_dict = {\n \"MAP_SHARED\": 1,\n \"MAP_PRIVATE\": 2,\n \"MAP_SHARED_VALIDATE\": 3,\n \"MAP_FIXED\": 16,\n \"MAP_ANONYMOUS\": 32,\n}\nprot_str_to_val(protstr)\nHeuristic to convert PROT_EXEC|PROT_WRITE to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_str_to_val","title":"flag_str_to_val","text":"flag_str_to_val(flagstr)\nHeuristic to convert MAP_SHARED|MAP_FIXED to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.parse_str_or_int","title":"parse_str_or_int","text":"parse_str_or_int(val: str | int, parser)\nTry parsing a string with one of the parsers above or by converting it to an int, or passes the value through if it is already an integer.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.mmap","title":"mmap","text":"
"},{"location":"reference/pwndbg/commands/mprotect/","title":"pwndbg.commands.mprotect","text":""},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect","title":"mprotect","text":"mmap(\n addr, length, prot=7, flags=34, fd=-1, offset=0, quiet=False, force=False\n) -> None\nFunctions:
-
prot_str_to_val\u2013Converts a protection string to an integer. Formats include:
-
prot_val_to_str\u2013 -
mprotect\u2013
Attributes:
-
parser\u2013 -
SYS_MPROTECT\u2013 -
prot_dict\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.SYS_MPROTECT","title":"SYS_MPROTECTparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nCalls the mprotect syscall and prints its result value.\\n\\nNote that the mprotect syscall may fail for various reasons\\n(see `man mprotect`) and a non-zero error return value\\ncan be decoded with the `errno <value>` command.\\n\\nExamples:\\n mprotect $rsp 4096 PROT_READ|PROT_WRITE|PROT_EXEC\\n mprotect $rsp 4096 rwx\\n mprotect $rsp 4096 7\\n mprotect some_symbol 0x1000 PROT_NONE\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_dict","title":"prot_dictSYS_MPROTECT = 125\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_str_to_val","title":"prot_str_to_val","text":"prot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\nprot_str_to_val(protstr: str) -> int\nConverts a protection string to an integer. Formats include: - A positive integer, like 3 - A combination of r, w, and x, like rw - A combination of PROT_READ, PROT_WRITE, and PROT_EXEC, like PROT_READ|PROT_WRITE
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_val_to_str","title":"prot_val_to_str","text":"
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.mprotect","title":"mprotect","text":"prot_val_to_str(protval: int) -> str\n
"},{"location":"reference/pwndbg/commands/nearpc/","title":"pwndbg.commands.nearpc","text":""},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc","title":"nearpc","text":"mprotect(addr, length, prot) -> None\nFunctions:
-
nearpc\u2013Disassemble near a specified address.
-
emulate\u2013Like nearpc, but will emulate instructions from the current $PC forward.
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.nearpc","title":"nearpc","text":"parser = ArgumentParser(\n description=\"Like nearpc, but will emulate instructions from the current $PC forward.\"\n)\nnearpc(\n pc=None, lines=None, emulate=False, use_cache=False, linear=True\n) -> None\nDisassemble near a specified address.
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.emulate","title":"emulate","text":"emulate(pc=None, lines=None, emulate_=True) -> None\nLike nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"reference/pwndbg/commands/next/","title":"pwndbg.commands.next","text":""},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next","title":"next","text":"Stepping until an event occurs
Functions:
-
nextjmp\u2013Breaks at the next jump instruction
-
nextcall\u2013Breaks at the next call instruction
-
nextret\u2013Breaks at next return-like instruction
-
stepret\u2013Breaks at next return-like instruction by 'stepping' to it
-
nextproginstr\u2013 -
stepover\u2013Sets a breakpoint on the instruction after this one
-
nextsyscall\u2013Breaks at the next syscall not taking branches.
-
stepsyscall\u2013Breaks at the next syscall by taking branches.
-
stepuntilasm\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextjmp","title":"nextjmp","text":"parser = ArgumentParser(description='Breaks on the next matching instruction.')\nnextjmp() -> None\nBreaks at the next jump instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextcall","title":"nextcall","text":"nextcall(symbol_regex=None) -> None\nBreaks at the next call instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextret","title":"nextret","text":"nextret() -> None\nBreaks at next return-like instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepret","title":"stepret","text":"stepret() -> None\nBreaks at next return-like instruction by 'stepping' to it
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextproginstr","title":"nextproginstr","text":"
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepover","title":"stepover","text":"nextproginstr() -> None\nstepover(addr=None) -> None\nSets a breakpoint on the instruction after this one
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextsyscall","title":"nextsyscall","text":"nextsyscall() -> None\nBreaks at the next syscall not taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepsyscall","title":"stepsyscall","text":"stepsyscall() -> None\nBreaks at the next syscall by taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepuntilasm","title":"stepuntilasm","text":"
"},{"location":"reference/pwndbg/commands/onegadget/","title":"pwndbg.commands.onegadget","text":""},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget","title":"onegadget","text":"stepuntilasm(mnemonic, op_str) -> None\nFunctions:
-
onegadget\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget.onegadget","title":"onegadget","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nFind gadgets which single-handedly give code execution.\\n\\nUses the onegadget tool by david942j.\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/p2p/","title":"pwndbg.commands.p2p","text":""},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p","title":"p2p","text":"onegadget(\n show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> None\nClasses:
-
AddrRange\u2013
Functions:
-
get_addrrange_any_named\u2013 -
address_range_explicit\u2013 -
address_range\u2013 -
maybe_points_to_ranges\u2013 -
p2p_walk\u2013 -
p2p\u2013
Attributes:
-
ts\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.parser","title":"parserts = telescope\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange","title":"AddrRange","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.\\n\\nAny chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.\",\n)\nAddrRange(begin: int, end: int)\nMethods:
-
__repr__\u2013
Attributes:
-
begin\u2013 -
end\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.end","title":"endbegin = begin\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.__repr__","title":"__repr__","text":"end = end\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.get_addrrange_any_named","title":"get_addrrange_any_named","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range_explicit","title":"address_range_explicit","text":"get_addrrange_any_named() -> list[AddrRange]\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range","title":"address_range","text":"address_range_explicit(section: str) -> AddrRange\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.maybe_points_to_ranges","title":"maybe_points_to_ranges","text":"address_range(section: str) -> list[AddrRange] | tuple[int, int] | None\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p_walk","title":"p2p_walk","text":"maybe_points_to_ranges(ptr: int, rs: list[AddrRange])\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p","title":"p2p","text":"p2p_walk(\n addr: int, ranges: list[list[AddrRange]], current_level: int\n) -> int | None\n
"},{"location":"reference/pwndbg/commands/patch/","title":"pwndbg.commands.patch","text":""},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch","title":"patch","text":"p2p(mapping_names: list[list[AddrRange]] | None = None) -> None\nFunctions:
-
patch\u2013 -
patch_revert\u2013 -
patch_list\u2013
Attributes:
-
patches(dict[int, tuple[bytearray, bytearray]]) \u2013 -
parser\u2013 -
parser2\u2013 -
parser3\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser","title":"parserpatches: dict[int, tuple[bytearray, bytearray]] = {}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser2","title":"parser2parser = ArgumentParser(\n description=\"Patches given instruction with given code or bytes.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser3","title":"parser3parser2 = ArgumentParser(description='Revert patch at given address.')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch","title":"patch","text":"parser3 = ArgumentParser(description='List all patches.')\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_revert","title":"patch_revert","text":"patch(address: int, ins: str, quiet: bool) -> None\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_list","title":"patch_list","text":"patch_revert(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/pcplist/","title":"pwndbg.commands.pcplist","text":""},{"location":"reference/pwndbg/commands/pcplist/#pwndbg.commands.pcplist","title":"pcplist","text":"patch_list() -> None\nFunctions:
-
print_zone\u2013 -
pcplist\u2013
Attributes:
-
log\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/pcplist/#pwndbg.commands.pcplist.parser","title":"parserlog = getLogger(__name__)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/pcplist/#pwndbg.commands.pcplist.print_zone","title":"print_zone","text":"parser = ArgumentParser(description='Print Per-CPU page list')\n
"},{"location":"reference/pwndbg/commands/pcplist/#pwndbg.commands.pcplist.pcplist","title":"pcplist","text":"print_zone(zone: int, list_num=None) -> None\n
"},{"location":"reference/pwndbg/commands/peda/","title":"pwndbg.commands.peda","text":""},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda","title":"peda","text":"pcplist(zone: int = None, list_num: int = None) -> None\nFunctions:
-
getfile\u2013 -
xuntil\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.getfile","title":"getfile","text":"parser = ArgumentParser(\n description=\"Continue execution until an address or expression.\"\n)\n
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.xuntil","title":"xuntil","text":"getfile() -> None\n
"},{"location":"reference/pwndbg/commands/pie/","title":"pwndbg.commands.pie","text":""},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie","title":"pie","text":"xuntil(target) -> None\nFunctions:
-
translate_addr\u2013 -
piebase\u2013 -
breakrva\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.translate_addr","title":"translate_addr","text":"parser = ArgumentParser(description='Calculate VA of RVA from PIE base.')\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.piebase","title":"piebase","text":"translate_addr(offset, module)\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.breakrva","title":"breakrva","text":"piebase(offset=None, module=None) -> None\n
"},{"location":"reference/pwndbg/commands/plist/","title":"pwndbg.commands.plist","text":""},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist","title":"plist","text":"breakrva(offset=0, module=None) -> None\nFunctions:
-
plist\u2013 -
bit_offset_of_field\u2013 -
get_byte_offset\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.plist","title":"plist","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Dumps the elements of a linked list.\\n\\nThis command traverses the linked list beginning at a given element, dumping its\\ncontents and the contents of all the elements that come after it in the list.\\nTraversal is configurable and can handle multiple types of linked lists, but will\\nalways stop when a cycle is detected.\\n\\nThe path to the first element can be any GDB expression that evaluates to either\\nthe first element directly, or a to pointer to it. The next element is the name\\nof the field containing the next pointer, in either the structure itself or in\\nthe structure given by --inner.\\n\\nAn address value may be given with --sentinel that signals the end of the list.\\nBy default, the value used is NULL (0).\\n\\nIf only one field inside each node is desired, it can be printed exclusively by\\nspecifying its name with --field.\\n\\nThis command supports traversing three types of linked lists, classified by how\\nthe next pointer can be found in the structure and what type it is:\\n 1 - Next pointer is field of structure, type is the same as structure.\\n 2 - Next pointer is field of inner nested structure, pointed to type is the\\n same as outer structure.\\n 3 - Next pointer is field of inner nested structure, pointed to type is the\\n same as inner structure.\\nTypes 2 and 3 require --inner to be specified.\\n\\nExample 1:\\n\\n```\\nstruct node {\\n int value;\\n struct node *next;\\n};\\nstruct node node_c = { 2, NULL };\\nstruct node node_b = { 1, &node_c };\\nstruct node node_a = { 0, &node_b };\\n```\\n\\npwndbg> plist node_a next\\n0x4000011050 <node_a>: {\\n value = 0,\\n next = 0x4000011040 <node_b>\\n}\\n0x4000011040 <node_b>: {\\n value = 1,\\n next = 0x4000011010 <node_c>\\n}\\n0x4000011010 <node_c>: {\\n value = 2,\\n next = 0x0\\n}\\n\\nExample 2:\\n\\n```\\nstruct node_inner_a {\\n struct node_inner_a *next;\\n};\\nstruct inner_a_node {\\n int value;\\n struct node_inner_a inner;\\n};\\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\\n```\\n\\npwndbg> plist inner_a_node_a -i inner next\\n0x4000011070 <inner_a_node_a>: {\\n value = 0,\\n inner = {\\n next = 0x4000011068 <inner_a_node_b+8>\\n }\\n}\\n0x4000011060 <inner_a_node_b>: {\\n value = 1,\\n inner = {\\n next = 0x4000011028 <inner_a_node_c+8>\\n }\\n}\\n0x4000011020 <inner_a_node_c>: {\\n value = 2,\\n inner = {\\n next = 0x0\\n }\\n}\\n\\nExample 3:\\n\\n```\\nstruct inner_b_node;\\nstruct node_inner_b {\\n struct inner_b_node *next;\\n};\\nstruct inner_b_node {\\n int value;\\n struct node_inner_b inner;\\n};\\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\\n```\\n\\npwndbg> plist inner_b_node_a -i inner next\\n0x4000011090 <inner_b_node_a>: {\\n value = 0,\\n inner = {\\n next = 0x4000011080 <inner_b_node_b>\\n }\\n}\\n0x4000011080 <inner_b_node_b>: {\\n value = 1,\\n inner = {\\n next = 0x4000011030 <inner_b_node_c>\\n }\\n}\\n0x4000011030 <inner_b_node_c>: {\\n value = 2,\\n inner = {\\n next = 0x0\\n }\\n}\\n\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.bit_offset_of_field","title":"bit_offset_of_field","text":"plist(\n path: str,\n next: str,\n sentinel: int,\n inner_name: str | None,\n field_name: str | None,\n offset: int,\n count: int | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.get_byte_offset","title":"get_byte_offset","text":"bit_offset_of_field(struct, field_name, inner_name=None)\n
"},{"location":"reference/pwndbg/commands/probeleak/","title":"pwndbg.commands.probeleak","text":""},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak","title":"probeleak","text":"get_byte_offset(bit_offset)\nFunctions:
-
find_module\u2013 -
satisfied_flags\u2013 -
flags_str2int\u2013 -
probeleak\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.find_module","title":"find_module","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"\\nPointer scan for possible offset leaks.\\nExamples:\\n probeleak $rsp 0x64 - leaks 0x64 bytes starting at stack pointer and search for valid pointers\\n probeleak $rsp 0x64 --max-dist 0x10 - as above, but pointers may point 0x10 bytes outside of memory page\\n probeleak $rsp 0x64 --point-to libc --max-ptrs 1 --flags rwx - leaks 0x64 bytes starting at stack pointer and search for one valid pointer which points to a libc rwx page\\n\",\n)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.satisfied_flags","title":"satisfied_flags","text":"find_module(addr, max_distance)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.flags_str2int","title":"flags_str2int","text":"satisfied_flags(require_flags, flags)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.probeleak","title":"probeleak","text":"flags_str2int(flags_s)\n
"},{"location":"reference/pwndbg/commands/procinfo/","title":"pwndbg.commands.procinfo","text":""},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo","title":"procinfo","text":"probeleak(\n address=None,\n count=64,\n max_distance=0,\n point_to=None,\n max_ptrs=0,\n flags=None,\n) -> None\nClasses:
-
Process\u2013
Functions:
-
tcp\u2013It will first list all listening TCP sockets, and next list all established
-
unix\u2013 -
netlink\u2013 -
pid\u2013 -
procinfo\u2013Display information about the running process.
Attributes:
-
capabilities\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process","title":"Process","text":"capabilities = {\n 0: \"CAP_CHOWN\",\n 1: \"CAP_DAC_OVERRIDE\",\n 2: \"CAP_DAC_READ_SEARCH\",\n 3: \"CAP_FOWNER\",\n 4: \"CAP_FSETID\",\n 5: \"CAP_KILL\",\n 6: \"CAP_SETGID\",\n 7: \"CAP_SETUID\",\n 8: \"CAP_SETPCAP\",\n 9: \"CAP_LINUX_IMMUTABLE\",\n 10: \"CAP_NET_BIND_SERVICE\",\n 11: \"CAP_NET_BROADCAST\",\n 12: \"CAP_NET_ADMIN\",\n 13: \"CAP_NET_RAW\",\n 14: \"CAP_IPC_LOCK\",\n 15: \"CAP_IPC_OWNER\",\n 16: \"CAP_SYS_MODULE\",\n 17: \"CAP_SYS_RAWIO\",\n 18: \"CAP_SYS_CHROOT\",\n 19: \"CAP_SYS_PTRACE\",\n 20: \"CAP_SYS_PACCT\",\n 21: \"CAP_SYS_ADMIN\",\n 22: \"CAP_SYS_BOOT\",\n 23: \"CAP_SYS_NICE\",\n 24: \"CAP_SYS_RESOURCE\",\n 25: \"CAP_SYS_TIME\",\n 26: \"CAP_SYS_TTY_CONFIG\",\n 27: \"CAP_MKNOD\",\n 28: \"CAP_LEASE\",\n 29: \"CAP_AUDIT_WRITE\",\n 30: \"CAP_AUDIT_CONTROL\",\n 31: \"CAP_SETFCAP\",\n 32: \"CAP_MAC_OVERRIDE\",\n 33: \"CAP_MAC_ADMIN\",\n 34: \"CAP_SYSLOG\",\n 35: \"CAP_WAKE_ALARM\",\n 36: \"CAP_BLOCK_SUSPEND\",\n}\nProcess(pid=None, tid=None)\nAttributes:
-
pid\u2013 -
tid\u2013 -
selinux(str) \u2013 -
cmdline\u2013 -
cwd(str) \u2013 -
status\u2013 -
open_files\u2013 -
connections\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.tid","title":"tidpid = pid\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.selinux","title":"selinuxtid = tid\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cmdline","title":"cmdlineselinux: str\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cwd","title":"cwdcmdline\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.status","title":"statuscwd: str\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.open_files","title":"open_filesstatus\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.connections","title":"connectionsopen_files\nproperty","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.tcp","title":"tcp","text":"connections\ntcp()\nIt will first list all listening TCP sockets, and next list all established TCP connections. A typical entry of /proc/net/tcp would look like this (split up into 3 parts because of the length of the line):
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.unix","title":"unix","text":"
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.netlink","title":"netlink","text":"unix()\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.pid","title":"pid","text":"netlink()\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.procinfo","title":"procinfo","text":"pid() -> None\nprocinfo() -> None\nDisplay information about the running process.
"},{"location":"reference/pwndbg/commands/profiler/","title":"pwndbg.commands.profiler","text":""},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler","title":"profiler","text":"Utilities for profiling pwndbg.
Functions:
-
profiler\u2013
Attributes:
-
parser\u2013 -
subparsers\u2013 -
parser_start\u2013 -
parser_stop\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.subparsers","title":"subparsersparser = ArgumentParser(description='Utilities for profiling pwndbg.')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_start","title":"parser_startsubparsers = add_subparsers(dest='command')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_stop","title":"parser_stopparser_start = add_parser('start', prog='profiler start')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.profiler","title":"profiler","text":"parser_stop = add_parser('stop', prog='profiler stop')\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/","title":"pwndbg.commands.ptmalloc2","text":""},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2","title":"ptmalloc2","text":"profiler(command, file='pwndbg.pstats') -> None\nFunctions:
-
read_chunk\u2013Read a chunk's metadata.
-
format_bin\u2013 -
print_no_arena_found_error\u2013 -
print_no_tcache_bins_found_error\u2013 -
heap\u2013Iteratively print chunks on a heap, default to the current thread's
-
hi\u2013 -
arena\u2013Print the contents of an arena, default to the current thread's arena.
-
arenas\u2013Lists this process's arenas.
-
tcache\u2013Print a thread's tcache contents, default to the current thread's
-
mp\u2013Print the mp_ struct's contents.
-
top_chunk\u2013Print relevant information about an arena's top chunk, default to the
-
malloc_chunk\u2013Print a malloc_chunk struct's contents.
-
bins\u2013Print the contents of all an arena's bins and a thread's tcache,
-
fastbins\u2013Print the contents of an arena's fastbins, default to the current
-
unsortedbin\u2013Print the contents of an arena's unsortedbin, default to the current
-
smallbins\u2013Print the contents of an arena's smallbins, default to the current
-
largebins\u2013Print the contents of an arena's largebins, default to the current
-
tcachebins\u2013Print the contents of a tcache, default to the current thread's tcache.
-
find_fake_fast\u2013Find candidate fake fast chunks overlapping the specified address.
-
vis_heap_chunks\u2013Visualize chunks on a heap, default to the current arena's active heap.
-
bin_ascii\u2013 -
bin_labels_mapping\u2013Returns all potential bin labels for all potential addresses
-
try_free\u2013 -
try_unlink\u2013 -
heap_config\u2013
Attributes:
-
group\u2013 -
VALID_CHARS\u2013 -
try_free_parser\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.VALID_CHARS","title":"VALID_CHARSgroup = add_mutually_exclusive_group()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free_parser","title":"try_free_parserVALID_CHARS = list(map(ord, set(printable) - set('\\t\\r\\n\\x0c\\x0b')))\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.parser","title":"parsertry_free_parser = ArgumentParser(\n description=\"Check what would happen if free was called with given address.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.read_chunk","title":"read_chunk","text":"parser = ArgumentParser(description='Shows heap related configuration.')\nread_chunk(addr: int) -> dict[str, int]\nRead a chunk's metadata.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.format_bin","title":"format_bin","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_arena_found_error","title":"print_no_arena_found_error","text":"format_bin(\n bins: Bins, verbose: bool = False, offset: int | None = None\n) -> list[str]\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_tcache_bins_found_error","title":"print_no_tcache_bins_found_error","text":"print_no_arena_found_error(tid=None) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.heap","title":"heap","text":"print_no_tcache_bins_found_error(tid: int | None = None) -> None\nheap(\n addr: int | None = None, verbose: bool = False, simple: bool = False\n) -> None\nIteratively print chunks on a heap, default to the current thread's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.hi","title":"hi","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arena","title":"arena","text":"hi(\n addr: int, verbose: bool = False, simple: bool = False, fake: bool = False\n) -> None\narena(addr: int | None = None) -> None\nPrint the contents of an arena, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arenas","title":"arenas","text":"arenas() -> None\nLists this process's arenas.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcache","title":"tcache","text":"tcache(addr: int | None = None) -> None\nPrint a thread's tcache contents, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.mp","title":"mp","text":"mp() -> None\nPrint the mp_ struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.top_chunk","title":"top_chunk","text":"top_chunk(addr: int | None = None) -> None\nPrint relevant information about an arena's top chunk, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.malloc_chunk","title":"malloc_chunk","text":"malloc_chunk(\n addr: int,\n fake: bool = False,\n verbose: bool = False,\n simple: bool = False,\n next: int = 0,\n dump: bool = False,\n) -> None\nPrint a malloc_chunk struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bins","title":"bins","text":"bins(addr: int | None = None, tcache_addr: int | None = None) -> None\nPrint the contents of all an arena's bins and a thread's tcache, default to the current thread's arena and tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.fastbins","title":"fastbins","text":"fastbins(addr: int | None = None, verbose: bool = False) -> None\nPrint the contents of an arena's fastbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.unsortedbin","title":"unsortedbin","text":"unsortedbin(addr: int | None = None, verbose: bool = False) -> None\nPrint the contents of an arena's unsortedbin, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.smallbins","title":"smallbins","text":"smallbins(addr: int | None = None, verbose: bool = False) -> None\nPrint the contents of an arena's smallbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.largebins","title":"largebins","text":"largebins(addr: int | None = None, verbose: bool = False) -> None\nPrint the contents of an arena's largebins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcachebins","title":"tcachebins","text":"tcachebins(addr: int | None = None, verbose: bool = False) -> None\nPrint the contents of a tcache, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.find_fake_fast","title":"find_fake_fast","text":"find_fake_fast(\n target_address: int,\n max_candidate_size: int | None = None,\n align: bool = False,\n glibc_fastbin_bug: bool = False,\n partial_overwrite: bool = False,\n) -> None\nFind candidate fake fast chunks overlapping the specified address.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.vis_heap_chunks","title":"vis_heap_chunks","text":"vis_heap_chunks(\n addr: int | None = None,\n count: int | None = None,\n beyond_top: bool = False,\n no_truncate: bool = False,\n all_chunks: bool = False,\n) -> None\nVisualize chunks on a heap, default to the current arena's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_ascii","title":"bin_ascii","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_labels_mapping","title":"bin_labels_mapping","text":"bin_ascii(bs)\nbin_labels_mapping(collections)\nReturns all potential bin labels for all potential addresses We precompute all of them because doing this on demand was too slow and inefficient See #1675 for more details
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free","title":"try_free","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_unlink","title":"try_unlink","text":"try_free(addr: str | int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.heap_config","title":"heap_config","text":"try_unlink(addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/","title":"pwndbg.commands.ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"heap_config(filter_pattern: str) -> None\nFunctions:
-
track_heap\u2013
Attributes:
-
parser\u2013 -
subparsers\u2013 -
enable\u2013 -
disable\u2013 -
toggle_break\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.subparsers","title":"subparsersparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Manages the heap tracker.\\n\\nThe heap tracker is a module that tracks usage of the GLibc heap and looks for\\nuser errors such as double frees and use after frees.\\n\\nCurrently, the following errors can be detected:\\n - Use After Free\\n\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.enable","title":"enablesubparsers = add_subparsers(\n required=True,\n description=\"Used to enable, disable and query information about the tracker\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.disable","title":"disableenable = add_parser('enable', help='Enable heap tracking')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.toggle_break","title":"toggle_breakdisable = add_parser('disable', help='Disable heap tracking')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.track_heap","title":"track_heap","text":"toggle_break = add_parser(\n \"toggle-break\",\n help=\"Toggles whether possible UAF conditions will pause execution\",\n)\n
"},{"location":"reference/pwndbg/commands/radare2/","title":"pwndbg.commands.radare2","text":""},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2","title":"radare2","text":"track_heap(mode=None, use_hardware_breakpoints=False)\nFunctions:
-
r2\u2013 -
r2pipe\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2","title":"r2","text":"parser = ArgumentParser(\n description=\"Execute stateful radare2 commands through r2pipe.\",\n epilog=\"Example: r2pipe pdf sym.main\",\n)\n
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2pipe","title":"r2pipe","text":"r2(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/reload/","title":"pwndbg.commands.reload","text":""},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload","title":"reload","text":"r2pipe(arguments) -> None\nFunctions:
-
rreload\u2013Recursively reload modules.
-
reload\u2013 -
reinit_pwndbg\u2013Makes pwndbg reinitialize all state.
rreload(module, _exclude_mods=None) -> None\nRecursively reload modules. Impl based on https://stackoverflow.com/a/66661311/1508881
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reload","title":"reload","text":"
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reinit_pwndbg","title":"reinit_pwndbg","text":"reload(*a) -> None\nreinit_pwndbg() -> None\nMakes pwndbg reinitialize all state.
"},{"location":"reference/pwndbg/commands/retaddr/","title":"pwndbg.commands.retaddr","text":""},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr","title":"retaddr","text":"Functions:
-
retaddr\u2013 -
stack_explore\u2013
"},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr.stack_explore","title":"stack_explore","text":"retaddr() -> None\n
"},{"location":"reference/pwndbg/commands/rizin/","title":"pwndbg.commands.rizin","text":""},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin","title":"rizin","text":"stack_explore() -> None\nFunctions:
-
rz\u2013 -
rzpipe\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rz","title":"rz","text":"parser = ArgumentParser(\n description=\"Execute stateful rizin commands through rzpipe.\",\n epilog=\"Example: rzpipe pdf sym.main\",\n)\n
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rzpipe","title":"rzpipe","text":"rz(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/rop/","title":"pwndbg.commands.rop","text":""},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop","title":"rop","text":"rzpipe(arguments) -> None\nClasses:
-
RawMemoryBinary\u2013
Functions:
-
split_range_to_chunks\u2013 -
parse_size\u2013 -
iterate_over_pages\u2013 -
rop\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary","title":"RawMemoryBinary","text":"parser = ArgumentParser(\n description=\"Dump ROP gadgets with Jon Salwan's ROPgadget tool.\",\n epilog=\"Example: rop --grep 'pop rdi' -- --nojop\",\n)\nRawMemoryBinary(options, start_addr: int)\nBases:
objectMethods:
-
getBinary\u2013 -
getFileName\u2013 -
getRawBinary\u2013 -
getEntryPoint\u2013 -
getExecSections\u2013 -
getDataSections\u2013 -
getArch\u2013 -
getArchMode\u2013 -
getEndian\u2013 -
getFormat\u2013
Attributes:
-
start_addr\u2013 -
cs\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__fileName","title":"__fileNamestart_addr = start_addr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.cs","title":"cs__fileName = binary\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__rawBinary","title":"__rawBinarycs = get_disassembler(pc)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getBinary","title":"getBinary","text":"__rawBinary = read()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFileName","title":"getFileName","text":"getBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getRawBinary","title":"getRawBinary","text":"getFileName()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEntryPoint","title":"getEntryPoint","text":"getRawBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getExecSections","title":"getExecSections","text":"getEntryPoint()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getDataSections","title":"getDataSections","text":"getExecSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArch","title":"getArch","text":"getDataSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArchMode","title":"getArchMode","text":"getArch()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEndian","title":"getEndian","text":"getArchMode()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFormat","title":"getFormat","text":"getEndian()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.split_range_to_chunks","title":"split_range_to_chunks","text":"getFormat()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.parse_size","title":"parse_size","text":"split_range_to_chunks(\n range_start: int, range_end: int, chunk_size: int = 10 * 1024 * 1024\n) -> Iterator[tuple[int, int, int, int]]\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.iterate_over_pages","title":"iterate_over_pages","text":"parse_size(size_str: str) -> int\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.rop","title":"rop","text":"iterate_over_pages(mem_limit: int) -> Iterator[tuple[str, Page | None]]\n
"},{"location":"reference/pwndbg/commands/ropper/","title":"pwndbg.commands.ropper","text":""},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper","title":"ropper","text":"rop(grep: str | None, memlimit: str, argument: list[str]) -> None\nFunctions:
-
ropper\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper.ropper","title":"ropper","text":"parser = ArgumentParser(\n description=\"ROP gadget search with ropper.\",\n epilog=\"Example: ropper -- --console; ropper -- --search 'mov e?x'\",\n)\n
"},{"location":"reference/pwndbg/commands/search/","title":"pwndbg.commands.search","text":""},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search","title":"search","text":"ropper(argument) -> None\nFunctions:
-
print_search_hit\u2013Prints out a single search hit.
-
search\u2013
Attributes:
-
saved(set[int]) \u2013 -
auto_save\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.auto_save","title":"auto_savesaved: set[int] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.parser","title":"parserauto_save = add_param(\n \"auto-save-search\", False, 'automatically pass --save to \"search\" command'\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.print_search_hit","title":"print_search_hit","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"Search memory for byte sequences, strings, pointers, and integer values.\\n\\nBy default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.\\n\\n\",\n)\nprint_search_hit(address: int) -> None\nPrints out a single search hit.
Parameters:
-
address(int) \u2013Address to print
"},{"location":"reference/pwndbg/commands/segments/","title":"pwndbg.commands.segments","text":""},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments","title":"segments","text":"search(\n type,\n arch,\n asmbp,\n hex,\n executable,\n writable,\n step,\n limit,\n aligned,\n value,\n mapping_name,\n save,\n next,\n trunc_out,\n) -> None\nClasses:
-
segment\u2013Get the flat address of memory based off of the named segment register.
Functions:
-
fsbase\u2013Prints out the FS base address. See also $fsbase.
-
gsbase\u2013Prints out the GS base address. See also $gsbase.
segment(name: str)\nBases:
FunctionGet the flat address of memory based off of the named segment register.
Methods:
-
invoke\u2013
Attributes:
-
name\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.segment.invoke","title":"invoke","text":"name = name\n
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.fsbase","title":"fsbase","text":"invoke(arg: Value = Value(0), *args: Value) -> int\nfsbase() -> None\nPrints out the FS base address. See also $fsbase.
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.gsbase","title":"gsbase","text":"gsbase() -> None\nPrints out the GS base address. See also $gsbase.
"},{"location":"reference/pwndbg/commands/shell/","title":"pwndbg.commands.shell","text":""},{"location":"reference/pwndbg/commands/shell/#pwndbg.commands.shell","title":"shell","text":"Wrapper for shell commands.
Functions:
-
register_shell_function\u2013
Attributes:
-
pwncmd_names\u2013 -
shellcmd_names\u2013 -
pwncmds\u2013 -
shellcmds\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/shell/#pwndbg.commands.shell.shellcmd_names","title":"shellcmd_namespwncmd_names = ['constgrep', 'disasm', 'pwn', 'unhex']\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/shell/#pwndbg.commands.shell.pwncmds","title":"pwncmdsshellcmd_names = [\n \"awk\",\n \"bash\",\n \"cat\",\n \"chattr\",\n \"chmod\",\n \"chown\",\n \"cp\",\n \"date\",\n \"diff\",\n \"egrep\",\n \"grep\",\n \"htop\",\n \"id\",\n \"less\",\n \"ls\",\n \"man\",\n \"mkdir\",\n \"mktemp\",\n \"more\",\n \"mv\",\n \"nano\",\n \"nc\",\n \"ping\",\n \"pkill\",\n \"ps\",\n \"pstree\",\n \"pwd\",\n \"rm\",\n \"sed\",\n \"sh\",\n \"sort\",\n \"ssh\",\n \"sudo\",\n \"tail\",\n \"top\",\n \"touch\",\n \"uniq\",\n \"vi\",\n \"vim\",\n \"w\",\n \"wget\",\n \"who\",\n \"whoami\",\n \"zsh\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/shell/#pwndbg.commands.shell.shellcmds","title":"shellcmdspwncmds = list(filter(which, pwncmd_names))\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/shell/#pwndbg.commands.shell.register_shell_function","title":"register_shell_function","text":"shellcmds = list(filter(which, shellcmd_names))\n
"},{"location":"reference/pwndbg/commands/sigreturn/","title":"pwndbg.commands.sigreturn","text":""},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn","title":"sigreturn","text":"register_shell_function(cmd, deprecated=False) -> None\nFunctions:
-
sigreturn\u2013 -
print_value\u2013
Attributes:
-
SIGRETURN_FRAME_LAYOUTS(dict[str, list[tuple[int, str]]]) \u2013 -
SIGRETURN_CORE_REGISTER(dict[str, set[str]]) \u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.SIGRETURN_CORE_REGISTER","title":"SIGRETURN_CORE_REGISTERSIGRETURN_FRAME_LAYOUTS: dict[str, list[tuple[int, str]]] = {\n \"x86-64\": sorted([(-8, \"&pretcode\")] + list(items())),\n \"i386\": sorted(items()),\n \"aarch64\": sorted(items()),\n \"arm\": sorted(items()),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.parser","title":"parserSIGRETURN_CORE_REGISTER: dict[str, set[str]] = {\n \"x86-64\": {*gpr, frame, stack, pc},\n \"i386\": {*gpr, frame, stack, pc},\n \"aarch64\": {*gpr, \"sp\", \"pc\"},\n \"arm\": {*gpr, \"fp\", \"ip\", \"sp\", \"lr\", \"pc\"},\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.sigreturn","title":"sigreturn","text":"parser = ArgumentParser(\n description=\"Display the SigreturnFrame at the specific address\"\n)\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.print_value","title":"print_value","text":"sigreturn(address: int = None, display_all=False, print_address=False) -> None\n
"},{"location":"reference/pwndbg/commands/slab/","title":"pwndbg.commands.slab","text":""},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab","title":"slab","text":"print_value(string: str, address: int, print_address) -> None\nCommands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
Some of the code here was inspired from NeatMonster/slabdbg Some of the code here was inspired from osandov/drgn
Classes:
-
IndentContextManager\u2013
Functions:
-
slab\u2013 -
print_slab\u2013 -
print_cpu_cache\u2013 -
print_node_cache\u2013 -
slab_info\u2013 -
slab_list\u2013 -
slab_contains\u2013prints the slab_cache associated with the provided address
Attributes:
-
parser\u2013 -
subparsers\u2013 -
parser_list\u2013 -
parser_info\u2013 -
parser_contains\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.subparsers","title":"subparsersparser = ArgumentParser(\n description=\"Prints information about the slab allocator\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_list","title":"parser_listsubparsers = add_subparsers(dest='command')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_info","title":"parser_infoparser_list = add_parser('list', prog='slab list')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_contains","title":"parser_containsparser_info = add_parser('info', prog='slab info')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.IndentContextManager","title":"IndentContextManager","text":"parser_contains = add_parser('contains', prog='slab contains')\nIndentContextManager()\nMethods:
-
__enter__\u2013 -
__exit__\u2013 -
print\u2013
Attributes:
-
indent\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.IndentContextManager.__enter__","title":"__enter__","text":"indent = 0\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.IndentContextManager.__exit__","title":"__exit__","text":"__enter__() -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.IndentContextManager.print","title":"print","text":"__exit__(\n exc_type: type[BaseException] | None,\n exc_value: BaseException | None,\n exc_tb: TracebackType | None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab","title":"slab","text":"print(*a, **kw) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_slab","title":"print_slab","text":"slab(command, filter_=None, names=None, verbose=False, addresses=None) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_cpu_cache","title":"print_cpu_cache","text":"print_slab(slab: Slab, indent, verbose: bool) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_node_cache","title":"print_node_cache","text":"print_cpu_cache(cpu_cache: CpuCache, verbose: bool, indent) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_info","title":"slab_info","text":"print_node_cache(node_cache: NodeCache, verbose: bool, indent) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_list","title":"slab_list","text":"slab_info(name: str, verbose: bool) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_contains","title":"slab_contains","text":"slab_list(filter_) -> None\nslab_contains(address: str) -> None\nprints the slab_cache associated with the provided address
"},{"location":"reference/pwndbg/commands/spray/","title":"pwndbg.commands.spray","text":""},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray","title":"spray","text":"Functions:
-
spray\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray.spray","title":"spray","text":"parser = ArgumentParser(\n description=\"Spray memory with cyclic() generated values\"\n)\n
"},{"location":"reference/pwndbg/commands/start/","title":"pwndbg.commands.start","text":""},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start","title":"start","text":"spray(addr, length, value, only_funcptrs) -> None\nLaunches the target process after setting a breakpoint at a convenient entry point.
Functions:
-
breakpoint_at_entry\u2013 -
start\u2013 -
entry\u2013 -
sstart\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.breakpoint_at_entry","title":"breakpoint_at_entry","text":"parser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description='\\nStart the debugged program stopping at its entrypoint address.\\n\\nNote that the entrypoint may not be the first instruction executed\\nby the program. If you want to stop on the first executed instruction,\\nuse the GDB\\'s `starti` command.\\n\\nArgs may include \"*\", or \"[...]\"; they are expanded using the\\nshell that will start the program (specified by the \"$SHELL\" environment\\nvariable). Input and output redirection with \">\", \"<\", or \">>\"\\nare also allowed.\\n\\nWith no arguments, uses arguments last specified (with \"run\" or\\n\"set args\"). To cancel previous arguments and run with no arguments,\\nuse \"set args\" without arguments.\\n\\nTo start the inferior without using a shell, use \"set startup-with-shell off\".\\n',\n)\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.start","title":"start","text":"breakpoint_at_entry()\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.entry","title":"entry","text":"start(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.sstart","title":"sstart","text":"entry(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/strings/","title":"pwndbg.commands.strings","text":""},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings","title":"strings","text":"sstart() -> None\nFunctions:
-
strings\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings.strings","title":"strings","text":"parser = ArgumentParser(\n description=\"Extracts and displays ASCII strings from readable memory pages of the debugged process.\"\n)\n
"},{"location":"reference/pwndbg/commands/telescope/","title":"pwndbg.commands.telescope","text":""},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope","title":"telescope","text":"strings(n: int = 4, page_names: list[str] = [], save_as: str = None)\nPrints out pointer chains starting at some address in memory.
Generally used to print out the stack or register values.
Functions:
-
telescope\u2013Recursively dereferences pointers starting at the specified address
-
regs_or_frame_offset\u2013 -
stack\u2013 -
stackf\u2013
Attributes:
-
telescope_lines\u2013 -
skip_repeating_values\u2013 -
skip_repeating_values_minimum\u2013 -
print_framepointer_offset\u2013 -
print_retaddr_in_frame\u2013 -
dont_skip_registers\u2013 -
offset_separator\u2013 -
offset_delimiter\u2013 -
repeating_marker\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values","title":"skip_repeating_valuestelescope_lines = add_param(\n \"telescope-lines\", 8, \"number of lines to printed by the telescope command\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values_minimum","title":"skip_repeating_values_minimumskip_repeating_values = add_param(\n \"telescope-skip-repeating-val\",\n True,\n \"whether to skip repeating values of the telescope command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_framepointer_offset","title":"print_framepointer_offsetskip_repeating_values_minimum = add_param(\n \"telescope-skip-repeating-val-min\",\n 3,\n \"minimum amount of repeated values before skipping lines\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_retaddr_in_frame","title":"print_retaddr_in_frameprint_framepointer_offset = add_param(\n \"telescope-framepointer-offset\",\n True,\n \"print offset to framepointer for each address, if sufficiently small\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.dont_skip_registers","title":"dont_skip_registersprint_retaddr_in_frame = add_param(\n \"telescope-frame-print-retaddr\",\n True,\n \"print one pointer past the stack frame\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_separator","title":"offset_separatordont_skip_registers = add_param(\n \"telescope-dont-skip-registers\",\n True,\n \"don't skip a repeated line if a registers points to it\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_delimiter","title":"offset_delimiteroffset_separator = add_param(\n \"telescope-offset-separator\",\n \"\u2502\",\n \"offset separator of the telescope command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.repeating_marker","title":"repeating_markeroffset_delimiter = add_param(\n \"telescope-offset-delimiter\",\n \":\",\n \"offset delimiter of the telescope command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.parser","title":"parserrepeating_marker = add_param(\n \"telescope-repeating-marker\",\n \"... \u2193\",\n \"repeating values marker of the telescope command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.telescope","title":"telescope","text":"parser = ArgumentParser(\n description=\"Dereferences on stack data, printing the entire stack frame with specified count and offset .\"\n)\ntelescope(\n address=None,\n count=telescope_lines,\n to_string=False,\n reverse=False,\n frame=False,\n inverse=False,\n)\nRecursively dereferences pointers starting at the specified address ($sp by default)
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.regs_or_frame_offset","title":"regs_or_frame_offset","text":"
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stack","title":"stack","text":"regs_or_frame_offset(\n addr: int, bp: int | None, regs: dict[int, str], longest_regs: int\n) -> str\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stackf","title":"stackf","text":"stack(count, offset, frame, inverse) -> None\n
"},{"location":"reference/pwndbg/commands/tips/","title":"pwndbg.commands.tips","text":""},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips","title":"tips","text":"stackf(count, offset) -> None\nFunctions:
-
tips\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips.tips","title":"tips","text":"parser = ArgumentParser(description='Shows tips.')\n
"},{"location":"reference/pwndbg/commands/tls/","title":"pwndbg.commands.tls","text":""},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls","title":"tls","text":"tips(all: bool) -> None\nCommand to print the information of the current Thread Local Storage (TLS).
