diff --git a/dev/assets/caps/context_tui.png b/dev/assets/caps/context_tui.png index b91ff0ae9..550dcfebd 100644 Binary files a/dev/assets/caps/context_tui.png and b/dev/assets/caps/context_tui.png differ diff --git a/dev/assets/caps/procinfo.png b/dev/assets/caps/procinfo.png index 0761b0027..e632b47d9 100644 Binary files a/dev/assets/caps/procinfo.png and b/dev/assets/caps/procinfo.png differ diff --git a/dev/assets/caps/procinfo_curl.png b/dev/assets/caps/procinfo_curl.png new file mode 100644 index 000000000..1a1560545 Binary files /dev/null and b/dev/assets/caps/procinfo_curl.png differ diff --git a/dev/commands/index.html b/dev/commands/index.html index 8e771c1ec..8023e2b13 100644 --- a/dev/commands/index.html +++ b/dev/commands/index.html @@ -1 +1 @@ - Index - Documentation
Skip to content

Commands¤

Breakpoint¤

Context¤

  • context - Print out the currently enabled context sections.
  • contextnext - Select next entry in context history.
  • contextoutput - Sets the output of a context section.
  • contextprev - Select previous entry in context history.
  • contextsearch - Search for a string in the context history and select that entry.
  • contextunwatch - Removes an expression previously added to be watched.
  • contextwatch - Adds an expression to be shown on context.
  • regs - Print out all registers and enhance the information.

Developer¤

Disassemble¤

  • emulate - Like nearpc, but will emulate instructions from the current $PC forward.
  • nearpc - Disassemble near a specified address.

GLibc ptmalloc2 Heap¤

  • arena - Print the contents of an arena.
  • arenas - List this process's arenas.
  • bins - Print the contents of all an arena's bins and a thread's tcache.
  • fastbins - Print the contents of an arena's fastbins.
  • find-fake-fast - Find candidate fake fast or tcache chunks overlapping the specified address.
  • heap - Iteratively print chunks on a heap.
  • hi - Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
  • largebins - Print the contents of an arena's largebins.
  • malloc-chunk - Print a chunk.
  • mp - Print the mp_ struct's contents.
  • smallbins - Print the contents of an arena's smallbins.
  • tcache - Print a thread's tcache contents.
  • tcachebins - Print the contents of a tcache.
  • top-chunk - Print relevant information about an arena's top chunk.
  • try-free - Check what would happen if free was called with given address.
  • unsortedbin - Print the contents of an arena's unsortedbin.
  • vis-heap-chunks - Visualize chunks on a heap.

Integrations¤

  • ai - Ask GPT-3 a question about the current debugging context.
  • bn-sync - Synchronize Binary Ninja's cursor with GDB.
  • decomp - Use the current integration to decompile code near an address.
  • j - Synchronize IDA's cursor with GDB.
  • r2 - Launches radare2.
  • r2pipe - Execute stateful radare2 commands through r2pipe.
  • rop - Dump ROP gadgets with Jon Salwan's ROPgadget tool.
  • ropper - ROP gadget search with ropper.
  • rz - Launches rizin.
  • rzpipe - Execute stateful rizin commands through rzpipe.
  • save-ida - Save the ida database.

Kernel¤

  • binder - Show Android Binder information
  • buddydump - Displays metadata and freelists of the buddy allocator.
  • kbase - Finds the kernel virtual base address.
  • kchecksec - Checks for kernel hardening configuration options.
  • kcmdline - Return the kernel commandline (/proc/cmdline).
  • kconfig - Outputs the kernel config (requires CONFIG_IKCONFIG).
  • klookup - Lookup kernel symbols
  • knft-dump - Dump all nftables: tables, chains, rules, expressions
  • knft-list-chains - Dump netfilter chains form a specific table
  • knft-list-exprs - Dump only expressions from specific rule
  • knft-list-flowtables - Dump netfilter flowtables from a specific table
  • knft-list-objects - Dump netfilter objects from a specific table
  • knft-list-rules - Dump netfilter rules form a specific chain
  • knft-list-sets - Dump netfilter sets from a specific table
  • knft-list-tables - Dump netfliter tables from a specific network namespace
  • kversion - Outputs the kernel version (/proc/version).
  • msr - Read or write to Model Specific Register (MSR)
  • slab - Prints information about the linux kernel's slab allocator SLUB.

Linux/libc/ELF¤

  • argc - Prints out the number of arguments.
  • argv - Prints out the contents of argv.
  • aslr - Check the current ASLR status, or turn it on/off.
  • auxv-explore - Explore and print information from the Auxiliary ELF Vector.
  • auxv - Print information from the Auxiliary ELF Vector.
  • elfsections - Prints the section mappings contained in the ELF header.
  • envp - Prints out the contents of the environment.
  • errno - Converts errno (or argument) to its string representation.
  • got - Show the state of the Global Offset Table.
  • gotplt - Prints any symbols found in the .got.plt section if it exists.
  • libcinfo - Show libc version and link to its sources
  • linkmap - Show the state of the Link Map
  • onegadget - Find gadgets which single-handedly give code execution.
  • piebase - Calculate VA of RVA from PIE base.
  • plt - Prints any symbols found in Procedure Linkage Table sections if any exist.
  • strings - Extracts and displays ASCII strings from readable memory pages of the debugged process.
  • threads - List all threads belonging to the selected inferior.
  • tls - Print out base address of the current Thread Local Storage (TLS).
  • track-got - Controls GOT tracking
  • track-heap - Manages the heap tracker.

Memory¤

  • distance - Print the distance between the two arguments, or print the offset to the address's page base.
  • dump-register-frame - Display the registers saved to memory for a certain frame type
  • gdt - Decode X86-64 GDT entries at address
  • go-dump - Dumps a Go value of a given type at a specified address.
  • go-type - Dumps a Go runtime reflection type at a specified address.
  • hexdump - Hexdumps data at the specified address or module name.
  • leakfind - Attempt to find a leak chain given a starting address.
  • memfrob - Memfrobs a region of memory (xor with '*').
  • mmap - Calls the mmap syscall and prints its resulting address.
  • mprotect - Calls the mprotect syscall and prints its result value.
  • p2p - Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
  • probeleak - Pointer scan for possible offset leaks.
  • search - Search memory for byte sequences, strings, pointers, and integer values.
  • telescope - Recursively dereferences pointers starting at the specified address.
  • vmmap-add - Add virtual memory map page.
  • vmmap-clear - Clear the vmmap cache.
  • vmmap-explore - Explore a page, trying to guess permissions.
  • vmmap - Print virtual memory map pages.
  • xinfo - Shows offsets of the specified address from various useful locations.
  • xor - XOR count bytes at address with the key key.