Functions:
-
tls\u2013 -
threads\u2013
Attributes:
-
parser\u2013 -
group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.group","title":"groupparser = ArgumentParser(\n formatter_class=RawTextHelpFormatter,\n description=\"List all threads belonging to the selected inferior.\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.tls","title":"tls","text":"group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.threads","title":"threads","text":"tls(pthread_self=False, all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/valist/","title":"pwndbg.commands.valist","text":""},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist","title":"valist","text":"threads(num_threads, respect_config) -> None\nFunctions:
-
valist\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist.valist","title":"valist","text":"parser = ArgumentParser(description='Dumps the arguments of a va_list.')\n
"},{"location":"reference/pwndbg/commands/version/","title":"pwndbg.commands.version","text":""},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version","title":"version","text":"valist(addr: int, count: int) -> None\nImplements version and bugreport commands.
Functions:
-
os_info\u2013 -
module_version\u2013 -
debugger_version\u2013 -
all_versions\u2013 -
get_target_arch\u2013 -
get_terminal_size\u2013 -
version_impl\u2013Implementation of the
versioncommand. -
version\u2013 -
bugreport\u2013 -
get_debugger_configuration\u2013 -
get_debugger_session_history\u2013
Attributes:
-
bugreport_parser\u2013 -
bugreport_group\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport_group","title":"bugreport_groupbugreport_parser = ArgumentParser(description='Generate a bug report.')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.os_info","title":"os_info","text":"bugreport_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.module_version","title":"module_version","text":"os_info()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.debugger_version","title":"debugger_version","text":"module_version(module)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.all_versions","title":"all_versions","text":"debugger_version()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_target_arch","title":"get_target_arch","text":"all_versions()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_terminal_size","title":"get_terminal_size","text":"get_target_arch()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version_impl","title":"version_impl","text":"get_terminal_size()\nversion_impl() -> None\nImplementation of the
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version","title":"version","text":"versioncommand.
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport","title":"bugreport","text":"version() -> None\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_configuration","title":"get_debugger_configuration","text":"bugreport(run_browser=False, use_gh=False)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_session_history","title":"get_debugger_session_history","text":"get_debugger_configuration()\n
"},{"location":"reference/pwndbg/commands/vmmap/","title":"pwndbg.commands.vmmap","text":""},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap","title":"vmmap","text":"get_debugger_session_history()\nCommand to print the virtual memory map a la /proc/self/maps.
Functions:
-
pages_filter\u2013 -
print_vmmap_table_header\u2013Prints the table header for the vmmap command.
-
print_vmmap_gaps_table_header\u2013Prints the table header for the vmmap --gaps command.
-
calculate_total_memory\u2013 -
gap_text\u2013 -
print_map\u2013 -
print_adjacent_map\u2013 -
print_guard\u2013 -
print_gap\u2013 -
print_vmmap_gaps\u2013Indicates the size of adjacent memory regions and unmapped gaps between them in process memory
-
vmmap\u2013 -
vmmap_add\u2013 -
vmmap_explore\u2013 -
vmmap_clear\u2013 -
vmmap_load\u2013
Attributes:
-
integer_types\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.parser","title":"parserinteger_types = (int, Value)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.pages_filter","title":"pages_filter","text":"parser = ArgumentParser(\n description=\"Load virtual memory map pages from ELF file.\"\n)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_table_header","title":"print_vmmap_table_header","text":"pages_filter(gdbval_or_str)\nprint_vmmap_table_header() -> None\nPrints the table header for the vmmap command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps_table_header","title":"print_vmmap_gaps_table_header","text":"print_vmmap_gaps_table_header() -> None\nPrints the table header for the vmmap --gaps command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.calculate_total_memory","title":"calculate_total_memory","text":"
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.gap_text","title":"gap_text","text":"calculate_total_memory(pages: tuple[Page, ...]) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_map","title":"print_map","text":"gap_text(page: Page) -> str\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_adjacent_map","title":"print_adjacent_map","text":"print_map(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_guard","title":"print_guard","text":"print_adjacent_map(map_start: Page, map_end: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_gap","title":"print_gap","text":"print_guard(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps","title":"print_vmmap_gaps","text":"print_gap(current: Page, last_map: Page)\nprint_vmmap_gaps(pages: tuple[Page, ...]) -> None\nIndicates the size of adjacent memory regions and unmapped gaps between them in process memory
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap","title":"vmmap","text":"
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_add","title":"vmmap_add","text":"vmmap(\n gdbval_or_str=None,\n writable=False,\n executable=False,\n lines_after=1,\n lines_before=1,\n context=None,\n gaps=False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_explore","title":"vmmap_explore","text":"vmmap_add(start: int, size: int, flags: str, offset: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_clear","title":"vmmap_clear","text":"vmmap_explore(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_load","title":"vmmap_load","text":"vmmap_clear() -> None\n
"},{"location":"reference/pwndbg/commands/windbg/","title":"pwndbg.commands.windbg","text":""},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg","title":"windbg","text":"vmmap_load(filename) -> None\nCompatibility functionality for Windbg users.
Functions:
-
enhex\u2013 -
db\u2013Starting at the specified address, dump N bytes
-
dw\u2013Starting at the specified address, dump N words
-
dd\u2013Starting at the specified address, dump N dwords
-
dq\u2013Starting at the specified address, dump N qwords
-
dc\u2013 -
dX\u2013Traditionally, windbg will display 16 bytes of data per line.
-
eb\u2013Write hex bytes at the specified address.
-
ew\u2013Write hex words at the specified address.
-
ed\u2013Write hex dwords at the specified address.
-
eq\u2013Write hex qwords at the specified address.
-
ez\u2013Write a character at the specified address.
-
eza\u2013Write a string at the specified address.
-
eX\u2013This relies on windbg's default hex encoding being enforced
-
dds\u2013Dump pointers and symbols at the specified address.
-
da\u2013 -
ds\u2013 -
bl\u2013List breakpoints
-
bd\u2013Disable the breakpoint with the specified index.
-
be\u2013Enable the breakpoint with the specified index.
-
bc\u2013Clear the breakpoint with the specified index.
-
bp\u2013 -
k\u2013Print a backtrace (alias 'bt')
-
go\u2013Windbg compatibility alias for 'continue' command.
-
ln\u2013List the symbols nearest to the provided value.
-
peb\u2013 -
pc\u2013Windbg compatibility alias for 'nextcall' command.
Attributes:
-
da_parser\u2013 -
ds_parser\u2013 -
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds_parser","title":"ds_parserda_parser = ArgumentParser(\n description=\"Dump a string at the specified address.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.parser","title":"parserds_parser = ArgumentParser(\n description=\"Dump a string at the specified address.\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.enhex","title":"enhex","text":"parser = ArgumentParser(\n description=\"List the symbols nearest to the provided value.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.db","title":"db","text":"enhex(size, value)\ndb(address, count=64)\nStarting at the specified address, dump N bytes (default 64).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dw","title":"dw","text":"dw(address, count=32)\nStarting at the specified address, dump N words (default 32).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dd","title":"dd","text":"dd(address, count=16)\nStarting at the specified address, dump N dwords (default 16).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dq","title":"dq","text":"dq(address, count=8)\nStarting at the specified address, dump N qwords (default 8).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dc","title":"dc","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dX","title":"dX","text":"dc(address, count=8)\ndX(size, address, count, to_string=False, repeat=False)\nTraditionally, windbg will display 16 bytes of data per line.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eb","title":"eb","text":"eb(address, data)\nWrite hex bytes at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ew","title":"ew","text":"ew(address, data)\nWrite hex words at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ed","title":"ed","text":"ed(address, data)\nWrite hex dwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eq","title":"eq","text":"eq(address, data)\nWrite hex qwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ez","title":"ez","text":"ez(address, data)\nWrite a character at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eza","title":"eza","text":"eza(address, data)\nWrite a string at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eX","title":"eX","text":"eX(size, address, data, hex=True) -> None\nThis relies on windbg's default hex encoding being enforced
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dds","title":"dds","text":"dds(addr)\nDump pointers and symbols at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.da","title":"da","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds","title":"ds","text":"da(address, max) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bl","title":"bl","text":"ds(address, max) -> None\nbl() -> None\nList breakpoints
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bd","title":"bd","text":"bd(which='*') -> None\nDisable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.be","title":"be","text":"be(which='*') -> None\nEnable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bc","title":"bc","text":"bc(which='*') -> None\nClear the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bp","title":"bp","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.k","title":"k","text":"bp(where) -> None\nk() -> None\nPrint a backtrace (alias 'bt')
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.go","title":"go","text":"go() -> None\nWindbg compatibility alias for 'continue' command.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ln","title":"ln","text":"ln(value: int = None) -> None\nList the symbols nearest to the provided value.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.peb","title":"peb","text":"
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.pc","title":"pc","text":"peb() -> None\npc()\nWindbg compatibility alias for 'nextcall' command.
"},{"location":"reference/pwndbg/commands/xinfo/","title":"pwndbg.commands.xinfo","text":""},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo","title":"xinfo","text":"Functions:
-
print_line\u2013 -
xinfo_stack\u2013 -
xinfo_mmap_file\u2013 -
xinfo_default\u2013 -
xinfo\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.print_line","title":"print_line","text":"parser = ArgumentParser(\n description=\"Shows offsets of the specified address from various useful locations.\"\n)\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_stack","title":"xinfo_stack","text":"print_line(name, addr, first, second, op, width=20) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_mmap_file","title":"xinfo_mmap_file","text":"xinfo_stack(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_default","title":"xinfo_default","text":"xinfo_mmap_file(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo","title":"xinfo","text":"xinfo_default(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xor/","title":"pwndbg.commands.xor","text":""},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor","title":"xor","text":"xinfo(address=None) -> None\nFunctions:
-
xor_memory\u2013Helper function for xorring memory in gdb
-
xor\u2013 -
memfrob\u2013
Attributes:
-
parser\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor_memory","title":"xor_memory","text":"parser = ArgumentParser(\n description=\"Memfrobs a region of memory (xor with '*').\"\n)\nxor_memory(address, key, count)\nHelper function for xorring memory in gdb
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor","title":"xor","text":"
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.memfrob","title":"memfrob","text":"xor(address, key, count) -> None\n
"},{"location":"reference/pwndbg/dbg/","title":"pwndbg.dbg","text":""},{"location":"reference/pwndbg/dbg/#pwndbg.dbg","title":"dbg","text":"memfrob(address, count)\nThe abstracted debugger interface.
Modules:
-
gdb\u2013 -
lldb\u2013
Classes:
-
Error\u2013 -
DisassembledInstruction\u2013 -
DebuggerType\u2013 -
Arch\u2013The definition of an architecture.
-
StopPoint\u2013The handle to either an insalled breakpoint or watchpoint.
-
BreakpointLocation\u2013This is the location specification for a breakpoint.
-
WatchpointLocation\u2013This is the location specification for a watchpoint.
-
Registers\u2013A handle to the register values in a frame.
-
SymbolLookupType\u2013Enum representing types of symbol lookups for filtering symbol searches.
-
Frame\u2013 -
Thread\u2013 -
MemoryMap\u2013A wrapper around a sequence of memory ranges
-
ExecutionController\u2013 -
Process\u2013 -
TypeCode\u2013Broad categories of types.
-
TypeField\u2013The fields in a structured type.
-
Type\u2013Class representing a type in the context of an inferior process.
-
Value\u2013Class representing a value in the context of an inferior process.
-
CommandHandle\u2013An opaque handle to an installed command.
-
EventType\u2013Events that can be listened for and reacted to in a debugger.
-
Debugger\u2013The base class representing a debugger.
Functions:
-
selection\u2013Debuggers have global state. Many of our queries require that we select a
Attributes:
-
dbg(Debugger) \u2013 -
T\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.T","title":"Tdbg: Debugger = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Error","title":"Error","text":"T = TypeVar('T')\nBases:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction","title":"DisassembledInstruction","text":"ExceptionBases:
TypedDictAttributes:
-
addr(int) \u2013 -
asm(str) \u2013 -
length(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.asm","title":"asmaddr: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.length","title":"lengthasm: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType","title":"DebuggerType","text":"length: int\nBases:
EnumAttributes:
-
GDB\u2013 -
LLDB\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType.LLDB","title":"LLDBGDB = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Arch","title":"Arch","text":"LLDB = 2\nThe definition of an architecture.
Attributes:
-
endian(Literal['little', 'big']) \u2013Wether code in this module is little or big.
-
name(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013Name of the architecture.
-
ptrsize(int) \u2013Length of the pointer in this module.
property","text":"endian: Literal['little', 'big']\nWether code in this module is little or big.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Arch.name","title":"nameproperty","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\nName of the architecture.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Arch.ptrsize","title":"ptrsizeproperty","text":"ptrsize: int\nLength of the pointer in this module.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint","title":"StopPoint","text":"The handle to either an insalled breakpoint or watchpoint.
May be used in a
withstatement, in which case the stop point is automatically removed at the end of the statement. This allows for easy implementation of temporary breakpoints.Methods:
-
remove\u2013Removes the breakpoint associated with this handle.
-
set_enabled\u2013Enables or disables this breakpoint.
-
__enter__\u2013 -
__exit__\u2013Automatic breakpoint removal.
remove() -> None\nRemoves the breakpoint associated with this handle.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.set_enabled","title":"set_enabled","text":"set_enabled(enabled: bool) -> None\nEnables or disables this breakpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__enter__","title":"__enter__","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__exit__","title":"__exit__","text":"__enter__() -> StopPoint\n__exit__(exc_type, exc_value, traceback) -> None\nAutomatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation","title":"BreakpointLocation","text":"BreakpointLocation(address: int)\nThis is the location specification for a breakpoint.
Methods:
-
__eq__\u2013
Attributes:
-
address(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation.__eq__","title":"__eq__","text":"address: int = address\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation","title":"WatchpointLocation","text":"__eq__(other: object) -> bool\nWatchpointLocation(\n address: int, size: int, watch_read: bool, watch_write: bool\n)\nThis is the location specification for a watchpoint.
Attributes:
-
address(int) \u2013 -
size(int) \u2013 -
watch_read(bool) \u2013 -
watch_write(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.size","title":"sizeaddress: int = address\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_read","title":"watch_readsize: int = size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_write","title":"watch_writewatch_read: bool = watch_read\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Registers","title":"Registers","text":"watch_write: bool = watch_write\nA handle to the register values in a frame.
Methods:
-
by_name\u2013Gets the value of a register if it exists, None otherwise.
by_name(name: str) -> Value | None\nGets the value of a register if it exists, None otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType","title":"SymbolLookupType","text":"Bases:
EnumEnum representing types of symbol lookups for filtering symbol searches.
Attributes: - ANY: Represents searching for any symbol type (default). - FUNCTION: Represents searching specifically for function symbols. - VARIABLE: Represents searching specifically for variable symbols.
Attributes:
-
ANY\u2013 -
FUNCTION\u2013 -
VARIABLE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.FUNCTION","title":"FUNCTIONANY = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.VARIABLE","title":"VARIABLEFUNCTION = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame","title":"Frame","text":"VARIABLE = 3\nMethods:
-
lookup_symbol\u2013Looks up and returns the address of a symbol in current frame by its name.
-
evaluate_expression\u2013Evaluate the given expression in the context of this frame, and
-
regs\u2013Access the values of the registers in this frame.
-
reg_write\u2013Sets the value of the register with the given name to the given value.
-
pc\u2013The value of the program counter for this frame.
-
sp\u2013The value of the stack pointer for this frame.
-
parent\u2013The parent frame of this frame, if it exists.
-
child\u2013The child frame of this frame, if it exists.
-
sal\u2013The filename of the source code file associated with this frame, and the
-
__eq__\u2013Whether this frame is the same as the given frame. Two frames are the
lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\nLooks up and returns the address of a symbol in current frame by its name.
Parameters: - name (str): The name of the symbol to look up. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults to SymbolLookupType.ANY.
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
Raises: - pwndbg.dbg_mod.Error: If symbol name contains invalid characters
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\nEvaluate the given expression in the context of this frame, and return a
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression--lock_scheduler","title":"Value.lock_scheduler","text":"Additionally, callers of this function might specify that they want to enable scheduler locking during the evaluation of this expression. This is a GDB-only option, and is intended for cases in which the result would be incorrect without it enabled, when running in GDB. Other debuggers should ignore this parameter.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.regs","title":"regs","text":"regs() -> Registers\nAccess the values of the registers in this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.reg_write","title":"reg_write","text":"reg_write(name: str, val: int) -> bool\nSets the value of the register with the given name to the given value. Returns true if the register exists, false othewise. Throws an exception if the register exists but cannot be written to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.pc","title":"pc","text":"pc() -> int\nThe value of the program counter for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sp","title":"sp","text":"sp() -> int\nThe value of the stack pointer for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.parent","title":"parent","text":"parent() -> Frame | None\nThe parent frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.child","title":"child","text":"child() -> Frame | None\nThe child frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sal","title":"sal","text":"sal() -> tuple[str, int] | None\nThe filename of the source code file associated with this frame, and the line number associated with it, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\nWhether this frame is the same as the given frame. Two frames are the same if they point to the same stack frame and have the same execution context.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread","title":"Thread","text":"Methods:
-
bottom_frame\u2013Frame at the bottom of the call stack for this thread.
-
ptid\u2013The PTID of this thread, if available.
-
index\u2013The unique index of this thread from the perspective of the debugger.
bottom_frame() -> Iterator[Frame]\nFrame at the bottom of the call stack for this thread.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.ptid","title":"ptid","text":"ptid() -> int | None\nThe PTID of this thread, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.index","title":"index","text":"index() -> int\nThe unique index of this thread from the perspective of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap","title":"MemoryMap","text":"A wrapper around a sequence of memory ranges
Methods:
-
is_qemu\u2013Returns whether this memory map was generated from a QEMU target.
-
ranges\u2013Returns all ranges in this memory map.
is_qemu() -> bool\nReturns whether this memory map was generated from a QEMU target.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.ranges","title":"ranges","text":"ranges() -> Sequence[Page]\nReturns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController","title":"ExecutionController","text":"Methods:
-
single_step\u2013Steps to the next instruction.
-
cont\u2013Continues execution until the given breakpoint or whatchpoint is hit.
single_step() -> Awaitable[None]\nSteps to the next instruction.
Throws
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.cont","title":"cont","text":"CancelledErrorif a breakpoint or watchpoint is hit, the program exits, or if any other unexpected event that diverts execution happens while fulfulling the step.cont(until: StopPoint) -> Awaitable[None]\nContinues execution until the given breakpoint or whatchpoint is hit.
Throws
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process","title":"Process","text":"CancelledErrorif a breakpoint or watchpoint is hit that is not the one given inuntil, the program exits, or if any other unexpected event happens.Methods:
-
threads\u2013Returns a list containing the threads in this process.
-
pid\u2013Returns the process ID of this process if it is alive.
-
alive\u2013Returns whether this process is alive.
-
stopped_with_signal\u2013Returns whether this process was stopped by a signal.
-
evaluate_expression\u2013Evaluate the given expression in the context of the current process, and
-
vmmap\u2013Returns the virtual memory map of this process.
-
read_memory\u2013Reads the requested number of bytes from the address given in the memory
-
write_memory\u2013Writes as many bytes from the given data buffer as possible into the
-
find_in_memory\u2013Searches for a bit pattern in the memory space of the process. The bit
-
is_remote\u2013Returns whether this process is a remote process connected to using the
-
send_remote\u2013Sends the given packet to the GDB remote debugging protocol server.
-
send_monitor\u2013Sends the given monitor command to the GDB remote debugging protocol
-
download_remote_file\u2013Downloads the given file from the remote host and saves it to the local
-
create_value\u2013Create a new value in the context of this process, with the given value
-
symbol_name_at_address\u2013Returns the name of the symbol at the given address in the program, if
-
lookup_symbol\u2013Looks up and returns the address of a symbol by its name.
-
types_with_name\u2013Returns a list of all types in this process that match the given name.
-
arch\u2013The default architecture of this process.
-
break_at\u2013Install a breakpoint or watchpoint at the given location.
-
is_linux\u2013Returns whether the current ABI is GNU/Linux.
-
disasm\u2013Returns the disassembled instruction at the given address in the address
-
module_section_locations\u2013Return a list of (address, size, section_name, module_name) tuples for
-
main_module_name\u2013Returns the name of the main module.
-
main_module_entry\u2013Returns the entry point of the main module.
-
is_dynamically_linked\u2013Returns whether this process makes use of dynamically linked libraries.
-
dispatch_execution_controller\u2013Queues up the given execution controller-based coroutine for execution,
threads() -> list[Thread]\nReturns a list containing the threads in this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.pid","title":"pid","text":"pid() -> int | None\nReturns the process ID of this process if it is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.alive","title":"alive","text":"alive() -> bool\nReturns whether this process is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.stopped_with_signal","title":"stopped_with_signal","text":"stopped_with_signal() -> bool\nReturns whether this process was stopped by a signal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str) -> Value\nEvaluate the given expression in the context of the current process, and return a
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.vmmap","title":"vmmap","text":"Value.vmmap() -> MemoryMap\nReturns the virtual memory map of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.read_memory","title":"read_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\nReads the requested number of bytes from the address given in the memory space of this process. Will read as many bytes as possible starting at that location, and returns how many were read.
Throws an exception if reading fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.write_memory","title":"write_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\nWrites as many bytes from the given data buffer as possible into the given address in the memory space of this process.
Throws an exception if writing fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.find_in_memory","title":"find_in_memory","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\nSearches for a bit pattern in the memory space of the process. The bit pattern can be searched for in a given memory range, and with a given alignment. The maximum number of matches that will be generated is given by
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_remote","title":"is_remote","text":"max_matches. A value ofmax_matchesof-1will generate all matches.is_remote() -> bool\nReturns whether this process is a remote process connected to using the GDB remote debugging protocol.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_remote","title":"send_remote","text":"send_remote(packet: str) -> bytes\nSends the given packet to the GDB remote debugging protocol server. Should only be called if
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_monitor","title":"send_monitor","text":"is_remote()is true.send_monitor(cmd: str) -> str\nSends the given monitor command to the GDB remote debugging protocol server. Should only be called if
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.download_remote_file","title":"download_remote_file","text":"is_remote()is true.download_remote_file(remote_path: str, local_path: str) -> None\nDownloads the given file from the remote host and saves it to the local given path. Should only be called if
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.create_value","title":"create_value","text":"is_remote()is true.create_value(value: int, type: Type | None = None) -> Value\nCreate a new value in the context of this process, with the given value and, optionally, type. If no type is provided, one will be chosen automatically.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.symbol_name_at_address","title":"symbol_name_at_address","text":"symbol_name_at_address(address: int) -> str | None\nReturns the name of the symbol at the given address in the program, if one exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\nLooks up and returns the address of a symbol by its name.
Parameters: - name (str): The name of the symbol to look up. - prefer_static (bool, optional): If True, prioritize symbols in the static block, if supported by the debugger. Defaults to False. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults to SymbolLookupType.ANY. - objfile_endswith (str | None, optional): If specified, limits the search to the first object file whose name ends with the provided string.
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
Raises: - pwndbg.dbg_mod.Error: If no object file matching the
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.types_with_name","title":"types_with_name","text":"objfile_endswithpattern is found.types_with_name(name: str) -> Sequence[Type]\nReturns a list of all types in this process that match the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.arch","title":"arch","text":"arch() -> Arch\nThe default architecture of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.break_at","title":"break_at","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\nInstall a breakpoint or watchpoint at the given location.
The type of the location determines whether the newly created object is a watchpoint or a breakpoint.
BreakpointLocationlocations yield breakpoints, whileWatchpointLocationlocations yield watchpoints.Aditionally, one may specify a stop handler function, to be run when the breakpoint or whatchpoint is hit, and that determines whether execution should stop. With a return value of
Truebeing interpreted as a signal to stop, and a return value ofFalsebeing interpreted as a signal to continue execution. The extent of the actions that may be taken during the stop handler is determined by the debugger.Marking a breakpoint or watchpoint as
internalhints to the implementation that the created breakpoint or watchpoint should not be directly nameable by the user, and that it should not print any messages upon being triggered. Implementations should try to honor this hint, but they are not required to in case honoring it is either not possible or comes at a significant impact to performance.This function returns a handle to the newly created breakpoint or watchpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_linux","title":"is_linux","text":"is_linux() -> bool\nReturns whether the current ABI is GNU/Linux.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.disasm","title":"disasm","text":"disasm(address: int) -> DisassembledInstruction | None\nReturns the disassembled instruction at the given address in the address space of the running process, or
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.module_section_locations","title":"module_section_locations","text":"Noneif there's no valid instruction at that address.module_section_locations() -> list[tuple[int, int, str, str]]\nReturn a list of (address, size, section_name, module_name) tuples for the loaded sections in every module of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_name","title":"main_module_name","text":"main_module_name() -> str | None\nReturns the name of the main module.
On remote targets, this may be prefixed with \"target:\" string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_entry","title":"main_module_entry","text":"main_module_entry() -> int | None\nReturns the entry point of the main module.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked","title":"is_dynamically_linked","text":"is_dynamically_linked() -> bool\nReturns whether this process makes use of dynamically linked libraries.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked--dynamically-linked","title":"\"dynamically linked\"","text":"What exactly it means to be \"dynamically linked\" here is a little ill-defined. Ideally, this function should return true if the process uses the default dynamic linker for the system, as that would better reflect whether the process uses dynamic linking.
Currently, though, Pwndbg expects it to behave the same as a check for the string \"No shared libraries loaded at this time.\" in the output of the
info dllGDB command, which checks for the presence of other modules in the address space of the process, rather than whether or not the dynamic linker is used.We should probably sort this out in the future.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.dispatch_execution_controller","title":"dispatch_execution_controller","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\nQueues up the given execution controller-based coroutine for execution, sometime between the calling of this function and the
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode","title":"TypeCode","text":"Bases:
EnumBroad categories of types.
Attributes:
-
INVALID\u2013 -
POINTER\u2013 -
ARRAY\u2013 -
STRUCT\u2013 -
TYPEDEF\u2013 -
UNION\u2013 -
INT\u2013 -
ENUM\u2013 -
FUNC\u2013 -
BOOL\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.POINTER","title":"POINTERINVALID = -1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ARRAY","title":"ARRAYPOINTER = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.STRUCT","title":"STRUCTARRAY = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.TYPEDEF","title":"TYPEDEFSTRUCT = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.UNION","title":"UNIONTYPEDEF = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.INT","title":"INTUNION = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ENUM","title":"ENUMINT = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.FUNC","title":"FUNCENUM = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.BOOL","title":"BOOLFUNC = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField","title":"TypeField","text":"BOOL = 9\nTypeField(\n bitpos: int,\n name: str | None,\n type: Type,\n parent_type,\n enumval: int | None = None,\n artificial: bool = False,\n is_base_class: bool = False,\n bitsize: int = 0,\n)\nThe fields in a structured type.
Currently this is just a mirror of
gdb.Field.Attributes:
-
bitpos\u2013 -
name\u2013 -
type\u2013 -
parent_type\u2013 -
enumval\u2013 -
artificial\u2013 -
is_base_class\u2013 -
bitsize\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.name","title":"namebitpos = bitpos\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.type","title":"typename = name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.parent_type","title":"parent_typetype = type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.enumval","title":"enumvalparent_type = parent_type\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.artificial","title":"artificialenumval = enumval\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.is_base_class","title":"is_base_classartificial = artificial\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.bitsize","title":"bitsizeis_base_class = is_base_class\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type","title":"Type","text":"bitsize = bitsize\nClass representing a type in the context of an inferior process.
Methods:
-
func_arguments\u2013Returns a list of function arguments type.
-
fields\u2013List of all fields in this type, if it is a structured type.
-
has_field\u2013Whether this type has a field with the given name.
-
array\u2013Return a type that corresponds to an array whose elements have this type.
-
pointer\u2013Return a pointer type that has this type as its pointee.
-
strip_typedefs\u2013Return a type that corresponds to the base type after a typedef chain,
-
target\u2013Return the target of this reference type, if this is a reference type.
-
keys\u2013Returns a list containing all the field names of this type.
-
enum_member\u2013Retrieve the integer value of an enum member.
-
offsetof\u2013Calculate the byte offset of a field within a struct or union.
-
__eq__\u2013Returns True if types are the same
Attributes:
-
name_identifier(str | None) \u2013Returns the identifier of this type, eg:
-
name_to_human_readable(str) \u2013Returns the human friendly name of this type, eg:
-
sizeof(int) \u2013The size of this type, in bytes.
-
alignof(int) \u2013The alignment of this type, in bytes.
-
code(TypeCode) \u2013What category of type this object belongs to.
property","text":"name_identifier: str | None\nReturns the identifier of this type, eg: - someStructName - someEnumName - someTypedefName
Returns None if the type is anonymous or does not have a name, such as: - Anonymous structs - Anonymous Typedefs - Basic types like char[], void, etc.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.name_to_human_readable","title":"name_to_human_readableproperty","text":"name_to_human_readable: str\nReturns the human friendly name of this type, eg: - char [16] - int - char * - void * - fooStructName - barEnumName - barTypedefName
This function is not standardized, may return different names in gdb/lldb, eg: gdb:
char [16]orchar [50]orstruct {...}lldb:char[16]orchar[]or(anonymous struct)You should not use this function. Only for human eyes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.sizeof","title":"sizeofproperty","text":"sizeof: int\nThe size of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.alignof","title":"alignofproperty","text":"alignof: int\nThe alignment of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.code","title":"codeproperty","text":"code: TypeCode\nWhat category of type this object belongs to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.func_arguments","title":"func_arguments","text":"func_arguments() -> list[Type] | None\nReturns a list of function arguments type.
Returns:
-
list[Type] | None\u2013List[Type] | None: The function arguments type, or None if debug information is missing.
Raises:
-
TypeError\u2013If called on an unsupported type.
fields() -> list[TypeField]\nList of all fields in this type, if it is a structured type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.has_field","title":"has_field","text":"has_field(name: str) -> bool\nWhether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.array","title":"array","text":"array(count: int) -> Type\nReturn a type that corresponds to an array whose elements have this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.pointer","title":"pointer","text":"pointer() -> Type\nReturn a pointer type that has this type as its pointee.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.strip_typedefs","title":"strip_typedefs","text":"strip_typedefs() -> Type\nReturn a type that corresponds to the base type after a typedef chain, if this is a typedef. Returns the type itself otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.target","title":"target","text":"target() -> Type\nReturn the target of this reference type, if this is a reference type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.keys","title":"keys","text":"keys() -> list[str]\nReturns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.enum_member","title":"enum_member","text":"enum_member(field_name: str) -> int | None\nRetrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.offsetof","title":"offsetof","text":"offsetof(field_name: str) -> int | None\nCalculate the byte offset of a field within a struct or union.
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\nReturns True if types are the same
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value","title":"Value","text":"Class representing a value in the context of an inferior process.
Methods:
-
dereference\u2013If this is a poitner value, dereferences the pointer and returns a new
-
string\u2013If this value is a string, then this method converts it to a Python string.
-
value_to_human_readable\u2013Converts a Value to a human-readable string representation.\n -
fetch_lazy\u2013Fetches the value if it is lazy, does nothing otherwise.
-
__int__\u2013Converts this value to an integer, if possible.
-
cast\u2013Returns a new value with the same value as this object, but of the
-
__add__\u2013Adds an integer to this value, if that makes sense. Throws an exception
-
__sub__\u2013Subtract an integer from this value, if that makes sense. Throws an
-
__getitem__\u2013Gets the value with the given name that belongs to this value. For
Attributes:
-
address(Value | None) \u2013The address of this value, in memory, if addressable, otherwise
None. -
is_optimized_out(bool) \u2013Whether this value is present in debugging information, but has been
-
type(Type) \u2013The type associated with this value.
property","text":"address: Value | None\nThe address of this value, in memory, if addressable, otherwise
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.is_optimized_out","title":"is_optimized_outNone.property","text":"is_optimized_out: bool\nWhether this value is present in debugging information, but has been optimized out of the actual program.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.type","title":"typeproperty","text":"type: Type\nThe type associated with this value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.dereference","title":"dereference","text":"dereference() -> Value\nIf this is a poitner value, dereferences the pointer and returns a new instance of Value, containing the value pointed to by this pointer.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.string","title":"string","text":"string() -> str\nIf this value is a string, then this method converts it to a Python string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\nConverts a Value to a human-readable string representation.\n\n The format is similar to what is produced by the `str()` function for gdb.Value,\n displaying nested fields and pointers in a user-friendly way.\n\n **Usage Notes:**\n - This function is intended solely for displaying results to the user.\n - The output format may differ between debugger implementations (e.g., GDB vs LLDB),\n as each debugger may format values differently. For instance:\n - GDB might produce: '{\nvalue = 0, inner = { next = 0x555555558098 } }' - LLDB might produce: '(inner_a_node) *$PWNDBG_CREATED_VALUE_0 = { value = 0 inner = { next = 0x0000555555558098 } }' - As such, this function should not be relied upon for parsing or programmatic use."},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.fetch_lazy","title":"fetch_lazy","text":"
fetch_lazy() -> None\nFetches the value if it is lazy, does nothing otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__int__","title":"__int__","text":"__int__() -> int\nConverts this value to an integer, if possible.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.cast","title":"cast","text":"cast(type: Type | Any) -> Value\nReturns a new value with the same value as this object, but of the given type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__add__","title":"__add__","text":"__add__(rhs: int) -> Value\nAdds an integer to this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__sub__","title":"__sub__","text":"__sub__(rhs: int) -> Value\nSubtract an integer from this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__getitem__","title":"__getitem__","text":"__getitem__(idx: int | str) -> Value\nGets the value with the given name that belongs to this value. For structure types, this is the field with the given name. For array types, this is the field at the given index. For pointer types, this is the value of
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.CommandHandle","title":"CommandHandle","text":"*(ptr+idx).An opaque handle to an installed command.
Methods:
-
remove\u2013Removes this command from the command palette of the debugger.
remove() -> None\nRemoves this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType","title":"EventType","text":"Bases:
EnumEvents that can be listened for and reacted to in a debugger.
The events types listed here are defined as followsSTART: This event is fired some time between the creation of or attachment to the process to be debugged, and the start of its execution.STOP: This event is fired after execution of the process has been suspended, but before control is returned to the user for interactive debugging.EXIT: This event is fired after the process being debugged has been detached from or has finished executing.MEMORY_CHANGED: This event is fired when the user interactively makes changes to the memory of the process being debugged.REGISTER_CHANGED: LikeMEMORY_CHANGED, but for registers.CONTINUE: This event is fired after the user has requested for process execution to continue after it had been previously suspended.NEW_MODULE: This event is fired when a new application module has been encountered by the debugger. This usually happens when a new application module is loaded into the memory space of the process being debugged. In GDB terminology, these are calledobjfiles.
Attributes:
-
START\u2013 -
STOP\u2013 -
EXIT\u2013 -
MEMORY_CHANGED\u2013 -
REGISTER_CHANGED\u2013 -
CONTINUE\u2013 -
NEW_MODULE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.STOP","title":"STOPSTART = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.EXIT","title":"EXITSTOP = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.MEMORY_CHANGED","title":"MEMORY_CHANGEDEXIT = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.REGISTER_CHANGED","title":"REGISTER_CHANGEDMEMORY_CHANGED = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.CONTINUE","title":"CONTINUEREGISTER_CHANGED = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.NEW_MODULE","title":"NEW_MODULECONTINUE = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger","title":"Debugger","text":"NEW_MODULE = 6\nThe base class representing a debugger.
Methods:
-
setup\u2013Perform debugger-specific initialization.
-
history\u2013The command history of the interactive session in this debugger.
-
lex_args\u2013Lexes the given command line into a list of arguments, according to the
-
selected_inferior\u2013The inferior process currently being focused on in this interactive session.
-
selected_thread\u2013The thread currently being focused on in this interactive session.
-
selected_frame\u2013The stack frame currently being focused on in this interactive session.
-
commands\u2013List the commands available in this session.
-
add_command\u2013Adds a command with the given name to the debugger, that invokes the
-
has_event_type\u2013Whether the given event type is supported by this debugger. Indicates
-
event_handler\u2013Sets up the given function to be called when an event of the given type
-
suspend_events\u2013Suspend delivery of all events of the given type until it is resumed
-
resume_events\u2013Resume the delivery of all events of the given type, if previously
-
set_sysroot\u2013Sets the system root for this debugger.
-
x86_disassembly_flavor\u2013The flavor of disassembly to use for x86 targets.
-
supports_breakpoint_creation_during_stop_handler\u2013Whether breakpoint or watchpoint creation through
break_atis -
breakpoint_locations\u2013Returns a list of all breakpoint locations that are currently
-
name\u2013The type of the current debugger.
-
is_gdblib_available\u2013Whether gdblib is available under this debugger.
-
string_limit\u2013The maximum size of a string.
-
addrsz\u2013Format the given address value.
-
get_cmd_window_size\u2013The size of the command window, in characters, if available.
-
set_python_diagnostics\u2013Enables or disables Python diagnostic messages for this debugger.
Attributes:
-
pre_ctx_lines(int) \u2013Our prediction on how many lines of text will be printed as
property","text":"pre_ctx_lines: int\nOur prediction on how many lines of text will be printed as a preamble (right after the prompt, and before the context) the next time the context is printed.
This includes any lines the underlying debugger generates.
The user never sees these lines when context-clear-screen is enabled.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.setup","title":"setup","text":"setup(*args: Any) -> None\nPerform debugger-specific initialization.
This method should be run immediately after
pwndbg.dbgis set to an instance of this class, and, as such, is allowed to run code that depends on it being set.Because we can't really know what a given debugger object will need as part of its setup process, we allow for as many arguments as desired to be passed in, and leave it up to the implementations to decide what they need. This shouldn't be a problem, seeing as, unlike other methods in this class, this should only be called as part of the debugger-specific bringup code.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.history","title":"history","text":"history(last: int = 10) -> list[tuple[int, str]]\nThe command history of the interactive session in this debugger.
This function returns the last
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.lex_args","title":"lex_args","text":"lastitems in the command history, as an oldest-to-youngest-sorted list of tuples, where the first element in each tuple is the index of the command in the history, and the second element is a string giving the command itself.lex_args(command_line: str) -> list[str]\nLexes the given command line into a list of arguments, according to the conventions of the debugger being used and of the interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_inferior","title":"selected_inferior","text":"selected_inferior() -> Process | None\nThe inferior process currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_thread","title":"selected_thread","text":"selected_thread() -> Thread | None\nThe thread currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_frame","title":"selected_frame","text":"selected_frame() -> Frame | None\nThe stack frame currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.commands","title":"commands","text":"commands() -> list[str]\nList the commands available in this session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.add_command","title":"add_command","text":"add_command(\n name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\nAdds a command with the given name to the debugger, that invokes the given function every time it is called.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.has_event_type","title":"has_event_type","text":"has_event_type(ty: EventType) -> bool\nWhether the given event type is supported by this debugger. Indicates that a user either can or cannot register an event handler of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.event_handler","title":"event_handler","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\nSets up the given function to be called when an event of the given type gets fired. Returns a callable that corresponds to the wrapped function. This function my be used as a decorator.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.suspend_events","title":"suspend_events","text":"suspend_events(ty: EventType) -> None\nSuspend delivery of all events of the given type until it is resumed through a call to
resume_events.Events triggered during a suspension will be ignored, and will not be delived, even after delivery is resumed.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.resume_events","title":"resume_events","text":"resume_events(ty: EventType) -> None\nResume the delivery of all events of the given type, if previously suspeded through a call to
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_sysroot","title":"set_sysroot","text":"suspend_events. Does nothing if the delivery has not been previously suspeded.set_sysroot(sysroot: str) -> bool\nSets the system root for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\nThe flavor of disassembly to use for x86 targets.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"supports_breakpoint_creation_during_stop_handler() -> bool\nWhether breakpoint or watchpoint creation through
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.breakpoint_locations","title":"breakpoint_locations","text":"break_atis supported during breakpoint stop handlers.breakpoint_locations() -> list[BreakpointLocation]\nReturns a list of all breakpoint locations that are currently installed and enabled in the focused process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.name","title":"name","text":"name() -> DebuggerType\nThe type of the current debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.is_gdblib_available","title":"is_gdblib_available","text":"is_gdblib_available() -> bool\nWhether gdblib is available under this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.string_limit","title":"string_limit","text":"string_limit() -> int\nThe maximum size of a string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.addrsz","title":"addrsz","text":"addrsz(address: Any) -> str\nFormat the given address value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.get_cmd_window_size","title":"get_cmd_window_size","text":"get_cmd_window_size() -> tuple[int, int]\nThe size of the command window, in characters, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_python_diagnostics","title":"set_python_diagnostics","text":"set_python_diagnostics(enabled: bool) -> None\nEnables or disables Python diagnostic messages for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.selection","title":"selection","text":"selection(\n target: T, get_current: Callable[[], T], select: Callable[[T], None]\n)\nDebuggers have global state. Many of our queries require that we select a given object globally before we make them. When doing that, we must always be careful to return selection to its previous state before exiting. This class automatically manages the selection of a single object type.
Upon entrace to the
withblock, the element given bytargetwill be compared to the object returned by callingget_current. If they compare different, the value previously returned byget_currentis saved, and the element given bytargetwill be selected by passing it as an argument toselect, and, after execution leaves thewithblock, the previously saved element will be selected in the same fashion as the first element.If the elements don't compare different, this is a no-op.
"},{"location":"reference/pwndbg/dbg/gdb/","title":"pwndbg.dbg.gdb","text":""},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb","title":"gdb","text":"Modules:
-
debug_sym\u2013 -
symbol\u2013Looking up addresses for function names / symbols, and
Classes:
-
GDBArch\u2013 -
GDBRegisters\u2013 -
GDBFrame\u2013 -
GDBThread\u2013 -
GDBMemoryMap\u2013 -
BreakpointAdapter\u2013 -
GDBStopPoint\u2013 -
GDBProcess\u2013 -
GDBExecutionController\u2013 -
GDBCommand\u2013 -
GDBCommandHandle\u2013 -
GDBType\u2013 -
GDBValue\u2013 -
GDB\u2013
Functions:
-
parse_and_eval\u2013Same as
gdb.parse_and_eval, but only usesglobal_contextif it is
Attributes:
-
T\u2013 -
gdb_architecture_name_fixup_list\u2013 -
BPWP_DEFERRED_DELETE(Set[GDBStopPoint]) \u2013 -
BPWP_DEFERRED_ENABLE(Set[GDBStopPoint]) \u2013 -
BPWP_DEFERRED_DISABLE(Set[GDBStopPoint]) \u2013 -
EXECUTION_CONTROLLER\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.gdb_architecture_name_fixup_list","title":"gdb_architecture_name_fixup_listT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DELETE","title":"BPWP_DEFERRED_DELETEgdb_architecture_name_fixup_list = (\n \"x86-64\",\n \"i386\",\n \"i8086\",\n \"aarch64\",\n \"mips\",\n \"rs6000\",\n \"powerpc\",\n \"sparc\",\n \"arm\",\n \"iwmmxt\",\n \"iwmmxt2\",\n \"xscale\",\n \"riscv:rv32\",\n \"riscv:rv64\",\n \"riscv\",\n \"loongarch64\",\n \"s390:64-bit\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_ENABLE","title":"BPWP_DEFERRED_ENABLEBPWP_DEFERRED_DELETE: Set[GDBStopPoint] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DISABLE","title":"BPWP_DEFERRED_DISABLEBPWP_DEFERRED_ENABLE: Set[GDBStopPoint] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLERBPWP_DEFERRED_DISABLE: Set[GDBStopPoint] = set()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBArch","title":"GDBArch","text":"EXECUTION_CONTROLLER = GDBExecutionController()\nGDBArch(\n endian: Literal[\"little\", \"big\"],\n name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n ptrsize: int,\n)\nBases:
ArchAttributes:
-
endian(Literal['little', 'big']) \u2013 -
name(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize(int) \u2013
property","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBArch.name","title":"nameendian: Literal['little', 'big']\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBArch.ptrsize","title":"ptrsizename: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters","title":"GDBRegisters","text":"ptrsize: int\nGDBRegisters(frame: GDBFrame)\nBases:
RegistersMethods:
-
by_name\u2013
Attributes:
-
frame\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters.by_name","title":"by_name","text":"frame = frame\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame","title":"GDBFrame","text":"by_name(name: str) -> Value | None\nGDBFrame(inner: Frame)\nBases:
FrameMethods:
-
lookup_symbol\u2013 -
evaluate_expression\u2013 -
regs\u2013 -
reg_write\u2013 -
pc\u2013 -
sp\u2013 -
parent\u2013 -
child\u2013 -
sal\u2013 -
__eq__\u2013
Attributes:
-
inner\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.lookup_symbol","title":"lookup_symbol","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.evaluate_expression","title":"evaluate_expression","text":"lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.regs","title":"regs","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.reg_write","title":"reg_write","text":"regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.pc","title":"pc","text":"reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sp","title":"sp","text":"pc() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.parent","title":"parent","text":"sp() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.child","title":"child","text":"parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sal","title":"sal","text":"child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.__eq__","title":"__eq__","text":"sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread","title":"GDBThread","text":"__eq__(rhs: object) -> bool\nGDBThread(inner: InferiorThread)\nBases:
ThreadMethods:
-
bottom_frame\u2013 -
ptid\u2013 -
index\u2013
Attributes:
-
inner\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.bottom_frame","title":"bottom_frame","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.ptid","title":"ptid","text":"bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.index","title":"index","text":"ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap","title":"GDBMemoryMap","text":"index() -> int\nGDBMemoryMap(qemu: bool, pages: Sequence[Page])\nBases:
MemoryMapMethods:
-
is_qemu\u2013 -
ranges\u2013
Attributes:
-
qemu\u2013 -
pages\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.pages","title":"pagesqemu = qemu\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.is_qemu","title":"is_qemu","text":"pages = pages\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.ranges","title":"ranges","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter","title":"BreakpointAdapter","text":"ranges() -> Sequence[Page]\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
stop_handler(Callable[[], bool]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter.stop","title":"stop","text":"stop_handler: Callable[[], bool]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint","title":"GDBStopPoint","text":"stop() -> bool\nGDBStopPoint(inner: Breakpoint, proc: GDBProcess)\nBases:
StopPointMethods:
-
set_enabled\u2013 -
remove\u2013 -
__enter__\u2013 -
__exit__\u2013Automatic breakpoint removal.
Attributes:
-
inner(Breakpoint) \u2013 -
proc(GDBProcess) \u2013 -
inner_stop(Callable[[], bool] | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.proc","title":"procinner: Breakpoint = inner\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.inner_stop","title":"inner_stopproc: GDBProcess = proc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.set_enabled","title":"set_enabled","text":"inner_stop: Callable[[], bool] | None = None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.remove","title":"remove","text":"set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__enter__","title":"__enter__","text":"remove() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__exit__","title":"__exit__","text":"__enter__() -> StopPoint\n__exit__(exc_type, exc_value, traceback) -> None\nAutomatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess","title":"GDBProcess","text":"GDBProcess(inner: Inferior)\nBases:
ProcessMethods:
-
threads\u2013 -
pid\u2013 -
alive\u2013 -
stopped_with_signal\u2013 -
evaluate_expression\u2013 -
vmmap\u2013 -
read_memory\u2013 -
write_memory\u2013 -
find_in_memory\u2013 -
is_remote\u2013 -
send_remote\u2013 -
send_monitor\u2013 -
download_remote_file\u2013 -
create_value\u2013 -
symbol_name_at_address\u2013 -
lookup_symbol\u2013 -
types_with_name\u2013 -
arch\u2013 -
break_at\u2013 -
is_linux\u2013 -
disasm\u2013 -
module_section_locations\u2013 -
main_module_name\u2013 -
main_module_entry\u2013 -
is_dynamically_linked\u2013 -
dispatch_execution_controller\u2013
Attributes:
-
inner\u2013 -
in_bpwp_stop_handler(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.in_bpwp_stop_handler","title":"in_bpwp_stop_handlerinner = inner\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.threads","title":"threads","text":"in_bpwp_stop_handler: bool = False\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.pid","title":"pid","text":"threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.alive","title":"alive","text":"pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.evaluate_expression","title":"evaluate_expression","text":"stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.vmmap","title":"vmmap","text":"evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.read_memory","title":"read_memory","text":"vmmap() -> MemoryMap\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.write_memory","title":"write_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.find_in_memory","title":"find_in_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_remote","title":"is_remote","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_remote","title":"send_remote","text":"is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_monitor","title":"send_monitor","text":"send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.download_remote_file","title":"download_remote_file","text":"send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.create_value","title":"create_value","text":"download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.lookup_symbol","title":"lookup_symbol","text":"symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.types_with_name","title":"types_with_name","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.arch","title":"arch","text":"types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.break_at","title":"break_at","text":"arch() -> Arch\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_linux","title":"is_linux","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.disasm","title":"disasm","text":"is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.module_section_locations","title":"module_section_locations","text":"disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_name","title":"main_module_name","text":"module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_entry","title":"main_module_entry","text":"main_module_name() -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController","title":"GDBExecutionController","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\nBases:
ExecutionControllerMethods:
-
single_step\u2013 -
cont\u2013
async","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.cont","title":"contsingle_step()\nasync","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand","title":"GDBCommand","text":"cont(until: StopPoint)\nGDBCommand(\n debugger: GDB,\n name: str,\n handler: Callable[[Debugger, str, bool], None],\n doc: str | None,\n)\nBases:
CommandMethods:
-
invoke\u2013
Attributes:
-
debugger\u2013 -
handler\u2013 -
__doc__\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.handler","title":"handlerdebugger = debugger\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.__doc__","title":"__doc__handler = handler\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.invoke","title":"invoke","text":"__doc__ = doc\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle","title":"GDBCommandHandle","text":"invoke(args: str, from_tty: bool) -> None\nGDBCommandHandle(command: Command)\nBases:
CommandHandleMethods:
-
remove\u2013
Attributes:
-
command\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle.remove","title":"remove","text":"command = command\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType","title":"GDBType","text":"remove() -> None\nGDBType(inner: Type)\nBases:
TypeMethods:
-
__eq__\u2013 -
func_arguments\u2013 -
fields\u2013 -
has_field\u2013 -
array\u2013 -
pointer\u2013 -
strip_typedefs\u2013 -
target\u2013 -
keys\u2013 -
offsetof\u2013 -
enum_member\u2013Retrieve the integer value of an enum member.
Attributes:
-
CODE_MAPPING\u2013 -
inner\u2013 -
name_identifier(str | None) \u2013 -
name_to_human_readable(str) \u2013 -
sizeof(int) \u2013 -
alignof(int) \u2013 -
code(TypeCode) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.inner","title":"innerCODE_MAPPING = {\n TYPE_CODE_BOOL: BOOL,\n TYPE_CODE_INT: INT,\n TYPE_CODE_UNION: UNION,\n TYPE_CODE_STRUCT: STRUCT,\n TYPE_CODE_ENUM: ENUM,\n TYPE_CODE_TYPEDEF: TYPEDEF,\n TYPE_CODE_PTR: POINTER,\n TYPE_CODE_ARRAY: ARRAY,\n TYPE_CODE_FUNC: FUNC,\n TYPE_CODE_METHOD: FUNC,\n}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_identifier","title":"name_identifierinner = inner\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_to_human_readable","title":"name_to_human_readablename_identifier: str | None\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.sizeof","title":"sizeofname_to_human_readable: str\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.alignof","title":"alignofsizeof: int\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.code","title":"codealignof: int\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.__eq__","title":"__eq__","text":"code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.func_arguments","title":"func_arguments","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.fields","title":"fields","text":"func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.has_field","title":"has_field","text":"fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.array","title":"array","text":"has_field(name: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.pointer","title":"pointer","text":"array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.strip_typedefs","title":"strip_typedefs","text":"pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.target","title":"target","text":"strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.keys","title":"keys","text":"target() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.offsetof","title":"offsetof","text":"keys() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.enum_member","title":"enum_member","text":"offsetof(field_name: str) -> int | None\nenum_member(field_name: str) -> int | None\nRetrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue","title":"GDBValue","text":"GDBValue(inner: Value)\nBases:
ValueMethods:
-
dereference\u2013 -
string\u2013 -
value_to_human_readable\u2013 -
fetch_lazy\u2013 -
__int__\u2013 -
cast\u2013 -
__add__\u2013 -
__sub__\u2013 -
__getitem__\u2013
Attributes:
-
inner\u2013 -
address(Value | None) \u2013 -
is_optimized_out(bool) \u2013 -
type(Type) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.address","title":"addressinner = inner\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.is_optimized_out","title":"is_optimized_outaddress: Value | None\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.type","title":"typeis_optimized_out: bool\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.dereference","title":"dereference","text":"type: Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.string","title":"string","text":"dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.value_to_human_readable","title":"value_to_human_readable","text":"string() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.fetch_lazy","title":"fetch_lazy","text":"value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__int__","title":"__int__","text":"fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.cast","title":"cast","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__add__","title":"__add__","text":"cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__sub__","title":"__sub__","text":"__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__getitem__","title":"__getitem__","text":"__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB","title":"GDB","text":"__getitem__(key: str | int) -> Value\nBases:
DebuggerMethods:
-
setup\u2013 -
add_command\u2013 -
history\u2013 -
lex_args\u2013 -
selected_thread\u2013 -
selected_frame\u2013 -
commands\u2013 -
selected_inferior\u2013 -
is_gdblib_available\u2013 -
has_event_type\u2013 -
event_handler\u2013 -
suspend_events\u2013 -
resume_events\u2013 -
set_sysroot\u2013 -
supports_breakpoint_creation_during_stop_handler\u2013 -
breakpoint_locations\u2013 -
name\u2013 -
x86_disassembly_flavor\u2013 -
string_limit\u2013 -
addrsz\u2013 -
get_cmd_window_size\u2013Get the size of the command window.
-
set_python_diagnostics\u2013
Attributes:
-
pre_ctx_lines(int) \u2013
property","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.setup","title":"setup","text":"pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.add_command","title":"add_command","text":"setup()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.history","title":"history","text":"add_command(\n name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.lex_args","title":"lex_args","text":"history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_thread","title":"selected_thread","text":"lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_frame","title":"selected_frame","text":"selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.commands","title":"commands","text":"selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_inferior","title":"selected_inferior","text":"commands()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.is_gdblib_available","title":"is_gdblib_available","text":"selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.has_event_type","title":"has_event_type","text":"is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.event_handler","title":"event_handler","text":"has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.suspend_events","title":"suspend_events","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.resume_events","title":"resume_events","text":"suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_sysroot","title":"set_sysroot","text":"resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.breakpoint_locations","title":"breakpoint_locations","text":"supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.name","title":"name","text":"breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.string_limit","title":"string_limit","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.addrsz","title":"addrsz","text":"string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.get_cmd_window_size","title":"get_cmd_window_size","text":"addrsz(address: Any) -> str\nget_cmd_window_size() -> tuple[int | None, int | None]\nGet the size of the command window.
GDB keeps these parameters up to date with the actual window size of the command output. This is the full terminal size in CLI mode or the size of the cmd window in TUI mode.
When the window size is set to be unlimited (0), the parameter is None.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_python_diagnostics","title":"set_python_diagnostics","text":"
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.parse_and_eval","title":"parse_and_eval","text":"set_python_diagnostics(enabled: bool) -> None\nparse_and_eval(expression: str, global_context: bool) -> Value\nSame as
gdb.parse_and_eval, but only usesglobal_contextif it is supported by the current version of GDB.
"},{"location":"reference/pwndbg/dbg/gdb/debug_sym/","title":"pwndbg.dbg.gdb.debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/debug_sym/#pwndbg.dbg.gdb.debug_sym","title":"debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/","title":"pwndbg.dbg.gdb.symbol","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol","title":"symbol","text":"global_contextwas introduced in GDB 14.Looking up addresses for function names / symbols, and vice-versa.
Classes:
-
Domain\u2013
Functions:
-
resolve_addr\u2013Retrieve the name for the symbol located at
address -
lookup_symbol\u2013Get the address for
symbol -
lookup_frame_symbol\u2013Get the address for local
symbolfrom frame, in most time you don't need it
Attributes:
-
skipped_exceptions\u2013 -
DOMAIN_MAPPING\u2013 -
order_prefs\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.DOMAIN_MAPPING","title":"DOMAIN_MAPPINGskipped_exceptions = ('No frame selected', 'Cannot find thread-local')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.order_prefs","title":"order_prefsDOMAIN_MAPPING = {\n ANY: SYMBOL_VAR_DOMAIN,\n VARIABLE: SYMBOL_VAR_DOMAIN,\n FUNCTION: SYMBOL_FUNCTION_DOMAIN,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain","title":"Domain","text":"order_prefs = {\n True: (\n _global_static_symbol_to_address,\n _global_exported_symbol_to_address,\n ),\n False: (\n _global_exported_symbol_to_address,\n _global_static_symbol_to_address,\n ),\n}\nBases:
EnumMethods:
-
validate\u2013
Attributes:
-
ANY\u2013 -
VARIABLE\u2013 -
FUNCTION\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.VARIABLE","title":"VARIABLEANY = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.FUNCTION","title":"FUNCTIONVARIABLE = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.validate","title":"validate","text":"FUNCTION = 3\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.resolve_addr","title":"resolve_addr","text":"validate(sym: Symbol) -> bool\nresolve_addr(address: int) -> str\nRetrieve the name for the symbol located at
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_symbol","title":"lookup_symbol","text":"addressEmpty string if no symbollookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n domain: Domain = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\nGet the address for
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"symbollookup_frame_symbol(name: str, *, domain: Domain = ANY) -> Value | None\nGet the address for local
"},{"location":"reference/pwndbg/dbg/lldb/","title":"pwndbg.dbg.lldb","text":""},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb","title":"lldb","text":"symbolfrom frame, in most time you don't need itModules:
-
hooks\u2013Code that sets up hooks for LLDB events.
-
pset\u2013 -
repl\u2013The Pwndbg REPL that is the interface to all debugging on LLDB.
-
util\u2013
Classes:
-
LLDBArch\u2013 -
LLDBRegisters\u2013 -
LLDBFrame\u2013 -
LLDBThread\u2013 -
LLDBType\u2013 -
LLDBValue\u2013 -
LLDBMemoryMap\u2013 -
LLDBStopPoint\u2013 -
OneShotAwaitable\u2013Used as part of the logic for the execution controller. This is an Awaitable
-
YieldContinue\u2013Continues execution of the process until the breakpoint or watchpoint given
-
YieldSingleStep\u2013Moves execution of the process being debugged forward by one instruction.
-
LLDBExecutionController\u2013 -
LLDBProcess\u2013 -
LLDBCommand\u2013 -
LLDB\u2013
Functions:
-
rename_register\u2013Some register names differ between Pwndbg/GDB and LLDB. This function takes
-
map_type_code\u2013Determines the type code of a given LLDB SBType.
Attributes:
-
T\u2013 -
LLDB_VERSION(tuple[int, int]) \u2013 -
EXECUTION_CONTROLLER\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB_VERSION","title":"LLDB_VERSIONT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLERLLDB_VERSION: tuple[int, int] = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBArch","title":"LLDBArch","text":"EXECUTION_CONTROLLER = LLDBExecutionController()\nLLDBArch(\n name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n ptrsize: int,\n endian: Literal[\"little\", \"big\"],\n)\nBases:
ArchAttributes:
-
endian(Literal['little', 'big']) \u2013 -
name(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize(int) \u2013
property","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBArch.name","title":"nameendian: Literal['little', 'big']\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBArch.ptrsize","title":"ptrsizename: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters","title":"LLDBRegisters","text":"ptrsize: int\nLLDBRegisters(groups: SBValueList, proc: LLDBProcess)\nBases:
RegistersMethods:
-
by_name\u2013
Attributes:
-
groups(SBValueList) \u2013 -
proc(LLDBProcess) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.proc","title":"procgroups: SBValueList = groups\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.by_name","title":"by_name","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame","title":"LLDBFrame","text":"by_name(name: str) -> Value | None\nLLDBFrame(inner: SBFrame, proc: LLDBProcess)\nBases:
FrameMethods:
-
lookup_symbol\u2013 -
evaluate_expression\u2013 -
regs\u2013 -
reg_write\u2013 -
pc\u2013 -
sp\u2013 -
parent\u2013 -
child\u2013 -
sal\u2013 -
__eq__\u2013
Attributes:
-
inner(SBFrame) \u2013 -
proc(LLDBProcess) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.proc","title":"procinner: SBFrame = inner\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.lookup_symbol","title":"lookup_symbol","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.evaluate_expression","title":"evaluate_expression","text":"lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.regs","title":"regs","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.reg_write","title":"reg_write","text":"regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.pc","title":"pc","text":"reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sp","title":"sp","text":"pc() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.parent","title":"parent","text":"sp() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.child","title":"child","text":"parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sal","title":"sal","text":"child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.__eq__","title":"__eq__","text":"sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread","title":"LLDBThread","text":"__eq__(rhs: object) -> bool\nLLDBThread(inner: SBThread, proc: LLDBProcess)\nBases:
ThreadMethods:
-
bottom_frame\u2013 -
ptid\u2013 -
index\u2013
Attributes:
-
inner(SBThread) \u2013 -
proc(LLDBProcess) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.proc","title":"procinner: SBThread = inner\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.bottom_frame","title":"bottom_frame","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.ptid","title":"ptid","text":"bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.index","title":"index","text":"ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType","title":"LLDBType","text":"index() -> int\nLLDBType(inner: SBType)\nBases:
TypeMethods:
-
__eq__\u2013 -
func_arguments\u2013 -
fields\u2013 -
array\u2013 -
pointer\u2013 -
strip_typedefs\u2013 -
target\u2013 -
has_field\u2013Whether this type has a field with the given name.
-
keys\u2013Returns a list containing all the field names of this type.
-
enum_member\u2013Retrieve the integer value of an enum member.
-
offsetof\u2013Calculate the byte offset of a field within a struct or union.
Attributes:
-
inner(SBType) \u2013 -
name_identifier(str | None) \u2013 -
name_to_human_readable(str) \u2013 -
sizeof(int) \u2013 -
alignof(int) \u2013 -
code(TypeCode) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_identifier","title":"name_identifierinner: SBType = inner\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_to_human_readable","title":"name_to_human_readablename_identifier: str | None\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.sizeof","title":"sizeofname_to_human_readable: str\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.alignof","title":"alignofsizeof: int\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.code","title":"codealignof: int\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.__eq__","title":"__eq__","text":"code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.func_arguments","title":"func_arguments","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.fields","title":"fields","text":"func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.array","title":"array","text":"fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.pointer","title":"pointer","text":"array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.strip_typedefs","title":"strip_typedefs","text":"pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.target","title":"target","text":"strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.has_field","title":"has_field","text":"target() -> Type\nhas_field(name: str) -> bool\nWhether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.keys","title":"keys","text":"keys() -> list[str]\nReturns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.enum_member","title":"enum_member","text":"enum_member(field_name: str) -> int | None\nRetrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.offsetof","title":"offsetof","text":"offsetof(field_name: str) -> int | None\nCalculate the byte offset of a field within a struct or union.
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue","title":"LLDBValue","text":"LLDBValue(inner: SBValue, proc: LLDBProcess)\nBases:
ValueMethods:
-
dereference\u2013 -
string\u2013 -
value_to_human_readable\u2013 -
fetch_lazy\u2013 -
__int__\u2013 -
cast\u2013 -
__add__\u2013 -
__sub__\u2013 -
__getitem__\u2013
Attributes:
-
proc\u2013 -
inner\u2013 -
address(Value | None) \u2013 -
is_optimized_out(bool) \u2013 -
type(Type) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.inner","title":"innerproc = proc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.address","title":"addressinner = inner\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.is_optimized_out","title":"is_optimized_outaddress: Value | None\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.type","title":"typeis_optimized_out: bool\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.dereference","title":"dereference","text":"type: Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.string","title":"string","text":"dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.value_to_human_readable","title":"value_to_human_readable","text":"string() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.fetch_lazy","title":"fetch_lazy","text":"value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__int__","title":"__int__","text":"fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.cast","title":"cast","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__add__","title":"__add__","text":"cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__sub__","title":"__sub__","text":"__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__getitem__","title":"__getitem__","text":"__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap","title":"LLDBMemoryMap","text":"__getitem__(key: str | int) -> Value\nLLDBMemoryMap(pages: list[Page])\nBases:
MemoryMapMethods:
-
is_qemu\u2013 -
ranges\u2013
Attributes:
-
pages\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.is_qemu","title":"is_qemu","text":"pages = pages\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.ranges","title":"ranges","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint","title":"LLDBStopPoint","text":"ranges() -> list[Page]\nLLDBStopPoint(\n inner: SBBreakpoint | SBWatchpoint,\n proc: LLDBProcess,\n stop_handler_name: str | None,\n)\nBases:
StopPointMethods:
-
remove\u2013 -
set_enabled\u2013 -
__enter__\u2013 -
__exit__\u2013Automatic breakpoint removal.
Attributes:
-
inner(SBBreakpoint | SBWatchpoint) \u2013 -
proc(LLDBProcess) \u2013 -
stop_handler_name(str | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.proc","title":"procinner: SBBreakpoint | SBWatchpoint = inner\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.stop_handler_name","title":"stop_handler_nameproc: LLDBProcess = proc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.remove","title":"remove","text":"stop_handler_name: str | None = stop_handler_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.set_enabled","title":"set_enabled","text":"remove() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__enter__","title":"__enter__","text":"set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__exit__","title":"__exit__","text":"__enter__() -> StopPoint\n__exit__(exc_type, exc_value, traceback) -> None\nAutomatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable","title":"OneShotAwaitable","text":"OneShotAwaitable(value: Any)\nUsed as part of the logic for the execution controller. This is an Awaitable object that yields the value passed to its constructor exactly once.
Methods:
-
__await__\u2013
Attributes:
-
value\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable.__await__","title":"__await__","text":"value = value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue","title":"YieldContinue","text":"__await__() -> Generator[Any, Any, Any]\nYieldContinue(target: LLDBStopPoint)\nContinues execution of the process until the breakpoint or watchpoint given in the constructor is hit or the operation is cancelled.
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
Attributes:
-
target(LLDBStopPoint) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldSingleStep","title":"YieldSingleStep","text":"target: LLDBStopPoint = target\nMoves execution of the process being debugged forward by one instruction.
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController","title":"LLDBExecutionController","text":"Bases:
ExecutionControllerMethods:
-
single_step\u2013 -
cont\u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.cont","title":"cont","text":"single_step() -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess","title":"LLDBProcess","text":"cont(target: StopPoint) -> Awaitable[None]\nLLDBProcess(\n dbg: LLDB, process: SBProcess, target: SBTarget, is_gdb_remote: bool\n)\nBases:
ProcessMethods:
-
threads\u2013 -
pid\u2013 -
alive\u2013 -
stopped_with_signal\u2013 -
evaluate_expression\u2013 -
get_known_pages\u2013 -
vmmap\u2013 -
find_largest_range_len\u2013Finds the largest memory range given a minimum and a maximum value
-
read_memory\u2013 -
write_memory\u2013 -
find_in_memory\u2013 -
is_remote\u2013 -
send_remote\u2013 -
send_monitor\u2013 -
download_remote_file\u2013 -
create_value\u2013 -
symbol_name_at_address\u2013 -
lookup_symbol\u2013 -
types_with_name\u2013 -
arch\u2013 -
break_at\u2013 -
disasm\u2013 -
is_linux\u2013 -
module_section_locations\u2013 -
main_module_name\u2013 -
main_module_entry\u2013 -
is_dynamically_linked\u2013 -
dispatch_execution_controller\u2013
Attributes:
-
dbg\u2013 -
process\u2013 -
target\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.process","title":"processdbg = dbg\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.target","title":"targetprocess = process\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.threads","title":"threads","text":"target = target\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.pid","title":"pid","text":"threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.alive","title":"alive","text":"pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.evaluate_expression","title":"evaluate_expression","text":"stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.get_known_pages","title":"get_known_pages","text":"evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.vmmap","title":"vmmap","text":"get_known_pages() -> list[Page]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_largest_range_len","title":"find_largest_range_len","text":"vmmap() -> MemoryMap\nfind_largest_range_len(\n min_search: int, max_search: int, test: Callable[[int], bool]\n) -> int\nFinds the largest memory range given a minimum and a maximum value for the size of the rage. This is a binary search, so it should do on the order of log2(max_search - min_search) attempts before it arrives at an answer.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.read_memory","title":"read_memory","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.write_memory","title":"write_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_in_memory","title":"find_in_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_remote","title":"is_remote","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_remote","title":"send_remote","text":"is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_monitor","title":"send_monitor","text":"send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.download_remote_file","title":"download_remote_file","text":"send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.create_value","title":"create_value","text":"download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.lookup_symbol","title":"lookup_symbol","text":"symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.types_with_name","title":"types_with_name","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.arch","title":"arch","text":"types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.break_at","title":"break_at","text":"arch() -> Arch\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.disasm","title":"disasm","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_linux","title":"is_linux","text":"disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.module_section_locations","title":"module_section_locations","text":"is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_name","title":"main_module_name","text":"module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_entry","title":"main_module_entry","text":"main_module_name() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand","title":"LLDBCommand","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\nLLDBCommand(handler_name: str, command_name: str)\nBases:
CommandHandleMethods:
-
remove\u2013Removes this command from the command palette of the debugger.
Attributes:
-
handler_name\u2013 -
command_name\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.command_name","title":"command_namehandler_name = handler_name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.remove","title":"remove","text":"command_name = command_name\nremove() -> None\nRemoves this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB","title":"LLDB","text":"Bases:
DebuggerMethods:
-
setup\u2013 -
add_command\u2013 -
history\u2013 -
commands\u2013 -
lex_args\u2013 -
selected_inferior\u2013 -
selected_thread\u2013 -
selected_frame\u2013 -
has_event_type\u2013 -
event_handler\u2013 -
suspend_events\u2013 -
resume_events\u2013 -
set_sysroot\u2013 -
supports_breakpoint_creation_during_stop_handler\u2013 -
breakpoint_locations\u2013 -
name\u2013 -
x86_disassembly_flavor\u2013 -
string_limit\u2013 -
get_cmd_window_size\u2013 -
is_gdblib_available\u2013 -
addrsz\u2013 -
set_python_diagnostics\u2013
Attributes:
-
exec_states(list[SBExecutionState]) \u2013 -
event_handlers(dict[EventType, list[Callable[..., T]]]) \u2013 -
suspended_events(dict[EventType, bool]) \u2013 -
prompt_hook(Callable[[], None]) \u2013 -
controllers(list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]) \u2013 -
pre_ctx_lines(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handlers","title":"event_handlersexec_states: list[SBExecutionState]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspended_events","title":"suspended_eventsevent_handlers: dict[EventType, list[Callable[..., T]]]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.prompt_hook","title":"prompt_hooksuspended_events: dict[EventType, bool]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.controllers","title":"controllersprompt_hook: Callable[[], None]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.pre_ctx_lines","title":"pre_ctx_linescontrollers: list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]\nproperty","text":"
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.setup","title":"setup","text":"pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.add_command","title":"add_command","text":"setup(*args, **kwargs)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.history","title":"history","text":"add_command(\n command_name: str,\n handler: Callable[[Debugger, str, bool], None],\n doc: str | None,\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.commands","title":"commands","text":"history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.lex_args","title":"lex_args","text":"commands() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_inferior","title":"selected_inferior","text":"lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_thread","title":"selected_thread","text":"selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_frame","title":"selected_frame","text":"selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.has_event_type","title":"has_event_type","text":"selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handler","title":"event_handler","text":"has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspend_events","title":"suspend_events","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.resume_events","title":"resume_events","text":"suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_sysroot","title":"set_sysroot","text":"resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.breakpoint_locations","title":"breakpoint_locations","text":"supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.name","title":"name","text":"breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.string_limit","title":"string_limit","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.get_cmd_window_size","title":"get_cmd_window_size","text":"string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.is_gdblib_available","title":"is_gdblib_available","text":"get_cmd_window_size() -> tuple[int, int]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.addrsz","title":"addrsz","text":"is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_python_diagnostics","title":"set_python_diagnostics","text":"addrsz(address: Any) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.rename_register","title":"rename_register","text":"set_python_diagnostics(enabled: bool) -> None\nrename_register(name: str, proc: LLDBProcess) -> str\nSome register names differ between Pwndbg/GDB and LLDB. This function takes in a register name in the Pwndbg/GDB convention and returns the equivalent LLDB name for the register.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.map_type_code","title":"map_type_code","text":"map_type_code(type: SBType) -> TypeCode\nDetermines the type code of a given LLDB SBType.
"},{"location":"reference/pwndbg/dbg/lldb/hooks/","title":"pwndbg.dbg.lldb.hooks","text":""},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks","title":"hooks","text":"Code that sets up hooks for LLDB events.
Functions:
-
update_typeinfo\u2013 -
reset_config\u2013 -
on_start\u2013 -
on_stop\u2013 -
on_exit\u2013 -
renew_show_context\u2013 -
prompt_hook\u2013
Attributes:
-
should_show_context\u2013 -
dbg(LLDB) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.dbg","title":"dbgshould_show_context = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.update_typeinfo","title":"update_typeinfo","text":"dbg: LLDB = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.reset_config","title":"reset_config","text":"update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_start","title":"on_start","text":"reset_config() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_stop","title":"on_stop","text":"on_start() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_exit","title":"on_exit","text":"on_stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.renew_show_context","title":"renew_show_context","text":"on_exit() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.prompt_hook","title":"prompt_hook","text":"renew_show_context()\n
"},{"location":"reference/pwndbg/dbg/lldb/pset/","title":"pwndbg.dbg.lldb.pset","text":""},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset","title":"pset","text":"prompt_hook()\nClasses:
-
InvalidParse\u2013
Functions:
-
pset\u2013Parses and sets a Pwndbg configuration value.
-
parse_value\u2013
Bases:
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.pset","title":"pset","text":"Exceptionpset(name: str, value: str) -> bool\nParses and sets a Pwndbg configuration value.
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.parse_value","title":"parse_value","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/","title":"pwndbg.dbg.lldb.repl","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl","title":"repl","text":"parse_value(param: Parameter, expression: str) -> Any\nThe Pwndbg REPL that is the interface to all debugging on LLDB.
Pwndbg has an event system that allows it to react to events in the process being debugged, such as when new executable modules get added to the its address space, when the value of memory and registers change, and pretty much all possible changes to its execution state. We'd like to have the event system work the same way under LLDB as it does under GDB.
Fortunately for us, the events types that are native to LLDB map really well to the event types in GDB and Pwndbg. Very, very unfortunately for us, however, that's basically where our luck ends.
LLDB, as of version 18, only provides two ways to capture events: registering directly with the broadcaster, or registering globally. The former is not available to us in the standard LLDB REPL, as we don't get access to the process object until after it's been launched1. Likewise for the latter, as the interactive debugger will register to receive the global process state change events before everyone else, and LLDB doesn't allow for multiple listeners for the same event bits in the same event class2.
This leaves us with handling process management ourselves as the only option we really have to implement event dispatch in Pwndbg. Easy, right? We can just hijack the commands that deal with target and process creation, and leave everything else untouched. Unfortunately for us, again, shadowing builtin commands is simply not allowed3.
So, really, all that's left for us is either implement our own REPL, or get rid of the event system.
Modules:
-
io\u2013For our REPL, we need to drive our own I/O with the process being debugged. This
-
proc\u2013 -
readline\u2013Readline interface for the Pwndbg LLDB REPL.
Classes:
-
EventRelay\u2013The event system that is sensible for the REPL process driver to use isn't
-
YieldExecDirect\u2013Execute the given command directly, on behalf of the user.
-
YieldInteractive\u2013Prompt the user for the next command.
-
PwndbgController\u2013Class providing interfaces for a client to control the behavior of Pwndbg
Functions:
-
lex_args\u2013Splits the arguments, respecting quotation marks.
-
show_greeting\u2013Show the Pwndbg greeting, the same way the GDB version of Pwndbg would. This
-
run\u2013Runs the Pwndbg CLI through the given asynchronous controller.
-
exec_repl_command\u2013Parses and runs the given command, returning whether the event loop should continue.
-
parse\u2013Parses a list of string arguments into an object containing the parsed
-
run_ipython_shell\u2013 -
target_create\u2013Creates a new target, registers it with the Pwndbg LLDB implementation, and
-
process_launch\u2013Launches a process with the given arguments.
-
process_attach\u2013Attaches to a process with the given arguments.
-
attach\u2013Attaches to a process with the given name or pid based on regex match.
-
process_connect\u2013Connects to the given remote process.
-
gdb_remote\u2013Like
process_connect, but more lenient with the remote URL format. -
continue_process\u2013Continues the execution of a process.
Attributes:
-
show_tip\u2013 -
LLDB_EXCLUSIVE\u2013 -
target_create_ap\u2013 -
target_create_unsupported\u2013 -
process_launch_ap\u2013 -
process_launch_unsupported\u2013 -
process_attach_ap\u2013 -
process_attach_unsupported\u2013 -
process_connect_ap\u2013 -
gdb_remote_ap\u2013 -
continue_ap\u2013 -
continue_unsupported\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.LLDB_EXCLUSIVE","title":"LLDB_EXCLUSIVEshow_tip = add_param(\n \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_ap","title":"target_create_apLLDB_EXCLUSIVE = [\n (\"script\", lambda cmd: startswith(\"sc\") and startswith(cmd)),\n (\"expression\", lambda cmd: startswith(\"e\") and startswith(cmd)),\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_unsupported","title":"target_create_unsupportedtarget_create_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_ap","title":"process_launch_aptarget_create_unsupported = [\n \"build\",\n \"core\",\n \"no-dependents\",\n \"remote-file\",\n \"symfile\",\n \"version\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_unsupported","title":"process_launch_unsupportedprocess_launch_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_ap","title":"process_attach_approcess_launch_unsupported = [\n \"disable-aslr\",\n \"script-class\",\n \"environment\",\n \"plugin\",\n \"shell-expand-args\",\n \"arch\",\n \"shell\",\n \"stderr\",\n \"stdin\",\n \"structured-data-key\",\n \"no-stdio\",\n \"stdout\",\n \"tty\",\n \"structured-data-value\",\n \"working-dir\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_unsupported","title":"process_attach_unsupportedprocess_attach_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect_ap","title":"process_connect_approcess_attach_unsupported = [\n \"python-class\",\n \"plugin\",\n \"structured-data-key\",\n \"structured-data-value\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote_ap","title":"gdb_remote_approcess_connect_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_ap","title":"continue_apgdb_remote_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_unsupported","title":"continue_unsupportedcontinue_ap = ArgumentParser(add_help=False)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay","title":"EventRelay","text":"continue_unsupported = ['ignore-count']\nEventRelay(dbg: LLDB)\nBases:
EventHandlerThe event system that is sensible for the REPL process driver to use isn't an exact match with the one used by the rest of Pwndbg. They're close, but there's a bit of work we have to do to properly convey certain events.
Methods:
-
created\u2013 -
suspended\u2013 -
resumed\u2013 -
exited\u2013 -
modules_loaded\u2013
Attributes:
-
dbg\u2013 -
ignore_resumed\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.ignore_resumed","title":"ignore_resumeddbg = dbg\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.created","title":"created","text":"ignore_resumed = 0\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.suspended","title":"suspended","text":"created()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.resumed","title":"resumed","text":"suspended()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.exited","title":"exited","text":"resumed()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.modules_loaded","title":"modules_loaded","text":"exited()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldExecDirect","title":"YieldExecDirect","text":"modules_loaded()\nYieldExecDirect(command: str, capture: bool, prompt_silent: bool)\nExecute the given command directly, on behalf of the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldInteractive","title":"YieldInteractive","text":"Prompt the user for the next command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController","title":"PwndbgController","text":"Class providing interfaces for a client to control the behavior of Pwndbg asynchronously.
Methods:
-
interactive\u2013Runs a single interactive round, in which the user is prompted for a
-
execute\u2013Runs the given command, and displays its output to the user.
-
execute_and_capture\u2013Runs the given command, and captures its output as a byte string.
interactive() -> Awaitable[None]\nRuns a single interactive round, in which the user is prompted for a command from standard input and
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute","title":"execute","text":"readline, and whatever command they type in is executed.execute(command: str) -> Awaitable[None]\nRuns the given command, and displays its output to the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute--interactivity","title":"Interactivity","text":"Some commands - such as
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture","title":"execute_and_capture","text":"lldbandipi- start interactive prompts when they are run, and issuing them through this command will not change that behavior.execute_and_capture(command: str) -> Awaitable[bytes]\nRuns the given command, and captures its output as a byte string.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--interactivity","title":"Interactivity","text":"Same caveats apply as in
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--reliabily-of-capture","title":"Reliabily of Capture","text":"execute.Some Pwndbg commands currently do not have their outputs captured, even when run through this command. It is expected that this will be improved in the future, but, as as general rule, clients should not rely on the output of the command being available.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.lex_args","title":"lex_args","text":"lex_args(args: str) -> list[str]\nSplits the arguments, respecting quotation marks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.show_greeting","title":"show_greeting","text":"show_greeting() -> None\nShow the Pwndbg greeting, the same way the GDB version of Pwndbg would. This one is considerably simpler than the GDB version, however, as we control the lifetime of the program, we know exactly when the greeting needs to be shown, so we don't bother with any of the lifetime checks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run","title":"run","text":"run(\n controller: Callable[[PwndbgController], Coroutine[Any, Any, None]],\n debug: bool = False,\n) -> None\nRuns the Pwndbg CLI through the given asynchronous controller.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.exec_repl_command","title":"exec_repl_command","text":"exec_repl_command(\n line: str,\n lldb_out_target: BinaryIO,\n dbg: LLDB,\n driver: ProcessDriver,\n relay: EventRelay,\n) -> bool\nParses and runs the given command, returning whether the event loop should continue.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.parse","title":"parse","text":"parse(\n args: list[str], parser: ArgumentParser, unsupported: list[str]\n) -> Any | None\nParses a list of string arguments into an object containing the parsed data.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run_ipython_shell","title":"run_ipython_shell","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create","title":"target_create","text":"run_ipython_shell()\ntarget_create(args: list[str], dbg: LLDB) -> None\nCreates a new target, registers it with the Pwndbg LLDB implementation, and sets up listeners for it.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch","title":"process_launch","text":"process_launch(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\nLaunches a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach","title":"process_attach","text":"process_attach(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\nAttaches to a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.attach","title":"attach","text":"attach(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\nAttaches to a process with the given name or pid based on regex match. Used for
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect","title":"process_connect","text":"_regexp-attach <pid|name>(alias forattach <pid|name>) Note: for some reason,attachdoes not really take a regex for process name.process_connect(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\nConnects to the given remote process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote","title":"gdb_remote","text":"gdb_remote(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\nLike
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_process","title":"continue_process","text":"process_connect, but more lenient with the remote URL format.continue_process(driver: ProcessDriver, args: list[str], dbg: LLDB) -> None\nContinues the execution of a process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/","title":"pwndbg.dbg.lldb.repl.io","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io","title":"io","text":"For our REPL, we need to drive our own I/O with the process being debugged. This module contains all the strategies we have for doing that.