Misc¤

  • asm - Assemble shellcode into bytes
  • checksec - Prints out the binary security settings using checksec.
  • comm - Put comments in assembly code.
  • cyclic - Cyclic pattern creator/finder.
  • cymbol - Add, show, load, edit, or delete custom structures in plain C.
  • down - Select and print stack frame called by this one.
  • dt - Dump out information on a type (e.g. ucontext_t).
  • dumpargs - Prints determined arguments for call/syscall instruction.
  • getfile - Gets the current file.
  • hex2ptr - Converts a space-separated hex string to a little-endian address.
  • hijack-fd - Replace a file descriptor of a debugged process.
  • ipi - Start an interactive IPython prompt.
  • patch-list - List all patches.
  • patch-revert - Revert patch at given address.
  • patch - Patches given instruction with given code or bytes.
  • plist - Dumps the elements of a linked list.
  • sigreturn - Display the SigreturnFrame at the specific address
  • spray - Spray memory with cyclic() generated values
  • tips - Shows tips.
  • up - Select and print stack frame that called this one.
  • valist - Dumps the arguments of a va_list.
  • vmmap-load - Load virtual memory map pages from ELF file.

Process¤

  • killthreads - Kill all or given threads.
  • pid - Gets the pid.
  • procinfo - Display information about the running process.

Pwndbg¤

  • bugreport - Generate a bug report.
  • config - Shows Pwndbg-specific configuration.
  • configfile - Generates a configuration file for the current Pwndbg options.
  • heap-config - Shows heap related configuration.
  • memoize - Toggles memoization (caching).
  • profiler - Utilities for profiling Pwndbg.
  • pwndbg - Prints out a list of all Pwndbg commands.
  • reinit-pwndbg - Makes Pwndbg reinitialize all state.
  • reload - Reload Pwndbg.
  • theme - Shows Pwndbg-specific theme configuration.
  • themefile - Generates a configuration file for the current Pwndbg theme options.
  • version - Displays Pwndbg and its important deps versions.

Register¤

  • cpsr - Print out ARM CPSR or xPSR register.
  • fsbase - Prints out the FS base address. See also $fsbase.
  • gsbase - Prints out the GS base address. See also $gsbase.
  • setflag - Modify the flags register.

Stack¤

  • canary - Print out the current stack canary.
  • retaddr - Print out the stack addresses that contain return addresses.
  • stack-explore - Explore stack from all threads.
  • stack - Dereferences on stack data with specified count and offset.
  • stackf - Dereferences on stack data, printing the entire stack frame with specified count and offset .

Start¤

  • attachp - Attaches to a given pid, process name, process found with partial argv match or to a device file.
  • entry - Start the debugged program stopping at its entrypoint address.
  • sstart - Alias for 'tbreak __libc_start_main; run'.
  • start - Start the debugged program stopping at the first convenient location

Step/Next/Continue¤

  • nextcall - Breaks at the next call instruction.
  • nextjmp - Breaks at the next jump instruction.
  • nextproginstr - Breaks at the next instruction that belongs to the running program.
  • nextret - Breaks at next return-like instruction.
  • nextsyscall - Breaks at the next syscall not taking branches.
  • stepover - Breaks on the instruction after this one.
  • stepret - Breaks at next return-like instruction by 'stepping' to it.
  • stepsyscall - Breaks at the next syscall by taking branches.
  • stepuntilasm - Breaks on the next matching instruction.
  • xuntil - Continue execution until an address or expression.

WinDbg¤

  • bc - Clear the breakpoint with the specified index.
  • bd - Disable the breakpoint with the specified index.
  • be - Enable the breakpoint with the specified index.
  • bl - List breakpoints.
  • bp - Set a breakpoint at the specified address.
  • da - Dump a string at the specified address.
  • db - Starting at the specified address, dump N bytes.
  • dc - Starting at the specified address, hexdump.
  • dd - Starting at the specified address, dump N dwords.
  • dds - Dump pointers and symbols at the specified address.
  • dq - Starting at the specified address, dump N qwords.
  • ds - Dump a string at the specified address.
  • dw - Starting at the specified address, dump N words.
  • eb - Write hex bytes at the specified address.
  • ed - Write hex dwords at the specified address.
  • eq - Write hex qwords at the specified address.
  • ew - Write hex words at the specified address.
  • ez - Write a string at the specified address.
  • eza - Write a string at the specified address.
  • go - Windbg compatibility alias for 'continue' command.
  • k - Print a backtrace (alias 'bt').
  • ln - List the symbols nearest to the provided value.
  • pc - Windbg compatibility alias for 'nextcall' command.
  • peb - Not be windows.

jemalloc Heap¤

\ No newline at end of file + Index - Documentation
Skip to content

Commands¤

Breakpoint¤

Context¤

  • context - Print out the currently enabled context sections.
  • contextnext - Select next entry in context history.
  • contextoutput - Sets the output of a context section.
  • contextprev - Select previous entry in context history.
  • contextsearch - Search for a string in the context history and select that entry.
  • contextunwatch - Removes an expression previously added to be watched.
  • contextwatch - Adds an expression to be shown on context.
  • regs - Print out all registers and enhance the information.

Developer¤

Disassemble¤

  • emulate - Like nearpc, but will emulate instructions from the current $PC forward.
  • nearpc - Disassemble near a specified address.

GLibc ptmalloc2 Heap¤

  • arena - Print the contents of an arena.
  • arenas - List this process's arenas.
  • bins - Print the contents of all an arena's bins and a thread's tcache.
  • fastbins - Print the contents of an arena's fastbins.
  • find-fake-fast - Find candidate fake fast or tcache chunks overlapping the specified address.
  • heap - Iteratively print chunks on a heap.
  • hi - Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
  • largebins - Print the contents of an arena's largebins.
  • malloc-chunk - Print a chunk.
  • mp - Print the mp_ struct's contents.
  • smallbins - Print the contents of an arena's smallbins.
  • tcache - Print a thread's tcache contents.
  • tcachebins - Print the contents of a tcache.
  • top-chunk - Print relevant information about an arena's top chunk.
  • try-free - Check what would happen if free was called with given address.
  • unsortedbin - Print the contents of an arena's unsortedbin.
  • vis-heap-chunks - Visualize chunks on a heap.

Integrations¤

  • ai - Ask GPT-3 a question about the current debugging context.
  • bn-sync - Synchronize Binary Ninja's cursor with GDB.
  • decomp - Use the current integration to decompile code near an address.
  • j - Synchronize IDA's cursor with GDB.
  • r2 - Launches radare2.
  • r2pipe - Execute stateful radare2 commands through r2pipe.
  • rop - Dump ROP gadgets with Jon Salwan's ROPgadget tool.
  • ropper - ROP gadget search with ropper.
  • rz - Launches rizin.
  • rzpipe - Execute stateful rizin commands through rzpipe.
  • save-ida - Save the ida database.

Kernel¤

  • binder - Show Android Binder information
  • buddydump - Displays metadata and freelists of the buddy allocator.
  • kbase - Finds the kernel virtual base address.
  • kchecksec - Checks for kernel hardening configuration options.
  • kcmdline - Return the kernel commandline (/proc/cmdline).
  • kconfig - Outputs the kernel config (requires CONFIG_IKCONFIG).
  • klookup - Lookup kernel symbols
  • knft-dump - Dump all nftables: tables, chains, rules, expressions
  • knft-list-chains - Dump netfilter chains form a specific table
  • knft-list-exprs - Dump only expressions from specific rule
  • knft-list-flowtables - Dump netfilter flowtables from a specific table
  • knft-list-objects - Dump netfilter objects from a specific table
  • knft-list-rules - Dump netfilter rules form a specific chain
  • knft-list-sets - Dump netfilter sets from a specific table
  • knft-list-tables - Dump netfliter tables from a specific network namespace
  • kversion - Outputs the kernel version (/proc/version).
  • msr - Read or write to Model Specific Register (MSR)
  • slab - Prints information about the linux kernel's slab allocator SLUB.