Classes:
-
OpportunisticTerminalControl\u2013Handles optional terminal control for a given file descriptor. Crucially,
-
IODriver\u2013 -
IODriverPlainText\u2013Plaintext-based I/O driver. It simply copies input from our standard input
-
IODriverPseudoTerminal\u2013pty-based I/O driver. Forwards input from standard input and has support for
Functions:
-
get_io_driver\u2013Instances a new IODriver using the best strategy available in the current
-
make_pty\u2013We need to make a pseudo-terminal ourselves if we want the process to handle
Attributes:
-
TERM_CONTROL_AVAILABLE\u2013 -
SELECT_AVAILABLE\u2013 -
PTY_AVAILABLE\u2013 -
TC_LFLAG\u2013 -
LIVE_PSEUDO_TERMINAL_OBJECTS\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.SELECT_AVAILABLE","title":"SELECT_AVAILABLETERM_CONTROL_AVAILABLE = True\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.PTY_AVAILABLE","title":"PTY_AVAILABLESELECT_AVAILABLE = True\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.TC_LFLAG","title":"TC_LFLAGPTY_AVAILABLE = True\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.LIVE_PSEUDO_TERMINAL_OBJECTS","title":"LIVE_PSEUDO_TERMINAL_OBJECTSTC_LFLAG = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl","title":"OpportunisticTerminalControl","text":"LIVE_PSEUDO_TERMINAL_OBJECTS = False\nOpportunisticTerminalControl(fd: int = -1)\nHandles optional terminal control for a given file descriptor. Crucially, all the functions in this class should work regardless of whether terminal control is actually supported on not, but should do nothing in case it is not supported.
'/dev/tty', and use that.
Methods:
-
get_line_buffering\u2013Gets the current state of line buffering for this terminal.
-
set_line_buffering\u2013Enables or disables line buffering for this terminal.
-
get_echo\u2013Gets the current state of echoing for this terminal.
-
set_echo\u2013Enables or disables echoing for this terminal.
Attributes:
-
fd(int) \u2013 -
supported(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.supported","title":"supportedfd: int = fd\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_line_buffering","title":"get_line_buffering","text":"supported: bool = True\nget_line_buffering() -> bool\nGets the current state of line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_line_buffering","title":"set_line_buffering","text":"set_line_buffering(enabled: bool) -> None\nEnables or disables line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_echo","title":"get_echo","text":"get_echo() -> bool\nGets the current state of echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_echo","title":"set_echo","text":"set_echo(enabled: bool) -> None\nEnables or disables echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver","title":"IODriver","text":"Methods:
-
stdio\u2013The names for the stdin, stdout and stderr files, respectively. These
-
start\u2013Starts the handling of I/O by this driver on the given process.
-
stop\u2013Stops the handling of I/O by this driver.
-
on_output_event\u2013Hints that there might be data in either the standard output or the
-
on_process_start\u2013Allow the I/O driver an opportunity to change aspects of the process
stdio() -> tuple[str | None, str | None, str | None]\nThe names for the stdin, stdout and stderr files, respectively. These will get passed as arguments to
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.start","title":"start","text":"SBTarget.Launchstart(process: Process) -> None\nStarts the handling of I/O by this driver on the given process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.stop","title":"stop","text":"stop() -> None\nStops the handling of I/O by this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_output_event","title":"on_output_event","text":"on_output_event() -> None\nHints that there might be data in either the standard output or the standard error streams. This should be called when an
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_process_start","title":"on_process_start","text":"eBroadcastBitSTDOUToreBroadcastBitSTDERRis encountered by the event loop.on_process_start(proc: SBProcess) -> None\nAllow the I/O driver an opportunity to change aspects of the process after it has been launched, but before it has started executing, if it so wishes.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText","title":"IODriverPlainText","text":"IODriverPlainText()\nBases:
IODriverPlaintext-based I/O driver. It simply copies input from our standard input to the standard input of a given process, and copies output from the standard output of a given process to out standard output.
Methods:
-
stdio\u2013 -
on_output_event\u2013 -
on_process_start\u2013 -
start\u2013 -
stop\u2013
Attributes:
-
in_thr(Thread) \u2013 -
out_thr(Thread) \u2013 -
likely_output(BoundedSemaphore) \u2013 -
process(SBProcess) \u2013 -
stop_requested(Event) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.out_thr","title":"out_thrin_thr: Thread\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.likely_output","title":"likely_outputout_thr: Thread\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.process","title":"processlikely_output: BoundedSemaphore = BoundedSemaphore(1)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop_requested","title":"stop_requestedprocess: SBProcess = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stdio","title":"stdio","text":"stop_requested: Event = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_output_event","title":"on_output_event","text":"stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_process_start","title":"on_process_start","text":"on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.start","title":"start","text":"on_process_start(proc: SBProcess) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop","title":"stop","text":"start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal","title":"IODriverPseudoTerminal","text":"stop() -> None\nIODriverPseudoTerminal(manager: int, worker: str)\nBases:
IODriverpty-based I/O driver. Forwards input from standard input and has support for terminal width and height, and for terminal-based file operations on the program being debugged.
Methods:
-
stdio\u2013 -
start\u2013 -
stop\u2013 -
on_output_event\u2013 -
on_process_start\u2013
Attributes:
-
io_thread(Thread) \u2013 -
has_terminal_control(bool) \u2013 -
manager(int) \u2013 -
worker(str) \u2013 -
termcontrol(OpportunisticTerminalControl) \u2013 -
stop_requested(Event) \u2013 -
input_buffer(bytes) \u2013 -
process(SBProcess) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.has_terminal_control","title":"has_terminal_controlio_thread: Thread\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.manager","title":"managerhas_terminal_control: bool\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.worker","title":"workermanager: int = manager\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.termcontrol","title":"termcontrolworker: str = worker\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop_requested","title":"stop_requestedtermcontrol: OpportunisticTerminalControl = OpportunisticTerminalControl()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.input_buffer","title":"input_bufferstop_requested: Event = Event()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.process","title":"processinput_buffer: bytes = b''\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stdio","title":"stdio","text":"process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.start","title":"start","text":"stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop","title":"stop","text":"start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_output_event","title":"on_output_event","text":"stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_process_start","title":"on_process_start","text":"on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.get_io_driver","title":"get_io_driver","text":"on_process_start(proc: SBProcess) -> None\nget_io_driver() -> IODriver\nInstances a new IODriver using the best strategy available in the current system. Meaning a PTY on Unix and plain text on Windows.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.make_pty","title":"make_pty","text":"make_pty() -> tuple[str, int] | None\nWe need to make a pseudo-terminal ourselves if we want the process to handle naturally for the user. Returns a tuple with the path of the worker device and the file descriptor of the manager device if successful.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/","title":"pwndbg.dbg.lldb.repl.proc","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc","title":"proc","text":"Classes:
-
EventHandler\u2013The event types that make sense for us to track in the process driver aren't
-
ProcessDriver\u2013Drives the execution of a process, responding to its events and handling its
The event types that make sense for us to track in the process driver aren't the same as the ones in the rest of Pwndbg, so we just expose the native events in process driver, and let the rest of the REPL deal with any complexities that might arise from the translation.
This is mostly intended to keep the complexity of generating the START and NEW_THREAD events correctly out of the process driver.
Methods:
-
created\u2013This function is called when a process is created or attached to.
-
suspended\u2013This function is called when the execution of a process is suspended.
-
resumed\u2013This function is called when the execution of a process is resumed.
-
exited\u2013This function is called when a process terminates or is detached from.
-
modules_loaded\u2013This function is called when a new modules have been loaded.
created()\nThis function is called when a process is created or attached to.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.suspended","title":"suspended","text":"suspended()\nThis function is called when the execution of a process is suspended.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.resumed","title":"resumed","text":"resumed()\nThis function is called when the execution of a process is resumed.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.exited","title":"exited","text":"exited()\nThis function is called when a process terminates or is detached from.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.modules_loaded","title":"modules_loaded","text":"modules_loaded()\nThis function is called when a new modules have been loaded.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver","title":"ProcessDriver","text":"ProcessDriver(event_handler: EventHandler, debug=False)\nDrives the execution of a process, responding to its events and handling its I/O, and exposes a simple synchronous interface to the REPL interface.
Methods:
-
has_process\u2013Whether there's an active process in this driver.
-
has_connection\u2013Whether this driver's connected to a target. All drivers that have an
-
cancel\u2013Request that a currently ongoing operation be cancelled.
-
interrupt\u2013Interrupts the currently running process.
-
cont\u2013Continues execution of the process this object is driving, and returns
-
run_lldb_command\u2013Runs the given LLDB command and ataches I/O if necessary.
-
run_coroutine\u2013Runs the given coroutine and allows it to control the execution of the
-
launch\u2013Launches the process and handles startup events. Always stops on first
-
attach\u2013Attach to a process and handles startup events. Always stops on first
-
connect\u2013Connects to a remote proces with the given URL using the plugin with the
Attributes:
-
io(IODriver) \u2013 -
process(SBProcess) \u2013 -
listener(SBListener) \u2013 -
debug(bool) \u2013 -
eh(EventHandler) \u2013 -
cancellation_requested(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.process","title":"processio: IODriver = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.listener","title":"listenerprocess: SBProcess = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.debug","title":"debuglistener: SBListener = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.eh","title":"ehdebug: bool = debug\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cancellation_requested","title":"cancellation_requestedeh: EventHandler = event_handler\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_process","title":"has_process","text":"cancellation_requested: bool = False\nhas_process() -> bool\nWhether there's an active process in this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_connection","title":"has_connection","text":"has_connection() -> bool\nWhether this driver's connected to a target. All drivers that have an active process also must necessarily be connected.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cancel","title":"cancel","text":"cancel() -> None\nRequest that a currently ongoing operation be cancelled.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.interrupt","title":"interrupt","text":"interrupt() -> None\nInterrupts the currently running process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cont","title":"cont","text":"cont() -> None\nContinues execution of the process this object is driving, and returns whenever the process stops.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_lldb_command","title":"run_lldb_command","text":"run_lldb_command(command: str, target: BinaryIO) -> None\nRuns the given LLDB command and ataches I/O if necessary.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_coroutine","title":"run_coroutine","text":"run_coroutine(coroutine: Coroutine[Any, Any, None]) -> bool\nRuns the given coroutine and allows it to control the execution of the process in this driver. Returns
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.launch","title":"launch","text":"Trueif the coroutine ran to completion, andFalseif it was cancelled.launch(\n target: SBTarget,\n io: IODriver,\n env: list[str],\n args: list[str],\n working_dir: str,\n) -> SBError\nLaunches the process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.attach","title":"attach","text":"attach(target: SBTarget, io: IODriver, info: SBAttachInfo) -> SBError\nAttach to a process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.connect","title":"connect","text":"connect(target: SBTarget, io: IODriver, url: str, plugin: str) -> SBError\nConnects to a remote proces with the given URL using the plugin with the given name. This might cause the process to launch in some implementations, or it might require a call to
launch(), in implementations that require a further call toSBProcess::RemoteLaunch().Fires the created() event if a process is automatically attached to or launched when a connection succeeds.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/","title":"pwndbg.dbg.lldb.repl.readline","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline","title":"readline","text":"Readline interface for the Pwndbg LLDB REPL.
Mostly concerns itself with argument completion.
Functions:
-
complete\u2013Runs the tab autocompletion function for readline based on the values
-
display_completions\u2013Display the completions found by
completein the style of LLDB. -
wrap_with_history\u2013 -
ctx_with_history\u2013 -
enable_readline\u2013Enables the readline functionality.
-
disable_readline\u2013Disables the readline functionality.
Attributes:
-
P\u2013 -
T\u2013 -
PROMPT\u2013 -
HISTORY_FILE\u2013 -
complete_values\u2013 -
complete_descrs\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.PROMPT","title":"PROMPTT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.HISTORY_FILE","title":"HISTORY_FILEPROMPT = readline_escape(prompt, 'pwndbg-lldb> ')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_values","title":"complete_valuesHISTORY_FILE = expanduser('~/.pwndbg_history')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_descrs","title":"complete_descrscomplete_values = SBStringList()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete","title":"complete","text":"complete_descrs = SBStringList()\ncomplete(dbg: LLDB, text: str, state: int) -> str | None\nRuns the tab autocompletion function for readline based on the values returned by
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.display_completions","title":"display_completions","text":"SBCommandInterpreter.HandleCompletion.display_completions(substitutions, matches, longest_match_len)\nDisplay the completions found by
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.wrap_with_history","title":"wrap_with_history","text":"completein the style of LLDB.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.ctx_with_history","title":"ctx_with_history","text":"wrap_with_history(function: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.enable_readline","title":"enable_readline","text":"ctx_with_history()\nenable_readline(dbg: LLDB)\nEnables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.disable_readline","title":"disable_readline","text":"disable_readline()\nDisables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/util/","title":"pwndbg.dbg.lldb.util","text":""},{"location":"reference/pwndbg/dbg/lldb/util/#pwndbg.dbg.lldb.util","title":"util","text":"Functions:
-
system_decode\u2013LLDB requires Python strings in many places where it makes sense to accept
system_decode(b: bytes) -> str\nLLDB requires Python strings in many places where it makes sense to accept bytes values. This is mostly an artifact of how Swig maps C
char*tostrin Python, but since Swig will refuse bytes objects, we have to figure out a way to pass this data as a regular string object, even if that's nonsensical in Python terms.This function tries its best to resolve that by decoding it with the same decoder the filesystem uses, and, failing that, ASCII.
"},{"location":"reference/pwndbg/decorators/","title":"pwndbg.decorators","text":""},{"location":"reference/pwndbg/decorators/#pwndbg.decorators","title":"decorators","text":"Functions:
-
only_after_first_prompt\u2013Decorator to prevent a function from running before the first prompt was displayed.
-
suppress_errors\u2013Decorator to make a function return a fallback value when it would otherwise error.
Attributes:
-
first_prompt\u2013 -
P\u2013 -
T\u2013 -
K\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.P","title":"Pfirst_prompt = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.K","title":"KT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.only_after_first_prompt","title":"only_after_first_prompt","text":"K = TypeVar('K')\nonly_after_first_prompt(\n value_before: T | None = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\nDecorator to prevent a function from running before the first prompt was displayed. The 'value_before' parameter can be used to specify the value that is returned if the function is called before the first prompt was displayed.
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.suppress_errors","title":"suppress_errors","text":"suppress_errors(\n fallback: K = None, should_warn: bool = True\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\nDecorator to make a function return a fallback value when it would otherwise error. The 'fallback' parameter can be used to specify the fallback value. If the 'should_warn' parameter is set, a warning will be printed whenever an error is suppressed.
"},{"location":"reference/pwndbg/emu/","title":"pwndbg.emu","text":""},{"location":"reference/pwndbg/emu/#pwndbg.emu","title":"emu","text":"Modules:
-
emulator\u2013Emulation assistance from Unicorn.
Emulation assistance from Unicorn.
Classes:
-
InstructionExecutedResult\u2013 -
Emulator\u2013
Functions:
-
parse_consts\u2013Unicorn \"consts\" is a python module consisting of a variable definition
-
create_reg_to_const_map\u2013 -
debug\u2013
Attributes:
-
arch_to_UC\u2013 -
arch_to_UC_consts\u2013 -
arch_to_reg_const_map\u2013 -
enable_virtual_tlb\u2013 -
DEBUG\u2013 -
arch_to_SYSCALL\u2013 -
ARM_BANNED_INSTRUCTIONS\u2013 -
BANNED_INSTRUCTIONS\u2013 -
blacklisted_regs\u2013e = pwndbg.emu.emulator.Emulator()
module-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_UC_consts","title":"arch_to_UC_constsarch_to_UC = {\n \"i386\": UC_ARCH_X86,\n \"x86-64\": UC_ARCH_X86,\n \"mips\": UC_ARCH_MIPS,\n \"sparc\": UC_ARCH_SPARC,\n \"arm\": UC_ARCH_ARM,\n \"armcm\": UC_ARCH_ARM,\n \"aarch64\": UC_ARCH_ARM64,\n \"rv32\": UC_ARCH_RISCV,\n \"rv64\": UC_ARCH_RISCV,\n \"s390x\": UC_ARCH_S390X,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_reg_const_map","title":"arch_to_reg_const_maparch_to_UC_consts = {\n \"i386\": parse_consts(x86_const),\n \"x86-64\": parse_consts(x86_const),\n \"mips\": parse_consts(mips_const),\n \"sparc\": parse_consts(sparc_const),\n \"arm\": parse_consts(arm_const),\n \"armcm\": parse_consts(arm_const),\n \"aarch64\": parse_consts(arm64_const),\n \"rv32\": parse_consts(riscv_const),\n \"rv64\": parse_consts(riscv_const),\n \"s390x\": parse_consts(s390x_const),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.enable_virtual_tlb","title":"enable_virtual_tlbarch_to_reg_const_map = {\n \"i386\": create_reg_to_const_map(arch_to_UC_consts[\"i386\"]),\n \"x86-64\": create_reg_to_const_map(\n arch_to_UC_consts[\"x86-64\"],\n {\"FSBASE\": UC_X86_REG_FS_BASE, \"GSBASE\": UC_X86_REG_GS_BASE},\n ),\n \"mips\": create_reg_to_const_map(arch_to_UC_consts[\"mips\"]),\n \"sparc\": create_reg_to_const_map(arch_to_UC_consts[\"sparc\"]),\n \"arm\": create_reg_to_const_map(arch_to_UC_consts[\"arm\"]),\n \"armcm\": create_reg_to_const_map(arch_to_UC_consts[\"armcm\"]),\n \"aarch64\": create_reg_to_const_map(\n arch_to_UC_consts[\"aarch64\"], {\"CPSR\": UC_ARM64_REG_NZCV}\n ),\n \"rv32\": create_reg_to_const_map(arch_to_UC_consts[\"rv32\"]),\n \"rv64\": create_reg_to_const_map(arch_to_UC_consts[\"rv64\"]),\n \"s390x\": create_reg_to_const_map(arch_to_UC_consts[\"s390x\"]),\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.DEBUG","title":"DEBUGenable_virtual_tlb = {'s390x': True}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_SYSCALL","title":"arch_to_SYSCALLDEBUG = NO_DEBUG\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.ARM_BANNED_INSTRUCTIONS","title":"ARM_BANNED_INSTRUCTIONSarch_to_SYSCALL = {\n UC_ARCH_X86: [\n X86_INS_SYSCALL,\n X86_INS_SYSENTER,\n X86_INS_SYSEXIT,\n X86_INS_SYSRET,\n X86_INS_IRET,\n X86_INS_IRETD,\n X86_INS_IRETQ,\n X86_INS_INT,\n X86_INS_INT1,\n X86_INS_INT3,\n ],\n UC_ARCH_MIPS: [MIPS_INS_SYSCALL],\n UC_ARCH_SPARC: [SPARC_INS_T],\n UC_ARCH_ARM: [ARM_INS_SVC],\n UC_ARCH_ARM64: [ARM64_INS_SVC],\n UC_ARCH_PPC: [PPC_INS_SC],\n UC_ARCH_RISCV: [RISCV_INS_ECALL],\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.BANNED_INSTRUCTIONS","title":"BANNED_INSTRUCTIONSARM_BANNED_INSTRUCTIONS = {\n ARM_INS_MRC,\n ARM_INS_MRRC,\n ARM_INS_MRC2,\n ARM_INS_MRRC2,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.blacklisted_regs","title":"blacklisted_regsBANNED_INSTRUCTIONS = {\n \"mips\": {MIPS_INS_RDHWR},\n \"arm\": ARM_BANNED_INSTRUCTIONS,\n \"armcm\": ARM_BANNED_INSTRUCTIONS,\n \"aarch64\": {ARM64_INS_MRS},\n}\nmodule-attribute","text":"blacklisted_regs = ['ip', 'cs', 'ds', 'es', 'fs', 'gs', 'ss']\ne = pwndbg.emu.emulator.Emulator() e.until_jump()
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult","title":"InstructionExecutedResult","text":"Bases:
NamedTupleAttributes:
-
address(int) \u2013 -
size(int) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult.size","title":"sizeaddress: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator","title":"Emulator","text":"size: int\nEmulator()\nMethods:
-
read_register\u2013 -
read_memory\u2013 -
telescope\u2013 -
format_telescope\u2013 -
format_telescope_list\u2013 -
telescope_enhance\u2013 -
memory_read_string\u2013 -
__getattr__\u2013 -
update_pc\u2013 -
read_thumb_bit\u2013Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
-
get_uc_mode\u2013Retrieve the mode used by Unicorn for the current architecture.
-
map_page\u2013 -
hook_mem_invalid\u2013 -
hook_intr\u2013We never want to emulate through an interrupt. Just stop.
-
get_reg_enum\u2013Returns the Unicorn Emulator enum code for the named register.
-
hook_add\u2013 -
hook_del\u2013 -
emu_start\u2013 -
emu_stop\u2013 -
emulate_with_hook\u2013 -
mem_read\u2013 -
until_jump\u2013Emulates instructions starting at the specified address until the
-
until_jump_hook_code\u2013 -
until_call\u2013 -
until_syscall\u2013Emulates instructions starting at the specified address until the program
-
until_syscall_hook_code\u2013 -
single_step\u2013Steps one instruction.
-
single_step_iter\u2013 -
single_step_hook_code\u2013 -
dumpregs\u2013 -
trace_hook\u2013 -
__repr__\u2013
Attributes:
-
arch\u2013 -
const_regs\u2013 -
uc_mode\u2013 -
uc\u2013 -
regs(RegisterSet) \u2013 -
valid\u2013 -
last_pc\u2013 -
last_single_step_result\u2013 -
last_step_succeeded(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.const_regs","title":"const_regsarch = name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc_mode","title":"uc_modeconst_regs = arch_to_reg_const_map[arch]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc","title":"ucuc_mode = get_uc_mode()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.regs","title":"regsuc = Uc(arch_to_UC[arch], uc_mode)\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.valid","title":"validregs: RegisterSet = current\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_pc","title":"last_pcvalid = True\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_single_step_result","title":"last_single_step_resultlast_pc = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_step_succeeded","title":"last_step_succeededlast_single_step_result = InstructionExecutedResult(None, None)\nproperty","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_register","title":"read_register","text":"last_step_succeeded: bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_memory","title":"read_memory","text":"read_register(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope","title":"telescope","text":"read_memory(address: int, size: int) -> bytes | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope","title":"format_telescope","text":"telescope(address: int, limit: int, read_size: int = None) -> list[int]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope_list","title":"format_telescope_list","text":"format_telescope(address: int, limit: int) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope_enhance","title":"telescope_enhance","text":"format_telescope_list(\n chain: list[int], limit: int, enhance_string_len: int = None\n) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.memory_read_string","title":"memory_read_string","text":"telescope_enhance(\n value: int, code: bool = True, enhance_string_len: int = None\n)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__getattr__","title":"__getattr__","text":"memory_read_string(\n address: int, max_string_len=None, max_read=None\n) -> str | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.update_pc","title":"update_pc","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_thumb_bit","title":"read_thumb_bit","text":"update_pc(pc=None) -> None\nread_thumb_bit() -> int\nReturn 0 or 1, representing the status of the Thumb bit in the current Arm architecture
This reads from the emulator itself, meaning this can be read to determine a state transitions between non-Thumb and Thumb mode
Return None if the Thumb bit is not relevent to the current architecture
Mimics the
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_uc_mode","title":"get_uc_mode","text":"read_thumb_bitfunction defined in aglib/arch.pyget_uc_mode()\nRetrieve the mode used by Unicorn for the current architecture.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.map_page","title":"map_page","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_mem_invalid","title":"hook_mem_invalid","text":"map_page(page) -> bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_intr","title":"hook_intr","text":"hook_mem_invalid(uc, access, address, size: int, value, user_data) -> bool\nhook_intr(uc, intno, user_data) -> None\nWe never want to emulate through an interrupt. Just stop.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_reg_enum","title":"get_reg_enum","text":"get_reg_enum(reg: str) -> int | None\nReturns the Unicorn Emulator enum code for the named register.
Also supports general registers like 'sp' and 'pc'.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_add","title":"hook_add","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_del","title":"hook_del","text":"hook_add(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_start","title":"emu_start","text":"hook_del(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_stop","title":"emu_stop","text":"emu_start(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emulate_with_hook","title":"emulate_with_hook","text":"emu_stop(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.mem_read","title":"mem_read","text":"emulate_with_hook(hook, count=512) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump","title":"until_jump","text":"mem_read(*a, **kw)\nuntil_jump(pc: int = None)\nEmulates instructions starting at the specified address until the program counter is set to an address which does not linearly follow the previously-emulated instruction.
Parameters:
-
pc(int, default:None) \u2013Address to start at. If
None, uses the current instruction.
Returns a tuple containing the address of the jump instruction, and its target in the format (address, target).
If emulation is forced to stop (e.g., because of a syscall or invalid memory access) then address is the instruction which could not be emulated through, and target will be None.
NotesThis routine does not consider 'call $+5'
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump_hook_code","title":"until_jump_hook_code","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_call","title":"until_call","text":"until_jump_hook_code(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall","title":"until_syscall","text":"until_call(pc=None)\nuntil_syscall(pc=None)\nEmulates instructions starting at the specified address until the program counter points at a syscall instruction (int 0x80, svc, etc.).
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall_hook_code","title":"until_syscall_hook_code","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step","title":"single_step","text":"until_syscall_hook_code(uc, address, size: int, user_data) -> None\nsingle_step(pc=None) -> tuple[int, int]\nSteps one instruction.
Yields:
-
int\u2013Each iteration, yields a tuple of (address_just_executed, instruction_size).
-
int\u2013Returns (None, None) upon failure to execute the instruction
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step_hook_code","title":"single_step_hook_code","text":"single_step_iter(pc=None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.dumpregs","title":"dumpregs","text":"single_step_hook_code(\n _uc, address: int, instruction_size: int, _user_data\n) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.trace_hook","title":"trace_hook","text":"dumpregs() -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__repr__","title":"__repr__","text":"trace_hook(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.parse_consts","title":"parse_consts","text":"__repr__() -> str\nparse_consts(u_consts) -> dict[str, int]\nUnicorn \"consts\" is a python module consisting of a variable definition for each known entity. We repack it here as a dict for performance.
Maps \"UC_*\" -> integer value of the constant
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.create_reg_to_const_map","title":"create_reg_to_const_map","text":"
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.debug","title":"debug","text":"create_reg_to_const_map(\n base_consts: dict[str, int], additional_mapping: dict[str, int] = None\n) -> dict[str, int]\n
"},{"location":"reference/pwndbg/enhance/","title":"pwndbg.enhance","text":""},{"location":"reference/pwndbg/enhance/#pwndbg.enhance","title":"enhance","text":"debug(debug_type, fmt, args=()) -> None\nGiven an address in memory which does not contain a pointer elsewhere into memory, attempt to describe the data as best as possible.
Currently prints out code, integers, or strings, in a best-effort manner dependent on page permissions, the contents of the data, and any supplemental information sources (e.g. active IDA Pro connection).
Functions:
-
format_small_int\u2013 -
format_small_int_pair\u2013 -
int_str\u2013 -
enhance\u2013Given the last pointer in a chain, attempt to characterize
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.format_small_int_pair","title":"format_small_int_pair","text":"format_small_int(value: int) -> str\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.int_str","title":"int_str","text":"format_small_int_pair(first: int, second: int) -> tuple[str, str]\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.enhance","title":"enhance","text":"int_str(value: int) -> str\nenhance(\n value: int,\n code: bool = True,\n safe_linking: bool = False,\n attempt_dereference=True,\n enhance_string_len: int = None,\n) -> str\nGiven the last pointer in a chain, attempt to characterize
Note that 'the last pointer in a chain' may not at all actually be a pointer.
Additionally, optimizations are made based on various sources of data for 'value'. For example, if it is set to RWX, we try to get information on whether it resides on the stack, or in a RW section that happens to be RWX, to determine which order to print the fields.
Parameters:
-
value(int) \u2013Value to enhance
-
code(bool, default:True) \u2013Hint that indicates the value may be an instruction
-
safe_linking(bool, default:False) \u2013Whether this chain use safe-linking
-
enhance_string_len(int, default:None) \u2013The length of string to display for enhancement of the last pointer
Functions:
-
print_exception\u2013 -
inform_unmet_dependencies\u2013Informs user about unmet dependencies
-
inform_report_issue\u2013Informs user that he can report an issue.
-
inform_verbose_and_debug\u2013 -
handle\u2013Displays an exception to the user, optionally displaying a full traceback
-
set_trace\u2013Enable sane debugging in Pwndbg by switching to the \"real\" stdio.
-
update\u2013
Attributes:
-
verbose\u2013 -
debug\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.debug","title":"debugverbose = add_param(\n \"exception-verbose\",\n False,\n \"print a full stacktrace for exceptions raised in pwndbg commands\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.print_exception","title":"print_exception","text":"debug = add_param(\n \"exception-debugger\",\n False,\n \"whether to debug exceptions raised in Pwndbg commands\",\n)\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_unmet_dependencies","title":"inform_unmet_dependencies","text":"print_exception(exception_msg) -> None\ninform_unmet_dependencies(errors) -> None\nInforms user about unmet dependencies
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_report_issue","title":"inform_report_issue","text":"inform_report_issue(exception_msg) -> None\nInforms user that he can report an issue. The use of caching makes it reporting only once for a given exception message.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_verbose_and_debug","title":"inform_verbose_and_debug","text":"
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.handle","title":"handle","text":"inform_verbose_and_debug() -> None\nhandle(name='Error')\nDisplays an exception to the user, optionally displaying a full traceback and spawning an interactive post-moretem debugger.
Notesset exception-verbose onenables stack traces.set exception-debugger onenables the post-mortem debugger.
set_trace() -> None\nEnable sane debugging in Pwndbg by switching to the \"real\" stdio.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.update","title":"update","text":"
"},{"location":"reference/pwndbg/gdblib/","title":"pwndbg.gdblib","text":""},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib","title":"gdblib","text":"update() -> None\nModules:
-
bpoint\u2013 -
config\u2013Dynamic configuration system for pwndbg, using GDB's built-in Parameter
-
events\u2013Enables callbacks into functions to be automatically invoked
-
functions\u2013Put all functions defined for gdb in here.
-
got\u2013Global Offset Table Tracker
-
hooks\u2013 -
info\u2013Runs a few useful commands which are available under \"info\".
-
prompt\u2013 -
ptmalloc2_tracking\u2013Heap Tracking
-
scheduler\u2013 -
shellcode\u2013Shellcode
-
symbol\u2013Looking up addresses for function names / symbols, and
-
tui\u2013 -
vmmap\u2013Routines to enumerate mapped memory, and attempt to associate
Functions:
-
load_gdblib\u2013Import all gdblib modules that need to run code on import
Attributes:
-
regs\u2013 -
__all__\u2013 -
gdb_version\u2013 -
msg\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.__all__","title":"__all__regs = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.gdb_version","title":"gdb_version__all__ = ()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.msg","title":"msggdb_version = tuple(map(int, groups()))\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.load_gdblib","title":"load_gdblib","text":"msg = 'Unsupported GDB version, pwndbg only support GDB12+'\nload_gdblib() -> None\nImport all gdblib modules that need to run code on import
"},{"location":"reference/pwndbg/gdblib/bpoint/","title":"pwndbg.gdblib.bpoint","text":""},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint","title":"bpoint","text":"Classes:
-
Breakpoint\u2013Breakpoint class, similar to gdb.Breakpoint, but clears the caches
Bases:
BreakpointBreakpoint class, similar to gdb.Breakpoint, but clears the caches associated with the stop event before determining whether it should stop the inferior or not.
Unlike gdb.Breakpoint, users of this class should override
should_stop(), instead ofstop(), as the latter is used to do cache invalidation.Methods:
-
stop\u2013 -
should_stop\u2013This function is called whenever this breakpoint is hit in the code and
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint.should_stop","title":"should_stop","text":"stop() -> bool\nshould_stop() -> bool\nThis function is called whenever this breakpoint is hit in the code and its return value determines whether the inferior will be stopped.
"},{"location":"reference/pwndbg/gdblib/config/","title":"pwndbg.gdblib.config","text":""},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config","title":"config","text":"Dynamic configuration system for pwndbg, using GDB's built-in Parameter mechanism.
To create a new pwndbg configuration point, call
pwndbg.config.add_param.Parameters should be declared in the module in which they are primarily used, or in this module for general-purpose parameters.
All pwndbg Parameter types are accessible via property access on this module, for example:
>>> pwndbg.config.add_param('example-value', 7, 'an example')\n>>> int(pwndbg.config.example_value)\n7\nClasses:
-
Parameter\u2013
Functions:
-
init_params\u2013
Attributes:
-
CLASS_MAPPING\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter","title":"Parameter","text":"CLASS_MAPPING = {\n PARAM_BOOLEAN: PARAM_BOOLEAN,\n PARAM_AUTO_BOOLEAN: PARAM_AUTO_BOOLEAN,\n PARAM_ZINTEGER: PARAM_ZINTEGER,\n PARAM_STRING: PARAM_STRING,\n PARAM_ZUINTEGER: PARAM_ZUINTEGER,\n PARAM_ENUM: PARAM_ENUM,\n PARAM_OPTIONAL_FILENAME: PARAM_OPTIONAL_FILENAME,\n PARAM_ZUINTEGER_UNLIMITED: PARAM_ZUINTEGER_UNLIMITED,\n PARAM_INTEGER: PARAM_INTEGER,\n PARAM_UINTEGER: PARAM_UINTEGER,\n}\nParameter(param: Parameter)\nBases:
ParameterMethods:
-
init_super\u2013Initializes the super class for GDB >= 9
-
on_change\u2013Called when the value of the pwndbg.lib.config.Parameter changes
-
get_set_string\u2013Handles the GDB
set <param> -
get_show_string\u2013Handles the GDB
show <param>
Attributes:
-
set_doc\u2013 -
show_doc\u2013 -
__doc__\u2013 -
param\u2013 -
value\u2013 -
native_value\u2013 -
native_default\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.show_doc","title":"show_docset_doc = 'Set ' + set_show_doc + '.'\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.__doc__","title":"__doc__show_doc = 'Show ' + set_show_doc + '.'\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.param","title":"param__doc__ = help_docstring or None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.value","title":"valueparam = param\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_value","title":"native_valuevalue = value\nproperty","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_default","title":"native_defaultnative_value\nproperty","text":"
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.init_super","title":"init_super","text":"native_default\ninit_super(param: Parameter) -> None\nInitializes the super class for GDB >= 9
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.on_change","title":"on_change","text":"on_change(value: Any) -> None\nCalled when the value of the pwndbg.lib.config.Parameter changes Transfer the value to the GDB parameter to keep them in sync.
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_set_string","title":"get_set_string","text":"get_set_string() -> str\nHandles the GDB
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_show_string","title":"get_show_string","text":"set <param>get_show_string(svalue: str) -> str\nHandles the GDB
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.init_params","title":"init_params","text":"show <param>
"},{"location":"reference/pwndbg/gdblib/events/","title":"pwndbg.gdblib.events","text":""},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events","title":"events","text":"init_params() -> None\nEnables callbacks into functions to be automatically invoked when various events occur to the debuggee (e.g. STOP on SIGINT) by using a decorator.
Classes:
-
StartEvent\u2013 -
HandlerPriority\u2013A priority level for an event handler, ordered from highest to lowest priority.
Functions:
-
wrap_safe_event_handler\u2013Wraps an event handler to ensure it is only executed when the event is safe.
-
pause\u2013 -
unpause\u2013 -
connect\u2013 -
exit\u2013 -
cont\u2013 -
new_objfile\u2013 -
stop\u2013 -
start\u2013 -
thread\u2013 -
before_prompt\u2013 -
reg_changed\u2013 -
mem_changed\u2013 -
log_objfiles\u2013 -
invoke_event\u2013 -
after_reload\u2013 -
on_reload\u2013
Attributes:
-
debug\u2013 -
gdb_workaround_stop_event\u2013 -
P\u2013 -
T\u2013 -
queued_events(Deque[Callable[..., Any]]) \u2013 -
executing_event\u2013 -
registered(dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]]) \u2013 -
connected\u2013 -
paused\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.gdb_workaround_stop_event","title":"gdb_workaround_stop_eventdebug = add_param(\n \"debug-events\", False, \"display internal event debugging info\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.P","title":"Pgdb_workaround_stop_event = add_param(\n \"gdb-workaround-stop-event\",\n 0,\n \"asynchronous stop events to improve 'commands' functionality.\",\n help_docstring=\"\\nNote: This may cause unexpected behavior with pwndbg or gdb.execute.\\n\\nValues:\\n0 - Disable the workaround (default).\\n1 - Enable asynchronous stop events; gdb.execute may behave unexpectedly(asynchronously).\\n2 - Disable only deadlock detection; deadlocks may still occur.\\n \",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.queued_events","title":"queued_eventsT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.executing_event","title":"executing_eventqueued_events: Deque[Callable[..., Any]] = deque()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.registered","title":"registeredexecuting_event = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connected","title":"connectedregistered: dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]] = {\n exited: {},\n cont: {},\n new_objfile: {},\n stop: {},\n start: {},\n new_thread: {},\n before_prompt: {},\n memory_changed: {},\n register_changed: {},\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.paused","title":"pausedconnected = {}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent","title":"StartEvent","text":"paused = defaultdict(bool)\nStartEvent()\nMethods:
-
connect\u2013 -
disconnect\u2013 -
on_new_objfile\u2013 -
on_exited\u2013 -
on_stop\u2013
Attributes:
-
registered(list[Callable[..., Any]]) \u2013 -
running\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.running","title":"runningregistered: list[Callable[..., Any]] = []\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.connect","title":"connect","text":"running = False\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.disconnect","title":"disconnect","text":"connect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_new_objfile","title":"on_new_objfile","text":"disconnect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_exited","title":"on_exited","text":"on_new_objfile() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_stop","title":"on_stop","text":"on_exited() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority","title":"HandlerPriority","text":"on_stop() -> None\nBases:
EnumA priority level for an event handler, ordered from highest to lowest priority.
Attributes:
-
CACHE_CLEAR\u2013 -
LOW\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority.LOW","title":"LOWCACHE_CLEAR = auto()\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.wrap_safe_event_handler","title":"wrap_safe_event_handler","text":"LOW = auto()\nwrap_safe_event_handler(\n event_handler: Callable[P, T], event_type: Any\n) -> Callable[P, T]\nWraps an event handler to ensure it is only executed when the event is safe. Invalid events are queued and executed later when safe.
Note: Avoid using
gdb.post_eventbecause of another bug in gdbserver where thegdb.newest_framefunction may not work properly.Workaround to fix bug in gdbserver (gdb.events.new_objfile): #2576 Workaround to fix bug in gdb (gdb.events.stop): #425
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.pause","title":"pause","text":"
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.unpause","title":"unpause","text":"pause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connect","title":"connect","text":"unpause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.exit","title":"exit","text":"connect(\n func: Callable[[], T],\n event_handler: Any,\n name: str = \"\",\n priority: HandlerPriority = LOW,\n) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.cont","title":"cont","text":"exit(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.new_objfile","title":"new_objfile","text":"cont(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.stop","title":"stop","text":"new_objfile(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.start","title":"start","text":"stop(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.thread","title":"thread","text":"start(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.before_prompt","title":"before_prompt","text":"thread(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.reg_changed","title":"reg_changed","text":"before_prompt(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.mem_changed","title":"mem_changed","text":"reg_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.log_objfiles","title":"log_objfiles","text":"mem_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.invoke_event","title":"invoke_event","text":"log_objfiles(ofile: NewObjFileEvent | None = None) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.after_reload","title":"after_reload","text":"invoke_event(event: Any, *args: Any, **kwargs: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.on_reload","title":"on_reload","text":"after_reload(fire_start: bool = True) -> None\n
"},{"location":"reference/pwndbg/gdblib/functions/","title":"pwndbg.gdblib.functions","text":""},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions","title":"functions","text":"on_reload() -> None\nPut all functions defined for gdb in here.
This file might be changed into a module in the future.
Functions:
-
GdbFunction\u2013 -
rebase\u2013Return rebased address.
-
base\u2013Return base address of the first memory mapping containing the given name.
-
hex2ptr\u2013Converts a hex string to a little-endian address and returns the address.
-
argv\u2013Evaluate argv on the supplied value.
-
envp\u2013Evaluate envp on the supplied value.
-
argc\u2013Evaluates to argc.
-
environ\u2013Evaluate getenv() on the supplied value.
-
dbg_value_to_gdb\u2013
Attributes:
-
functions(list[_GdbFunction]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.GdbFunction","title":"GdbFunction","text":"functions: list[_GdbFunction] = []\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.rebase","title":"rebase","text":"GdbFunction(only_when_running: bool = False) -> Callable[..., Any]\nrebase(addr: int | Value) -> int\nReturn rebased address.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.base","title":"base","text":"base(name_pattern: str | Value) -> int\nReturn base address of the first memory mapping containing the given name.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.hex2ptr","title":"hex2ptr","text":"hex2ptr(hex_string: str | Value) -> int\nConverts a hex string to a little-endian address and returns the address. Example usage: $hex2ptr(\"00 70 75 c1 cd ef 59 00\")
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argv","title":"argv","text":"argv(number_value: Value) -> Value\nEvaluate argv on the supplied value.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.envp","title":"envp","text":"envp(number_value: Value) -> Value\nEvaluate envp on the supplied value.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argc","title":"argc","text":"argc(*args) -> int\nEvaluates to argc.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.environ","title":"environ","text":"environ(name_value: Value) -> Value\nEvaluate getenv() on the supplied value.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.dbg_value_to_gdb","title":"dbg_value_to_gdb","text":"
"},{"location":"reference/pwndbg/gdblib/got/","title":"pwndbg.gdblib.got","text":""},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got","title":"got","text":"dbg_value_to_gdb(d: Value) -> Value\nGlobal Offset Table Tracker
Subsystem for tracking accesses to external function calls made through pointers in an inferior's Global Offset Table, such as those made by the stubs in the Procedure Linkage Table.
Currently, it does this by attatching watchpoints to the entries in the GOT and taking note of where the call came from, but it could be done much faster by injecting our own code into the program space to track this.
Classes:
-
RelocTypes\u2013This class contains all the relocation type constants so that one may
-
TrapAllocator\u2013Utility that allocates and manages executable addresses in the space of the
-
Patcher\u2013Watches for changes made by program code to the GOT and fixes them up.
-
Tracker\u2013Class that tracks the accesses made to the entries in the GOT.
Functions:
-
is_mmap_error\u2013Checks whether the return value of an mmap of indicates an error.
-
display_name\u2013Return the display name for a symbol or objfile.
-
all_tracked_entries\u2013Return an iterator over all of the GOT whose accesses are being tracked.
-
tracked_entry_by_address\u2013Return the tracker associated with the entry at the given address, if any.
-
enable_got_call_tracking\u2013Enable the analysis of calls made through the GOT.
-
disable_got_call_tracking\u2013Disable the analysis of calls made through the GOT.
-
jump_slots_for\u2013Returns the jump slot addresses described by the given dynamic section.
Attributes:
-
JUMP_SLOTS\u2013 -
IRELATIVE_SLOTS\u2013 -
TRAP_ALLOCATOR\u2013 -
GOT_TRACKING\u2013 -
INSTALLED_WATCHPOINTS(dict[int, tuple[Tracker, Patcher]]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.IRELATIVE_SLOTS","title":"IRELATIVE_SLOTSJUMP_SLOTS = {\n \"x86-64\": {R_X86_64_JUMP_SLOT},\n \"i386\": {R_386_JMP_SLOT},\n \"aarch64\": {R_AARCH64_JUMP_SLOT},\n \"mips\": {R_MIPS_JUMP_SLOT},\n \"powerpc\": {R_PPC_JMP_SLOT},\n \"sparc\": {R_SPARC_JMP_SLOT},\n \"arm\": {R_ARM_JUMP_SLOT},\n \"armcm\": {R_ARM_JUMP_SLOT},\n \"rv32\": {R_RISCV_JUMP_SLOT},\n \"rv64\": {R_RISCV_JUMP_SLOT},\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TRAP_ALLOCATOR","title":"TRAP_ALLOCATORIRELATIVE_SLOTS = {\n \"x86-64\": {R_X86_64_IRELATIVE},\n \"i386\": {R_386_IRELATIVE},\n \"aarch64\": {R_AARCH64_P32_IRELATIVE, R_AARCH64_IRELATIVE},\n \"mips\": set(),\n \"powerpc\": {R_PPC_IRELATIVE},\n \"sparc\": {R_SPARC_IRELATIVE},\n \"arm\": {R_ARM_IRELATIVE},\n \"armcm\": {R_ARM_IRELATIVE},\n \"rv32\": {R_RISCV_IRELATIVE},\n \"rv64\": {R_RISCV_IRELATIVE},\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.GOT_TRACKING","title":"GOT_TRACKINGTRAP_ALLOCATOR = TrapAllocator()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.INSTALLED_WATCHPOINTS","title":"INSTALLED_WATCHPOINTSGOT_TRACKING = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes","title":"RelocTypes","text":"INSTALLED_WATCHPOINTS: dict[int, tuple[Tracker, Patcher]] = {}\nThis class contains all the relocation type constants so that one may interpret the relocations types present in the DYNAMIC segment. These constants are defined in each of the processors' SystemV R4 psABI document, or equivalent, and should stay the same across all implementations of libc on systems that adhere to that ABI, such as Linux.
Most of these were sourced from GLibc, which conveniently lists all of the relocations types in a single file1.
Attributes:
-
R_RISCV_JUMP_SLOT\u2013 -
R_X86_64_JUMP_SLOT\u2013 -
R_386_JMP_SLOT\u2013 -
R_CRIS_JUMP_SLOT\u2013 -
R_390_JMP_SLOT\u2013 -
R_CKCORE_JUMP_SLOT\u2013 -
R_TILEPRO_JMP_SLOT\u2013 -
R_MICROBLAZE_JUMP_SLOT\u2013 -
R_TILEGX_JMP_SLOT\u2013 -
R_OR1K_JMP_SLOT\u2013 -
R_68K_JMP_SLOT\u2013 -
R_SPARC_JMP_SLOT\u2013 -
R_PPC_JMP_SLOT\u2013 -
R_PPC64_JMP_SLOT\u2013 -
R_ARM_JUMP_SLOT\u2013 -
R_MN10300_JMP_SLOT\u2013 -
R_ALPHA_JMP_SLOT\u2013 -
R_NIOS2_JUMP_SLOT\u2013 -
R_NDS32_JMP_SLOT\u2013 -
R_METAG_JMP_SLOT\u2013 -
R_M32R_JMP_SLOT\u2013 -
R_ARC_JMP_SLOT\u2013 -
R_MIPS_JUMP_SLOT\u2013 -
R_SH_JMP_SLOT\u2013 -
R_AARCH64_JUMP_SLOT\u2013 -
R_X86_64_IRELATIVE\u2013 -
R_386_IRELATIVE\u2013 -
R_RISCV_IRELATIVE\u2013 -
R_390_IRELATIVE\u2013 -
R_ARM_IRELATIVE\u2013 -
R_AARCH64_P32_IRELATIVE\u2013 -
R_PPC_IRELATIVE\u2013 -
R_PPC64_IRELATIVE\u2013 -
R_SPARC_IRELATIVE\u2013 -
R_AARCH64_IRELATIVE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_JUMP_SLOT","title":"R_X86_64_JUMP_SLOTR_RISCV_JUMP_SLOT = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_JMP_SLOT","title":"R_386_JMP_SLOTR_X86_64_JUMP_SLOT = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CRIS_JUMP_SLOT","title":"R_CRIS_JUMP_SLOTR_386_JMP_SLOT = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_JMP_SLOT","title":"R_390_JMP_SLOTR_CRIS_JUMP_SLOT = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CKCORE_JUMP_SLOT","title":"R_CKCORE_JUMP_SLOTR_390_JMP_SLOT = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEPRO_JMP_SLOT","title":"R_TILEPRO_JMP_SLOTR_CKCORE_JUMP_SLOT = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MICROBLAZE_JUMP_SLOT","title":"R_MICROBLAZE_JUMP_SLOTR_TILEPRO_JMP_SLOT = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEGX_JMP_SLOT","title":"R_TILEGX_JMP_SLOTR_MICROBLAZE_JUMP_SLOT = 17\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_OR1K_JMP_SLOT","title":"R_OR1K_JMP_SLOTR_TILEGX_JMP_SLOT = 18\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_68K_JMP_SLOT","title":"R_68K_JMP_SLOTR_OR1K_JMP_SLOT = 20\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_JMP_SLOT","title":"R_SPARC_JMP_SLOTR_68K_JMP_SLOT = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_JMP_SLOT","title":"R_PPC_JMP_SLOTR_SPARC_JMP_SLOT = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_JMP_SLOT","title":"R_PPC64_JMP_SLOTR_PPC_JMP_SLOT = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_JUMP_SLOT","title":"R_ARM_JUMP_SLOTR_PPC64_JMP_SLOT = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MN10300_JMP_SLOT","title":"R_MN10300_JMP_SLOTR_ARM_JUMP_SLOT = 22\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ALPHA_JMP_SLOT","title":"R_ALPHA_JMP_SLOTR_MN10300_JMP_SLOT = 22\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NIOS2_JUMP_SLOT","title":"R_NIOS2_JUMP_SLOTR_ALPHA_JMP_SLOT = 26\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NDS32_JMP_SLOT","title":"R_NDS32_JMP_SLOTR_NIOS2_JUMP_SLOT = 38\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_METAG_JMP_SLOT","title":"R_METAG_JMP_SLOTR_NDS32_JMP_SLOT = 41\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_M32R_JMP_SLOT","title":"R_M32R_JMP_SLOTR_METAG_JMP_SLOT = 44\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARC_JMP_SLOT","title":"R_ARC_JMP_SLOTR_M32R_JMP_SLOT = 52\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MIPS_JUMP_SLOT","title":"R_MIPS_JUMP_SLOTR_ARC_JMP_SLOT = 55\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SH_JMP_SLOT","title":"R_SH_JMP_SLOTR_MIPS_JUMP_SLOT = 127\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_JUMP_SLOT","title":"R_AARCH64_JUMP_SLOTR_SH_JMP_SLOT = 164\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_IRELATIVE","title":"R_X86_64_IRELATIVER_AARCH64_JUMP_SLOT = 1026\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_IRELATIVE","title":"R_386_IRELATIVER_X86_64_IRELATIVE = 37\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_RISCV_IRELATIVE","title":"R_RISCV_IRELATIVER_386_IRELATIVE = 42\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_IRELATIVE","title":"R_390_IRELATIVER_RISCV_IRELATIVE = 58\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_IRELATIVE","title":"R_ARM_IRELATIVER_390_IRELATIVE = 61\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_P32_IRELATIVE","title":"R_AARCH64_P32_IRELATIVER_ARM_IRELATIVE = 160\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_IRELATIVE","title":"R_PPC_IRELATIVER_AARCH64_P32_IRELATIVE = 188\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_IRELATIVE","title":"R_PPC64_IRELATIVER_PPC_IRELATIVE = 248\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_IRELATIVE","title":"R_SPARC_IRELATIVER_PPC64_IRELATIVE = 248\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_IRELATIVE","title":"R_AARCH64_IRELATIVER_SPARC_IRELATIVE = 249\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator","title":"TrapAllocator","text":"R_AARCH64_IRELATIVE = 1032\nTrapAllocator()\nUtility that allocates and manages executable addresses in the space of the executing program that we can trap.
Methods:
-
alloc\u2013Allocates a new address to where program execution can be diverted.
-
free\u2013Indicates that an address obtained from alloc() can be recycled.
-
clear\u2013Deletes all memory mappings and frees all addresses.
Attributes:
-
block_capacity\u2013 -
slot_size\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.slot_size","title":"slot_sizeblock_capacity = 4096\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.alloc","title":"alloc","text":"slot_size = 8\nalloc()\nAllocates a new address to where program execution can be diverted.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.free","title":"free","text":"free(address) -> None\nIndicates that an address obtained from alloc() can be recycled.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.clear","title":"clear","text":"clear()\nDeletes all memory mappings and frees all addresses.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher","title":"Patcher","text":"Patcher(entry, tracker)\nBases:
BreakpointWatches for changes made by program code to the GOT and fixes them up.
This class is paired with Tracker, and instances of both classes always function together.
Methods:
-
should_stop\u2013 -
stop\u2013
Attributes:
-
silent\u2013 -
entry\u2013 -
tracker\u2013 -
init\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.entry","title":"entrysilent = True\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.tracker","title":"trackerentry = entry\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.init","title":"inittracker = tracker\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.should_stop","title":"should_stop","text":"init = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.stop","title":"stop","text":"should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker","title":"Tracker","text":"stop() -> bool\nTracker()\nBases:
BreakpointClass that tracks the accesses made to the entries in the GOT.
This class is paired with Patcher, and instances of both classes always function together.
Methods:
-
delete\u2013 -
should_stop\u2013 -
stop\u2013
Attributes:
-
total_hits\u2013 -
target\u2013 -
dynamic_section\u2013 -
relocation_fn\u2013 -
relocation_index\u2013 -
link_map_entry\u2013 -
trapped_address\u2013 -
hits(dict[tuple[int, ...], int]) \u2013 -
silent\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.target","title":"targettotal_hits = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.dynamic_section","title":"dynamic_sectiontarget = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_fn","title":"relocation_fndynamic_section = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_index","title":"relocation_indexrelocation_fn = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.link_map_entry","title":"link_map_entryrelocation_index = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.trapped_address","title":"trapped_addresslink_map_entry = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.hits","title":"hitstrapped_address = alloc()\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.silent","title":"silenthits: dict[tuple[int, ...], int] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.delete","title":"delete","text":"silent = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.should_stop","title":"should_stop","text":"delete() -> None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.stop","title":"stop","text":"should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.is_mmap_error","title":"is_mmap_error","text":"stop() -> bool\nis_mmap_error(ptr: int)\nChecks whether the return value of an mmap of indicates an error.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.display_name","title":"display_name","text":"display_name(name, basename=False)\nReturn the display name for a symbol or objfile.
Ideally, we'd like to display all of the names of the symbols as text, but there is really nothing stopping symbol names from being stored in some fairly wacky encoding or really from having names that aren't text at all.
We should try our best to turn whatever the symbol name is into text, but not so much that non-text entries or entries in unknown encodings become unrecognizable.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.all_tracked_entries","title":"all_tracked_entries","text":"all_tracked_entries()\nReturn an iterator over all of the GOT whose accesses are being tracked.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.tracked_entry_by_address","title":"tracked_entry_by_address","text":"tracked_entry_by_address(address)\nReturn the tracker associated with the entry at the given address, if any.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.enable_got_call_tracking","title":"enable_got_call_tracking","text":"enable_got_call_tracking(disable_hardware_whatchpoints=True) -> None\nEnable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.disable_got_call_tracking","title":"disable_got_call_tracking","text":"disable_got_call_tracking() -> None\nDisable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.jump_slots_for","title":"jump_slots_for","text":"jump_slots_for(dynamic)\nReturns the jump slot addresses described by the given dynamic section.
"},{"location":"reference/pwndbg/gdblib/hooks/","title":"pwndbg.gdblib.hooks","text":""},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks","title":"hooks","text":"Functions:
-
update_typeinfo\u2013 -
update_arch\u2013 -
reset_config\u2013 -
on_start\u2013 -
on_stop\u2013 -
on_exit\u2013 -
init\u2013Calls all GDB hook functions that need to be called when GDB/pwndbg
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.update_arch","title":"update_arch","text":"update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.reset_config","title":"reset_config","text":"update_arch() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_start","title":"on_start","text":"reset_config() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_stop","title":"on_stop","text":"on_start() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_exit","title":"on_exit","text":"on_stop() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.init","title":"init","text":"on_exit() -> None\ninit() -> None\nCalls all GDB hook functions that need to be called when GDB/pwndbg itself is loaded, as opposed to when an actual hook event occurs
"},{"location":"reference/pwndbg/gdblib/info/","title":"pwndbg.gdblib.info","text":""},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info","title":"info","text":"Runs a few useful commands which are available under \"info\".
Functions:
-
proc_mappings\u2013 -
auxv\u2013 -
files\u2013 -
target\u2013 -
sharedlibrary\u2013 -
parsed_sharedlibrary\u2013Returns a dictionary of shared libraries with their .text section from and to addresses.
-
sharedlibrary_paths\u2013Get the paths of all shared libraries loaded in the process by parsing the output of \"info sharedlibrary\".
-
address\u2013
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.auxv","title":"auxv","text":"proc_mappings() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.files","title":"files","text":"auxv() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.target","title":"target","text":"files() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary","title":"sharedlibrary","text":"target() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.parsed_sharedlibrary","title":"parsed_sharedlibrary","text":"sharedlibrary() -> str\nparsed_sharedlibrary() -> dict[str, tuple[int, int]]\nReturns a dictionary of shared libraries with their .text section from and to addresses.
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary_paths","title":"sharedlibrary_paths","text":"sharedlibrary_paths() -> list[str]\nGet the paths of all shared libraries loaded in the process by parsing the output of \"info sharedlibrary\".
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.address","title":"address","text":"
"},{"location":"reference/pwndbg/gdblib/prompt/","title":"pwndbg.gdblib.prompt","text":""},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt","title":"prompt","text":"address(symbol: str) -> int | None\nFunctions:
-
initial_hook\u2013 -
show_hint\u2013 -
thread_is_stopped\u2013This detects whether selected thread is stopped.
-
prompt_hook\u2013 -
reset_context_shown\u2013 -
set_prompt\u2013
Attributes:
-
show_tip\u2013 -
cur(tuple[Inferior, InferiorThread] | None) \u2013 -
context_shown\u2013 -
last_alive_state\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.cur","title":"curshow_tip = add_param(\n \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.context_shown","title":"context_showncur: tuple[Inferior, InferiorThread] | None = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.last_alive_state","title":"last_alive_statecontext_shown = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.initial_hook","title":"initial_hook","text":"last_alive_state = False\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.show_hint","title":"show_hint","text":"initial_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.thread_is_stopped","title":"thread_is_stopped","text":"show_hint() -> None\nthread_is_stopped() -> bool\nThis detects whether selected thread is stopped. It is not stopped in situations when gdb is executing commands that are attached to a breakpoint by
commandcommand.For more info see issue #229 ( #299 ) :return: Whether gdb executes commands attached to bp with
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.prompt_hook","title":"prompt_hook","text":"commandcommand.
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.reset_context_shown","title":"reset_context_shown","text":"prompt_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.set_prompt","title":"set_prompt","text":"reset_context_shown(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/","title":"pwndbg.gdblib.ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"set_prompt() -> None\nHeap Tracking
This module implements runtime tracking of the heap, allowing pwndbg to detect heap related misbehavior coming from an inferior in real time, which lets us catch UAF bugs, double frees (and more), and report them to the user.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--approach","title":"Approach","text":"The approach used starting with using breakpoints to hook into the following libc symbols:
malloc,free,calloc, andrealloc. Each hook has a reference to a shared instance of theTrackerclass, which is responsible for handling the tracking of the chunks of memory from the heap.The tracker keeps two sorted maps of chunks, for freed and in use chunks, keyed by their base address. Newly allocated chunks are added to the map of in use chunks right before an allocating call returns, and newly freed chunks are moved from the map of in use chunks to the map of free ones right before a freeing call returns. The tracker is also responsible for installing watchpoints for free chunks when they're added to the free chunk map and deleting them when their corresponding chunks are removed from the map.
Additionally, because going through the data structures inside of libc to determine whether a chunk is free or not is, more often than not, a fairly slow operation, this module will only do so when it determines its view of the chunks has diverged from the one in libc in a way that would affect behavior. When such a diffence is detected, this module will rebuild the chunk maps in the range it determines to have been affected.
Currently, the way it does this is by deleting and querying from libc the new status of all chunks that overlap the region of a new allocation when it detects that allocation overlaps chunks it previously considered free.
This approach lets us avoid a lot of the following linked lists that comes with trying to answer the allocation status of a chunk, by keeping at hand as much known-good information as possible about them. Keep in mind that, although it is much faster than going to libc every time we need to know the allocation status of a chunk, this approach does have drawbacks when it comes to memory usage.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--compatibility","title":"Compatibility","text":"Currently module assumes the inferior is using GLibc.
There are points along the code in this module where the assumptions it makes are explicitly documented and checked to be valid for the current inferior, so that it may be immediately clear to the user that something has gone wrong if they happen to not be valid. However, be aware that there may be assumptions that were not made explicit.
Classes:
-
FreeChunkWatchpoint\u2013 -
AllocChunkWatchpoint\u2013 -
Chunk\u2013 -
Tracker\u2013 -
MallocEnterBreakpoint\u2013 -
CallocEnterBreakpoint\u2013 -
AllocExitBreakpoint\u2013 -
ReallocEnterBreakpoint\u2013 -
ReallocExitBreakpoint\u2013 -
FreeEnterBreakpoint\u2013 -
FreeExitBreakpoint\u2013
Functions:
-
is_enabled\u2013Whether the heap tracker in enabled.
-
resolve_address\u2013Checks whether a given symbol is available and part of libc, and returns its
-
get_chunk\u2013Reads a chunk from a given address.
-
in_program_code_stack\u2013 -
install\u2013 -
uninstall\u2013
Attributes:
-
LIBC_NAME\u2013 -
MALLOC_NAME\u2013 -
CALLOC_NAME\u2013 -
REALLOC_NAME\u2013 -
FREE_NAME\u2013 -
last_issue(str | None) \u2013 -
PRINT_DEBUG\u2013 -
DEFERED_DELETE(list[Breakpoint]) \u2013 -
malloc_enter\u2013 -
calloc_enter\u2013 -
realloc_enter\u2013 -
free_enter\u2013 -
stop_on_error\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MALLOC_NAME","title":"MALLOC_NAMELIBC_NAME = 'libc.so.6'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CALLOC_NAME","title":"CALLOC_NAMEMALLOC_NAME = 'malloc'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.REALLOC_NAME","title":"REALLOC_NAMECALLOC_NAME = 'calloc'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FREE_NAME","title":"FREE_NAMEREALLOC_NAME = 'realloc'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.last_issue","title":"last_issueFREE_NAME = 'free'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.PRINT_DEBUG","title":"PRINT_DEBUGlast_issue: str | None = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.DEFERED_DELETE","title":"DEFERED_DELETEPRINT_DEBUG = False\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.malloc_enter","title":"malloc_enterDEFERED_DELETE: list[Breakpoint] = []\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.calloc_enter","title":"calloc_entermalloc_enter = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.realloc_enter","title":"realloc_entercalloc_enter = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.free_enter","title":"free_enterrealloc_enter = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.stop_on_error","title":"stop_on_errorfree_enter = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint","title":"FreeChunkWatchpoint","text":"stop_on_error = True\nFreeChunkWatchpoint(chunk: Chunk, tracker: Tracker)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
chunk\u2013 -
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.tracker","title":"trackerchunk = chunk\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint","title":"AllocChunkWatchpoint","text":"stop()\nAllocChunkWatchpoint(chunk: Chunk)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
chunk\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint.stop","title":"stop","text":"chunk = chunk\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk","title":"Chunk","text":"stop() -> bool\nChunk(address: int, size: int, requested_size: int, flags: int)\nAttributes:
-
address\u2013 -
size\u2013 -
requested_size\u2013 -
flags\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.size","title":"sizeaddress = address\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.requested_size","title":"requested_sizesize = size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.flags","title":"flagsrequested_size = requested_size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker","title":"Tracker","text":"flags = flags\nTracker()\nMethods:
-
is_performing_memory_management\u2013 -
enter_memory_management\u2013 -
exit_memory_management\u2013 -
malloc\u2013 -
free\u2013
Attributes:
-
free_chunks(SortedDict[int, Chunk]) \u2013 -
alloc_chunks(SortedDict[int, Chunk]) \u2013 -
free_watchpoints(dict[int, FreeChunkWatchpoint]) \u2013 -
memory_management_calls(dict[int, bool]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.alloc_chunks","title":"alloc_chunksfree_chunks: SortedDict[int, Chunk] = SortedDict()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free_watchpoints","title":"free_watchpointsalloc_chunks: SortedDict[int, Chunk] = SortedDict()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.memory_management_calls","title":"memory_management_callsfree_watchpoints: dict[int, FreeChunkWatchpoint] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.is_performing_memory_management","title":"is_performing_memory_management","text":"memory_management_calls: dict[int, bool] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.enter_memory_management","title":"enter_memory_management","text":"is_performing_memory_management()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.exit_memory_management","title":"exit_memory_management","text":"enter_memory_management(name: str) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.malloc","title":"malloc","text":"exit_memory_management() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free","title":"free","text":"malloc(chunk: Chunk) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint","title":"MallocEnterBreakpoint","text":"free(address: int) -> bool\nMallocEnterBreakpoint(address, tracker)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint","title":"CallocEnterBreakpoint","text":"stop() -> bool\nCallocEnterBreakpoint(address, tracker)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint","title":"AllocExitBreakpoint","text":"stop() -> bool\nAllocExitBreakpoint(tracker, requested_size, name)\nBases:
FinishBreakpointMethods:
-
stop\u2013 -
out_of_scope\u2013
Attributes:
-
requested_size\u2013 -
tracker\u2013 -
name\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.tracker","title":"trackerrequested_size = requested_size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.name","title":"nametracker = tracker\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.stop","title":"stop","text":"name = name\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint","title":"ReallocEnterBreakpoint","text":"out_of_scope() -> None\nReallocEnterBreakpoint(address, tracker)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint","title":"ReallocExitBreakpoint","text":"stop() -> bool\nReallocExitBreakpoint(tracker, freed_ptr, requested_size)\nBases:
FinishBreakpointMethods:
-
stop\u2013 -
out_of_scope\u2013
Attributes:
-
freed_ptr\u2013 -
requested_size\u2013 -
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.requested_size","title":"requested_sizefreed_ptr = freed_ptr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.tracker","title":"trackerrequested_size = requested_size\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint","title":"FreeEnterBreakpoint","text":"out_of_scope() -> None\nFreeEnterBreakpoint(address, tracker)\nBases:
BreakpointMethods:
-
stop\u2013
Attributes:
-
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint","title":"FreeExitBreakpoint","text":"stop() -> bool\nFreeExitBreakpoint(tracker, ptr)\nBases:
FinishBreakpointMethods:
-
stop\u2013 -
out_of_scope\u2013
Attributes:
-
ptr\u2013 -
tracker\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.tracker","title":"trackerptr = ptr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.stop","title":"stop","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.out_of_scope","title":"out_of_scope","text":"stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.is_enabled","title":"is_enabled","text":"out_of_scope() -> None\nis_enabled() -> bool\nWhether the heap tracker in enabled.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.resolve_address","title":"resolve_address","text":"resolve_address(name: str) -> int | None\nChecks whether a given symbol is available and part of libc, and returns its address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.get_chunk","title":"get_chunk","text":"get_chunk(address, requested_size)\nReads a chunk from a given address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.in_program_code_stack","title":"in_program_code_stack","text":"
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.install","title":"install","text":"in_program_code_stack() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.uninstall","title":"uninstall","text":"install(disable_hardware_watchpoints=True) -> None\n
"},{"location":"reference/pwndbg/gdblib/scheduler/","title":"pwndbg.gdblib.scheduler","text":""},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler","title":"scheduler","text":"uninstall() -> None\nFunctions:
-
lock_scheduler\u2013This context manager can be used to run GDB commands with threads scheduling
-
parse_and_eval_with_scheduler_lock\u2013
lock_scheduler() -> Iterator[None]\nThis context manager can be used to run GDB commands with threads scheduling being locked which means that other threads will be stopped during execution.
This is useful to prevent bugs where e.g.: gdb.parse_and_eval(\"(int)foo()\") would execute foo() on the current debugee thread but would also unlock other threads for being executed and those other threads may for example hit a breakpoint we set previously which would be confusing for the user.
See also: https://sourceware.org/gdb/onlinedocs/gdb/All_002dStop-Mode.html
"},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler.parse_and_eval_with_scheduler_lock","title":"parse_and_eval_with_scheduler_lock","text":"
"},{"location":"reference/pwndbg/gdblib/shellcode/","title":"pwndbg.gdblib.shellcode","text":""},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode","title":"shellcode","text":"parse_and_eval_with_scheduler_lock(expr: str) -> Value\nShellcode
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
Functions:
-
exec_syscall\u2013Tries executing the given syscall in the context of the inferior.
-
exec_shellcode\u2013Tries executing the given blob of machine code in the current context of the
exec_syscall(\n syscall,\n arg0=None,\n arg1=None,\n arg2=None,\n arg3=None,\n arg4=None,\n arg5=None,\n arg6=None,\n disable_breakpoints=False,\n)\nTries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode","title":"exec_shellcode","text":"exec_shellcode(\n blob, restore_context=True, capture=None, disable_breakpoints=False\n)\nTries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode--safety","title":"Safety","text":"Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/gdblib/symbol/","title":"pwndbg.gdblib.symbol","text":""},{"location":"reference/pwndbg/gdblib/symbol/#pwndbg.gdblib.symbol","title":"symbol","text":"Looking up addresses for function names / symbols, and vice-versa.
Uses IDA when available if there isn't sufficient symbol information available.
Functions:
-
selected_frame_source_absolute_filename\u2013Retrieve the symbol table\u2019s source absolute file name from the selected frame.
selected_frame_source_absolute_filename()\nRetrieve the symbol table\u2019s source absolute file name from the selected frame.
In case of missing symbol table or frame information, None is returned.
"},{"location":"reference/pwndbg/gdblib/tui/","title":"pwndbg.gdblib.tui","text":""},{"location":"reference/pwndbg/gdblib/tui/#pwndbg.gdblib.tui","title":"tui","text":"Modules:
-
context\u2013 -
control\u2013
Functions:
-
setup\u2013
"},{"location":"reference/pwndbg/gdblib/tui/context/","title":"pwndbg.gdblib.tui.context","text":""},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context","title":"context","text":"setup() -> None\nClasses:
-
ContextTUIWindow\u2013
Attributes:
-
sections\u2013 -
target_func(Callable[..., _Window]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.target_func","title":"target_funcsections = ['legend'] + [replace('context_', '') for section in values()]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow","title":"ContextTUIWindow","text":"target_func: Callable[..., _Window] = (\n lambda window, section_name=section_name: ContextTUIWindow(\n window, section_name\n )\n)\nContextTUIWindow(tui_window: 'gdb.TuiWindow', section: str)\nMethods:
-
close\u2013 -
render\u2013 -
hscroll\u2013 -
vscroll\u2013 -
click\u2013
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.render","title":"render","text":"close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.hscroll","title":"hscroll","text":"render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.vscroll","title":"vscroll","text":"hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.click","title":"click","text":"vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/","title":"pwndbg.gdblib.tui.control","text":""},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control","title":"control","text":"click(x: int, y: int, button: int) -> None\nClasses:
-
ControlTUIWindow\u2013
ControlTUIWindow(tui_window: 'gdb.TuiWindow')\nMethods:
-
close\u2013 -
render\u2013 -
hscroll\u2013 -
vscroll\u2013 -
click\u2013
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.render","title":"render","text":"close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.hscroll","title":"hscroll","text":"render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.vscroll","title":"vscroll","text":"hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.click","title":"click","text":"vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/vmmap/","title":"pwndbg.gdblib.vmmap","text":""},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap","title":"vmmap","text":"click(x: int, y: int, button: int) -> None\nRoutines to enumerate mapped memory, and attempt to associate address ranges with various ELF files and permissions.
The reason that we need robustness is that not every operating system has /proc/$$/maps, which backs 'info proc mapping'.
Functions:
-
is_corefile\u2013For example output use:
-
get_known_maps\u2013Similar to
vmmap.get(), except only returns maps in cases where -
coredump_maps\u2013Parses
info proc mappingsandmaintenance info sections -
parse_info_proc_mappings_line\u2013Parse a line from
info proc mappingsand return a pwndbg.lib.memory.Page -
info_proc_maps\u2013Parse the result of info proc mappings.
-
proc_tid_maps\u2013Parse the contents of /proc/$TID/maps on the server.
-
info_sharedlibrary\u2013Parses the output of
info sharedlibrary. -
info_files\u2013 -
info_auxv\u2013Extracts the name of the executable from the output of the command
For example output useis_corefile() -> bool\ngdb ./tests/binaries/crash_simple.out -ex run -ex 'generate-core-file ./core' -ex 'quit'
And then usegdb ./tests/binaries/crash_simple.out -core ./core -ex 'info target'
And: gdb -core ./core
As the two differ in output slighty.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.get_known_maps","title":"get_known_maps","text":"get_known_maps() -> tuple[Page, ...] | None\nSimilar to
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.coredump_maps","title":"coredump_maps","text":"vmmap.get(), except only returns maps in cases where the mappings are known, like if it's a coredump, or if process mappings are available.coredump_maps() -> tuple[Page, ...]\nParses
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.parse_info_proc_mappings_line","title":"parse_info_proc_mappings_line","text":"info proc mappingsandmaintenance info sectionsand tries to make sense out of the result :)parse_info_proc_mappings_line(\n line: str, perms_available: bool, parse_flags: bool\n) -> Page | None\nParse a line from
Example linesinfo proc mappingsand return a pwndbg.lib.memory.Page object if the line is valid.0x4c3000 0x4c5000 0x2000 0xc2000 rw-p /root/hello_world/main 0x4c5000 0x4cb000 0x6000 0x0 rw-p
The objfile column might be empty, and the permissions column is only present in GDB versions >= 12.1 bminor/binutils-gdb@29ef4c0
Parameters:
-
line(str) \u2013A line from
info proc mappings.
Returns:
-
Page | None\u2013A pwndbg.lib.memory.Page object or None.
info_proc_maps(parse_flags=True) -> tuple[Page, ...]\nParse the result of info proc mappings.
Example output:
Start Addr End Addr Size Offset Perms objfile\n 0x400000 0x401000 0x1000 0x0 r--p /root/hello_world/main\n 0x401000 0x497000 0x96000 0x1000 r-xp /root/hello_world/main\n 0x497000 0x4be000 0x27000 0x97000 r--p /root/hello_world/main\n 0x4be000 0x4c3000 0x5000 0xbd000 r--p /root/hello_world/main\n 0x4c3000 0x4c5000 0x2000 0xc2000 rw-p /root/hello_world/main\n 0x4c5000 0x4cb000 0x6000 0x0 rw-p\n 0x4cb000 0x4ed000 0x22000 0x0 rw-p [heap]\n0x7ffff7ff9000 0x7ffff7ffd000 0x4000 0x0 r--p [vvar]\n0x7ffff7ffd000 0x7ffff7fff000 0x2000 0x0 r-xp [vdso]\n0x7ffffffde000 0x7ffffffff000 0x21000 0x0 rw-p [stack]\n0xffffffffff600000 0xffffffffff601000 0x1000 0x0 --xp [vsyscall]
Note: this may return no pages due to a bug/behavior of GDB. See https://sourceware.org/bugzilla/show_bug.cgi?id=31207 for more information.
Returns:
-
Page\u2013A tuple of pwndbg.lib.memory.Page objects or an empty tuple if
-
...\u2013info proc mapping is not supported on the target.
proc_tid_maps() -> tuple[Page, ...] | None\nParse the contents of /proc/$TID/maps on the server. (TID == Thread Identifier. We do not use PID since it may not be correct)
Returns:
-
tuple[Page, ...] | None\u2013A tuple of pwndbg.lib.memory.Page objects or None if
-
tuple[Page, ...] | None\u2013/proc/$tid/maps doesn't exist or when we debug a qemu-user target
info_sharedlibrary() -> tuple[Page, ...]\nParses the output of
info sharedlibrary.Specifically, all we really want is any valid pointer into each library, and the path to the library on disk.
With this information, we can use the ELF parser to get all of the page permissions for every mapped page in the ELF.
Returns:
-
tuple[Page, ...]\u2013A list of pwndbg.lib.memory.Page objects.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_auxv","title":"info_auxv","text":"info_files() -> tuple[Page, ...]\ninfo_auxv(skip_exe: bool = False) -> tuple[Page, ...]\nExtracts the name of the executable from the output of the command \"info auxv\". Note that if the executable path is a symlink, it is not dereferenced by
info auxvand we also don't dereference it.Parameters:
-
skip_exe(bool, default:False) \u2013Do not return any mappings that belong to the exe.
Returns:
-
tuple[Page, ...]\u2013A list of pwndbg.lib.memory.Page objects.
Functions:
-
set_r2decompiler\u2013 -
decompile\u2013Return the source of the given function decompiled by ghidra.
Attributes:
-
r2decompiler\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.set_r2decompiler","title":"set_r2decompiler","text":"r2decompiler = add_param(\n \"r2decompiler\",\n \"radare2\",\n \"framework that your ghidra plugin installed\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"radare2\", \"rizin\"],\n)\n
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.decompile","title":"decompile","text":"set_r2decompiler() -> None\ndecompile(func=None)\nReturn the source of the given function decompiled by ghidra.
If no function is given, decompile the function within the current pc. This function requires radare2, r2pipe and r2ghidra, or their related rizin counterparts.
Raises Exception if any fatal error occurs.
"},{"location":"reference/pwndbg/glibc/","title":"pwndbg.glibc","text":""},{"location":"reference/pwndbg/glibc/#pwndbg.glibc","title":"glibc","text":"Get information about the GLibc
Functions:
-
set_glibc_version\u2013 -
get_version\u2013 -
get_libc_filename_from_info_sharedlibrary\u2013Get the filename of the libc by parsing the output of
info sharedlibrary. -
dump_elf_data_section\u2013Dump .data section of libc ELF file
-
dump_relocations_by_section_name\u2013Dump relocations of a section by section name of libc ELF file
-
get_section_address_by_name\u2013Find section address of libc by section name
-
OnlyWhenGlibcLoaded\u2013 -
check_safe_linking\u2013Safe-linking is a glibc 2.32 mitigation; see:
Attributes:
-
P\u2013 -
T\u2013 -
safe_lnk\u2013 -
glibc_version\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.safe_lnk","title":"safe_lnkT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.glibc_version","title":"glibc_versionsafe_lnk = add_param(\n \"safe-linking\",\n None,\n \"whether glibc uses safe-linking\",\n param_class=PARAM_AUTO_BOOLEAN,\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.set_glibc_version","title":"set_glibc_version","text":"glibc_version = add_param(\n \"glibc\",\n \"\",\n \"GLIBC version for heap heuristics resolution (e.g. 2.31)\",\n scope=\"heap\",\n)\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_version","title":"get_version","text":"set_glibc_version() -> None\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_libc_filename_from_info_sharedlibrary","title":"get_libc_filename_from_info_sharedlibrary","text":"get_version() -> tuple[int, ...] | None\nget_libc_filename_from_info_sharedlibrary() -> str | None\nGet the filename of the libc by parsing the output of
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_elf_data_section","title":"dump_elf_data_section","text":"info sharedlibrary.dump_elf_data_section() -> tuple[int, int, bytes] | None\nDump .data section of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n section_name: str,\n) -> tuple[Relocation, ...] | None\nDump relocations of a section by section name of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_section_address_by_name","title":"get_section_address_by_name","text":"get_section_address_by_name(section_name: str) -> int\nFind section address of libc by section name
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.OnlyWhenGlibcLoaded","title":"OnlyWhenGlibcLoaded","text":"
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.check_safe_linking","title":"check_safe_linking","text":"OnlyWhenGlibcLoaded(function: Callable[P, T]) -> Callable[P, T | None]\ncheck_safe_linking() -> bool\nSafe-linking is a glibc 2.32 mitigation; see: - https://lanph3re.blogspot.com/2020/08/blog-post.html - https://research.checkpoint.com/2020/safe-linking-eliminating-a-20-year-old-malloc-exploit-primitive/
"},{"location":"reference/pwndbg/hexdump/","title":"pwndbg.hexdump","text":""},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump","title":"hexdump","text":"Hexdump implementation, ~= stolen from pwntools.
Functions:
-
groupby\u2013 -
load_color_scheme\u2013 -
hexdump\u2013
Attributes:
-
color_scheme\u2013 -
printable\u2013 -
config_colorize_ascii\u2013 -
config_separator\u2013 -
config_byte_separator\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.printable","title":"printablecolor_scheme = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_colorize_ascii","title":"config_colorize_asciiprintable = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_separator","title":"config_separatorconfig_colorize_ascii = add_param(\n \"hexdump-colorize-ascii\",\n True,\n \"whether to colorize the hexdump command ascii section\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_byte_separator","title":"config_byte_separatorconfig_separator = add_param(\n \"hexdump-ascii-block-separator\",\n \"\u2502\",\n \"block separator char of the hexdump command\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.groupby","title":"groupby","text":"config_byte_separator = add_param(\n \"hexdump-byte-separator\",\n \" \",\n \"separator of single bytes in hexdump (does NOT affect group separator)\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.load_color_scheme","title":"load_color_scheme","text":"groupby(width: int, array, fill=None)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.hexdump","title":"hexdump","text":"load_color_scheme() -> None\n
"},{"location":"reference/pwndbg/integration/","title":"pwndbg.integration","text":""},{"location":"reference/pwndbg/integration/#pwndbg.integration","title":"integration","text":"hexdump(\n data: bytes,\n address: int = 0,\n width: int = 16,\n group_width: int = 4,\n flip_group_endianness: bool = False,\n skip: bool = True,\n offset: int = 0,\n size: int = 0,\n count: int = 0,\n repeat: bool = False,\n dX_call: bool = False,\n)\nModules:
-
binja\u2013Talks to an XMLRPC server running inside of an active Binary Ninja instance,
-
ida\u2013Talks to an XMLRPC server running inside of an active IDA Pro instance,
Classes:
-
IntegrationProvider\u2013A class representing an integration that provides intelligence external to GDB.
-
ConfigurableProvider\u2013A wrapper around an IntegrationProvider that skips calling functions if disabled in config.