Linux/libc/ELF¤

  • argc - Prints out the number of arguments.
  • argv - Prints out the contents of argv.
  • aslr - Check the current ASLR status, or turn it on/off.
  • auxv-explore - Explore and print information from the Auxiliary ELF Vector.
  • auxv - Print information from the Auxiliary ELF Vector.
  • elfsections - Prints the section mappings contained in the ELF header.
  • envp - Prints out the contents of the environment.
  • errno - Converts errno (or argument) to its string representation.
  • got - Show the state of the Global Offset Table.
  • gotplt - Prints any symbols found in the .got.plt section if it exists.
  • libcinfo - Show libc version and link to its sources
  • linkmap - Show the state of the Link Map
  • onegadget - Find gadgets which single-handedly give code execution.
  • piebase - Calculate VA of RVA from PIE base.
  • plt - Prints any symbols found in Procedure Linkage Table sections if any exist.
  • strings - Extracts and displays ASCII strings from readable memory pages of the debugged process.
  • threads - List all threads belonging to the selected inferior.
  • tls - Print out base address of the current Thread Local Storage (TLS).
  • track-got - Controls GOT tracking
  • track-heap - Manages the heap tracker.

Memory¤

  • distance - Print the distance between the two arguments, or print the offset to the address's page base.
  • dump-register-frame - Display the registers saved to memory for a certain frame type
  • gdt - Decode X86-64 GDT entries at address
  • go-dump - Dumps a Go value of a given type at a specified address.
  • go-type - Dumps a Go runtime reflection type at a specified address.
  • hexdump - Hexdumps data at the specified address or module name.
  • leakfind - Attempt to find a leak chain given a starting address.
  • memfrob - Memfrobs a region of memory (xor with '*').
  • mmap - Calls the mmap syscall and prints its resulting address.
  • mprotect - Calls the mprotect syscall and prints its result value.
  • p2p - Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
  • probeleak - Pointer scan for possible offset leaks.
  • search - Search memory for byte sequences, strings, pointers, and integer values.
  • telescope - Recursively dereferences pointers starting at the specified address.
  • vmmap-add - Add virtual memory map page.
  • vmmap-clear - Clear the vmmap cache.
  • vmmap-explore - Explore a page, trying to guess permissions.
  • vmmap - Print virtual memory map pages.
  • xinfo - Shows offsets of the specified address from various useful locations.
  • xor - XOR count bytes at address with the key key.

Misc¤

  • asm - Assemble shellcode into bytes
  • checksec - Prints out the binary security settings using checksec.
  • comm - Put comments in assembly code.
  • cyclic - Cyclic pattern creator/finder.
  • cymbol - Add, show, load, edit, or delete custom structures in plain C.
  • down - Select and print stack frame called by this one.
  • dt - Dump out information on a type (e.g. ucontext_t).
  • dumpargs - Prints determined arguments for call/syscall instruction.
  • getfile - Gets the current file.
  • hex2ptr - Converts a space-separated hex string to a little-endian address.
  • hijack-fd - Replace a file descriptor of a debugged process.
  • ipi - Start an interactive IPython prompt.
  • patch-list - List all patches.
  • patch-revert - Revert patch at given address.
  • patch - Patches given instruction with given code or bytes.
  • plist - Dumps the elements of a linked list.
  • sigreturn - Display the SigreturnFrame at the specific address
  • spray - Spray memory with cyclic() generated values
  • tips - Shows tips.
  • up - Select and print stack frame that called this one.
  • valist - Dumps the arguments of a va_list.
  • vmmap-load - Load virtual memory map pages from ELF file.

Process¤

  • killthreads - Kill all or given threads.
  • pid - Gets the pid.
  • procinfo - Display information about the running process.

Pwndbg¤

  • bugreport - Generate a bug report.
  • config - Shows Pwndbg-specific configuration.
  • configfile - Generates a configuration file for the current Pwndbg options.
  • heap-config - Shows heap related configuration.
  • memoize - Toggles memoization (caching).
  • profiler - Utilities for profiling Pwndbg.
  • pwndbg - Prints out a list of all Pwndbg commands.
  • reinit-pwndbg - Makes Pwndbg reinitialize all state.
  • reload - Reload Pwndbg.
  • theme - Shows Pwndbg-specific theme configuration.
  • themefile - Generates a configuration file for the current Pwndbg theme options.
  • version - Displays Pwndbg and its important deps versions.

Register¤

  • cpsr - Print out ARM CPSR or xPSR register.
  • fsbase - Prints out the FS base address. See also $fsbase.
  • gsbase - Prints out the GS base address. See also $gsbase.
  • setflag - Modify the flags register.

Stack¤

  • canary - Print out the current stack canary.
  • retaddr - Print out the stack addresses that contain return addresses.
  • stack-explore - Explore stack from all threads.
  • stack - Dereferences on stack data with specified count and offset.
  • stackf - Dereferences on stack data, printing the entire stack frame with specified count and offset .

Start¤

  • attachp - Attaches to a given pid, process name, process found with partial argv match or to a device file.
  • entry - Start the debugged program stopping at its entrypoint address.
  • sstart - Alias for 'tbreak __libc_start_main; run'.
  • start - Start the debugged program stopping at the first convenient location

Step/Next/Continue¤

  • nextcall - Breaks at the next call instruction.
  • nextjmp - Breaks at the next jump instruction.
  • nextproginstr - Breaks at the next instruction that belongs to the running program.
  • nextret - Breaks at next return-like instruction.
  • nextsyscall - Breaks at the next syscall not taking branches.
  • stepover - Breaks on the instruction after this one.
  • stepret - Breaks at next return-like instruction by 'stepping' to it.
  • stepsyscall - Breaks at the next syscall by taking branches.
  • stepuntilasm - Breaks on the next matching instruction.
  • xuntil - Continue execution until an address or expression.

WinDbg¤

  • bc - Clear the breakpoint with the specified index.
  • bd - Disable the breakpoint with the specified index.
  • be - Enable the breakpoint with the specified index.
  • bl - List breakpoints.
  • bp - Set a breakpoint at the specified address.
  • da - Dump a string at the specified address.
  • db - Starting at the specified address, dump N bytes.
  • dc - Starting at the specified address, hexdump.
  • dd - Starting at the specified address, dump N dwords.
  • dds - Dump pointers and symbols at the specified address.
  • dq - Starting at the specified address, dump N qwords.
  • ds - Dump a string at the specified address.
  • dw - Starting at the specified address, dump N words.
  • eb - Write hex bytes at the specified address.
  • ed - Write hex dwords at the specified address.
  • eq - Write hex qwords at the specified address.
  • ew - Write hex words at the specified address.
  • ez - Write a string at the specified address.
  • eza - Write a string at the specified address.
  • go - WinDbg compatibility alias for 'continue' command.
  • k - Print a backtrace (alias 'bt').
  • ln - List the symbols nearest to the provided value.
  • pc - WinDbg compatibility alias for 'nextcall' command.
  • peb - Not be windows.

jemalloc Heap¤

\ No newline at end of file diff --git a/dev/commands/linux_libc_elf/got/index.html b/dev/commands/linux_libc_elf/got/index.html index f30c3cb8e..b90c7e1cb 100644 --- a/dev/commands/linux_libc_elf/got/index.html +++ b/dev/commands/linux_libc_elf/got/index.html @@ -1,6 +1,11 @@ Got - Documentation
Skip to content

got¤

(only in GDB)

usage: got [-h] [-p PATH_FILTER | -a] [-r] [symbol_filter]
-

Show the state of the Global Offset Table.

Positional arguments¤

Positional Argument Help
symbol_filter Filter results by symbol name. (default: '')

Optional arguments¤

Short Long Help
-h --help show this help message and exit
-p --path Filter results by library/objfile path. (default: '')
-a --all Process all libs/obfjiles including the target executable.
-r --show-readonly Also display read-only entries (which are filtered out by default).

Examples¤

got
-got puts
-got -p libc
-got -a
+

Show the state of the Global Offset Table.

Positional arguments¤

Positional Argument Help
symbol_filter Filter results by symbol name. (default: '')

Optional arguments¤

Short Long Help
-h --help show this help message and exit
-p --path Filter results by library/objfile path. (default: '')
-a --all Process all libs/obfjiles including the target executable.
-r --show-readonly Also display read-only entries (which are filtered out by default).

Examples¤

> got
+    Print all writable GOT entries in the executable.
+> got -r puts
+    Print all GOT entries that contain the string "puts".
+> got -p libc
+    Print all writable GOT entries used by libc. (And any other loaded
+    object files that contain the string "libc" in their path).
+> got -ra
+    Print all GOT entries in the address space.
\ No newline at end of file diff --git a/dev/commands/windbg/go/index.html b/dev/commands/windbg/go/index.html index a9346de83..d57b614af 100644 --- a/dev/commands/windbg/go/index.html +++ b/dev/commands/windbg/go/index.html @@ -1,2 +1,2 @@ Go - Documentation
Skip to content

go¤

(only in GDB)

usage: go [-h]
-

Windbg compatibility alias for 'continue' command.

Optional arguments¤

Short Long Help
-h --help show this help message and exit
\ No newline at end of file +

WinDbg compatibility alias for 'continue' command.

Optional arguments¤

Short Long Help
-h --help show this help message and exit
\ No newline at end of file diff --git a/dev/commands/windbg/pc/index.html b/dev/commands/windbg/pc/index.html index d00506131..45c147c70 100644 --- a/dev/commands/windbg/pc/index.html +++ b/dev/commands/windbg/pc/index.html @@ -1,2 +1,2 @@ Pc - Documentation
Skip to content

pc¤

usage: pc [-h]
-

Windbg compatibility alias for 'nextcall' command.

Optional arguments¤

Short Long Help
-h --help show this help message and exit
\ No newline at end of file +

WinDbg compatibility alias for 'nextcall' command.

Optional arguments¤

Short Long Help
-h --help show this help message and exit
\ No newline at end of file diff --git a/dev/features/index.html b/dev/features/index.html index 34ac34012..5a8bdeff6 100644 --- a/dev/features/index.html +++ b/dev/features/index.html @@ -1,6 +1,6 @@ - Features - Documentation
Skip to content
pwndbg/pwndbg

Features¤

Pwndbg has a great deal of useful features. You can a see all available commands at any time by typing the pwndbg command or by checking the Commands section of the documentation. For configuration and theming see the Configuration section. Below is a subset of commands which are easy to capture in screenshots.

Disassembly and Emulation¤

Pwndbg leverages the capstone and unicorn engines, along with its own instrospection, to display, annotate and emulate instructions.

Operands of instructions are resolved, conditions evaluated, and only the instructions that will actually be executed are shown.

This is incredibly useful when stepping through jump tables, PLT entries, and ROPping.

Context¤

A useful summary of the current execution context is printed every time the debugger stops (e.g. breakpoint or single-step), displaying all registers, the stack, call frames, disassembly, and additionally recursively dereferencing all pointers. All memory addresses are color-coded to the type of memory they represent.

A history of previous context output is kept which can be accessed using the contextprev and contextnext commands.

Arguments¤

All function call sites are annotated with the arguments to those functions. This works best with debugging symbols, but also works in the most common case where an imported function (e.g. libc function via GOT or PLT) is used.

Splitting / Layouting Context¤

The context sections can be distributed among different tty by using the contextoutput command. Thus, if you want to make better use of some of the empty space in the default Pwndbg output, you can split the panes in your terminal and redirect the various contexts among them.

See Splitting the Context for more information.

GDB TUI¤

The context sections are available as native GDB TUI windows named pwndbg_[sectionname]. There are some predefined layouts coming with Pwndbg which you can select using layout pwndbg or layout pwndbg_code.

See GDB TUI for more information.

Watch Expressions¤

You can add expressions to be watched by the context. Those expressions are evaluated and shown on every context refresh. For instance by doing contextwatch execute "info args" we can see the arguments of every function we are in (here we are in mmap):

See contextwatch for more information.

Integrations¤

Ghidra¤

With the help of radare2 or rizin it is possible to show the decompiled source code of the ghidra decompiler.

See Ghidra Integration for more information.

IDA Pro/Binary Ninja¤

Pwndbg is capable of integrating with IDA Pro or Binary Ninja by installing an XMLRPC server in the decompiler as a plugin, and then querying it for information.

This allows extraction of comments, decompiled lines of source, breakpoints, symbols, and synchronized debugging (single-steps update the cursor in the decompiler).

See Binary Ninja Integration or IDA Integration for setup information.

Heap Inspection¤

Pwndbg provides commands for inspecting the heap and the allocator's state. Currently supported are:

See some of the commands for glibc malloc:

LLDB¤

While most other GDB plugins are well GDB plugins, Pwndbg's implementation is debugger-agnostic. You can use Pwndbg with LLDB!

Windbg Compatibility¤

For those coming from a Windows background, Pwndbg has a complete Windbg compatibility layer. You can dd, dps, eq, and even eb $rip 90 to your heart's content.

Go Debugging¤

Pwndbg has support for dumping complex Go values like maps and slices, including automatically parsing out type layouts in certain cases.

See the Go debugging guide for more information.

So many commands¤

Go take a look at Commands! Here is some cool stuff you can do to get you started.

Process State Inspection¤

Use the procinfo command in order to inspect the current process state, like UID, GID, Groups, SELinux context, and open file descriptors! Pwndbg works particularly well with remote GDB debugging like with Android phones.

ROP Gadgets¤

Tools for finding rop gadgets statically don't know about everything that will be loaded into the address space and they can make mistakes about which addresses will actually end up executable. You can now rop at runtime with Pwndbg's rop and ropper.

Pwndbg makes searching the target memory space easy, with a complete and easy-to-use interface. Whether you're searching for bytes, strings, or various sizes of integer values or pointers, it's a simple command away.