Functions:
-
switch_providers\u2013
Attributes:
-
provider_name\u2013 -
symbol_lookup\u2013 -
smart_enhance\u2013 -
function_lookup\u2013 -
provider(IntegrationProvider) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.symbol_lookup","title":"symbol_lookupprovider_name = add_param(\n \"integration-provider\",\n \"none\",\n \"which provider to use for integration features\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"none\", \"binja\", \"ida\"],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.smart_enhance","title":"smart_enhancesymbol_lookup = add_param(\n \"integration-symbol-lookup\",\n True,\n \"whether to use integration to look up unknown symbols\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.function_lookup","title":"function_lookupsmart_enhance = add_param(\n \"integration-smart-enhance\",\n True,\n \"use integration to determine when to disassemble during enhancing\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.provider","title":"providerfunction_lookup = add_param(\n \"integration-function-lookup\",\n True,\n \"use integration to look up function type signatures\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider","title":"IntegrationProvider","text":"provider: IntegrationProvider = IntegrationProvider()\nA class representing an integration that provides intelligence external to GDB.
Methods:
-
get_symbol\u2013Get a symbol at an address, or an offset from a symbol.
-
get_versions\u2013Gets any version strings relevant to the integration,
-
is_in_function\u2013Checks if integration thinks that an address is in a function,
-
get_comment_lines\u2013Gets any comments attached to an instruction.
-
decompile\u2013Decompiles the code near an address given a line count.
-
get_func_type\u2013Gets the type signature of a function, used for argument labeling.
-
get_stack_var_name\u2013Gets the name of a stack variable based on only the address of the variable.
get_symbol(addr: int) -> str | None\nGet a symbol at an address, or an offset from a symbol.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_versions","title":"get_versions","text":"get_versions() -> tuple[str, ...]\nGets any version strings relevant to the integration, which are used when displaying the
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.is_in_function","title":"is_in_function","text":"versioncommand.is_in_function(addr: int) -> bool\nChecks if integration thinks that an address is in a function, which is used to determine if
telshould try to disassemble something.If uncertain, it's better to default to True than to False.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_comment_lines","title":"get_comment_lines","text":"get_comment_lines(addr: int) -> list[str]\nGets any comments attached to an instruction.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.decompile","title":"decompile","text":"decompile(addr: int, lines: int) -> list[str] | None\nDecompiles the code near an address given a line count.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_func_type","title":"get_func_type","text":"get_func_type(addr: int) -> Function | None\nGets the type signature of a function, used for argument labeling.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_stack_var_name(addr: int) -> str | None\nGets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider","title":"ConfigurableProviderdataclass","text":"ConfigurableProvider(inner: IntegrationProvider)\nBases:
IntegrationProviderA wrapper around an IntegrationProvider that skips calling functions if disabled in config.
Methods:
-
get_symbol\u2013 -
get_versions\u2013 -
is_in_function\u2013 -
get_comment_lines\u2013 -
decompile\u2013 -
get_func_type\u2013 -
get_stack_var_name\u2013
Attributes:
-
inner(IntegrationProvider) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_symbol","title":"get_symbol","text":"inner: IntegrationProvider\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_versions","title":"get_versions","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.is_in_function","title":"is_in_function","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_comment_lines","title":"get_comment_lines","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.decompile","title":"decompile","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_func_type","title":"get_func_type","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.switch_providers","title":"switch_providers","text":"get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/","title":"pwndbg.integration.binja","text":""},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja","title":"binja","text":"switch_providers()\nTalks to an XMLRPC server running inside of an active Binary Ninja instance, in order to query it about the database. Allows symbol resolution and interactive debugging.
Classes:
-
DarkTheme\u2013 -
LightTheme\u2013 -
BinjaProvider\u2013
Functions:
-
init_bn_rpc_client\u2013 -
with_bn\u2013 -
available\u2013 -
can_connect\u2013 -
l2r\u2013 -
r2l\u2013 -
base\u2013 -
auto_update_pc\u2013 -
auto_update_bp\u2013 -
auto_clear_pc\u2013 -
navigate_to\u2013 -
bn_to_pygment_tok\u2013 -
bn_to_pygment_theme\u2013
Attributes:
-
bn_rpc_host\u2013 -
bn_rpc_port\u2013 -
bn_timeout\u2013 -
bn_autosync\u2013 -
bn_il_level\u2013 -
P\u2013 -
T\u2013 -
K\u2013 -
themes\u2013 -
style\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_rpc_port","title":"bn_rpc_portbn_rpc_host = add_param(\n \"bn-rpc-host\", \"127.0.0.1\", \"Binary Ninja XML-RPC server host\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_timeout","title":"bn_timeoutbn_rpc_port = add_param(\n \"bn-rpc-port\", 31337, \"Binary Ninja XML-RPC server port\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_autosync","title":"bn_autosyncbn_timeout = add_param(\n \"bn-timeout\", 2, \"time to wait for Binary Ninja XML-RPC, in seconds\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_il_level","title":"bn_il_levelbn_autosync = add_param(\n \"bn-autosync\", False, \"whether to automatically run bn-sync every step\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.P","title":"Pbn_il_level = add_param(\n \"bn-il-level\",\n \"hlil\",\n \"the IL level to use when displaying Binary Ninja decompilation\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"disasm\", \"llil\", \"mlil\", \"hlil\"],\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.K","title":"KT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.themes","title":"themesK = TypeVar('K')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.style","title":"stylethemes = {}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.DarkTheme","title":"DarkTheme","text":"style = add_param(\n \"bn-decomp-style\",\n \"dark\",\n \"decompilation highlight theme for Binary Ninja\",\n help_docstring=f\"Valid values: {join(keys())})\",\n)\nBases:
StyleAttributes:
-
styles\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.LightTheme","title":"LightTheme","text":"styles = bn_to_pygment_theme(\n {\n \"TextToken\": \"#e0e0e0\",\n \"InstructionToken\": \"#eddfb3\",\n \"OperandSeparatorToken\": \"#e0e0e0\",\n \"RegisterToken\": \"#e0e0e0\",\n \"IntegerToken\": \"#a2d9af\",\n \"PossibleAddressToken\": \"#a2d9af\",\n \"BeginMemoryOperandToken\": \"#e0e0e0\",\n \"EndMemoryOperandToken\": \"#e0e0e0\",\n \"FloatingPointToken\": \"#a2d9af\",\n \"AnnotationToken\": \"#dac4d1\",\n \"CodeRelativeAddressToken\": \"#a2d9af\",\n \"ArgumentNameToken\": \"#e0e0e0\",\n \"HexDumpByteValueToken\": \"#e0e0e0\",\n \"HexDumpSkippedByteToken\": \"#e0e0e0\",\n \"HexDumpInvalidByteToken\": \"#909090\",\n \"HexDumpTextToken\": \"#e0e0e0\",\n \"OpcodeToken\": \"#909090\",\n \"StringToken\": \"#dac4d1\",\n \"CharacterConstantToken\": \"#dac4d1\",\n \"KeywordToken\": \"#eddfb3\",\n \"TypeNameToken\": \"#edbd81\",\n \"FieldNameToken\": \"#b0dde4\",\n \"NameSpaceToken\": \"#80c6e9\",\n \"NameSpaceSeparatorToken\": \"#80c6e9\",\n \"TagToken\": \"#e0e0e0\",\n \"StructOffsetToken\": \"#b0dde4\",\n \"StructOffsetByteValueToken\": \"#e0e0e0\",\n \"StructureHexDumpTextToken\": \"#e0e0e0\",\n \"GotoLabelToken\": \"#80c6e9\",\n \"CommentToken\": \"#dac4d1\",\n \"PossibleValueToken\": \"#e0e0e0\",\n \"PossibleValueTypeToken\": \"#e0e0e0\",\n \"ArrayIndexToken\": \"#a2d9af\",\n \"IndentationToken\": \"#5d5d5d\",\n \"UnknownMemoryToken\": \"#909090\",\n \"EnumerationMemberToken\": \"#eddfb3\",\n \"OperationToken\": \"#89a4b1\",\n \"BaseStructureNameToken\": \"#dac4d1\",\n \"BaseStructureSeparatorToken\": \"#dac4d1\",\n \"BraceToken\": \"#e0e0e0\",\n \"CodeSymbolToken\": \"#80c6e9\",\n \"DataSymbolToken\": \"#8ee6ed\",\n \"LocalVariableToken\": \"#e0e0e0\",\n \"ImportToken\": \"#edbd81\",\n \"AddressDisplayToken\": \"#a2d9af\",\n \"IndirectImportToken\": \"#edbd81\",\n \"ExternalSymbolToken\": \"#edbd81\",\n \"StackVariableToken\": \"#c1dcc7\",\n \"AddressSeparatorToken\": \"#e0e0e0\",\n }\n)\nBases:
StyleAttributes:
-
styles\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider","title":"BinjaProvider","text":"styles = bn_to_pygment_theme(\n {\n \"TextToken\": \"#1f1f1f\",\n \"InstructionToken\": \"#8d8d2d\",\n \"OperandSeparatorToken\": \"#1f1f1f\",\n \"RegisterToken\": \"#1f1f1f\",\n \"IntegerToken\": \"#30820d\",\n \"PossibleAddressToken\": \"#30820d\",\n \"BeginMemoryOperandToken\": \"#1f1f1f\",\n \"EndMemoryOperandToken\": \"#1f1f1f\",\n \"FloatingPointToken\": \"#30820d\",\n \"AnnotationToken\": \"#bf2624\",\n \"CodeRelativeAddressToken\": \"#30820d\",\n \"ArgumentNameToken\": \"#1f1f1f\",\n \"HexDumpByteValueToken\": \"#1f1f1f\",\n \"HexDumpSkippedByteToken\": \"#1f1f1f\",\n \"HexDumpInvalidByteToken\": \"#7a7a7a\",\n \"HexDumpTextToken\": \"#1f1f1f\",\n \"OpcodeToken\": \"#7a7a7a\",\n \"StringToken\": \"#203635\",\n \"CharacterConstantToken\": \"#203635\",\n \"KeywordToken\": \"#8d8d2d\",\n \"TypeNameToken\": \"#e07c35\",\n \"FieldNameToken\": \"#35dae0\",\n \"NameSpaceToken\": \"#00a4c7\",\n \"NameSpaceSeparatorToken\": \"#00a4c7\",\n \"TagToken\": \"#1f1f1f\",\n \"StructOffsetToken\": \"#35dae0\",\n \"StructOffsetByteValueToken\": \"#1f1f1f\",\n \"StructureHexDumpTextToken\": \"#1f1f1f\",\n \"GotoLabelToken\": \"#00a4c7\",\n \"CommentToken\": \"#bf2624\",\n \"PossibleValueToken\": \"#1f1f1f\",\n \"PossibleValueTypeToken\": \"#1f1f1f\",\n \"ArrayIndexToken\": \"#30820d\",\n \"IndentationToken\": \"#bcbcbc\",\n \"UnknownMemoryToken\": \"#7a7a7a\",\n \"EnumerationMemberToken\": \"#8d8d2d\",\n \"OperationToken\": \"#5b848d\",\n \"BaseStructureNameToken\": \"#bf2624\",\n \"BaseStructureSeparatorToken\": \"#bf2624\",\n \"BraceToken\": \"#1f1f1f\",\n \"CodeSymbolToken\": \"#00a4c7\",\n \"DataSymbolToken\": \"#278cad\",\n \"LocalVariableToken\": \"#1f1f1f\",\n \"ImportToken\": \"#e07c35\",\n \"AddressDisplayToken\": \"#30820d\",\n \"IndirectImportToken\": \"#e07c35\",\n \"ExternalSymbolToken\": \"#e07c35\",\n \"StackVariableToken\": \"#275016\",\n \"AddressSeparatorToken\": \"#1f1f1f\",\n }\n)\nBases:
IntegrationProviderMethods:
-
get_symbol\u2013 -
get_versions\u2013 -
is_in_function\u2013 -
get_comment_lines\u2013 -
decompile\u2013 -
get_func_type\u2013 -
get_stack_var_name\u2013
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_versions","title":"get_versions","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.is_in_function","title":"is_in_function","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_comment_lines","title":"get_comment_lines","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.decompile","title":"decompile","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_func_type","title":"get_func_type","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.init_bn_rpc_client","title":"init_bn_rpc_client","text":"get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.with_bn","title":"with_bn","text":"init_bn_rpc_client() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.available","title":"available","text":"with_bn(\n fallback: K = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.can_connect","title":"can_connect","text":"available() -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.l2r","title":"l2r","text":"can_connect() -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.r2l","title":"r2l","text":"l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.base","title":"base","text":"r2l(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_pc","title":"auto_update_pc","text":"base()\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_bp","title":"auto_update_bp","text":"auto_update_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_clear_pc","title":"auto_clear_pc","text":"auto_update_bp() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.navigate_to","title":"navigate_to","text":"auto_clear_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_tok","title":"bn_to_pygment_tok","text":"navigate_to(addr: int) -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_theme","title":"bn_to_pygment_theme","text":"bn_to_pygment_tok(tok: str) -> Any\n
"},{"location":"reference/pwndbg/integration/ida/","title":"pwndbg.integration.ida","text":""},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida","title":"ida","text":"bn_to_pygment_theme(theme: dict[str, str]) -> dict[Any, str]\nTalks to an XMLRPC server running inside of an active IDA Pro instance, in order to query it about the database. Allows symbol resolution and interactive debugging.
Classes:
-
IDC\u2013 -
IdaProvider\u2013
Functions:
-
init_ida_rpc_client\u2013 -
withIDA\u2013 -
withHexrays\u2013 -
takes_address\u2013 -
returns_address\u2013 -
available\u2013 -
can_connect\u2013 -
l2r\u2013 -
r2l\u2013 -
remote\u2013Runs the provided function in IDA's interpreter.
-
base\u2013 -
Comment\u2013 -
Name\u2013 -
GetFuncOffset\u2013 -
GetType\u2013 -
here\u2013 -
Jump\u2013 -
Anterior\u2013 -
GetBreakpoints\u2013 -
GetBptQty\u2013 -
GetBptEA\u2013 -
UpdateBreakpoints\u2013 -
SetColor\u2013 -
Auto_Color_PC\u2013 -
Auto_UnColor_PC\u2013 -
LocByName\u2013 -
PrevHead\u2013 -
NextHead\u2013 -
GetFunctionName\u2013 -
GetFlags\u2013 -
isASCII\u2013 -
ArgCount\u2013 -
SaveBase\u2013 -
GetIdbPath\u2013 -
has_cached_cfunc\u2013 -
decompile\u2013 -
decompile_context\u2013 -
get_ida_versions\u2013 -
GetStrucQty\u2013 -
GetStrucId\u2013 -
GetStrucName\u2013 -
GetStrucSize\u2013 -
GetMemberQty\u2013 -
GetMemberSize\u2013 -
GetMemberId\u2013 -
GetMemberName\u2013 -
GetMemberFlag\u2013 -
GetStrucNextOff\u2013 -
print_member\u2013 -
print_structs\u2013
Attributes:
-
ida_rpc_host\u2013 -
ida_rpc_port\u2013 -
ida_timeout\u2013 -
P\u2013 -
T\u2013 -
colored_pc\u2013 -
idc\u2013 -
ida_replacements\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_rpc_port","title":"ida_rpc_portida_rpc_host = add_param(\n \"ida-rpc-host\", \"127.0.0.1\", \"ida xmlrpc server address\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_timeout","title":"ida_timeoutida_rpc_port = add_param('ida-rpc-port', 31337, 'ida xmlrpc server port')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.P","title":"Pida_timeout = add_param(\n \"ida-timeout\", 2, \"time to wait for ida xmlrpc in seconds\"\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.colored_pc","title":"colored_pcT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.idc","title":"idccolored_pc = None\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_replacements","title":"ida_replacementsidc = IDC()\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IDC","title":"IDC","text":"ida_replacements = {\n \"__int64\": \"signed long long int\",\n \"__int32\": \"signed int\",\n \"__int16\": \"signed short\",\n \"__int8\": \"signed char\",\n \"__uint64\": \"unsigned long long int\",\n \"__uint32\": \"unsigned int\",\n \"__uint16\": \"unsigned short\",\n \"__uint8\": \"unsigned char\",\n \"_BOOL_1\": \"unsigned char\",\n \"_BOOL_2\": \"unsigned short\",\n \"_BOOL_4\": \"unsigned int\",\n \"_BYTE\": \"unsigned char\",\n \"_WORD\": \"unsigned short\",\n \"_DWORD\": \"unsigned int\",\n \"_QWORD\": \"unsigned long long\",\n \"__pure\": \"\",\n \"__hidden\": \"\",\n \"__return_ptr\": \"\",\n \"__struct_ptr\": \"\",\n \"__array_ptr\": \"\",\n \"__fastcall\": \"\",\n \"__cdecl\": \"\",\n \"__thiscall\": \"\",\n \"__userpurge\": \"\",\n}\nIDC()\nAttributes:
-
query\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider","title":"IdaProvider","text":"query = \"{k:v for k,v in globals()['idc'].__dict__.items() if type(v) in (int,long)}\"\nBases:
IntegrationProviderMethods:
-
get_symbol\u2013 -
get_versions\u2013 -
is_in_function\u2013 -
get_comment_lines\u2013 -
decompile\u2013 -
get_func_type\u2013 -
get_stack_var_name\u2013Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_versions","title":"get_versions","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.is_in_function","title":"is_in_function","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_comment_lines","title":"get_comment_lines","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.decompile","title":"decompile","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_func_type","title":"get_func_type","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_func_type(addr: int) -> Function | None\nget_stack_var_name(addr: int) -> str | None\nGets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.init_ida_rpc_client","title":"init_ida_rpc_client","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withIDA","title":"withIDA","text":"init_ida_rpc_client() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withHexrays","title":"withHexrays","text":"withIDA(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.takes_address","title":"takes_address","text":"withHexrays(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.returns_address","title":"returns_address","text":"takes_address(\n function: Callable[Concatenate[int, P], T],\n) -> Callable[Concatenate[int, P], T]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.available","title":"available","text":"returns_address(function: Callable[P, int]) -> Callable[P, int]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.can_connect","title":"can_connect","text":"available() -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.l2r","title":"l2r","text":"can_connect() -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.r2l","title":"r2l","text":"l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.remote","title":"remote","text":"r2l(addr: int) -> int\nremote(function) -> None\nRuns the provided function in IDA's interpreter.
The function must be self-contained and not reference any global variables.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.base","title":"base","text":"
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Comment","title":"Comment","text":"base()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Name","title":"Name","text":"Comment(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFuncOffset","title":"GetFuncOffset","text":"Name(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetType","title":"GetType","text":"GetFuncOffset(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.here","title":"here","text":"GetType(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Jump","title":"Jump","text":"here() -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Anterior","title":"Anterior","text":"Jump(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBreakpoints","title":"GetBreakpoints","text":"Anterior(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptQty","title":"GetBptQty","text":"GetBreakpoints()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptEA","title":"GetBptEA","text":"GetBptQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.UpdateBreakpoints","title":"UpdateBreakpoints","text":"GetBptEA(i: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SetColor","title":"SetColor","text":"UpdateBreakpoints() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_Color_PC","title":"Auto_Color_PC","text":"SetColor(pc, color)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_UnColor_PC","title":"Auto_UnColor_PC","text":"Auto_Color_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.LocByName","title":"LocByName","text":"Auto_UnColor_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.PrevHead","title":"PrevHead","text":"LocByName(name) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.NextHead","title":"NextHead","text":"PrevHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFunctionName","title":"GetFunctionName","text":"NextHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFlags","title":"GetFlags","text":"GetFunctionName(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.isASCII","title":"isASCII","text":"GetFlags(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ArgCount","title":"ArgCount","text":"isASCII(flags)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SaveBase","title":"SaveBase","text":"ArgCount(address) -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetIdbPath","title":"GetIdbPath","text":"SaveBase(path: str)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.has_cached_cfunc","title":"has_cached_cfunc","text":"GetIdbPath()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile","title":"decompile","text":"has_cached_cfunc(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile_context","title":"decompile_context","text":"decompile(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.get_ida_versions","title":"get_ida_versions","text":"decompile_context(pc, context_lines)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucQty","title":"GetStrucQty","text":"get_ida_versions() -> dict[str, str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucId","title":"GetStrucId","text":"GetStrucQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucName","title":"GetStrucName","text":"GetStrucId(idx)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucSize","title":"GetStrucSize","text":"GetStrucName(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberQty","title":"GetMemberQty","text":"GetStrucSize(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberSize","title":"GetMemberSize","text":"GetMemberQty(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberId","title":"GetMemberId","text":"GetMemberSize(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberName","title":"GetMemberName","text":"GetMemberId(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberFlag","title":"GetMemberFlag","text":"GetMemberName(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucNextOff","title":"GetStrucNextOff","text":"GetMemberFlag(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_member","title":"print_member","text":"GetStrucNextOff(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_structs","title":"print_structs","text":"print_member(sid, offset) -> None\n
"},{"location":"reference/pwndbg/lib/","title":"pwndbg.lib","text":""},{"location":"reference/pwndbg/lib/#pwndbg.lib","title":"lib","text":"print_structs() -> None\nModules:
-
abi\u2013 -
android\u2013 -
arch\u2013 -
cache\u2013Caches return values until some event in the inferior happens,
-
common\u2013 -
config\u2013 -
disasm\u2013 -
elftypes\u2013 -
funcparser\u2013 -
functions\u2013 -
functions_data\u2013 -
gcc\u2013Functions for determining the architecture-dependent path to
-
heap\u2013 -
kernel\u2013 -
memory\u2013Reading, writing, and describing memory.
-
net\u2013Re-implements some psutil functionality to be able to get information from
-
regs\u2013Reading register value from the inferior, and provides a
-
stdio\u2013Provides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout
-
strings\u2013 -
tempfile\u2013Common helper and cache for pwndbg tempdir
-
tips\u2013 -
version\u2013 -
which\u2013
Classes:
-
ABI\u2013Encapsulates information about a calling convention.
-
SyscallABI\u2013The syscall ABI treats the syscall number as the zeroth argument,
-
SigreturnABI\u2013The sigreturn ABI is similar to the syscall ABI, except that
Attributes:
-
linux_i386\u2013 -
linux_amd64\u2013 -
linux_arm\u2013 -
linux_aarch64\u2013 -
linux_mips\u2013 -
linux_mips64\u2013 -
linux_ppc\u2013 -
linux_ppc64\u2013 -
linux_riscv32\u2013 -
linux_riscv64\u2013 -
linux_i386_syscall\u2013 -
linux_amd64_syscall\u2013 -
linux_arm_syscall\u2013 -
linux_aarch64_syscall\u2013 -
linux_mips_syscall\u2013 -
linux_mips64_syscall\u2013 -
linux_ppc_syscall\u2013 -
linux_ppc64_syscall\u2013 -
linux_riscv32_syscall\u2013 -
linux_riscv64_syscall\u2013 -
linux_i386_sigreturn\u2013 -
linux_amd64_sigreturn\u2013 -
linux_arm_sigreturn\u2013 -
linux_i386_srop\u2013 -
linux_amd64_srop\u2013 -
linux_arm_srop\u2013 -
DEFAULT_ABIS(dict[tuple[int, str, str], ABI]) \u2013 -
SYSCALL_ABIS(dict[tuple[int, str, str], SyscallABI]) \u2013 -
SIGRETURN_ABIS(dict[tuple[int, str, str], SigreturnABI]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64","title":"linux_amd64linux_i386 = ABI([], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm","title":"linux_armlinux_amd64 = ABI(['rdi', 'rsi', 'rdx', 'rcx', 'r8', 'r9'], 8, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64","title":"linux_aarch64linux_arm = ABI(['r0', 'r1', 'r2', 'r3'], 8, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips","title":"linux_mipslinux_aarch64 = ABI(['x0', 'x1', 'x2', 'x3'], 16, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64","title":"linux_mips64linux_mips = ABI(['$a0', '$a1', '$a2', '$a3'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc","title":"linux_ppclinux_mips64 = ABI(\n [\"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\", \"$a6\", \"$a7\"], 8, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64","title":"linux_ppc64linux_ppc = ABI(['r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32","title":"linux_riscv32linux_ppc64 = ABI(['r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'], 8, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64","title":"linux_riscv64linux_riscv32 = ABI(['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_syscall","title":"linux_i386_syscalllinux_riscv64 = ABI(['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'], 8, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_syscall","title":"linux_amd64_syscalllinux_i386_syscall = SyscallABI(\n [\"eax\", \"ebx\", \"ecx\", \"edx\", \"esi\", \"edi\", \"ebp\"], 4, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_syscall","title":"linux_arm_syscalllinux_amd64_syscall = SyscallABI(\n [\"rax\", \"rdi\", \"rsi\", \"rdx\", \"r10\", \"r8\", \"r9\"], 8, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64_syscall","title":"linux_aarch64_syscalllinux_arm_syscall = SyscallABI(\n [\"r7\", \"r0\", \"r1\", \"r2\", \"r3\", \"r4\", \"r5\", \"r6\"], 4, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips_syscall","title":"linux_mips_syscalllinux_aarch64_syscall = SyscallABI(\n [\"x8\", \"x0\", \"x1\", \"x2\", \"x3\", \"x4\", \"x5\"], 16, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64_syscall","title":"linux_mips64_syscalllinux_mips_syscall = SyscallABI(['$v0', '$a0', '$a1', '$a2', '$a3'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc_syscall","title":"linux_ppc_syscalllinux_mips64_syscall = SyscallABI(\n [\"$v0\", \"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\"], 4, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64_syscall","title":"linux_ppc64_syscalllinux_ppc_syscall = SyscallABI(\n [\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\"], 4, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32_syscall","title":"linux_riscv32_syscalllinux_ppc64_syscall = SyscallABI(\n [\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\"], 8, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64_syscall","title":"linux_riscv64_syscalllinux_riscv32_syscall = SyscallABI(\n [\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"], 4, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_sigreturn","title":"linux_i386_sigreturnlinux_riscv64_syscall = SyscallABI(\n [\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"], 8, 0\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_sigreturn","title":"linux_amd64_sigreturnlinux_i386_sigreturn = SigreturnABI(['eax'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_sigreturn","title":"linux_arm_sigreturnlinux_amd64_sigreturn = SigreturnABI(['rax'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_srop","title":"linux_i386_sroplinux_arm_sigreturn = SigreturnABI(['r7'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_srop","title":"linux_amd64_sroplinux_i386_srop = ABI(['eax'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_srop","title":"linux_arm_sroplinux_amd64_srop = ABI(['rax'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.DEFAULT_ABIS","title":"DEFAULT_ABISlinux_arm_srop = ABI(['r7'], 4, 0)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SYSCALL_ABIS","title":"SYSCALL_ABISDEFAULT_ABIS: dict[tuple[int, str, str], ABI] = {\n (32, \"i386\", \"linux\"): linux_i386,\n (64, \"x86-64\", \"linux\"): linux_amd64,\n (64, \"aarch64\", \"linux\"): linux_aarch64,\n (32, \"arm\", \"linux\"): linux_arm,\n (32, \"thumb\", \"linux\"): linux_arm,\n (32, \"mips\", \"linux\"): linux_mips,\n (64, \"mips\", \"linux\"): linux_mips64,\n (32, \"powerpc\", \"linux\"): linux_ppc,\n (64, \"powerpc\", \"linux\"): linux_ppc64,\n (32, \"rv32\", \"linux\"): linux_riscv32,\n (64, \"rv64\", \"linux\"): linux_riscv64,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SIGRETURN_ABIS","title":"SIGRETURN_ABISSYSCALL_ABIS: dict[tuple[int, str, str], SyscallABI] = {\n (32, \"i386\", \"linux\"): linux_i386_syscall,\n (64, \"x86-64\", \"linux\"): linux_amd64_syscall,\n (64, \"aarch64\", \"linux\"): linux_aarch64_syscall,\n (32, \"arm\", \"linux\"): linux_arm_syscall,\n (32, \"thumb\", \"linux\"): linux_arm_syscall,\n (32, \"mips\", \"linux\"): linux_mips_syscall,\n (64, \"mips\", \"linux\"): linux_mips64_syscall,\n (32, \"powerpc\", \"linux\"): linux_ppc_syscall,\n (64, \"powerpc\", \"linux\"): linux_ppc64_syscall,\n (32, \"rv32\", \"linux\"): linux_riscv32_syscall,\n (64, \"rv64\", \"linux\"): linux_riscv64_syscall,\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI","title":"ABI","text":"SIGRETURN_ABIS: dict[tuple[int, str, str], SigreturnABI] = {\n (32, \"i386\", \"linux\"): linux_i386_sigreturn,\n (64, \"x86-64\", \"linux\"): linux_amd64_sigreturn,\n (32, \"arm\", \"linux\"): linux_arm_sigreturn,\n (32, \"thumb\", \"linux\"): linux_arm_sigreturn,\n}\nABI(regs: list[str], align: int, minimum: int)\nEncapsulates information about a calling convention.
Methods:
-
default\u2013 -
syscall\u2013 -
sigreturn\u2013
Attributes:
-
returns\u2013 -
register_arguments(list[str]) \u2013 -
arg_alignment\u2013 -
stack_minimum\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.register_arguments","title":"register_argumentsreturns = True\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.arg_alignment","title":"arg_alignmentregister_arguments: list[str] = regs\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.stack_minimum","title":"stack_minimumarg_alignment = align\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.default","title":"defaultstack_minimum = minimum\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.syscall","title":"syscalldefault() -> ABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.sigreturn","title":"sigreturnsyscall() -> SyscallABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI","title":"SyscallABI","text":"sigreturn() -> SigreturnABI\nSyscallABI(register_arguments: list[str], *a: Any, **kw: Any)\nBases:
ABIThe syscall ABI treats the syscall number as the zeroth argument, which must be loaded into the specified register.
Methods:
-
default\u2013 -
syscall\u2013 -
sigreturn\u2013
Attributes:
-
syscall_register\u2013 -
register_arguments(list[str]) \u2013 -
arg_alignment\u2013 -
stack_minimum\u2013 -
returns\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.register_arguments","title":"register_argumentssyscall_register = pop(0)\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.arg_alignment","title":"arg_alignmentregister_arguments: list[str] = regs\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.stack_minimum","title":"stack_minimumarg_alignment = align\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.returns","title":"returnsstack_minimum = minimum\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.default","title":"defaultreturns = True\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.syscall","title":"syscalldefault() -> ABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.sigreturn","title":"sigreturnsyscall() -> SyscallABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI","title":"SigreturnABI","text":"sigreturn() -> SigreturnABI\nSigreturnABI(register_arguments: list[str], *a: Any, **kw: Any)\nBases:
SyscallABIThe sigreturn ABI is similar to the syscall ABI, except that both PC and SP are loaded from the stack. Because of this, there is no 'return' slot necessary on the stack.
Methods:
-
default\u2013 -
syscall\u2013 -
sigreturn\u2013
Attributes:
-
returns\u2013 -
register_arguments(list[str]) \u2013 -
arg_alignment\u2013 -
stack_minimum\u2013 -
syscall_register\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.register_arguments","title":"register_argumentsreturns = False\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.arg_alignment","title":"arg_alignmentregister_arguments: list[str] = regs\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.stack_minimum","title":"stack_minimumarg_alignment = align\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.syscall_register","title":"syscall_registerstack_minimum = minimum\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.default","title":"defaultsyscall_register = pop(0)\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.syscall","title":"syscalldefault() -> ABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.sigreturn","title":"sigreturnsyscall() -> SyscallABI\nstaticmethod","text":"
"},{"location":"reference/pwndbg/lib/android/","title":"pwndbg.lib.android","text":""},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android","title":"android","text":"sigreturn() -> SigreturnABI\nFunctions:
-
aid_name\u2013
Attributes:
-
KNOWN_AIDS\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android.aid_name","title":"aid_name","text":"KNOWN_AIDS = {\n 0: \"AID_ROOT\",\n 1000: \"AID_SYSTEM\",\n 1001: \"AID_RADIO\",\n 1002: \"AID_BLUETOOTH\",\n 1003: \"AID_GRAPHICS\",\n 1004: \"AID_INPUT\",\n 1005: \"AID_AUDIO\",\n 1006: \"AID_CAMERA\",\n 1007: \"AID_LOG\",\n 1008: \"AID_COMPASS\",\n 1009: \"AID_MOUNT\",\n 1010: \"AID_WIFI\",\n 1011: \"AID_ADB\",\n 1012: \"AID_INSTALL\",\n 1013: \"AID_MEDIA\",\n 1014: \"AID_DHCP\",\n 1015: \"AID_SDCARD_RW\",\n 1016: \"AID_VPN\",\n 1017: \"AID_KEYSTORE\",\n 1018: \"AID_USB\",\n 1019: \"AID_DRM\",\n 1020: \"AID_MDNSR\",\n 1021: \"AID_GPS\",\n 1022: \"AID_UNUSED1\",\n 1023: \"AID_MEDIA_RW\",\n 1024: \"AID_MTP\",\n 1025: \"AID_UNUSED2\",\n 1026: \"AID_DRMRPC\",\n 1027: \"AID_NFC\",\n 1028: \"AID_SDCARD_R\",\n 1029: \"AID_CLAT\",\n 1030: \"AID_LOOP_RADIO\",\n 1031: \"AID_MEDIA_DRM\",\n 1032: \"AID_PACKAGE_INFO\",\n 1033: \"AID_SDCARD_PICS\",\n 1034: \"AID_SDCARD_AV\",\n 1035: \"AID_SDCARD_ALL\",\n 1036: \"AID_LOGD\",\n 1037: \"AID_SHARED_RELRO\",\n 1038: \"AID_DBUS\",\n 1039: \"AID_TLSDATE\",\n 1040: \"AID_MEDIA_EX\",\n 1041: \"AID_AUDIOSERVER\",\n 1042: \"AID_METRICS_COLL\",\n 1043: \"AID_METRICSD\",\n 1044: \"AID_WEBSERV\",\n 1045: \"AID_DEBUGGERD\",\n 1046: \"AID_MEDIA_CODEC\",\n 1047: \"AID_CAMERASERVER\",\n 1048: \"AID_FIREWALL\",\n 1049: \"AID_TRUNKS\",\n 1050: \"AID_NVRAM\",\n 2001: \"AID_CACHE\",\n 2002: \"AID_DIAG\",\n 2900: \"AID_OEM_RESERVED_START\",\n 2999: \"AID_OEM_RESERVED_END\",\n 3001: \"AID_NET_BT_ADMIN\",\n 3002: \"AID_NET_BT\",\n 3003: \"AID_INET\",\n 3004: \"AID_NET_RAW\",\n 3005: \"AID_NET_ADMIN\",\n 3006: \"AID_NET_BW_STATS\",\n 3007: \"AID_NET_BW_ACCT\",\n 3008: \"AID_NET_BT_STACK\",\n 3009: \"AID_READPROC\",\n 3010: \"AID_WAKELOCK\",\n 5000: \"AID_OEM_RESERVED_2_START\",\n 5999: \"AID_OEM_RESERVED_2_END\",\n 9997: \"AID_EVERYBODY\",\n 9998: \"AID_MISC\",\n 9999: \"AID_NOBODY\",\n 10000: \"AID_APP\",\n 50000: \"AID_SHARED_GID_START\",\n 59999: \"AID_SHARED_GID_END\",\n 99000: \"AID_ISOLATED_START\",\n 99999: \"AID_ISOLATED_END\",\n 100000: \"AID_USER\",\n}\n
"},{"location":"reference/pwndbg/lib/arch/","title":"pwndbg.lib.arch","text":""},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch","title":"arch","text":"aid_name(uid: int) -> str\nClasses:
-
Arch\u2013
Attributes:
-
PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\u2013 -
PWNDBG_SUPPORTED_ARCHITECTURES(list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE]) \u2013 -
PWNLIB_ARCH_MAPPINGS\u2013 -
FMT_LITTLE_ENDIAN\u2013 -
FMT_BIG_ENDIAN\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNDBG_SUPPORTED_ARCHITECTURES","title":"PWNDBG_SUPPORTED_ARCHITECTURESPWNDBG_SUPPORTED_ARCHITECTURES_TYPE = Literal[\n \"x86-64\",\n \"i386\",\n \"i8086\",\n \"mips\",\n \"aarch64\",\n \"arm\",\n \"armcm\",\n \"rv32\",\n \"rv64\",\n \"sparc\",\n \"powerpc\",\n \"loongarch64\",\n \"s390x\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNLIB_ARCH_MAPPINGS","title":"PWNLIB_ARCH_MAPPINGSPWNDBG_SUPPORTED_ARCHITECTURES: list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE] = (\n list(get_args(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE))\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.FMT_LITTLE_ENDIAN","title":"FMT_LITTLE_ENDIANPWNLIB_ARCH_MAPPINGS = {\n \"x86-64\": \"amd64\",\n \"i386\": \"i386\",\n \"i8086\": \"none\",\n \"mips\": \"mips\",\n \"aarch64\": \"aarch64\",\n \"arm\": \"arm\",\n \"armcm\": \"thumb\",\n \"rv32\": \"riscv32\",\n \"rv64\": \"riscv64\",\n \"powerpc\": \"powerpc\",\n \"sparc\": \"sparc\",\n \"loongarch64\": \"none\",\n \"s390x\": \"s390\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.FMT_BIG_ENDIAN","title":"FMT_BIG_ENDIANFMT_LITTLE_ENDIAN = {1: 'B', 2: '<H', 4: '<I', 8: '<Q'}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch","title":"Arch","text":"FMT_BIG_ENDIAN = {1: 'B', 2: '>H', 4: '>I', 8: '>Q'}\nArch(\n arch_name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n ptrsize: int,\n endian: Literal[\"little\", \"big\"],\n)\nMethods:
-
update\u2013 -
pack\u2013 -
unpack\u2013 -
pack_size\u2013 -
unpack_size\u2013
Attributes:
-
native_endian\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch.update","title":"update","text":"native_endian = str(byteorder)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch.pack","title":"pack","text":"update(\n arch_name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n ptrsize: int,\n endian: Literal[\"little\", \"big\"],\n) -> None\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch.unpack","title":"unpack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch.pack_size","title":"pack_size","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Arch.unpack_size","title":"unpack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/lib/cache/","title":"pwndbg.lib.cache","text":""},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache","title":"cache","text":"unpack_size(data: bytes, size: int) -> int\nCaches return values until some event in the inferior happens, e.g. execution stops because of a SIGINT or breakpoint, or a new library/objfile are loaded, etc.
Classes:
-
DebugCacheDict\u2013
Functions:
-
connect_clear_caching_events\u2013Connect given debugger event hooks to correspoonding _CacheUntilEvent instances
-
cache_until\u2013 -
clear_caches\u2013 -
clear_cache\u2013
Attributes:
-
T\u2013 -
P\u2013 -
debug\u2013 -
debug_name\u2013 -
Cache\u2013 -
IS_CACHING\u2013 -
IS_CACHING_DISABLED_FOR(dict[str, bool]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.P","title":"PT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug","title":"debugP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug_name","title":"debug_namedebug = NO_DEBUG\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.Cache","title":"Cachedebug_name = 'regs'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING","title":"IS_CACHINGCache = Union[Dict[Tuple[Any, ...], Any], DebugCacheDict]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING_DISABLED_FOR","title":"IS_CACHING_DISABLED_FORIS_CACHING = True\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict","title":"DebugCacheDict","text":"IS_CACHING_DISABLED_FOR: dict[str, bool] = {\n \"stop\": False,\n \"exit\": False,\n \"objfile\": False,\n \"start\": False,\n \"cont\": False,\n \"thread\": False,\n \"prompt\": False,\n \"forever\": False,\n}\nDebugCacheDict(func: Callable[P, T], *args: Any, **kwargs: Any)\nBases:
UserDictMethods:
-
__getitem__\u2013 -
__setitem__\u2013 -
clear\u2013
Attributes:
-
hits\u2013 -
misses\u2013 -
func\u2013 -
name\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.misses","title":"misseshits = 0\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.func","title":"funcmisses = 0\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.name","title":"namefunc = func\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__getitem__","title":"__getitem__","text":"name = f'{split('.')[-1]}.{__name__}'\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__setitem__","title":"__setitem__","text":"__getitem__(key: tuple[Any, ...]) -> Any\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.clear","title":"clear","text":"__setitem__(key: tuple[Any, ...], value: Any) -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.connect_clear_caching_events","title":"connect_clear_caching_events","text":"clear() -> None\nconnect_clear_caching_events(\n event_dicts: dict[str, tuple[Any, ...]], **kwargs: Any\n) -> None\nConnect given debugger event hooks to correspoonding _CacheUntilEvent instances
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.cache_until","title":"cache_until","text":"
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_caches","title":"clear_caches","text":"cache_until(\n *event_names: str,\n) -> Callable[[Callable[P, T]], Callable[P, T]]\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_cache","title":"clear_cache","text":"clear_caches() -> None\n
"},{"location":"reference/pwndbg/lib/common/","title":"pwndbg.lib.common","text":""},{"location":"reference/pwndbg/lib/common/#pwndbg.lib.common","title":"common","text":"clear_cache(cache_name: str) -> None\nFunctions:
-
hex2ptr_common\u2013Converts a hex string to a little-endian integer address.
hex2ptr_common(arg: str) -> int\nConverts a hex string to a little-endian integer address.