Finding Leaks¤

Finding leak chains can be done using the leakfind and probeleak commands. They recursively inspect address ranges for pointers, and report on all pointers found.

Telescope¤

Inspecting memory dumps is easy with the telescope command. It recursively dereferences a range of memory, letting you see everything at once. As an added bonus, Pwndbg checks all of the available registers to see if they point into the memory range.

Virtual Memory Maps¤

Pwndbg enhances the standard memory map listing and allows easy searching with vmmap.

Tracking glibc heap allocations¤

It can be very useful to see allocations happening in real time. It can give us a good idea of what the allocation pattern of a program looks like, and allows us to make informed decisions on how to optimize or attack it. The track-heap command does just that.

Tracking the GOT¤

The Procedure Linkage Table (PLT) and Global Offset Table (GOT) are very interesting exploitation targets since they contain many often-accessed function pointers. You can track how your program goes through the GOT using the track-got command.

Attach to a process by name¤

The days of running pidof in a different terminal are over. Use attachp to attach to any process by name, pid, arguments or device file!

\ No newline at end of file +-->

Features¤

Pwndbg has a great deal of useful features. You can a see all available commands at any time by typing the pwndbg command or by checking the Commands section of the documentation. For configuration and theming see the Configuration section. Below is a subset of commands which are easy to capture in screenshots.

Disassembly and Emulation¤

Pwndbg leverages the capstone and unicorn engines, along with its own instrospection, to display, annotate and emulate instructions.

Operands of instructions are resolved, conditions evaluated, and only the instructions that will actually be executed are shown.

This is incredibly useful when stepping through jump tables, PLT entries, and ROPping.

Context¤

A useful summary of the current execution context is printed every time the debugger stops (e.g. breakpoint or single-step), displaying all registers, the stack, call frames, disassembly, and additionally recursively dereferencing all pointers. All memory addresses are color-coded to the type of memory they represent.

A history of previous context output is kept which can be accessed using the contextprev and contextnext commands.

Arguments¤

All function call sites are annotated with the arguments to those functions. This works best with debugging symbols, but also works in the most common case where an imported function (e.g. libc function via GOT or PLT) is used.

Splitting / Layouting Context¤

The context sections can be distributed among different tty by using the contextoutput command. Thus, if you want to make better use of some of the empty space in the default Pwndbg output, you can split the panes in your terminal and redirect the various contexts among them.

See Splitting the Context for more information.

GDB TUI¤

The context sections are available as native GDB TUI windows named pwndbg_[sectionname]. There are some predefined layouts coming with Pwndbg which you can select using layout pwndbg or layout pwndbg_code.

See GDB TUI for more information.

Watch Expressions¤

You can add expressions to be watched by the context. Those expressions are evaluated and shown on every context refresh. For instance by doing contextwatch execute "info args" we can see the arguments of every function we are in (here we are in mmap):

See contextwatch for more information.

Integrations¤

Ghidra¤

With the help of radare2 or rizin it is possible to show the decompiled source code of the ghidra decompiler.

See Ghidra Integration for more information.

IDA Pro/Binary Ninja¤

Pwndbg is capable of integrating with IDA Pro or Binary Ninja by installing an XMLRPC server in the decompiler as a plugin, and then querying it for information.

This allows extraction of comments, decompiled lines of source, breakpoints, symbols, and synchronized debugging (single-steps update the cursor in the decompiler).

See Binary Ninja Integration or IDA Integration for setup information.

Heap Inspection¤

Pwndbg provides commands for inspecting the heap and the allocator's state. Currently supported are:

See some of the commands for glibc malloc:

LLDB¤

While most other GDB plugins are well GDB plugins, Pwndbg's implementation is debugger-agnostic. You can use Pwndbg with LLDB!

WinDbg Compatibility¤

For those coming from a Windows background, Pwndbg has a complete WinDbg compatibility layer. You can dd, dps, eq, and even eb $rip 90 to your heart's content.

Go Debugging¤

Pwndbg has support for dumping complex Go values like maps and slices, including automatically parsing out type layouts in certain cases.

See the Go debugging guide for more information.

So many commands¤

Go take a look at Commands! Here is some cool stuff you can do to get you started.

Process State Inspection¤

Use the procinfo command in order to inspect the current process state, like UID, GID, Groups, SELinux context, and open file descriptors! Pwndbg works particularly well with remote GDB debugging like with Android phones.

ROP Gadgets¤

Tools for finding rop gadgets statically don't know about everything that will be loaded into the address space and they can make mistakes about which addresses will actually end up executable. You can now rop at runtime with Pwndbg's rop and ropper.

Pwndbg makes searching the target memory space easy, with a complete and easy-to-use interface. Whether you're searching for bytes, strings, or various sizes of integer values or pointers, it's a simple command away.

Finding Leaks¤

Finding leak chains can be done using the leakfind and probeleak commands. They recursively inspect address ranges for pointers, and report on all pointers found.

Telescope¤

Inspecting memory dumps is easy with the telescope command. It recursively dereferences a range of memory, letting you see everything at once. As an added bonus, Pwndbg checks all of the available registers to see if they point into the memory range.

Virtual Memory Maps¤

Pwndbg enhances the standard memory map listing and allows easy searching with vmmap.

Tracking glibc heap allocations¤

It can be very useful to see allocations happening in real time. It can give us a good idea of what the allocation pattern of a program looks like, and allows us to make informed decisions on how to optimize or attack it. The track-heap command does just that.

Tracking the GOT¤

The Procedure Linkage Table (PLT) and Global Offset Table (GOT) are very interesting exploitation targets since they contain many often-accessed function pointers. You can track how your program goes through the GOT using the track-got command.

Attach to a process by name¤

The days of running pidof in a different terminal are over. Use attachp to attach to any process by name, pid, arguments or device file!

\ No newline at end of file diff --git a/dev/feed_json_updated.json b/dev/feed_json_updated.json index 04bbc0dd5..b23df2b79 100644 --- a/dev/feed_json_updated.json +++ b/dev/feed_json_updated.json @@ -1 +1 @@ -{"version": "https://jsonfeed.org/version/1", "title": "pwndbg Blog", "home_page_url": "https://pwndbg.re/pwndbg/latest/", "feed_url": "https://pwndbg.re/pwndbg/latest/feed_json_updated.json", "description": "pwndbg (/pa\u028an\u02c8di\u02ccb\u028c\u0261/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.", "icon": "https://pwndbg.re/pwndbg/assets/favicon.ico", "authors": [], "language": "en", "items": [{"id": "https://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/", "url": "https://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/", "title": "Pwndbg coding sprints report", "content_html": "Report of the two coding sprints with Pwndbg\n", "image": null, "date_modified": "2025-06-01T11:28:49+00:00", "authors": [{"name": "Disconnect3d"}], "tags": []}]} \ No newline at end of file +{"version": "https://jsonfeed.org/version/1", "title": "pwndbg Blog", "home_page_url": "https://pwndbg.re/pwndbg/latest/", "feed_url": "https://pwndbg.re/pwndbg/latest/feed_json_updated.json", "description": "pwndbg (/pa\u028an\u02c8di\u02ccb\u028c\u0261/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.", "icon": "https://pwndbg.re/pwndbg/assets/favicon.ico", "authors": [], "language": "en", "items": [{"id": "https://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/", "url": "https://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/", "title": "Pwndbg coding sprints report", "content_html": "Report of the two coding sprints with Pwndbg\n", "image": null, "date_modified": "2025-06-02T19:01:53+00:00", "authors": [{"name": "Disconnect3d"}], "tags": []}]} \ No newline at end of file diff --git a/dev/feed_rss_created.xml b/dev/feed_rss_created.xml index 06e8e14c0..aba6789af 100644 --- a/dev/feed_rss_created.xml +++ b/dev/feed_rss_created.xml @@ -1 +1 @@ - pwndbg Blogpwndbg (/paʊnˈdiˌbʌɡ/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.https://pwndbg.re/pwndbg/latest/https://github.com/pwndbg/pwndbg/en Sun, 01 Jun 2025 11:30:56 -0000 Sun, 01 Jun 2025 11:30:56 -0000 1440 MkDocs RSS plugin - v1.17.1 https://pwndbg.re/pwndbg/assets/favicon.ico pwndbg Bloghttps://pwndbg.re/pwndbg/latest/ Pwndbg coding sprints report Disconnect3d Report of the two coding sprints with Pwndbghttps://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/ Sun, 21 Aug 2022 00:00:00 +0000pwndbg Bloghttps://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/ \ No newline at end of file + pwndbg Blogpwndbg (/paʊnˈdiˌbʌɡ/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.https://pwndbg.re/pwndbg/latest/https://github.com/pwndbg/pwndbg/en Mon, 02 Jun 2025 19:04:20 -0000 Mon, 02 Jun 2025 19:04:20 -0000 1440 MkDocs RSS plugin - v1.17.1 https://pwndbg.re/pwndbg/assets/favicon.ico pwndbg Bloghttps://pwndbg.re/pwndbg/latest/ Pwndbg coding sprints report Disconnect3d Report of the two coding sprints with Pwndbghttps://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/ Sun, 21 Aug 2022 00:00:00 +0000pwndbg Bloghttps://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/ \ No newline at end of file diff --git a/dev/feed_rss_updated.xml b/dev/feed_rss_updated.xml index 44f26241d..c80a7d6df 100644 --- a/dev/feed_rss_updated.xml +++ b/dev/feed_rss_updated.xml @@ -1 +1 @@ - pwndbg Blogpwndbg (/paʊnˈdiˌbʌɡ/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.https://pwndbg.re/pwndbg/latest/https://github.com/pwndbg/pwndbg/en Sun, 01 Jun 2025 11:30:56 -0000 Sun, 01 Jun 2025 11:30:56 -0000 1440 MkDocs RSS plugin - v1.17.1 https://pwndbg.re/pwndbg/assets/favicon.ico pwndbg Bloghttps://pwndbg.re/pwndbg/latest/ Pwndbg coding sprints report Disconnect3d Report of the two coding sprints with Pwndbghttps://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/ Sun, 01 Jun 2025 11:28:49 +0000pwndbg Bloghttps://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/ \ No newline at end of file + pwndbg Blogpwndbg (/paʊnˈdiˌbʌɡ/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.https://pwndbg.re/pwndbg/latest/https://github.com/pwndbg/pwndbg/en Mon, 02 Jun 2025 19:04:20 -0000 Mon, 02 Jun 2025 19:04:20 -0000 1440 MkDocs RSS plugin - v1.17.1 https://pwndbg.re/pwndbg/assets/favicon.ico pwndbg Bloghttps://pwndbg.re/pwndbg/latest/ Pwndbg coding sprints report Disconnect3d Report of the two coding sprints with Pwndbghttps://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/ Mon, 02 Jun 2025 19:01:53 +0000pwndbg Bloghttps://pwndbg.re/pwndbg/latest/blog/2022/08/21/pwndbg-coding-sprints-report/ \ No newline at end of file diff --git a/dev/index.html b/dev/index.html index 377bbcfae..2a8415396 100644 --- a/dev/index.html +++ b/dev/index.html @@ -1 +1 @@ - Documentation
Skip to content

logo

pwndbg¤

license Tests codecov.io Discord

pwndbg (/paʊnˈdiˌbʌɡ/) is a GDB and LLDB plug-in that makes debugging suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.

It has a boatload of features, see our Features page and CHEATSHEET (feel free to print it!). If you have any questions you may read the documentation or asks us in our Discord server.

Why?¤

Vanilla GDB and LLDB are terrible to use for reverse engineering and exploit development. Typing x/30gx $rsp or navigating cumbersome LLDB commands is not fun and often provides minimal information. The year is 2025, and core debuggers still lack many user-friendly features such as a robust hexdump command. Windbg users are completely lost when they occasionally need to bump into GDB or LLDB.

Pwndbg is a Python module which can be loaded into GDB or run as a REPL interface for LLDB. It provides a suite of utilities and enhancements that fill the gaps left by these debuggers, smoothing out rough edges and making them more user-friendly.

Installation¤

See installation instructions.

What about ...?¤

Many past (gdbinit, PEDA) and present projects (GEF, bata24/GEF) offer great features, but are hard to extend and are packaged as large single files (103KB, 195KB, 423KB, 4.12MB). Pwndbg aims to replace them with a faster, cleaner, and more robust implementation.

When to Use GDB or LLDB?¤

Pwndbg supports both GDB and LLDB, and each debugger has its own strengths. Here's a quick guide to help you decide which one to use:

Use Case Supported Debugger
Debugging Linux binaries or ELF files GDB, LLDB
Debugging Mach-O binaries on macOS LLDB
Linux kernel debugging (qemu-system) GDB, LLDB
Linux user-space emulation (qemu-user) GDB
Embedded debugging (ARM Cortex M* or RISC-V/32) GDB, LLDB

Pwndbg ensures a consistent experience across both, so switching between them is seamless.

The LLDB implementation in pwndbg is still in early-stage and may contain bugs or limitations.
Known issues are tracked in GitHub Issues.

If you encounter any problems, feel free to report them or discuss on our Discord server.

Compatibility Table¤

Feature Supported Version Notes
pwndbg-gdb - Python 3.10+
- GDB 12.1+		 Battle-tested on Ubuntu 22.04/24.04
pwndbg-lldb - Python 3.12+
- LLDB 19+		 Experimental/early-stage support
qemu-user QEMU 8.1+ vFile API is needed for vmmap
qemu-system QEMU 6.2+ Supported version since ubuntu 22.04

Contributing¤

Pull requests are welcome ❤️. Check out the Contributing Guide.

Acknowledgements¤

Pwndbg was originally created by Zach Riggle, who is no longer with us. We want to thank Zach for all of his contributions to pwndbg and the wider security community.

\ No newline at end of file + Documentation
Skip to content

logo

pwndbg¤

license Tests codecov.io Discord

pwndbg (/paʊnˈdiˌbʌɡ/) is a GDB and LLDB plug-in that makes debugging suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.

It has a boatload of features, see our Features page and CHEATSHEET (feel free to print it!). If you have any questions you may read the documentation or asks us in our Discord server.