"},{"location":"reference/pwndbg/lib/config/","title":"pwndbg.lib.config","text":""},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config","title":"config","text":"Classes:
-
Parameter\u2013 -
Config\u2013
Attributes:
-
T\u2013 -
PARAM_BOOLEAN\u2013 -
PARAM_ZINTEGER\u2013 -
PARAM_STRING\u2013 -
PARAM_ZUINTEGER\u2013 -
PARAM_ENUM\u2013 -
PARAM_OPTIONAL_FILENAME\u2013 -
PARAM_AUTO_BOOLEAN\u2013 -
PARAM_ZUINTEGER_UNLIMITED\u2013 -
PARAM_INTEGER\u2013 -
PARAM_UINTEGER\u2013 -
PARAM_CLASSES\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_BOOLEAN","title":"PARAM_BOOLEANT = TypeVar('T')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZINTEGER","title":"PARAM_ZINTEGERPARAM_BOOLEAN = 0\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_STRING","title":"PARAM_STRINGPARAM_ZINTEGER = 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER","title":"PARAM_ZUINTEGERPARAM_STRING = 2\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ENUM","title":"PARAM_ENUMPARAM_ZUINTEGER = 3\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_OPTIONAL_FILENAME","title":"PARAM_OPTIONAL_FILENAMEPARAM_ENUM = 4\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_AUTO_BOOLEAN","title":"PARAM_AUTO_BOOLEANPARAM_OPTIONAL_FILENAME = 5\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER_UNLIMITED","title":"PARAM_ZUINTEGER_UNLIMITEDPARAM_AUTO_BOOLEAN = 6\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_INTEGER","title":"PARAM_INTEGERPARAM_ZUINTEGER_UNLIMITED = 7\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_UINTEGER","title":"PARAM_UINTEGERPARAM_INTEGER = 8\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_CLASSES","title":"PARAM_CLASSESPARAM_UINTEGER = 9\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter","title":"Parameter","text":"PARAM_CLASSES = {bool: PARAM_BOOLEAN, int: PARAM_ZINTEGER, str: PARAM_STRING}\nParameter(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: str = \"config\",\n)\nMethods:
-
add_update_listener\u2013 -
revert_default\u2013 -
attr_name\u2013Returns the attribute name associated with this config option,
-
__getattr__\u2013 -
pretty_val\u2013Convert a value this object could contain to its pretty string representation.
-
pretty\u2013 -
pretty_default\u2013 -
__int__\u2013 -
__str__\u2013 -
__bool__\u2013 -
__eq__\u2013 -
__lt__\u2013 -
__add__\u2013 -
__radd__\u2013 -
__sub__\u2013 -
__rsub__\u2013 -
__mul__\u2013 -
__rmul__\u2013 -
__div__\u2013 -
__floordiv__\u2013 -
__pow__\u2013 -
__mod__\u2013 -
__len__\u2013
Attributes:
-
name\u2013 -
default\u2013 -
param_class\u2013 -
set_show_doc\u2013 -
help_docstring\u2013 -
enum_sequence\u2013 -
scope\u2013 -
update_listeners(list[Callable[[Any], None]]) \u2013 -
value(Any) \u2013 -
is_changed(bool) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.default","title":"defaultname = name\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.param_class","title":"param_classdefault = default\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.set_show_doc","title":"set_show_docparam_class = param_class or PARAM_CLASSES[type(default)]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.help_docstring","title":"help_docstringset_show_doc = strip()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.enum_sequence","title":"enum_sequencehelp_docstring = strip()\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.scope","title":"scopeenum_sequence = enum_sequence\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.update_listeners","title":"update_listenersscope = scope\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.value","title":"valueupdate_listeners: list[Callable[[Any], None]] = []\npropertywritable","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.is_changed","title":"is_changedvalue: Any\nproperty","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.add_update_listener","title":"add_update_listener","text":"is_changed: bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.revert_default","title":"revert_default","text":"add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.attr_name","title":"attr_name","text":"revert_default() -> None\nattr_name() -> str\nReturns the attribute name associated with this config option, i.e.
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__getattr__","title":"__getattr__","text":"my-confighas the attribute namemy_config
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_val","title":"pretty_val","text":"__getattr__(name: str)\npretty_val(val: Any) -> str\nConvert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty","title":"pretty","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_default","title":"pretty_default","text":"pretty() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__int__","title":"__int__","text":"pretty_default() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__str__","title":"__str__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__bool__","title":"__bool__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__eq__","title":"__eq__","text":"__bool__() -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__lt__","title":"__lt__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__add__","title":"__add__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__radd__","title":"__radd__","text":"__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__sub__","title":"__sub__","text":"__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rsub__","title":"__rsub__","text":"__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mul__","title":"__mul__","text":"__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rmul__","title":"__rmul__","text":"__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__div__","title":"__div__","text":"__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__floordiv__","title":"__floordiv__","text":"__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__pow__","title":"__pow__","text":"__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mod__","title":"__mod__","text":"__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__len__","title":"__len__","text":"__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config","title":"Config","text":"__len__() -> int\nConfig()\nMethods:
-
add_param\u2013 -
add_param_obj\u2013 -
trigger\u2013 -
get_params\u2013 -
__getattr__\u2013 -
__setattr__\u2013
Attributes:
-
params(dict[str, Parameter]) \u2013 -
triggers(DefaultDict[str, list[Callable[..., Any]]]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.triggers","title":"triggersparams: dict[str, Parameter] = {}\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param","title":"add_param","text":"triggers: DefaultDict[str, list[Callable[..., Any]]] = defaultdict(list)\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param_obj","title":"add_param_obj","text":"add_param(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: str = \"config\",\n) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.trigger","title":"trigger","text":"add_param_obj(p: Parameter) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.get_params","title":"get_params","text":"trigger(*params: Parameter) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__getattr__","title":"__getattr__","text":"get_params(scope: str) -> list[Parameter]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__setattr__","title":"__setattr__","text":"__getattr__(name: str) -> Parameter\n
"},{"location":"reference/pwndbg/lib/disasm/","title":"pwndbg.lib.disasm","text":""},{"location":"reference/pwndbg/lib/disasm/#pwndbg.lib.disasm","title":"disasm","text":"__setattr__(attr, val)\nModules:
-
helpers\u2013
Functions:
-
to_signed\u2013Returns the signed number associated with the two's-complement binary representation of
unsigned -
logical_shift_left\u2013 -
logical_shift_right\u2013nis truncated to the width ofbit_widthbefore the operation takes place. -
rotate_right\u2013nis truncated to the width ofbit_widthbefore the operation takes place. -
arithmetic_shift_right\u2013This returns the value represented by the two's-complement binary representation of the final result.
to_signed(unsigned: int, bit_width: int)\nReturns the signed number associated with the two's-complement binary representation of
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_left","title":"logical_shift_left","text":"unsigned
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_right","title":"logical_shift_right","text":"logical_shift_left(n: int, shift_amt: int, bit_width: int)\nlogical_shift_right(n: int, shift_amt: int, bit_width: int)\n
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.rotate_right","title":"rotate_right","text":"nis truncated to the width ofbit_widthbefore the operation takes place.rotate_right(n: int, shift_amt: int, bit_width: int)\n
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.arithmetic_shift_right","title":"arithmetic_shift_right","text":"nis truncated to the width ofbit_widthbefore the operation takes place.arithmetic_shift_right(n: int, shift_amt: int, bit_width: int)\nThis returns the value represented by the two's-complement binary representation of the final result. This means the result could be negative (if the top bit of the input is negative)
"},{"location":"reference/pwndbg/lib/elftypes/","title":"pwndbg.lib.elftypes","text":""},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes","title":"elftypes","text":"nis truncated to the width ofbit_widthbefore the operation takes place.Classes:
-
constants\u2013 -
Elf32_Ehdr\u2013 -
Elf64_Ehdr\u2013 -
Elf32_Phdr\u2013 -
Elf64_Phdr\u2013 -
AUXV\u2013
Attributes:
-
Elf32_Addr\u2013 -
Elf32_Half\u2013 -
Elf32_Off\u2013 -
Elf32_Sword\u2013 -
Elf32_Word\u2013 -
Elf64_Addr\u2013 -
Elf64_Half\u2013 -
Elf64_SHalf\u2013 -
Elf64_Off\u2013 -
Elf64_Sword\u2013 -
Elf64_Word\u2013 -
Elf64_Xword\u2013 -
Elf64_Sxword\u2013 -
AT_CONSTANTS(dict[int, str]) \u2013 -
AT_CONSTANT_NAMES\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Half","title":"Elf32_HalfElf32_Addr = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Off","title":"Elf32_OffElf32_Half = c_uint16\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Sword","title":"Elf32_SwordElf32_Off = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Word","title":"Elf32_WordElf32_Sword = c_int32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Addr","title":"Elf64_AddrElf32_Word = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Half","title":"Elf64_HalfElf64_Addr = c_uint64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_SHalf","title":"Elf64_SHalfElf64_Half = c_uint16\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Off","title":"Elf64_OffElf64_SHalf = c_int16\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sword","title":"Elf64_SwordElf64_Off = c_uint64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Word","title":"Elf64_WordElf64_Sword = c_int32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Xword","title":"Elf64_XwordElf64_Word = c_uint32\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sxword","title":"Elf64_SxwordElf64_Xword = c_uint64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANTS","title":"AT_CONSTANTSElf64_Sxword = c_int64\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANT_NAMES","title":"AT_CONSTANT_NAMESAT_CONSTANTS: dict[int, str] = {\n 0: \"AT_NULL\",\n 1: \"AT_IGNORE\",\n 2: \"AT_EXECFD\",\n 3: \"AT_PHDR\",\n 4: \"AT_PHENT\",\n 5: \"AT_PHNUM\",\n 6: \"AT_PAGESZ\",\n 7: \"AT_BASE\",\n 8: \"AT_FLAGS\",\n 9: \"AT_ENTRY\",\n 10: \"AT_NOTELF\",\n 11: \"AT_UID\",\n 12: \"AT_EUID\",\n 13: \"AT_GID\",\n 14: \"AT_EGID\",\n 15: \"AT_PLATFORM\",\n 16: \"AT_HWCAP\",\n 17: \"AT_CLKTCK\",\n 18: \"AT_FPUCW\",\n 19: \"AT_DCACHEBSIZE\",\n 20: \"AT_ICACHEBSIZE\",\n 21: \"AT_UCACHEBSIZE\",\n 22: \"AT_IGNOREPPC\",\n 23: \"AT_SECURE\",\n 24: \"AT_BASE_PLATFORM\",\n 25: \"AT_RANDOM\",\n 26: \"AT_HWCAP2\",\n 27: \"AT_RSEQ_FEATURE_SIZE\",\n 28: \"AT_RSEQ_ALIGN\",\n 29: \"AT_HWCAP3\",\n 30: \"AT_HWCAP4\",\n 31: \"AT_EXECFN\",\n 32: \"AT_SYSINFO\",\n 33: \"AT_SYSINFO_EHDR\",\n 34: \"AT_L1I_CACHESHAPE\",\n 35: \"AT_L1D_CACHESHAPE\",\n 36: \"AT_L2_CACHESHAPE\",\n 37: \"AT_L3_CACHESHAPE\",\n 40: \"AT_L1I_CACHESIZE\",\n 41: \"AT_L1I_CACHEGEOMETRY\",\n 42: \"AT_L1D_CACHESIZE\",\n 43: \"AT_L1D_CACHEGEOMETRY\",\n 44: \"AT_L2_CACHESIZE\",\n 45: \"AT_L2_CACHEGEOMETRY\",\n 46: \"AT_L3_CACHESIZE\",\n 47: \"AT_L3_CACHEGEOMETRY\",\n 51: \"AT_MINSIGSTKSZ\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants","title":"constants","text":"AT_CONSTANT_NAMES = {v: _zfor (k, v) in items()}\nAttributes:
-
EI_MAG0\u2013 -
EI_MAG1\u2013 -
EI_MAG2\u2013 -
EI_MAG3\u2013 -
EI_CLASS\u2013 -
EI_DATA\u2013 -
EI_VERSION\u2013 -
EI_OSABI\u2013 -
EI_ABIVERSION\u2013 -
EI_PAD\u2013 -
EI_NIDENT\u2013 -
ELFMAG0\u2013 -
ELFMAG1\u2013 -
ELFMAG2\u2013 -
ELFMAG3\u2013 -
ELFCLASSNONE\u2013 -
ELFCLASS32\u2013 -
ELFCLASS64\u2013 -
ELFDATANONE\u2013 -
ELFDATA2LSB\u2013 -
ELFDATA2MSB\u2013 -
PT_NULL\u2013 -
PT_LOAD\u2013 -
PT_DYNAMIC\u2013 -
PT_INTERP\u2013 -
PT_NOTE\u2013 -
PT_SHLIB\u2013 -
PT_PHDR\u2013 -
PT_TLS\u2013 -
ET_NONE\u2013 -
ET_REL\u2013 -
ET_EXEC\u2013 -
ET_DYN\u2013 -
ET_CORE\u2013 -
DT_NULL\u2013 -
DT_NEEDED\u2013 -
DT_PLTRELSZ\u2013 -
DT_PLTGOT\u2013 -
DT_HASH\u2013 -
DT_STRTAB\u2013 -
DT_SYMTAB\u2013 -
DT_RELA\u2013 -
DT_RELASZ\u2013 -
DT_RELAENT\u2013 -
DT_STRSZ\u2013 -
DT_SYMENT\u2013 -
DT_INIT\u2013 -
DT_FINI\u2013 -
DT_SONAME\u2013 -
DT_RPATH\u2013 -
DT_SYMBOLIC\u2013 -
DT_REL\u2013 -
DT_RELSZ\u2013 -
DT_RELENT\u2013 -
DT_PLTREL\u2013 -
DT_DEBUG\u2013 -
DT_TEXTREL\u2013 -
DT_JMPREL\u2013 -
DT_ENCODING\u2013 -
SHT_NULL\u2013 -
SHT_PROGBITS\u2013 -
SHT_SYMTAB\u2013 -
SHT_STRTAB\u2013 -
SHT_RELA\u2013 -
SHT_HASH\u2013 -
SHT_DYNAMIC\u2013 -
SHT_NOTE\u2013 -
SHT_NOBITS\u2013 -
SHT_REL\u2013 -
SHT_SHLIB\u2013 -
SHT_DYNSYM\u2013 -
SHT_NUM\u2013 -
STT_NOTYPE\u2013 -
STT_OBJECT\u2013 -
STT_FUNC\u2013 -
STT_SECTION\u2013 -
STT_FILE\u2013 -
STT_COMMON\u2013 -
STT_TLS\u2013 -
NT_PRSTATUS\u2013 -
NT_PRFPREG\u2013 -
NT_PRPSINFO\u2013 -
NT_TASKSTRUCT\u2013 -
NT_AUXV\u2013 -
NT_SIGINFO\u2013 -
NT_FILE\u2013 -
NT_PRXFPREG\u2013 -
NT_PPC_VMX\u2013 -
NT_PPC_SPE\u2013 -
NT_PPC_VSX\u2013 -
NT_386_TLS\u2013 -
NT_386_IOPERM\u2013 -
NT_X86_XSTATE\u2013 -
NT_S390_HIGH_GPRS\u2013 -
NT_S390_TIMER\u2013 -
NT_S390_TODCMP\u2013 -
NT_S390_TODPREG\u2013 -
NT_S390_CTRS\u2013 -
NT_S390_PREFIX\u2013 -
NT_S390_LAST_BREAK\u2013 -
NT_S390_SYSTEM_CALL\u2013 -
NT_S390_TDB\u2013 -
NT_ARM_VFP\u2013 -
NT_ARM_TLS\u2013 -
NT_ARM_HW_BREAK\u2013 -
NT_ARM_HW_WATCH\u2013 -
NT_METAG_CBUF\u2013 -
NT_METAG_RPIPE\u2013 -
NT_METAG_TLS\u2013 -
AT_NULL\u2013 -
AT_IGNORE\u2013 -
AT_EXECFD\u2013 -
AT_PHDR\u2013 -
AT_PHENT\u2013 -
AT_PHNUM\u2013 -
AT_PAGESZ\u2013 -
AT_BASE\u2013 -
AT_FLAGS\u2013 -
AT_ENTRY\u2013 -
AT_NOTELF\u2013 -
AT_UID\u2013 -
AT_EUID\u2013 -
AT_GID\u2013 -
AT_EGID\u2013 -
AT_PLATFORM\u2013 -
AT_HWCAP\u2013 -
AT_CLKTCK\u2013 -
AT_FPUCW\u2013 -
AT_DCACHEBSIZE\u2013 -
AT_ICACHEBSIZE\u2013 -
AT_UCACHEBSIZE\u2013 -
AT_IGNOREPPC\u2013 -
AT_SECURE\u2013 -
AT_BASE_PLATFORM\u2013 -
AT_RANDOM\u2013 -
AT_EXECFN\u2013 -
AT_SYSINFO\u2013 -
AT_SYSINFO_EHDR\u2013 -
AT_L1I_CACHESHAPE\u2013 -
AT_L1D_CACHESHAPE\u2013 -
AT_L2_CACHESHAPE\u2013 -
AT_L3_CACHESHAPE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG1","title":"EI_MAG1EI_MAG0 = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG2","title":"EI_MAG2EI_MAG1 = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG3","title":"EI_MAG3EI_MAG2 = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_CLASS","title":"EI_CLASSEI_MAG3 = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_DATA","title":"EI_DATAEI_CLASS = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_VERSION","title":"EI_VERSIONEI_DATA = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_OSABI","title":"EI_OSABIEI_VERSION = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_ABIVERSION","title":"EI_ABIVERSIONEI_OSABI = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_PAD","title":"EI_PADEI_ABIVERSION = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_NIDENT","title":"EI_NIDENTEI_PAD = 9\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG0","title":"ELFMAG0EI_NIDENT = 16\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG1","title":"ELFMAG1ELFMAG0 = 127\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG2","title":"ELFMAG2ELFMAG1 = ord('E')\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG3","title":"ELFMAG3ELFMAG2 = ord('L')\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASSNONE","title":"ELFCLASSNONEELFMAG3 = ord('F')\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS32","title":"ELFCLASS32ELFCLASSNONE = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS64","title":"ELFCLASS64ELFCLASS32 = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATANONE","title":"ELFDATANONEELFCLASS64 = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2LSB","title":"ELFDATA2LSBELFDATANONE = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2MSB","title":"ELFDATA2MSBELFDATA2LSB = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NULL","title":"PT_NULLELFDATA2MSB = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_LOAD","title":"PT_LOADPT_NULL = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_DYNAMIC","title":"PT_DYNAMICPT_LOAD = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_INTERP","title":"PT_INTERPPT_DYNAMIC = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NOTE","title":"PT_NOTEPT_INTERP = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_SHLIB","title":"PT_SHLIBPT_NOTE = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_PHDR","title":"PT_PHDRPT_SHLIB = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_TLS","title":"PT_TLSPT_PHDR = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_NONE","title":"ET_NONEPT_TLS = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_REL","title":"ET_RELET_NONE = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_EXEC","title":"ET_EXECET_REL = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_DYN","title":"ET_DYNET_EXEC = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_CORE","title":"ET_COREET_DYN = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NULL","title":"DT_NULLET_CORE = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NEEDED","title":"DT_NEEDEDDT_NULL = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTRELSZ","title":"DT_PLTRELSZDT_NEEDED = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTGOT","title":"DT_PLTGOTDT_PLTRELSZ = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_HASH","title":"DT_HASHDT_PLTGOT = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRTAB","title":"DT_STRTABDT_HASH = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMTAB","title":"DT_SYMTABDT_STRTAB = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELA","title":"DT_RELADT_SYMTAB = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELASZ","title":"DT_RELASZDT_RELA = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELAENT","title":"DT_RELAENTDT_RELASZ = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRSZ","title":"DT_STRSZDT_RELAENT = 9\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMENT","title":"DT_SYMENTDT_STRSZ = 10\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_INIT","title":"DT_INITDT_SYMENT = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_FINI","title":"DT_FINIDT_INIT = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SONAME","title":"DT_SONAMEDT_FINI = 13\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RPATH","title":"DT_RPATHDT_SONAME = 14\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMBOLIC","title":"DT_SYMBOLICDT_RPATH = 15\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_REL","title":"DT_RELDT_SYMBOLIC = 16\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELSZ","title":"DT_RELSZDT_REL = 17\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELENT","title":"DT_RELENTDT_RELSZ = 18\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTREL","title":"DT_PLTRELDT_RELENT = 19\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_DEBUG","title":"DT_DEBUGDT_PLTREL = 20\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_TEXTREL","title":"DT_TEXTRELDT_DEBUG = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_JMPREL","title":"DT_JMPRELDT_TEXTREL = 22\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_ENCODING","title":"DT_ENCODINGDT_JMPREL = 23\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NULL","title":"SHT_NULLDT_ENCODING = 32\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_PROGBITS","title":"SHT_PROGBITSSHT_NULL = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SYMTAB","title":"SHT_SYMTABSHT_PROGBITS = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_STRTAB","title":"SHT_STRTABSHT_SYMTAB = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_RELA","title":"SHT_RELASHT_STRTAB = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_HASH","title":"SHT_HASHSHT_RELA = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNAMIC","title":"SHT_DYNAMICSHT_HASH = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOTE","title":"SHT_NOTESHT_DYNAMIC = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOBITS","title":"SHT_NOBITSSHT_NOTE = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_REL","title":"SHT_RELSHT_NOBITS = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SHLIB","title":"SHT_SHLIBSHT_REL = 9\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNSYM","title":"SHT_DYNSYMSHT_SHLIB = 10\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NUM","title":"SHT_NUMSHT_DYNSYM = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_NOTYPE","title":"STT_NOTYPESHT_NUM = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_OBJECT","title":"STT_OBJECTSTT_NOTYPE = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FUNC","title":"STT_FUNCSTT_OBJECT = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_SECTION","title":"STT_SECTIONSTT_FUNC = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FILE","title":"STT_FILESTT_SECTION = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_COMMON","title":"STT_COMMONSTT_FILE = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_TLS","title":"STT_TLSSTT_COMMON = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRSTATUS","title":"NT_PRSTATUSSTT_TLS = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRFPREG","title":"NT_PRFPREGNT_PRSTATUS = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRPSINFO","title":"NT_PRPSINFONT_PRFPREG = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_TASKSTRUCT","title":"NT_TASKSTRUCTNT_PRPSINFO = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_AUXV","title":"NT_AUXVNT_TASKSTRUCT = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_SIGINFO","title":"NT_SIGINFONT_AUXV = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_FILE","title":"NT_FILENT_SIGINFO = 1397311305\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRXFPREG","title":"NT_PRXFPREGNT_FILE = 1179208773\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VMX","title":"NT_PPC_VMXNT_PRXFPREG = 1189489535\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_SPE","title":"NT_PPC_SPENT_PPC_VMX = 256\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VSX","title":"NT_PPC_VSXNT_PPC_SPE = 257\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_TLS","title":"NT_386_TLSNT_PPC_VSX = 258\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_IOPERM","title":"NT_386_IOPERMNT_386_TLS = 512\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_X86_XSTATE","title":"NT_X86_XSTATENT_386_IOPERM = 513\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_HIGH_GPRS","title":"NT_S390_HIGH_GPRSNT_X86_XSTATE = 514\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TIMER","title":"NT_S390_TIMERNT_S390_HIGH_GPRS = 768\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODCMP","title":"NT_S390_TODCMPNT_S390_TIMER = 769\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODPREG","title":"NT_S390_TODPREGNT_S390_TODCMP = 770\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_CTRS","title":"NT_S390_CTRSNT_S390_TODPREG = 771\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_PREFIX","title":"NT_S390_PREFIXNT_S390_CTRS = 772\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_LAST_BREAK","title":"NT_S390_LAST_BREAKNT_S390_PREFIX = 773\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_SYSTEM_CALL","title":"NT_S390_SYSTEM_CALLNT_S390_LAST_BREAK = 774\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TDB","title":"NT_S390_TDBNT_S390_SYSTEM_CALL = 775\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_VFP","title":"NT_ARM_VFPNT_S390_TDB = 776\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_TLS","title":"NT_ARM_TLSNT_ARM_VFP = 1024\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_BREAK","title":"NT_ARM_HW_BREAKNT_ARM_TLS = 1025\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_WATCH","title":"NT_ARM_HW_WATCHNT_ARM_HW_BREAK = 1026\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_CBUF","title":"NT_METAG_CBUFNT_ARM_HW_WATCH = 1027\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_RPIPE","title":"NT_METAG_RPIPENT_METAG_CBUF = 1280\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_TLS","title":"NT_METAG_TLSNT_METAG_RPIPE = 1281\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NULL","title":"AT_NULLNT_METAG_TLS = 1282\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNORE","title":"AT_IGNOREAT_NULL = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFD","title":"AT_EXECFDAT_IGNORE = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHDR","title":"AT_PHDRAT_EXECFD = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHENT","title":"AT_PHENTAT_PHDR = 3\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHNUM","title":"AT_PHNUMAT_PHENT = 4\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PAGESZ","title":"AT_PAGESZAT_PHNUM = 5\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE","title":"AT_BASEAT_PAGESZ = 6\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FLAGS","title":"AT_FLAGSAT_BASE = 7\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ENTRY","title":"AT_ENTRYAT_FLAGS = 8\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NOTELF","title":"AT_NOTELFAT_ENTRY = 9\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UID","title":"AT_UIDAT_NOTELF = 10\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EUID","title":"AT_EUIDAT_UID = 11\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_GID","title":"AT_GIDAT_EUID = 12\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EGID","title":"AT_EGIDAT_GID = 13\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PLATFORM","title":"AT_PLATFORMAT_EGID = 14\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_HWCAP","title":"AT_HWCAPAT_PLATFORM = 15\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_CLKTCK","title":"AT_CLKTCKAT_HWCAP = 16\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FPUCW","title":"AT_FPUCWAT_CLKTCK = 17\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_DCACHEBSIZE","title":"AT_DCACHEBSIZEAT_FPUCW = 18\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ICACHEBSIZE","title":"AT_ICACHEBSIZEAT_DCACHEBSIZE = 19\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UCACHEBSIZE","title":"AT_UCACHEBSIZEAT_ICACHEBSIZE = 20\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNOREPPC","title":"AT_IGNOREPPCAT_UCACHEBSIZE = 21\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SECURE","title":"AT_SECUREAT_IGNOREPPC = 22\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORMAT_SECURE = 23\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_RANDOM","title":"AT_RANDOMAT_BASE_PLATFORM = 24\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFN","title":"AT_EXECFNAT_RANDOM = 25\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO","title":"AT_SYSINFOAT_EXECFN = 31\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDRAT_SYSINFO = 32\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1I_CACHESHAPE","title":"AT_L1I_CACHESHAPEAT_SYSINFO_EHDR = 33\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1D_CACHESHAPE","title":"AT_L1D_CACHESHAPEAT_L1I_CACHESHAPE = 34\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L2_CACHESHAPE","title":"AT_L2_CACHESHAPEAT_L1D_CACHESHAPE = 35\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L3_CACHESHAPE","title":"AT_L3_CACHESHAPEAT_L2_CACHESHAPE = 36\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Ehdr","title":"Elf32_Ehdr","text":"AT_L3_CACHESHAPE = 37\nBases:
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Ehdr","title":"Elf64_Ehdr","text":"StructureBases:
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Phdr","title":"Elf32_Phdr","text":"StructureBases:
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Phdr","title":"Elf64_Phdr","text":"StructureBases:
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV","title":"AUXV","text":"StructureBases:
dict[str, int | str]Methods:
-
set\u2013 -
__getattr__\u2013 -
__str__\u2013
Attributes:
-
AT_PHDR(int | None) \u2013 -
AT_BASE(int | None) \u2013 -
AT_PLATFORM(str | None) \u2013 -
AT_BASE_PLATFORM(str | None) \u2013 -
AT_ENTRY(int | None) \u2013 -
AT_RANDOM(int | None) \u2013 -
AT_EXECFN(str | None) \u2013 -
AT_SYSINFO(int | None) \u2013 -
AT_SYSINFO_EHDR(int | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE","title":"AT_BASEAT_PHDR: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_PLATFORM","title":"AT_PLATFORMAT_BASE: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORMAT_PLATFORM: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_ENTRY","title":"AT_ENTRYAT_BASE_PLATFORM: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_RANDOM","title":"AT_RANDOMAT_ENTRY: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_EXECFN","title":"AT_EXECFNAT_RANDOM: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO","title":"AT_SYSINFOAT_EXECFN: str | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDRAT_SYSINFO: int | None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.set","title":"set","text":"AT_SYSINFO_EHDR: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__getattr__","title":"__getattr__","text":"set(const: int, value: int) -> None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__str__","title":"__str__","text":"__getattr__(attr: str) -> int | str | None\n
"},{"location":"reference/pwndbg/lib/funcparser/","title":"pwndbg.lib.funcparser","text":""},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser","title":"funcparser","text":"__str__() -> str\nFunctions:
-
extractTypeAndName\u2013 -
Stringify\u2013 -
ExtractFuncDecl\u2013 -
ExtractAllFuncDecls\u2013 -
ExtractFuncDeclFromSource\u2013
Attributes:
-
CAstNode\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.extractTypeAndName","title":"extractTypeAndName","text":"CAstNode = Union[\n EllipsisParam, PtrDecl, ArrayDecl, FuncDecl, Struct, Union, Enum\n]\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.Stringify","title":"Stringify","text":"extractTypeAndName(\n n: CAstNode, defaultName: str | None = None\n) -> tuple[str, int, str] | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDecl","title":"ExtractFuncDecl","text":"Stringify(X: Function | Argument) -> str\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractAllFuncDecls","title":"ExtractAllFuncDecls","text":"ExtractFuncDecl(node: CAstNode, verbose: bool = False) -> Function | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDeclFromSource","title":"ExtractFuncDeclFromSource","text":"ExtractAllFuncDecls(ast: CAstNode, verbose: bool = False)\n
"},{"location":"reference/pwndbg/lib/functions/","title":"pwndbg.lib.functions","text":""},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions","title":"functions","text":"ExtractFuncDeclFromSource(source: str) -> Function | None\nClasses:
-
Function\u2013 -
Argument\u2013 -
Flag\u2013 -
LazyFunctions\u2013
Functions:
-
format_flags_argument\u2013
Attributes:
-
functions\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function","title":"Function","text":"functions = LazyFunctions()\nBases:
NamedTupleAttributes:
-
type(str) \u2013 -
derefcnt(int) \u2013 -
name(str) \u2013 -
args(list[Argument]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.derefcnt","title":"derefcnttype: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.name","title":"namederefcnt: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.args","title":"argsname: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument","title":"Argument","text":"args: list[Argument]\nBases:
NamedTupleAttributes:
-
type(str) \u2013 -
derefcnt(int) \u2013 -
name(str) \u2013 -
flags(tuple[Flag, ...] | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.derefcnt","title":"derefcnttype: str\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.name","title":"namederefcnt: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.flags","title":"flagsname: str\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag","title":"Flag","text":"flags: tuple[Flag, ...] | None = None\nBases:
NamedTupleAttributes:
-
value(int) \u2013 -
name(str) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag.name","title":"namevalue: int\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions","title":"LazyFunctions","text":"name: str\nLazyFunctions(*args, **kw)\nBases:
Mapping[str, Function]Methods:
-
__getitem__\u2013 -
__iter__\u2013 -
__len__\u2013
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__iter__","title":"__iter__","text":"__getitem__(key)\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__len__","title":"__len__","text":"__iter__()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.format_flags_argument","title":"format_flags_argument","text":"__len__()\n
"},{"location":"reference/pwndbg/lib/functions_data/","title":"pwndbg.lib.functions_data","text":""},{"location":"reference/pwndbg/lib/functions_data/#pwndbg.lib.functions_data","title":"functions_data","text":"format_flags_argument(flags: tuple[Flag, ...], value: int)\nFunctions:
-
load_functions\u2013
"},{"location":"reference/pwndbg/lib/gcc/","title":"pwndbg.lib.gcc","text":""},{"location":"reference/pwndbg/lib/gcc/#pwndbg.lib.gcc","title":"gcc","text":"load_functions()\nFunctions for determining the architecture-dependent path to GCC and any flags it should be executed with.
Functions:
-
which\u2013
Attributes:
-
printed_message\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/gcc/#pwndbg.lib.gcc.which","title":"which","text":"printed_message = False\n
"},{"location":"reference/pwndbg/lib/heap/","title":"pwndbg.lib.heap","text":""},{"location":"reference/pwndbg/lib/heap/#pwndbg.lib.heap","title":"heap","text":"which(arch: Arch) -> list[str]\nModules:
-
helpers\u2013
Functions:
-
find_fastbin_size\u2013
"},{"location":"reference/pwndbg/lib/kernel/","title":"pwndbg.lib.kernel","text":""},{"location":"reference/pwndbg/lib/kernel/#pwndbg.lib.kernel","title":"kernel","text":"find_fastbin_size(\n mem: bytes, max_size: int, step: int\n) -> Generator[int, None, None]\nModules:
-
kconfig\u2013 -
structs\u2013
Classes:
-
Kconfig\u2013
Functions:
-
parse_config\u2013 -
parse_compresed_config\u2013 -
config_to_key\u2013
Kconfig(compressed_config: bytes, *args: Any, **kwargs: Any)\nBases:
UserDictMethods:
-
get_key\u2013 -
__getitem__\u2013 -
__contains__\u2013 -
__getattr__\u2013
Attributes:
-
data\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.get_key","title":"get_key","text":"data = parse_compresed_config(compressed_config)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getitem__","title":"__getitem__","text":"get_key(name: str) -> str | None\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__contains__","title":"__contains__","text":"__getitem__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getattr__","title":"__getattr__","text":"__contains__(name: object) -> bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_config","title":"parse_config","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_compresed_config","title":"parse_compresed_config","text":"parse_config(config_text: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.config_to_key","title":"config_to_key","text":"parse_compresed_config(compressed_config: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/structs/","title":"pwndbg.lib.kernel.structs","text":""},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs","title":"structs","text":"config_to_key(name: str) -> str\nClasses:
-
IDTEntry\u2013Represents an entry in the Interrupt Descriptor Table (IDT)
IDTEntry(entry)\nRepresents an entry in the Interrupt Descriptor Table (IDT)
The IDTEntry class stores information about an IDT entry, including its index, offset, segment selector, descriptor privilege level (DPL), gate type, and interrupt stack table (IST) index.
https://wiki.osdev.org/Interrupt_Descriptor_Table
Attributes:
-
offset\u2013 -
segment\u2013 -
dpl\u2013 -
type\u2013 -
ist\u2013 -
present\u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.segment","title":"segmentoffset = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.dpl","title":"dplsegment = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.type","title":"typedpl = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.ist","title":"isttype = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.present","title":"presentist = None\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/","title":"pwndbg.lib.memory","text":""},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory","title":"memory","text":"present = None\nReading, writing, and describing memory.
Classes:
-
Page\u2013Represents the address space and page permissions of at least
Functions:
-
round_down\u2013round_down(address, align) -> int
-
round_up\u2013round_up(address, align) -> int
-
page_align\u2013page_align(address) -> int
-
page_size_align\u2013 -
page_offset\u2013
Attributes:
-
PAGE_SIZE\u2013 -
PAGE_MASK\u2013 -
align_down\u2013 -
align_up\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.PAGE_MASK","title":"PAGE_MASKPAGE_SIZE = 4096\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_down","title":"align_downPAGE_MASK = ~PAGE_SIZE - 1\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_up","title":"align_upalign_down = round_down\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page","title":"Page","text":"align_up = round_up\nPage(start: int, size: int, flags: int, offset: int, objfile: str = '')\nRepresents the address space and page permissions of at least one page of memory.
Methods:
-
__str__\u2013 -
__repr__\u2013 -
__contains__\u2013 -
__eq__\u2013 -
__lt__\u2013 -
__hash__\u2013
Attributes:
-
vaddr\u2013 -
memsz\u2013 -
flags\u2013 -
offset\u2013 -
objfile\u2013Possible non-empty values of
objfile: -
start(int) \u2013Mapping start address.
-
end(int) \u2013Address beyond mapping. So the last effective address is self.end-1
-
is_stack(bool) \u2013 -
is_memory_mapped_file(bool) \u2013 -
read(bool) \u2013 -
write(bool) \u2013 -
execute(bool) \u2013 -
rw(bool) \u2013 -
wx(bool) \u2013 -
rwx(bool) \u2013 -
is_guard(bool) \u2013 -
permstr(str) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.memsz","title":"memszvaddr = start\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.flags","title":"flagsmemsz = size\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.offset","title":"offsetflags = flags\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.objfile","title":"objfileoffset = offset\nclass-attributeinstance-attribute","text":"objfile = objfile\nPossible non-empty values of
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.start","title":"startobjfile: - Contains square brackets \"[]\" if it's not a memory mapped file. Examples: [stack], [vsyscall], [heap], [vdso] - A path to a file, such as/usr/lib/libc.so.6property","text":"start: int\nMapping start address.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.end","title":"endproperty","text":"end: int\nAddress beyond mapping. So the last effective address is self.end-1 It is the same as displayed in /proc//maps"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_stack","title":"is_stack
property","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_memory_mapped_file","title":"is_memory_mapped_fileis_stack: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.read","title":"readis_memory_mapped_file: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.write","title":"writeread: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.execute","title":"executewrite: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rw","title":"rwexecute: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.wx","title":"wxrw: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rwx","title":"rwxwx: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_guard","title":"is_guardrwx: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.permstr","title":"permstris_guard: bool\nproperty","text":"
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__str__","title":"__str__","text":"permstr: str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__repr__","title":"__repr__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__contains__","title":"__contains__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__eq__","title":"__eq__","text":"__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__lt__","title":"__lt__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__hash__","title":"__hash__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_down","title":"round_down","text":"__hash__() -> int\nround_down(address: int, align: int) -> int\nround_down(address, align) -> int
Round down
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_up","title":"round_up","text":"addressto the nearest increment ofalign.round_up(address: int, align: int) -> int\nround_up(address, align) -> int
Round up
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_align","title":"page_align","text":"addressto the nearest increment ofalign.page_align(address: int) -> int\npage_align(address) -> int
Round down
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_size_align","title":"page_size_align","text":"addressto the nearest page boundary.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_offset","title":"page_offset","text":"page_size_align(address: int) -> int\n
"},{"location":"reference/pwndbg/lib/net/","title":"pwndbg.lib.net","text":""},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net","title":"net","text":"page_offset(address: int) -> int\nRe-implements some psutil functionality to be able to get information from remote debugging sessions.
Classes:
-
inode\u2013 -
Connection\u2013 -
UnixSocket\u2013 -
Netlink\u2013
Functions:
-
tcp\u2013It will first list all listening TCP sockets, and next list all established
-
unix\u2013 -
netlink\u2013
Attributes:
-
TCP_STATUSES\u2013 -
NETLINK_TYPES\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.NETLINK_TYPES","title":"NETLINK_TYPESTCP_STATUSES = {\n \"01\": \"established\",\n \"02\": \"syn_sent\",\n \"03\": \"syn_recv\",\n \"04\": \"fin_wait1\",\n \"05\": \"fin_wait2\",\n \"06\": \"time_wait\",\n \"07\": \"close\",\n \"08\": \"close_wait\",\n \"09\": \"last_ack\",\n \"0A\": \"listen\",\n \"0B\": \"closing\",\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.inode","title":"inode","text":"NETLINK_TYPES = {\n 0: \"NETLINK_ROUTE\",\n 1: \"NETLINK_UNUSED\",\n 2: \"NETLINK_USERSOCK\",\n 3: \"NETLINK_FIREWALL\",\n 4: \"NETLINK_SOCK_DIAG\",\n 5: \"NETLINK_NFLOG\",\n 6: \"NETLINK_XFRM\",\n 7: \"NETLINK_SELINUX\",\n 8: \"NETLINK_ISCSI\",\n 9: \"NETLINK_AUDIT\",\n 10: \"NETLINK_FIB_LOOKUP\",\n 11: \"NETLINK_CONNECTOR\",\n 12: \"NETLINK_NETFILTER\",\n 13: \"NETLINK_IP6_FW\",\n 14: \"NETLINK_DNRTMSG\",\n 15: \"NETLINK_KOBJECT_UEVENT\",\n 16: \"NETLINK_GENERIC\",\n 18: \"NETLINK_SCSITRANSPORT\",\n 19: \"NETLINK_ECRYPTFS\",\n 20: \"NETLINK_RDMA\",\n 21: \"NETLINK_CRYPTO\",\n}\nAttributes:
-
inode(int | None) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection","title":"Connection","text":"inode: int | None = None\nBases:
inodeMethods:
-
__str__\u2013 -
__repr__\u2013
Attributes:
-
rhost(str | None) \u2013 -
lhost(str | None) \u2013 -
rport(int | None) \u2013 -
lport(int | None) \u2013 -
inode(int | None) \u2013 -
status(str | None) \u2013 -
family(str | None) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lhost","title":"lhostrhost: str | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.rport","title":"rportlhost: str | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lport","title":"lportrport: int | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.inode","title":"inodelport: int | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.status","title":"statusinode: int | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.family","title":"familystatus: str | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__str__","title":"__str__","text":"family: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__repr__","title":"__repr__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket","title":"UnixSocket","text":"__repr__() -> str\nBases:
inodeMethods:
-
__str__\u2013 -
__repr__\u2013
Attributes:
-
path\u2013 -
inode(int | None) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.inode","title":"inodepath = '(anonymous)'\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__str__","title":"__str__","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__repr__","title":"__repr__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink","title":"Netlink","text":"__repr__() -> str\nBases:
inodeMethods:
-
__str__\u2013 -
__repr__\u2013
Attributes:
-
eth(int) \u2013 -
pid(int | None) \u2013 -
inode(int | None) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.pid","title":"pideth: int = 0\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.inode","title":"inodepid: int | None = None\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__str__","title":"__str__","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__repr__","title":"__repr__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.tcp","title":"tcp","text":"__repr__() -> str\ntcp(data: str) -> list[Connection]\nIt will first list all listening TCP sockets, and next list all established TCP connections. A typical entry of /proc/net/tcp would look like this (split up into 3 parts because of the length of the line):
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.unix","title":"unix","text":"
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.netlink","title":"netlink","text":"unix(data: str) -> list[UnixSocket]\n
"},{"location":"reference/pwndbg/lib/regs/","title":"pwndbg.lib.regs","text":""},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs","title":"regs","text":"netlink(data: str) -> list[Netlink]\nReading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
Classes:
-
RegisterSet\u2013
Attributes:
-
BitFlags\u2013 -
arm_cpsr_flags\u2013 -
arm_xpsr_flags\u2013 -
aarch64_cpsr_flags\u2013 -
aarch64_sctlr_flags\u2013 -
aarch64_scr_flags\u2013 -
arm\u2013 -
armcm\u2013 -
aarch64\u2013 -
x86flags\u2013 -
amd64\u2013 -
i386\u2013 -
powerpc\u2013 -
sparc\u2013 -
mips\u2013 -
riscv\u2013 -
loongarch64\u2013 -
s390x\u2013 -
reg_sets(dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_cpsr_flags","title":"arm_cpsr_flagsBitFlags = OrderedDict[str, Union[int, Tuple[int, int]]]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_xpsr_flags","title":"arm_xpsr_flagsarm_cpsr_flags = BitFlags(\n [\n (\"N\", 31),\n (\"Z\", 30),\n (\"C\", 29),\n (\"V\", 28),\n (\"Q\", 27),\n (\"J\", 24),\n (\"T\", 5),\n (\"E\", 9),\n (\"A\", 8),\n (\"I\", 7),\n (\"F\", 6),\n ]\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_cpsr_flags","title":"aarch64_cpsr_flagsarm_xpsr_flags = BitFlags(\n [(\"N\", 31), (\"Z\", 30), (\"C\", 29), (\"V\", 28), (\"Q\", 27), (\"T\", 24)]\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_sctlr_flags","title":"aarch64_sctlr_flagsaarch64_cpsr_flags = BitFlags(\n [\n (\"N\", 31),\n (\"Z\", 30),\n (\"C\", 29),\n (\"V\", 28),\n (\"Q\", 27),\n (\"PAN\", 22),\n (\"IL\", 20),\n (\"D\", 9),\n (\"A\", 8),\n (\"I\", 7),\n (\"F\", 6),\n (\"EL\", (2, 2)),\n (\"SP\", 0),\n ]\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_scr_flags","title":"aarch64_scr_flagsaarch64_sctlr_flags = BitFlags(\n [\n (\"TIDCP\", 63),\n (\"SPINTMASK\", 62),\n (\"NMI\", 61),\n (\"EPAN\", 57),\n (\"ATA0\", 43),\n (\"ATA0\", 42),\n (\"TCF\", (40, 2)),\n (\"TCF0\", (38, 2)),\n (\"ITFSB\", 37),\n (\"BT1\", 36),\n (\"BT0\", 35),\n (\"EnIA\", 31),\n (\"EnIB\", 30),\n (\"EnDA\", 27),\n (\"UCI\", 26),\n (\"EE\", 25),\n (\"E0E\", 24),\n (\"SPAN\", 23),\n (\"TSCXT\", 20),\n (\"WXN\", 19),\n (\"nTWE\", 18),\n (\"nTWI\", 16),\n (\"UCT\", 15),\n (\"DZE\", 14),\n (\"EnDB\", 13),\n (\"I\", 12),\n (\"UMA\", 9),\n (\"SED\", 8),\n (\"ITD\", 7),\n (\"nAA\", 6),\n (\"CP15BEN\", 5),\n (\"SA0\", 4),\n (\"SA\", 3),\n (\"C\", 2),\n (\"A\", 1),\n (\"M\", 0),\n ]\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm","title":"armaarch64_scr_flags = BitFlags(\n [(\"HCE\", 8), (\"SMD\", 7), (\"EA\", 3), (\"FIQ\", 2), (\"IRQ\", 1), (\"NS\", 0)]\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.armcm","title":"armcmarm = RegisterSet(\n retaddr=(\"lr\",),\n flags={\"cpsr\": arm_cpsr_flags},\n gpr=(\n \"r0\",\n \"r1\",\n \"r2\",\n \"r3\",\n \"r4\",\n \"r5\",\n \"r6\",\n \"r7\",\n \"r8\",\n \"r9\",\n \"r10\",\n \"r11\",\n \"r12\",\n ),\n args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n retval=\"r0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64","title":"aarch64armcm = RegisterSet(\n retaddr=(\"lr\",),\n flags={\"xpsr\": arm_xpsr_flags},\n gpr=(\n \"r0\",\n \"r1\",\n \"r2\",\n \"r3\",\n \"r4\",\n \"r5\",\n \"r6\",\n \"r7\",\n \"r8\",\n \"r9\",\n \"r10\",\n \"r11\",\n \"r12\",\n ),\n args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n retval=\"r0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.x86flags","title":"x86flagsaarch64 = RegisterSet(\n retaddr=(\"lr\",),\n flags={\"cpsr\": aarch64_cpsr_flags},\n extra_flags={\n \"scr_el3\": aarch64_scr_flags,\n \"sctlr\": aarch64_sctlr_flags,\n \"sctlr_el2\": aarch64_sctlr_flags,\n \"sctlr_el3\": aarch64_sctlr_flags,\n \"spsr_el1\": aarch64_cpsr_flags,\n \"spsr_el2\": aarch64_cpsr_flags,\n \"spsr_el3\": aarch64_cpsr_flags,\n },\n gpr=(\n \"x0\",\n \"x1\",\n \"x2\",\n \"x3\",\n \"x4\",\n \"x5\",\n \"x6\",\n \"x7\",\n \"x8\",\n \"x9\",\n \"x10\",\n \"x11\",\n \"x12\",\n \"x13\",\n \"x14\",\n \"x15\",\n \"x16\",\n \"x17\",\n \"x18\",\n \"x19\",\n \"x20\",\n \"x21\",\n \"x22\",\n \"x23\",\n \"x24\",\n \"x25\",\n \"x26\",\n \"x27\",\n \"x28\",\n \"x29\",\n ),\n misc=(\n \"w0\",\n \"w1\",\n \"w2\",\n \"w3\",\n \"w4\",\n \"w5\",\n \"w6\",\n \"w7\",\n \"w8\",\n \"w9\",\n \"w10\",\n \"w11\",\n \"w12\",\n \"w13\",\n \"w14\",\n \"w15\",\n \"w16\",\n \"w17\",\n \"w18\",\n \"w19\",\n \"w20\",\n \"w21\",\n \"w22\",\n \"w23\",\n \"w24\",\n \"w25\",\n \"w26\",\n \"w27\",\n \"w28\",\n ),\n args=(\"x0\", \"x1\", \"x2\", \"x3\"),\n retval=\"x0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.amd64","title":"amd64x86flags = {\n \"eflags\": BitFlags(\n [\n (\"CF\", 0),\n (\"PF\", 2),\n (\"AF\", 4),\n (\"ZF\", 6),\n (\"SF\", 7),\n (\"IF\", 9),\n (\"DF\", 10),\n (\"OF\", 11),\n ]\n )\n}\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.i386","title":"i386amd64 = RegisterSet(\n pc=\"rip\",\n stack=\"rsp\",\n frame=\"rbp\",\n flags=x86flags,\n gpr=(\n \"rax\",\n \"rbx\",\n \"rcx\",\n \"rdx\",\n \"rdi\",\n \"rsi\",\n \"r8\",\n \"r9\",\n \"r10\",\n \"r11\",\n \"r12\",\n \"r13\",\n \"r14\",\n \"r15\",\n ),\n misc=(\n \"cs\",\n \"ss\",\n \"ds\",\n \"es\",\n \"fs\",\n \"gs\",\n \"fsbase\",\n \"gsbase\",\n \"ax\",\n \"ah\",\n \"al\",\n \"bx\",\n \"bh\",\n \"bl\",\n \"cx\",\n \"ch\",\n \"cl\",\n \"dx\",\n \"dh\",\n \"dl\",\n \"dil\",\n \"sil\",\n \"spl\",\n \"bpl\",\n \"di\",\n \"si\",\n \"bp\",\n \"sp\",\n \"ip\",\n ),\n args=(\"rdi\", \"rsi\", \"rdx\", \"rcx\", \"r8\", \"r9\"),\n retval=\"rax\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.powerpc","title":"powerpci386 = RegisterSet(\n pc=\"eip\",\n stack=\"esp\",\n frame=\"ebp\",\n flags=x86flags,\n gpr=(\"eax\", \"ebx\", \"ecx\", \"edx\", \"edi\", \"esi\"),\n misc=(\n \"cs\",\n \"ss\",\n \"ds\",\n \"es\",\n \"fs\",\n \"gs\",\n \"fsbase\",\n \"gsbase\",\n \"ax\",\n \"ah\",\n \"al\",\n \"bx\",\n \"bh\",\n \"bl\",\n \"cx\",\n \"ch\",\n \"cl\",\n \"dx\",\n \"dh\",\n \"dl\",\n \"di\",\n \"si\",\n \"bp\",\n \"sp\",\n \"ip\",\n ),\n retval=\"eax\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.sparc","title":"sparcpowerpc = RegisterSet(\n retaddr=(\"lr\",),\n flags={\"msr\": BitFlags(), \"xer\": BitFlags()},\n gpr=(\n \"r0\",\n \"r1\",\n \"r2\",\n \"r3\",\n \"r4\",\n \"r5\",\n \"r6\",\n \"r7\",\n \"r8\",\n \"r9\",\n \"r10\",\n \"r11\",\n \"r12\",\n \"r13\",\n \"r14\",\n \"r15\",\n \"r16\",\n \"r17\",\n \"r18\",\n \"r19\",\n \"r20\",\n \"r21\",\n \"r22\",\n \"r23\",\n \"r24\",\n \"r25\",\n \"r26\",\n \"r27\",\n \"r28\",\n \"r29\",\n \"r30\",\n \"r31\",\n \"cr\",\n \"ctr\",\n ),\n args=(\"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\", \"r10\"),\n retval=\"r3\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.mips","title":"mipssparc = RegisterSet(\n stack=\"sp\",\n frame=\"fp\",\n retaddr=(\"i7\",),\n flags={\"psr\": BitFlags()},\n gpr=(\n \"g1\",\n \"g2\",\n \"g3\",\n \"g4\",\n \"g5\",\n \"g6\",\n \"g7\",\n \"o0\",\n \"o1\",\n \"o2\",\n \"o3\",\n \"o4\",\n \"o5\",\n \"o7\",\n \"l0\",\n \"l1\",\n \"l2\",\n \"l3\",\n \"l4\",\n \"l5\",\n \"l6\",\n \"l7\",\n \"i0\",\n \"i1\",\n \"i2\",\n \"i3\",\n \"i4\",\n \"i5\",\n ),\n args=(\"i0\", \"i1\", \"i2\", \"i3\", \"i4\", \"i5\"),\n retval=\"o0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.riscv","title":"riscvmips = RegisterSet(\n frame=\"fp\",\n retaddr=(\"ra\",),\n gpr=(\n \"v0\",\n \"v1\",\n \"a0\",\n \"a1\",\n \"a2\",\n \"a3\",\n \"t0\",\n \"t1\",\n \"t2\",\n \"t3\",\n \"t4\",\n \"t5\",\n \"t6\",\n \"t7\",\n \"t8\",\n \"t9\",\n \"s0\",\n \"s1\",\n \"s2\",\n \"s3\",\n \"s4\",\n \"s5\",\n \"s6\",\n \"s7\",\n \"s8\",\n \"gp\",\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\"),\n retval=\"v0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.loongarch64","title":"loongarch64riscv = RegisterSet(\n pc=\"pc\",\n stack=\"sp\",\n retaddr=(\"ra\",),\n gpr=(\n \"gp\",\n \"tp\",\n \"t0\",\n \"t1\",\n \"t2\",\n \"s0\",\n \"s1\",\n \"a0\",\n \"a1\",\n \"a2\",\n \"a3\",\n \"a4\",\n \"a5\",\n \"a6\",\n \"a7\",\n \"s2\",\n \"s3\",\n \"s4\",\n \"s5\",\n \"s6\",\n \"s7\",\n \"s8\",\n \"s9\",\n \"s10\",\n \"s11\",\n \"t3\",\n \"t4\",\n \"t5\",\n \"t6\",\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n retval=\"a0\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.s390x","title":"s390xloongarch64 = RegisterSet(\n pc=\"pc\",\n stack=\"sp\",\n frame=\"fp\",\n retaddr=(\"ra\",),\n gpr=(\n \"a0\",\n \"a1\",\n \"a2\",\n \"a3\",\n \"a4\",\n \"a5\",\n \"a6\",\n \"a7\",\n \"t0\",\n \"t1\",\n \"t2\",\n \"t3\",\n \"t4\",\n \"t5\",\n \"t6\",\n \"t7\",\n \"t8\",\n \"s0\",\n \"s1\",\n \"s2\",\n \"s3\",\n \"s4\",\n \"s5\",\n \"s6\",\n \"s7\",\n \"s8\",\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n misc=(\"tp\", \"r21\"),\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.reg_sets","title":"reg_setss390x = RegisterSet(\n pc=\"pc\",\n retaddr=(\"r14\",),\n stack=\"r15\",\n flags={\"pswm\": BitFlags()},\n gpr=(\n \"r0\",\n \"r1\",\n \"r2\",\n \"r3\",\n \"r4\",\n \"r5\",\n \"r6\",\n \"r7\",\n \"r8\",\n \"r9\",\n \"r10\",\n \"r11\",\n \"r12\",\n \"r13\",\n ),\n args=(\"r2\", \"r3\", \"r4\", \"r5\", \"r6\"),\n retval=\"r2\",\n)\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet","title":"RegisterSet","text":"reg_sets: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet] = {\n \"i386\": i386,\n \"i8086\": i386,\n \"x86-64\": amd64,\n \"rv32\": riscv,\n \"rv64\": riscv,\n \"mips\": mips,\n \"sparc\": sparc,\n \"arm\": arm,\n \"armcm\": armcm,\n \"aarch64\": aarch64,\n \"powerpc\": powerpc,\n \"loongarch64\": loongarch64,\n \"s390x\": s390x,\n}\nRegisterSet(\n pc: str = \"pc\",\n stack: str = \"sp\",\n frame: str | None = None,\n retaddr: tuple[str, ...] = (),\n flags: dict[str, BitFlags] = {},\n extra_flags: dict[str, BitFlags] = {},\n gpr: tuple[str, ...] = (),\n misc: tuple[str, ...] = (),\n args: tuple[str, ...] = (),\n retval: str | None = None,\n)\nMethods:
-
__contains__\u2013 -
__iter__\u2013
Attributes:
-
pc(str) \u2013 -
stack(str) \u2013 -
frame(str | None) \u2013 -
retaddr(tuple[str, ...]) \u2013 -
flags(dict[str, BitFlags]) \u2013 -
extra_flags\u2013 -
gpr(tuple[str, ...]) \u2013 -
misc(tuple[str, ...]) \u2013 -
args(tuple[str, ...]) \u2013 -
retval(str | None) \u2013 -
common(list[str]) \u2013 -
emulated_regs_order(list[str]) \u2013 -
all(set[str]) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.stack","title":"stackpc: str = pc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.frame","title":"framestack: str = stack\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retaddr","title":"retaddrframe: str | None = frame\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.flags","title":"flagsretaddr: tuple[str, ...] = retaddr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.extra_flags","title":"extra_flagsflags: dict[str, BitFlags] = flags\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.gpr","title":"gprextra_flags = extra_flags\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.misc","title":"miscgpr: tuple[str, ...] = gpr\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.args","title":"argsmisc: tuple[str, ...] = misc\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retval","title":"retvalargs: tuple[str, ...] = args\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.common","title":"commonretval: str | None = retval\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.emulated_regs_order","title":"emulated_regs_ordercommon: list[str] = []\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.all","title":"allemulated_regs_order: list[str] = []\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__contains__","title":"__contains__","text":"all: set[str] = (\n set(misc) | set(flags) | set(extra_flags) | set(retaddr) | set(common)\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__iter__","title":"__iter__","text":"__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/lib/stdio/","title":"pwndbg.lib.stdio","text":""},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio","title":"stdio","text":"__iter__() -> Iterator[str]\nProvides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout which prevent output from appearing on-screen inside of certain event handlers.
Classes:
-
Stdio\u2013
Attributes:
-
stdio\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio","title":"Stdio","text":"stdio = Stdio()\nMethods:
-
__enter__\u2013 -
__exit__\u2013
Attributes:
-
queue(list[tuple[TextIO, TextIO, TextIO]]) \u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__enter__","title":"__enter__","text":"queue: list[tuple[TextIO, TextIO, TextIO]] = []\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__exit__","title":"__exit__","text":"__enter__(*a: Any, **kw: Any) -> None\n
"},{"location":"reference/pwndbg/lib/strings/","title":"pwndbg.lib.strings","text":""},{"location":"reference/pwndbg/lib/strings/#pwndbg.lib.strings","title":"strings","text":"__exit__(\n exc_type: type[BaseException] | None,\n exc_value: BaseException | None,\n traceback: TracebackType | None,\n) -> None\nFunctions:
-
strip_colors\u2013Remove all ANSI color codes from the text
strip_colors(text)\nRemove all ANSI color codes from the text
"},{"location":"reference/pwndbg/lib/tempfile/","title":"pwndbg.lib.tempfile","text":""},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile","title":"tempfile","text":"Common helper and cache for pwndbg tempdir
Functions:
-
tempdir\u2013Returns a safe and unpredictable temporary directory with pwndbg prefix.
-
cachedir\u2013Returns and potentially creates a persistent safe cachedir location
tempdir() -> str\nReturns a safe and unpredictable temporary directory with pwndbg prefix.
"},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile.cachedir","title":"cachedir","text":"cachedir(namespace: str | None = None) -> str\nReturns and potentially creates a persistent safe cachedir location based on XDG_CACHE_HOME or ~/.cache
Optionally creates a sub namespace inside the pwndbg cache folder.
"},{"location":"reference/pwndbg/lib/tips/","title":"pwndbg.lib.tips","text":""},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips","title":"tips","text":"Functions:
-
get_tip_of_the_day\u2013Returns a random tip based on the current debugger type.
-
get_all_tips\u2013Returns all tips applicable to the current debugger.
-
color_tip\u2013
Attributes:
-
GDB_TIPS(list[str]) \u2013 -
PWNDBG_TIPS(list[str]) \u2013 -
LLDB_TIPS(list[str]) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.PWNDBG_TIPS","title":"PWNDBG_TIPSGDB_TIPS: list[str] = [\n \"GDB's `apropos <topic>` command displays all registered commands that are related to the given <topic>\",\n \"GDB's `follow-fork-mode` parameter can be used to set whether to trace parent or child after fork() calls. Pwndbg sets it to child by default\",\n 'Use GDB\\'s `dprintf` command to print all calls to given function. E.g. `dprintf malloc, \"malloc(%p)\\\\n\", (void*)$rdi` will print all malloc calls',\n \"Use GDB's `pi` command to run an interactive Python console where you can use Pwndbg APIs like `pwndbg.aglib.memory.read(addr, len)`, `pwndbg.aglib.memory.write(addr, data)`, `pwndbg.aglib.vmmap.get()` and so on!\",\n \"GDB's `set directories <path>` parameter can be used to debug e.g. glibc sources like the malloc/free functions!\",\n \"If you have debugging symbols the `info args` command shows current frame's function arguments (use `up` and `down` to switch between frames)\",\n 'Calling functions like `call (void)puts(\"hello world\")` will run all other target threads for the time the function runs. Use `set scheduler-locking on` to lock the execution to current thread when calling functions',\n \"Use the `pipe <cmd> | <prog>` command to pass output of a GDB/Pwndbg command to a shell program, e.g. `pipe elfsections | grep bss`. This can also be shortened to: `| <cmd> | <prog>`\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.LLDB_TIPS","title":"LLDB_TIPSPWNDBG_TIPS: list[str] = [\n \"If you want Pwndbg to clear screen on each command (but still save previous output in history) use `set context-clear-screen on`\",\n \"The `set show-flags on` setting will display CPU flags register in the regs context panel\",\n \"GDB and Pwndbg parameters can be shown or set with `show <param>` and `set <param> <value>` GDB commands\",\n \"Use Pwndbg's `config` and `theme` commands to tune its configuration and theme colors!\",\n \"Pwndbg mirrors some of Windbg commands like `eq`, `ew`, `ed`, `eb`, `es`, `dq`, `dw`, `dd`, `db`, `ds` for writing and reading memory\",\n \"Pwndbg resolves kernel memory maps by parsing page tables (default) or via `monitor info mem` QEMU gdbstub command (use `set kernel-vmmap-via-page-tables off` for that)\",\n \"Use the `vmmap` command for a better & colored memory maps display (than the GDB's `info proc mappings`)\",\n \"Use the `telescope` command to dereference a given address/pointer multiple times (if the dereferenced value is a valid ptr; see `config telescope` to configure its behavior)\",\n \"Use the `context` (or `ctx`) command to display the context once again. You can reconfigure the context layout with `set context-section <sections>` or forward the output to a file/tty via `set context-output <file>`. See also `config context` to configure it further!\",\n \"Disable Pwndbg context information display with `set context-sections ''`\",\n \"Pwndbg context displays where the program branches to thanks to emulating few instructions into the future. You can disable this with `set emulate off` which may also speed up debugging\",\n \"Use the `canary` command to see all stack canary/cookie values on the stack (based on the *usual* stack canary value initialized by glibc)\",\n \"Use the `procinfo` command for better process introspection (than the GDB's `info proc` command)\",\n \"Want to display each context panel in a separate tmux window? See https://github.com/pwndbg/pwndbg/blob/dev/FEATURES.md#splitting--layouting-context\",\n 'Use `$base(\"heap\")` to get the start address of a [heap] memory page',\n \"Use the `errno` (or `errno <number>`) command to see the name of the last or provided (libc) error\",\n \"Pwndbg sets the SIGLARM, SIGBUS, SIGPIPE and SIGSEGV signals so they are not passed to the app; see `info signals` for full GDB signals configuration\",\n \"Use `vmmap -A|-B <number> <filter>` to display <number> of maps after/before filtered ones\",\n \"Use the `killall` command to kill all specified threads (via their ids)\",\n \"Use the `spray` command to spray memory with cyclic pattern or specified value\",\n \"Use `patch <address> '<assembly>'` to patch an address with given assembly code\",\n \"Want to NOP some instructions? Use `patch <address> 'nop; nop; nop'`\",\n \"`heap_config` shows heap related configuration\",\n \"`break-if-taken` and `break-if-not-taken` commands sets breakpoints after a given jump instruction was taken or not\",\n \"`stepuntilasm <assembly-instruction [operands]>` steps program forward until matching instruction occures\",\n \"Use `plist` command to dump elements of linked list\",\n \"If your program has multiple threads they will be displayed in the context display or using the `context threads` command\",\n \"Use `track-got enable|info|query` to track GOT accesses - useful for hijacking control flow via writable GOT/PLT\",\n \"Need to `mmap` or `mprotect` memory in the debugee? Use commands with the same name to inject and run such syscalls\",\n \"Use `hi` to see if a an address belongs to a glibc heap chunk\",\n \"Use `contextprev` and `contextnext` to display a previous context output again without scrolling\",\n \"Try splitting the context output into multiple TUI windows using `layout pwndbg` (`tui disable` or `ctrl-x + a` to go back to CLI mode)\",\n]\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_tip_of_the_day","title":"get_tip_of_the_day","text":"LLDB_TIPS: list[str] = [\n \"Use LLDB's `help <command>` to get detailed help on any command\",\n \"LLDB's `expr` command lets you evaluate expressions in the current frame context\",\n \"Use `frame variable` (or `fr v`) to show all variables in the current frame\",\n \"The `watchpoint set` command allows you to stop execution when a variable changes\",\n \"Use `process launch --stop-at-entry` to stop at the program entry point\",\n \"LLDB's `memory read` (or `m read`) command displays memory contents at a specified address\",\n \"Use `thread backtrace all` to see backtraces of all threads\",\n \"The `breakpoint set --func-regex <regex>` command sets breakpoints on functions matching a regular expression\",\n \"Use `target modules list` to see all loaded modules in your process\",\n \"LLDB's `image lookup` command helps find symbols, addresses, and files in the executable and loaded libraries\",\n \"Use `command alias` to create custom shortcuts for frequently used commands\",\n \"LLDB's `register read` shows the contents of registers in the selected frame\",\n \"The `disassemble` command shows assembly instructions for the current function\",\n \"Use `thread step-inst` (or `si`) to step one instruction\",\n \"LLDB's Python API can be accessed with the `script` command to extend debugging capabilities\",\n \"Use `process attach --pid <pid>` to attach to a running process\",\n \"The `breakpoint command add` lets you run commands when a breakpoint is hit\",\n \"Use `memory find` to search for a value in the process's memory\",\n \"LLDB's `settings set` command allows you to customize debugger behavior\",\n \"The `platform list` command shows all available platforms for remote debugging\",\n]\nget_tip_of_the_day() -> str\nReturns a random tip based on the current debugger type.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_all_tips","title":"get_all_tips","text":"get_all_tips() -> list[str]\nReturns all tips applicable to the current debugger.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.color_tip","title":"color_tip","text":"
"},{"location":"reference/pwndbg/lib/version/","title":"pwndbg.lib.version","text":""},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version","title":"version","text":"color_tip(tip: str) -> str\nFunctions:
-
build_id\u2013Returns pwndbg commit id if git is available.
Attributes:
-
__version__\u2013 -
b_id\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.b_id","title":"b_id__version__ = '2025.04.13'\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.build_id","title":"build_id","text":"b_id = build_id()\nbuild_id() -> str\nReturns pwndbg commit id if git is available.
"},{"location":"reference/pwndbg/lib/which/","title":"pwndbg.lib.which","text":""},{"location":"reference/pwndbg/lib/which/#pwndbg.lib.which","title":"which","text":"Functions:
-
which\u2013which(name, flags = os.X_OK, all = False) -> str or str set
which(name: str, all: bool = False) -> str | set[str] | None\nwhich(name, flags = os.X_OK, all = False) -> str or str set
Works as the system command
which; searches $PATH fornameand returns a full path if found.If
allisTruethe set of all found locations is returned, else the first occurrence orNoneis returned.Parameters:
-
name(str) \u2013The file to search for.
-
all(bool, default:False) \u2013Whether to return all locations where
namewas found.
Returns:
-
str | set[str] | None\u2013If
allisTruethe set of all locations wherenamewas found, -
str | set[str] | None\u2013else the first location or
Noneif not found.
which('sh') '/bin/sh'
"},{"location":"reference/pwndbg/log/","title":"pwndbg.log","text":""},{"location":"reference/pwndbg/log/#pwndbg.log","title":"log","text":"Classes:
-
ColorFormatter\u2013
Bases:
FormatterMethods:
-
format\u2013
Attributes:
-
log_funcs\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter.format","title":"format","text":"log_funcs = {\n DEBUG: debug,\n INFO: info,\n WARNING: warn,\n ERROR: error,\n CRITICAL: error,\n}\n
"},{"location":"reference/pwndbg/profiling/","title":"pwndbg.profiling","text":""},{"location":"reference/pwndbg/profiling/#pwndbg.profiling","title":"profiling","text":"format(record)\nClasses:
-
Profiler\u2013
Functions:
-
init\u2013
Attributes:
-
profiler(Profiler | None) \u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler","title":"Profiler","text":"profiler: Profiler | None = None\nProfiler(p: Profile)\nMethods:
-
print_time_elapsed\u2013 -
start\u2013 -
stop\u2013
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.start","title":"start","text":"print_time_elapsed() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.stop","title":"stop","text":"start() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.init","title":"init","text":"stop(filename: str | None = None) -> None\n
"},{"location":"reference/pwndbg/radare2/","title":"pwndbg.radare2","text":""},{"location":"reference/pwndbg/radare2/#pwndbg.radare2","title":"radare2","text":"init(p: Profile, _start_time: float | None) -> None\nFunctions:
-
r2pipe\u2013Spawn and return a r2pipe handle for the current process file.
r2pipe()\nSpawn and return a r2pipe handle for the current process file.
This function requires a radare2 installation plus the r2pipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed.
Raises ImportError if r2pipe python library is not available. Raises Exception if anything goes fatally wrong.
Returns a r2pipe.open handle.
"},{"location":"reference/pwndbg/rizin/","title":"pwndbg.rizin","text":""},{"location":"reference/pwndbg/rizin/#pwndbg.rizin","title":"rizin","text":"Functions:
-
rzpipe\u2013Spawn and return a rzpipe handle for the current process file.
rzpipe()\nSpawn and return a rzpipe handle for the current process file. This function requires a rizin installation plus the rzpipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed. Raises ImportError if rzpipe python library is not available. Raises Exception if anything goes fatally wrong. Returns a rzpipe.open handle.
"},{"location":"reference/pwndbg/search/","title":"pwndbg.search","text":""},{"location":"reference/pwndbg/search/#pwndbg.search","title":"search","text":"Search the address space for byte patterns.
Functions:
-
search\u2013Search inferior memory for a byte sequence.
search(\n searchfor: bytes,\n mappings: Collection[Page] | None = None,\n start: int | None = None,\n end: int | None = None,\n step: int | None = None,\n aligned: int | None = None,\n limit: int | None = None,\n executable: bool = False,\n writable: bool = False,\n) -> Generator[int, None, None]\nSearch inferior memory for a byte sequence.
Parameters:
-
searchfor(bytes) \u2013Byte sequence to find
-
mappings(Collection[Page] | None, default:None) \u2013List of pwndbg.lib.memory.Page objects to search By default, uses all available mappings.
-
start(int | None, default:None) \u2013First address to search, inclusive.
-
end(int | None, default:None) \u2013Last address to search, exclusive.
-
step(int | None, default:None) \u2013Size of memory region to skip each result
-
aligned(int | None, default:None) \u2013Strict byte alignment for search result
-
limit(int | None, default:None) \u2013Maximum number of results to return
-
executable(bool, default:False) \u2013Restrict search to executable pages
-
writable(bool, default:False) \u2013Restrict search to writable pages
Yields:
-
int\u2013An iterator on the address matches
A few helpers for making things print pretty-like.
Functions:
-
check_title_position\u2013 -
banner\u2013 -
addrsz\u2013 -
get_window_size\u2013 -
get_cmd_window_size\u2013
Attributes:
-
title_position\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.check_title_position","title":"check_title_position","text":"title_position = add_param(\n \"banner-title-position\", \"center\", \"banner title position\"\n)\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.banner","title":"banner","text":"check_title_position() -> None\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.addrsz","title":"addrsz","text":"banner(title, target=stdout, width=None, extra='')\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_window_size","title":"get_window_size","text":"addrsz(address) -> str\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_cmd_window_size","title":"get_cmd_window_size","text":"get_window_size(target=stdout)\n
"},{"location":"reference/pwndbg/wrappers/","title":"pwndbg.wrappers","text":""},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers","title":"wrappers","text":"get_cmd_window_size()\nModules:
-
checksec\u2013 -
readelf\u2013
Classes:
-
OnlyWithCommand\u2013
Functions:
-
call_cmd\u2013
Attributes:
-
P\u2013 -
T\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.T","title":"TP = ParamSpec('P')\nmodule-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand","title":"OnlyWithCommand","text":"T = TypeVar('T')\nOnlyWithCommand(*commands: str | list[str])\nMethods:
-
__call__\u2013
Attributes:
-
all_cmds(list[str]) \u2013 -
cmd(list[str]) \u2013 -
cmd_path(str | None) \u2013
instance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd","title":"cmdall_cmds: list[str] = [\n cmd[0] if isinstance(cmd, list) else cmd for cmd in commands\n]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd_path","title":"cmd_pathcmd: list[str] = command if isinstance(command, list) else [command]\ninstance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.__call__","title":"__call__","text":"cmd_path: str | None = which(cmd[0])\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.call_cmd","title":"call_cmd","text":"__call__(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/wrappers/checksec/","title":"pwndbg.wrappers.checksec","text":""},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec","title":"checksec","text":"call_cmd(cmd: str | list[str]) -> str\nFunctions:
-
monkeypatch_pwnlib_term_text\u2013 -
get_raw_out\u2013 -
relro_status\u2013 -
pie_status\u2013
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.get_raw_out","title":"get_raw_out","text":"monkeypatch_pwnlib_term_text() -> Iterator[None]\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.relro_status","title":"relro_status","text":"get_raw_out(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.pie_status","title":"pie_status","text":"relro_status(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/readelf/","title":"pwndbg.wrappers.readelf","text":""},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf","title":"readelf","text":"pie_status(local_path: str) -> str\nClasses:
-
RelocationType\u2013
Functions:
-
get_got_entry\u2013
Attributes:
-
cmd_name\u2013
module-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType","title":"RelocationType","text":"cmd_name = 'readelf'\nBases:
EnumAttributes:
-
JUMP_SLOT\u2013 -
GLOB_DAT\u2013 -
IRELATIVE\u2013
class-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.GLOB_DAT","title":"GLOB_DATJUMP_SLOT = 1\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.IRELATIVE","title":"IRELATIVEGLOB_DAT = 2\nclass-attributeinstance-attribute","text":"
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.get_got_entry","title":"get_got_entry","text":"IRELATIVE = 3\n
"},{"location":"blog/archive/2022/","title":"2022","text":""}]} \ No newline at end of file diff --git a/dev/sitemap.xml b/dev/sitemap.xml index a71b1c582..925c9236c 100644 --- a/dev/sitemap.xml +++ b/dev/sitemap.xml @@ -2,1702 +2,1702 @@get_got_entry(local_path: str) -> dict[RelocationType, list[str]]\nhttps://pwndbg.re/pwndbg/latest/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/setup/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/blog/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/breakpoint/break-if-not-taken/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/breakpoint/break-if-taken/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/breakpoint/breakrva/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/breakpoint/ignore/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/context/context/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/context/contextnext/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/context/contextoutput/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/context/contextprev/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/context/contextsearch/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/context/contextunwatch/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/context/contextwatch/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/context/regs/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/developer/dev-dump-instruction/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/developer/log-level/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/disassemble/emulate/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/disassemble/nearpc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/arena/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/arenas/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/bins/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/fastbins/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/find-fake-fast/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/heap-config/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/heap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/hi/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/largebins/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/malloc-chunk/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/mp/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/smallbins/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/tcache/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/tcachebins/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/top-chunk/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/try-free/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/unsortedbin/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/glibc_ptmalloc2_heap/vis-heap-chunks/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/integrations/ai/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/integrations/bn-sync/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/integrations/decomp/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/integrations/j/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/integrations/r2/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/integrations/r2pipe/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/integrations/rop/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/integrations/ropper/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/integrations/rz/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/integrations/rzpipe/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/integrations/save-ida/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/jemalloc_heap/jemalloc-extent-info/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/jemalloc_heap/jemalloc-find-extent/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/jemalloc_heap/jemalloc-heap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/binder/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/kbase/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/kchecksec/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/kcmdline/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/kconfig/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/klookup/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/knft-dump/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/knft-list-chains/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/knft-list-exprs/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/knft-list-flowtables/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/knft-list-objects/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/knft-list-rules/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/knft-list-sets/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/knft-list-tables/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/kversion/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/pcplist/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/kernel/slab/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/argc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/argv/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/aslr/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/auxv-explore/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/auxv/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/elfsections/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/envp/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/errno/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/got/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/gotplt/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/libcinfo/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/linkmap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/onegadget/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/piebase/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/plt/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/strings/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/threads/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/tls/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/track-got/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/linux_libc_elf/track-heap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/distance/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/gdt/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/go-dump/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/go-type/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/hexdump/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/leakfind/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/memfrob/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/mmap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/mprotect/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/p2p/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/probeleak/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/search/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/telescope/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/vmmap-add/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/vmmap-clear/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/vmmap-explore/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/vmmap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/xinfo/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/memory/xor/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/asm/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/checksec/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/comm/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/cyclic/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/cymbol/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/down/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/dt/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/dumpargs/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/getfile/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/hex2ptr/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/hijack-fd/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/ipi/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/patch-list/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/patch-revert/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/patch/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/plist/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/sigreturn/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/spray/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/tips/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/up/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/valist/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/misc/vmmap-load/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/process/killthreads/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/process/pid/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/process/procinfo/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/pwndbg/bugreport/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/pwndbg/config/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/pwndbg/configfile/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/pwndbg/memoize/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/pwndbg/profiler/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/pwndbg/pwndbg/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/pwndbg/reinit-pwndbg/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/pwndbg/reload/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/pwndbg/theme/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/pwndbg/themefile/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/pwndbg/version/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/register/cpsr/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/register/fsbase/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/register/gsbase/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/register/setflag/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/stack/canary/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/stack/retaddr/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/stack/stack-explore/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/stack/stack/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/stack/stackf/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/start/attachp/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/start/entry/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/start/sstart/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/start/start/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/step_next_continue/nextcall/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/step_next_continue/nextjmp/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/step_next_continue/nextproginstr/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/step_next_continue/nextret/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/step_next_continue/nextsyscall/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/step_next_continue/stepover/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/step_next_continue/stepret/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/step_next_continue/stepsyscall/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/step_next_continue/stepuntilasm/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/step_next_continue/xuntil/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/bc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/bd/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/be/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/bl/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/bp/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/da/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/db/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/dc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/dd/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/dds/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/dq/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/ds/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/dw/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/eb/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/ed/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/eq/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/ew/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/ez/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/eza/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/go/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/k/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/ln/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/pc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/commands/windbg/peb/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/misc/binja_integration/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/misc/env_vars/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/misc/go_debugging/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/misc/pycharm_debugging/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/arch/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/argv/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/ctypes/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/disasm/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/disasm/aarch64/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/disasm/arch/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/disasm/arm/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/disasm/instruction/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/disasm/mips/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/disasm/ppc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/disasm/riscv/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/disasm/sparc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/disasm/x86/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/dt/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/dynamic/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/elf/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/file/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/godbg/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/heap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/heap/heap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/heap/jemalloc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/heap/ptmalloc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/heap/structs/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/kernel/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/kernel/kallsyms/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/kernel/macros/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/kernel/nftables/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/kernel/rbtree/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/kernel/slab/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/kernel/vmmap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/memory/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/nearpc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/next/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/onegadget/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/proc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/qemu/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/regs/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/remote/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/shellcode/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/stack/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/strings/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/symbol/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/tls/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/typeinfo/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/vmmap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/aglib/vmmap_custom/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/arguments/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/auxv/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/chain/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/color/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/color/context/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/color/disasm/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/color/enhance/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/color/hexdump/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/color/memory/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/color/message/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/color/syntax_highlight/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/color/telescope/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/color/theme/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/ai/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/argv/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/aslr/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/asm/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/attachp/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/auxv/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/binder/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/binja/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/binja_functions/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/branch/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/canary/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/checksec/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/comments/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/config/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/context/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/cpsr/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/cyclic/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/cymbol/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/dev/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/distance/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/dt/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/dumpargs/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/elf/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/flags/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/gdt/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/ghidra/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/godbg/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/got/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/got_tracking/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/hex2ptr/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/hexdump/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/hijack_fd/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/ida/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/ignore/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/integration/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/ipython_interactive/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/jemalloc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/kbase/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/kchecksec/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/kcmdline/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/kconfig/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/killthreads/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/klookup/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/knft/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/kversion/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/leakfind/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/libcinfo/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/linkmap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/memoize/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/misc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/mmap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/mprotect/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/nearpc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/next/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/onegadget/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/p2p/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/patch/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/pcplist/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/peda/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/pie/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/plist/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/probeleak/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/procinfo/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/profiler/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/ptmalloc2/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/ptmalloc2_tracking/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/radare2/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/reload/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/retaddr/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/rizin/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/rop/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/ropper/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/search/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/segments/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/shell/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/sigreturn/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/slab/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/spray/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/start/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/strings/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/telescope/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/tips/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/tls/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/valist/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/version/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/vmmap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/windbg/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/xinfo/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/commands/xor/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/gdb/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/gdb/debug_sym/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/gdb/symbol/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/lldb/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/lldb/hooks/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/lldb/pset/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/lldb/repl/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/lldb/repl/io/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/lldb/repl/proc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/lldb/repl/readline/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/dbg/lldb/util/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/decorators/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/emu/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/emu/emulator/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/enhance/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/exception/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/bpoint/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/config/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/events/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/functions/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/got/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/hooks/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/info/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/prompt/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/ptmalloc2_tracking/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/scheduler/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/shellcode/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/symbol/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/tui/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/tui/context/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/tui/control/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/gdblib/vmmap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/ghidra/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/glibc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/hexdump/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/integration/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/integration/binja/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/integration/ida/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/abi/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/android/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/arch/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/cache/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/common/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/config/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/disasm/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/disasm/helpers/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/elftypes/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/funcparser/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/functions/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/functions_data/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/gcc/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/heap/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/heap/helpers/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/kernel/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/kernel/kconfig/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/kernel/structs/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/memory/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/net/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/regs/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/stdio/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/strings/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/tempfile/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/tips/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/version/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/lib/which/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/log/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/profiling/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/radare2/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/rizin/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/search/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/ui/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/wrappers/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/wrappers/checksec/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/reference/pwndbg/wrappers/readelf/ -2025-04-15 +2025-04-16 https://pwndbg.re/pwndbg/latest/blog/archive/2022/ -2025-04-15 +2025-04-16 -
-
-