Why?¤

Vanilla GDB and LLDB are terrible to use for reverse engineering and exploit development. Typing x/30gx $rsp or navigating cumbersome LLDB commands is not fun and often provides minimal information. The year is 2025, and core debuggers still lack many user-friendly features such as a robust hexdump command. WinDbg users are completely lost when they occasionally need to bump into GDB or LLDB.

Pwndbg is a Python module which can be loaded into GDB or run as a REPL interface for LLDB. It provides a suite of utilities and enhancements that fill the gaps left by these debuggers, smoothing out rough edges and making them more user-friendly.

Installation¤

See installation instructions.

What about ...?¤

Many past (gdbinit, PEDA) and present projects (GEF, bata24/GEF) offer great features, but are hard to extend and are packaged as large single files (103KB, 195KB, 423KB, 4.12MB). Pwndbg aims to replace them with a faster, cleaner, and more robust implementation.

When to Use GDB or LLDB?¤

Pwndbg supports both GDB and LLDB, and each debugger has its own strengths. Here's a quick guide to help you decide which one to use:

Use Case Supported Debugger
Debugging Linux binaries or ELF files GDB, LLDB
Debugging Mach-O binaries on macOS LLDB
Linux kernel debugging (qemu-system) GDB, LLDB
Linux user-space emulation (qemu-user) GDB
Embedded debugging (ARM Cortex M* or RISC-V/32) GDB, LLDB

Pwndbg ensures a consistent experience across both, so switching between them is seamless.

The LLDB implementation in pwndbg is still in early-stage and may contain bugs or limitations.
Known issues are tracked in GitHub Issues.

If you encounter any problems, feel free to report them or discuss on our Discord server.

Compatibility Table¤

Feature Supported Version Notes
pwndbg-gdb - Python 3.10+
- GDB 12.1+		 Battle-tested on Ubuntu 22.04/24.04
pwndbg-lldb - Python 3.12+
- LLDB 19+		 Experimental/early-stage support
qemu-user QEMU 8.1+ vFile API is needed for vmmap
qemu-system QEMU 6.2+ Supported version since ubuntu 22.04

Contributing¤

Pull requests are welcome ❤️. Check out the Contributing Guide.

Acknowledgements¤

Pwndbg was originally created by Zach Riggle, who is no longer with us. We want to thank Zach for all of his contributions to pwndbg and the wider security community.

\ No newline at end of file diff --git a/dev/reference/pwndbg/aglib/disasm/arch/index.html b/dev/reference/pwndbg/aglib/disasm/arch/index.html index e591a7c06..50376c49c 100644 --- a/dev/reference/pwndbg/aglib/disasm/arch/index.html +++ b/dev/reference/pwndbg/aglib/disasm/arch/index.html @@ -24,9 +24,9 @@ module-attribute (pwndbg.aglib.disasm.arch.DO_NOT_EMULATE)" href=#pwndbg.aglib.disasm.arch.DO_NOT_EMULATE>DO_NOT_EMULATE –

DEBUG_ENHANCEMENT module-attribute ¤

DEBUG_ENHANCEMENT = False
-

groups module-attribute ¤

groups = {v: _Tfor (k, v) in items() if startswith('CS_GRP_')}
-

ops module-attribute ¤

ops = {v: _mfor (k, v) in items() if startswith('CS_OP_')}
-

access module-attribute ¤

access = {v: _Vfor (k, v) in items() if startswith('CS_AC_')}
+

groups module-attribute ¤

groups = {v: _0for (k, v) in items() if startswith('CS_GRP_')}
+

ops module-attribute ¤

ops = {v: _cfor (k, v) in items() if startswith('CS_OP_')}
+

access module-attribute ¤

access = {v: _Ffor (k, v) in items() if startswith('CS_AC_')}

DO_NOT_EMULATE module-attribute ¤

DO_NOT_EMULATE = {CS_GRP_INT, CS_GRP_INVALID, CS_GRP_IRET}

DisassemblyAssistant ¤

DisassemblyAssistant(architecture: X86_MATH_INSTRUCTIONS
 
   
 
 
  groups  module-attribute  ¤
 
groups = {v: _Yfor (k, v) in items() if startswith('X86_GRP_')}
-
 
 
 
 
 
  ops  module-attribute  ¤
 
ops = {v: _Nfor (k, v) in items() if startswith('X86_OP_')}
-
 
 
 
 
 
  regs  module-attribute  ¤
 
regs = {v: _5for (k, v) in items() if startswith('X86_REG_')}
-
 
 
 
 
 
  access  module-attribute  ¤
 
access = {v: _xfor (k, v) in items() if startswith('CS_AC_')}
+   (pwndbg.aglib.disasm.x86.X86_MATH_INSTRUCTIONS)" href=#pwndbg.aglib.disasm.x86.X86_MATH_INSTRUCTIONS>X86_MATH_INSTRUCTIONS
 
   
 
 
  groups  module-attribute  ¤
 
groups = {v: _xfor (k, v) in items() if startswith('X86_GRP_')}
+
 
 
 
 
 
  ops  module-attribute  ¤
 
ops = {v: _sfor (k, v) in items() if startswith('X86_OP_')}
+
 
 
 
 
 
  regs  module-attribute  ¤
 
regs = {v: _Pfor (k, v) in items() if startswith('X86_REG_')}
+
 
 
 
 
 
  access  module-attribute  ¤
 
access = {v: _Qfor (k, v) in items() if startswith('CS_AC_')}
 
 
 
 
 
 
  X86_MATH_INSTRUCTIONS  module-attribute  ¤
 
X86_MATH_INSTRUCTIONS = {
     X86_INS_ADD: "+",
     X86_INS_SUB: "-",
diff --git a/dev/reference/pwndbg/aglib/dt/index.html b/dev/reference/pwndbg/aglib/dt/index.html
index c0a5c6111..2b1c16144 100644
--- a/dev/reference/pwndbg/aglib/dt/index.html
+++ b/dev/reference/pwndbg/aglib/dt/index.html
@@ -1,4 +1,4 @@
- pwndbg.aglib.dt - Documentation      
 
  
  
 
  
 
 
 
 
  
 
 
 
 
 
  
 
 
 
 
 
 
  dt ¤
 
 
Prints structures in a manner similar to Windbg's "dt" command.
 
Functions:
 
     
  •  dt
     
    Dump out a structure type Windbg style.
     
     
    •  
 
 
 
  dt ¤
 
dt(
+ pwndbg.aglib.dt - Documentation      
 
  
  
 
  
 
 
 
 
  
 
 
 
 
 
  
 
 
 
 
 
 
  dt ¤
 
 
Prints structures in a manner similar to WinDbg's "dt" command.
 
Functions:
 
     
  •  dt
     
    Dump out a structure type WinDbg style.
     
     
    •  
 
 
 
  dt ¤
 
dt(
     name: str = "", addr: int | Value | None = None, obj: Value | None = None
 ) -> str
-
 
 
Dump out a structure type Windbg style.
 
 
 
 
 
 
 
   
  
  
 
 
 
 
     
\ No newline at end of file
+
 
 
Dump out a structure type WinDbg style.
 
 
 
 
 
 
 
   
  
  
 
 
 
 
     
\ No newline at end of file
diff --git a/dev/reference/pwndbg/aglib/index.html b/dev/reference/pwndbg/aglib/index.html
index 71598c74c..2cd3bdd73 100644
--- a/dev/reference/pwndbg/aglib/index.html
+++ b/dev/reference/pwndbg/aglib/index.html
@@ -1,3 +1,3 @@
- pwndbg.aglib - Documentation      
 
  
  
 
  
 
 
 
 
  
 
 
 
 
 
  
 
 
 
 
 
 
  aglib ¤
 
 
Debugger-agnostic library that provides various functionality.
 
Takes the debugging primitives provided by the Debugger API and builds the more complex and interesting bits of functionality found in Pwndbg on top of them.
 
See https://pwndbg.re/pwndbg/dev/contributing/dev-notes/#aglib for more information.
 
Modules:
 
     
  •  arch
     
     
    •  
  •  argv
     
     
    •  
  •  ctypes
     
    On-the-fly endianness switching for ctypes structures.
     
     
    •  
  •  disasm
     
     
    •  
  •  dt
     
    Prints structures in a manner similar to Windbg's "dt" command.
     
     
    •  
  •  dynamic
     
    Dynamic linking interface.
     
     
    •  
  •  elf
     
    This file declares types and methods useful for enumerating
     
     
    •  
  •  file
     
    Retrieve files from the debuggee's filesystem. Useful when
     
     
    •  
  •  godbg
     
     
    •  
  •  heap
     
     
    •  
  •  kernel
     
     
    •  
  •  memory
     
     
    •  
  •  nearpc
     
     
    •  
  •  next
     
    Commands for setting temporary breakpoints on the next
     
     
    •  
  •  onegadget
     
     
    •  
  •  proc
     
    Provides values which would be available from /proc which
     
     
    •  
  •  qemu
     
    Determine whether the target is being run under QEMU.
     
     
    •  
  •  regs
     
    Reading register value from the inferior, and provides a
     
     
    •  
  •  remote
     
    Information about whether the debuggee is local (under GDB) or remote
     
     
    •  
  •  saved_register_frames
     
     
    •  
  •  shellcode
     
    Shellcode
     
     
    •  
  •  stack
     
    Helpers for finding address mappings which are used as a stack.
     
     
    •  
  •  strings
     
    Functionality for resolving ASCII printable strings within
     
     
    •  
  •  symbol
     
    Looking up addresses for function names / symbols, and
     
     
    •  
  •  tls
     
    Getting Thread Local Storage (TLS) information.
     
     
    •  
  •  typeinfo
     
    Common types.
     
     
    •  
  •  vmmap
     
     
    •  
  •  vmmap_custom
     
     
    •  
 
Functions:
  
 
 
  load_aglib ¤
 
load_aglib()
+ pwndbg.aglib - Documentation      
 
  
  
 
  
 
 
 
 
  
 
 
 
 
 
  
 
 
 
 
 
 
  aglib ¤
 
 
Debugger-agnostic library that provides various functionality.
 
Takes the debugging primitives provided by the Debugger API and builds the more complex and interesting bits of functionality found in Pwndbg on top of them.
 
See https://pwndbg.re/pwndbg/dev/contributing/dev-notes/#aglib for more information.
 
Modules:
 
     
  •  arch
     
     
    •  
  •  argv
     
     
    •  
  •  ctypes
     
    On-the-fly endianness switching for ctypes structures.
     
     
    •  
  •  disasm
     
     
    •  
  •  dt
     
    Prints structures in a manner similar to WinDbg's "dt" command.
     
     
    •  
  •  dynamic
     
    Dynamic linking interface.
     
     
    •  
  •  elf
     
    This file declares types and methods useful for enumerating
     
     
    •  
  •  file
     
    Retrieve files from the debuggee's filesystem. Useful when
     
     
    •  
  •  godbg
     
     
    •  
  •  heap
     
     
    •  
  •  kernel
     
     
    •  
  •  memory
     
     
    •  
  •  nearpc
     
     
    •  
  •  next
     
    Commands for setting temporary breakpoints on the next
     
     
    •  
  •  onegadget
     
     
    •  
  •  proc
     
    Provides values which would be available from /proc which
     
     
    •  
  •  qemu
     
    Determine whether the target is being run under QEMU.
     
     
    •  
  •  regs
     
    Reading register value from the inferior, and provides a
     
     
    •  
  •  remote
     
    Information about whether the debuggee is local (under GDB) or remote
     
     
    •  
  •  saved_register_frames
     
     
    •  
  •  shellcode
     
    Shellcode
     
     
    •  
  •  stack
     
    Helpers for finding address mappings which are used as a stack.
     
     
    •  
  •  strings
     
    Functionality for resolving ASCII printable strings within
     
     
    •  
  •  symbol
     
    Looking up addresses for function names / symbols, and
     
     
    •  
  •  tls
     
    Getting Thread Local Storage (TLS) information.
     
     
    •  
  •  typeinfo
     
    Common types.
     
     
    •  
  •  vmmap
     
     
    •  
  •  vmmap_custom
     
     
    •  
 
Functions:
  
 
 
  load_aglib ¤
 
load_aglib()
 
 
 
 
 
 
  set_arch ¤
 
set_arch(pwndbg_arch: PwndbgArchitecture)
 
 
 
 
 
 
 
 
 
   
  
  
 
 
 
 
     
\ No newline at end of file
diff --git a/dev/reference/pwndbg/commands/index.html b/dev/reference/pwndbg/commands/index.html
index 815f0b653..d4b57d5c4 100644
--- a/dev/reference/pwndbg/commands/index.html
+++ b/dev/reference/pwndbg/commands/index.html
@@ -1,4 +1,4 @@
- pwndbg.commands - Documentation      
 
  
  
 
  
 
 
 
 
  
 
 
 
 
 
  
 
 
 
 
 
 
  commands ¤
 
 
Pwndbg command implementations.
 
As well as various command-handling logic.
 
Modules:
  
Classes:
  
Functions:
  
Attributes:
 
 
 
WinDbg compatibility alias for 'nextcall' command.
 
 
 
 
 
 
 
   
  
  
 
 
 
 
     
\ No newline at end of file
diff --git a/dev/reference/pwndbg/lib/elftypes/index.html b/dev/reference/pwndbg/lib/elftypes/index.html
index f036b2779..7289428d8 100644
--- a/dev/reference/pwndbg/lib/elftypes/index.html
+++ b/dev/reference/pwndbg/lib/elftypes/index.html
@@ -135,7 +135,7 @@
     47: "AT_L3_CACHEGEOMETRY",
     51: "AT_MINSIGSTKSZ",
 }
-
 
 
 
 
 
  AT_CONSTANT_NAMES  module-attribute  ¤
 
AT_CONSTANT_NAMES = {v: _Ffor (k, v) in items()}
+
 
 
 
 
 
  AT_CONSTANT_NAMES  module-attribute  ¤
 
AT_CONSTANT_NAMES = {v: _Sfor (k, v) in items()}
 
 
 
 
 
 
  constants ¤
 
 
Attributes: