From 99dbb78e34f8bc583bc456a73c9c7ea0a50d7d81 Mon Sep 17 00:00:00 2001 From: DocBot Date: Fri, 12 Dec 2025 02:01:56 +0000 Subject: [PATCH] Deployed 959f5fc to dev with MkDocs 1.6.1 and mike 2.1.3 --- dev/contributing/writing-tests/index.html | 4 +- dev/feed_json_updated.json | 2 +- dev/feed_rss_created.xml | 2 +- dev/feed_rss_updated.xml | 2 +- dev/objects.inv | Bin 42736 -> 42743 bytes .../pwndbg/aglib/disasm/arch/index.html | 4 +- .../pwndbg/aglib/disasm/x86/index.html | 8 +-- dev/reference/pwndbg/aglib/regs/index.html | 27 +++++--- dev/reference/pwndbg/lib/elftypes/index.html | 2 +- dev/reference/pwndbg/lib/regs/index.html | 58 +++++++++--------- dev/search/search_index.json | 2 +- 11 files changed, 62 insertions(+), 49 deletions(-) diff --git a/dev/contributing/writing-tests/index.html b/dev/contributing/writing-tests/index.html index 49e2be0e7..055dfcd98 100644 --- a/dev/contributing/writing-tests/index.html +++ b/dev/contributing/writing-tests/index.html @@ -15,7 +15,7 @@ -s, --serial run tests one at a time instead of in parallel --nix run tests using built for nix environment --collect-only only show the output of test collection, don't run any tests -

Writing tests¤

Each test is a Python function that runs inside of an isolated GDB session. Using a pytest fixture at the beginning of each test, GDB will attach to a binary or connect to a QEMU instance. Each test runs some commands and uses Python assert statements to verify correctness. We can access Pwndbg library code like pwndbg.aglib.regs.rsp as well as execute GDB commands with gdb.execute().

We can take a look at tests/library/gdb/tests/test_symbol.py for an example of a simple test. Looking at a simplified version of the top-level code, we have this:

import gdb
+

Writing tests¤

Each test is a Python function that runs inside of an isolated GDB session. Using a pytest fixture at the beginning of each test, GDB will attach to a binary or connect to a QEMU instance. Each test runs some commands and uses Python assert statements to verify correctness. We can access Pwndbg library code like pwndbg.aglib.regs.sp as well as execute GDB commands with gdb.execute().

We can take a look at tests/library/gdb/tests/test_symbol.py for an example of a simple test. Looking at a simplified version of the top-level code, we have this:

import gdb
 import pwndbg
 import tests
 
@@ -25,5 +25,5 @@
     pwndbg.config.hexdump_group_width.value = -1
 
     gdb.execute("set hexdump-byte-separator")
-    stack_addr = pwndbg.aglib.regs.rsp - 0x100
+    stack_addr = pwndbg.aglib.regs.sp - 0x100

pytest will run any function that starts with test_ as a new test, so there is no need to register your new test anywhere. The start_binary argument is a function that will run the binary you give it, and it will set some common options before starting the binary. Using start_binary is recommended if you don't need any additional customization to GDB settings before starting the binary, but if you do it's fine to not use it.

QEMU Tests¤

Our gdb tests run in x86. To debug other architectures, we use QEMU for emulation and attach to its debug port. These tests are located in tests/library/qemu-user/tests. Test creation is identical to our x86 tests - create a Python function with a Pytest fixture name as the parameter (it matches based on the name), and call the argument to start debugging a binary. The qemu_assembly_run fixture takes in a Python string of assembly code, compiles it in the appropriate architecture, and runs it - no need to create an external file or edit a Makefile.

\ No newline at end of file diff --git a/dev/feed_json_updated.json b/dev/feed_json_updated.json index 057c1bbc1..284502bec 100644 --- a/dev/feed_json_updated.json +++ b/dev/feed_json_updated.json @@ -1 +1 @@ -{"version": "https://jsonfeed.org/version/1", "title": "pwndbg Blog", "home_page_url": "https://pwndbg.re/stable/", "feed_url": "https://pwndbg.re/stable/feed_json_updated.json", "description": "pwndbg (/pa\u028an\u02c8di\u02ccb\u028c\u0261/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.", "icon": "https://pwndbg.re/assets/favicon.ico", "authors": [], "language": "en", "items": [{"id": "https://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/", "url": "https://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/", "title": "Pwndbg coding sprints report", "content_html": "Report of the two coding sprints with Pwndbg\n", "image": null, "date_modified": "2025-12-12T01:11:49+00:00", "authors": [{"name": "Disconnect3d"}], "tags": []}]} \ No newline at end of file +{"version": "https://jsonfeed.org/version/1", "title": "pwndbg Blog", "home_page_url": "https://pwndbg.re/stable/", "feed_url": "https://pwndbg.re/stable/feed_json_updated.json", "description": "pwndbg (/pa\u028an\u02c8di\u02ccb\u028c\u0261/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.", "icon": "https://pwndbg.re/assets/favicon.ico", "authors": [], "language": "en", "items": [{"id": "https://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/", "url": "https://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/", "title": "Pwndbg coding sprints report", "content_html": "Report of the two coding sprints with Pwndbg\n", "image": null, "date_modified": "2025-12-12T01:58:39+00:00", "authors": [{"name": "Disconnect3d"}], "tags": []}]} \ No newline at end of file diff --git a/dev/feed_rss_created.xml b/dev/feed_rss_created.xml index c55a4f64f..da5c46d03 100644 --- a/dev/feed_rss_created.xml +++ b/dev/feed_rss_created.xml @@ -1 +1 @@ - pwndbg Blogpwndbg (/paʊnˈdiˌbʌɡ/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.https://pwndbg.re/stable/https://github.com/pwndbg/pwndbg/en Fri, 12 Dec 2025 01:13:56 -0000 Fri, 12 Dec 2025 01:13:56 -0000 1440 MkDocs RSS plugin - v1.17.3 https://pwndbg.re/assets/favicon.ico pwndbg Bloghttps://pwndbg.re/stable/ Pwndbg coding sprints report Disconnect3d Report of the two coding sprints with Pwndbghttps://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/ Sun, 21 Aug 2022 00:00:00 +0000pwndbg Bloghttps://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/ \ No newline at end of file + pwndbg Blogpwndbg (/paʊnˈdiˌbʌɡ/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.https://pwndbg.re/stable/https://github.com/pwndbg/pwndbg/en Fri, 12 Dec 2025 02:00:50 -0000 Fri, 12 Dec 2025 02:00:50 -0000 1440 MkDocs RSS plugin - v1.17.3 https://pwndbg.re/assets/favicon.ico pwndbg Bloghttps://pwndbg.re/stable/ Pwndbg coding sprints report Disconnect3d Report of the two coding sprints with Pwndbghttps://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/ Sun, 21 Aug 2022 00:00:00 +0000pwndbg Bloghttps://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/ \ No newline at end of file diff --git a/dev/feed_rss_updated.xml b/dev/feed_rss_updated.xml index e026c635a..f30bd9b8f 100644 --- a/dev/feed_rss_updated.xml +++ b/dev/feed_rss_updated.xml @@ -1 +1 @@ - pwndbg Blogpwndbg (/paʊnˈdiˌbʌɡ/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.https://pwndbg.re/stable/https://github.com/pwndbg/pwndbg/en Fri, 12 Dec 2025 01:13:56 -0000 Fri, 12 Dec 2025 01:13:56 -0000 1440 MkDocs RSS plugin - v1.17.3 https://pwndbg.re/assets/favicon.ico pwndbg Bloghttps://pwndbg.re/stable/ Pwndbg coding sprints report Disconnect3d Report of the two coding sprints with Pwndbghttps://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/ Fri, 12 Dec 2025 01:11:49 +0000pwndbg Bloghttps://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/ \ No newline at end of file + pwndbg Blogpwndbg (/paʊnˈdiˌbʌɡ/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.https://pwndbg.re/stable/https://github.com/pwndbg/pwndbg/en Fri, 12 Dec 2025 02:00:50 -0000 Fri, 12 Dec 2025 02:00:50 -0000 1440 MkDocs RSS plugin - v1.17.3 https://pwndbg.re/assets/favicon.ico pwndbg Bloghttps://pwndbg.re/stable/ Pwndbg coding sprints report Disconnect3d Report of the two coding sprints with Pwndbghttps://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/ Fri, 12 Dec 2025 01:58:39 +0000pwndbg Bloghttps://pwndbg.re/stable/blog/2022/08/21/pwndbg-coding-sprints-report/ \ No newline at end of file diff --git a/dev/objects.inv b/dev/objects.inv index 467e732fdfe1e432b8fcf4207776362be4df3f50..b7591bdbea20e891983412c794f73a417b735897 100644 GIT binary patch delta 41606 zcmV)>K!d;V%>wt$0+54$ck4E@u6f_TVvVu)ZELM>CY{diJ55{m)Q&7^N%BnQcY{HZ zki?j$@F3gy^&1DCBvWL8tfJEwNgSJeUI4_QPyh9{-Pj{YT6X zJm!JT|1(m5{LlaKKmX(Z{=f9k6UNRwPTVkHOupn;snzw0b@bem0s$OR2X7u9ixZ2S}W?sy{q19R4@cXq=Mnq4|F3W=VF>51rp5w$$@C*#|00$R^yo-{#_WS{0(Qwu2`4@ zca2IneAh&f2JspZV<^AGp_VG@uwLU54(_*9kcar149!4)UlSl1?rVIMLBGaB>n5+5 zcwJ>3jAaJYnMlUKB@)FXxI|*tBm(oGM#nW0>R?1up@u~?7(P%*+5(pGa5r6VcdO-$ z&6fA`>5@H7*X#N6v2A-uH}rn?FnwO^*!1gsTapY`P%hqY5}2tGV)q{LVF`VB+OeWZPZKU|4t8%)$0u0}#1%@ocvd?*kRX>T7@wxBD8P`1K0g_PgdI zT7MtVSoYsF7|Q}|<`T6IEGzKIjS>Vaqrjk<7bTE?$gU{)7zRZN8*E9`NmwO_XFHTg zDx;xU0MlA16$s3Pl8tX4l<47xL5afY^)7Hoon6I5u>mR^#^7J44IlOEG{kCxJ~8nGnQhtb$9mT3 zjA`6|FaiPJNYG;bRXtt!mA1W8@R8Iaxn4|n539`+j_gNTqjas8>ai=Qe7%t!zVdi| zhhU=BNN84Cok?V<)g>@&wK{LGxpoCZEKNM4txlz~+iq%Lnr?Lw0_&}g$2Z{W^x-yK zorW{gT@#Upx(h6dF?T`4u;;FT!%ey?Aa31%!8YvbY((4c0*htd)uC7x-bW@u%}2BI zTFzA?0r5bR4Ur0gPgNG;$GakVY;^Wka_}K1yI3CJl5n`{W}V%}lw4rfWEV zSVqfczPUexRqfQ@gVAN?iUF0vqSz7_L<}S13OL+)xB}wV9c+7{&PFs8F0fb@LLG`_ z8hm6D)O=K90A*imjf86q(C%lgOQ0El16cc5uV9F!iEIoI?_IsAfo=@Y?OCnkiHrfX zy{dH@VyB3|NA&`WXAEHOO}zpl83UMmQtLnxV*r0I>ID|n7(m{G`jJUc^RbM9?N9&f zzc7w2mmD-hpdu2P0hIuT5m3wSM1?~ ze#OG+`Yw4$-ChlfGThgA7=!%Jj1RsKAsy>bUaUHXE9I}5pr*TdbQMb&-u&ppX#k9 zrudf)EvwrpD{?oC!h^GoLUCh#lhR;NG@N2q9lJP8SX@JCi4UrXiQoKk0RSYR5n+eE zA6Z8ZNks8%3ubaBeprhi9$fA@fLV<(b7H4?n`_`ZmD6Ck?S99q6f7n50A;C-h1>Coy$PJE&_&8)`@6~Q&f@rT8G}-+ppy5hAc@u$c zz~$7fayH~EhaI`>NMN49!5kB#=O)W>6QHf4pS+2fSUSFcvH>c8qZ2uq$^eGH{LH@2 zcWnD@{;-n~1-lEdugu+Qx!p~dxz?6WX!i8Hn5w{#%jIe}-OYtCq1qpJi|6h9`;2XO ztIdqfMJ_kbcjT(O+47$DgFQ`m-$u%gu6`qF&6kgh8C$HT_v0##Q$N&y@8xe3?(e<# zX_C0g*A19|Um&VYtRM)*gikt>PgdY~JO-Hcs0p~*m@=NSZ3S{tkf;TWFiTk!hc-_V zlNm5(dYsIU##iNm`0n;6WY@QXOqkWBNAYZV86Uawh0!O~dLb<5StF|^SrmnFny|d= zxu1DfaVa=*G8PN=zn`Dh>~XVtUbpVBzYwUcY+d<(Jad8C10O`%lO!yg`?>7Urwg{7 zEoOJrL)lCfZy2}Q;^G_pC(j=&b1Z%_DSlaDI@EMSc2*IOMV)RH?O){AD(z{SS8v{h zfzy2fegA|tO0}m>N3N>9NR+gXI_>G&yQyfQ>8X8jpq82w_r&K&E++ChGyhYUVi*S}dgI-r(Kr*eD3tMw?+$sNto*|4rs&@Y#|G`cGxN$8#VjUpS~rR2+P z(8*=QR73G_69dx~LNy*-m)Zs_)Z6zXN$_S70`&i0h;Wx@8>GBjFy3L)63 z-O3|bXZq&Ze~@XWuANYg9&hw=NJ%o3zfeD(NMQRrW`t0aka$F?XASM8PT9T;-pE*{r_&p zr1n0?VHTl&Q{BllO~3HqVa(d*c?d!wZlMsT_QM#5$@h(>nSLv3GTl7&UAKgw@1{%k z`$ly4Y`0?TyPobmh!W27Aw+4wavlVKKV%6H#2>tDXP`p*Ens56NtD`B-?Di20E@d5Xb#tnXN*)OkF>@eH1 zPn@n}Q4^0WU+VXmC&gjIdNwq z4-i%VPyL}T)oMK^6UEBxEEZa+!Fl;1>5w5!+{?k3RxpbB*$uN~JXOzs4P<{h)__qg zZW67I)}>^=Xv;3(Z>c&cDbmCf>Y@umHrkLdh5(DLS9+0GH$BP4yn}nh7rSbuz^Unl z#R)*)-29C$^mQ{`-hE@!m%sH}3NTi^o36LJ)pDk$OmbCgJzt8M)NUjGL#JB# z@3;eri^M!LCqDQI>BgcE(fRb78RX zvGZJ4Wn#z>eUf`{O|?A_mo-gtVj za5R0@T6UkJYdy}Ev(5Z&9CM_7!Dke?$-{K9ozZ=}MonRJjV<|qyu6?7W}Bz^a&}KA z-MLCImf|FzwT+(D+HRE3)Mk+=fc%buk<*a)wfham)!x6S{1ZO8ijwKMFZ?s4GwGSw zi&4lvF^7BB`zIu#-gl2ItvqR;Anb6_p$Q{cg%>Le!1CCi`8KI>lT*0($5+-Qqsco z%Dhx|jxRy@`U&5`54ax&u06i8Tr(J7HH<_P$P9NKV5%S7!1*+BQs2UDT{ZXrgpsCP zcz%uDPce95LGjU5<=&i6kkw)EKTVjy0?cBof0h-ab@f$$CZDEGJ%Jt5L-Gl}kZ#n|47&+2Sv$`>_yR< zBYRS`=;+>*y6o5<6{Y<-7Ro1iR_fZ+lhB6HLv$L&No{#=%WnGHY&k-{3eC~fm@*4_f4t4rb7X0}}|zRx!BQZyDDClqE~ zaj{x|Egw~wg0J)Cbn}C)*0YV_UAxBFtVH{VfgT__AS$%Es{DEAMXs2tgQ7>{CZtb9 zY19-TMwv!UmvQ82RP{d5s8JIzFl;nxTKa^N#!i4)cxhDi;o+Z+lQUkJU*FY^RiNo0 zAHSUi`PagrT+Dx)Eq?SHVc;si&v)Ne&pUP|KU++Hu^o`RCG6W28}>NrTdIQ12qvxp@Ate9)||%^%;oQKq})+ zR+C6{)&}Fbdj59u)t@KZ^>lML;By;@4EPcqDsR93Vo)yP=~mQ8HjY#xw{WzGx{XRD@CE#mM( zOqghbgJ~(q98Vix&EEzzx5oG1MXh#W(Ugx+1KYswwNz}V^7mHyZbg> zKF;phx7F%53_saTfyI2glb67wc;mQtXx&vMDdHLBz`WQYSNw9KLP}XdnzTs#^rag5 zF$%vx76UR8^Ov8|lc|uH$#fHj+}U9-A(Y+P32|&HcDtc(KbOn-`Qn5M2BjlN=b5li zR&eAFJB8s3R%QyZ4%lYbU0 ze}5J!xC{^2(1plTjJmq0EQ_BtHj%idTP$Y8`weg@fL;ggZ)syBc`Ll`3x`m%$N?WbXr>%ok3+00`P_}y)v*XCd<~TAK^lK4X9c%A zU2Wu}vu8f{)9_8yvontq3?@%eAXr)C`WOil!x9ow*n?;J1N)2n8OsvU>wx!Qf3fGT>U5K_9VpKZ~3nOT7fo@g=@0Yq^l7&zC{flmIo!kNQBZPecHv}Q-s|&jdr$`> z6f0{IULuPX!J+B~gDl}qiEuds=wG{9m2bbV9f3$XAAn{s# zLF8{~Y%!c#Uoi3ek%EleixgPg?8ELrg3{1CkV*3Q(9}JIv2UfTNPABQ^+pwHQXXc) zN!sM#g;pwq9=N{cC7578W#v`8L%+)v*Wg5#5m#=SqDZeQWCE@mP*9^ZCZHzhRFQjj z;%|s`Hi~(g4z`pYL)nA;f0o~vIH=)QsL6D*nf|~_+T`nMwLrwlZ90*A5NPL>E5ozm{$~7W!yO^Vv;C8o}FCTG%&v%&3?isfgKVvuJCTHw+{EXd@pOIU# zP+lbUT351a<~AKcp4oFk{Dd2E_etlvX_&e8e0Ng;FJ6s zbsZiGSjXuoeT??<_-r%ihNe2Wjg$P89YZG1bzY~FjvHQoY{hb0Dbi-u^u&G8H&PE? zeIfmFBlk6o9X5P`J#ig?q3e99eD22U*zs)?b8CkkJeevx3=Zz`B08M@RsMbxSw^~& zKQK|lEnvX4w%prU9CJut+6K|5OHQ)h9m1F$o&7N0(F^y|xEB4*!Ab@u&Zv%bf%1z^ zr=AKQRKHn&6_-1yLf9C5V`CLJQOCku(X0Orjik{}N&MAT5&pG>nY=@fDS+f;*fcj_ zo-2&Q;k8BBzj2&JDu9!H;`R#$_)qRzvNXU|v3Q{iIGNo~cT@ItzT2|tX11KNr|I@L zU}F1=Y`@JPcH}C*&+m8N2vxq$m)mdC%{_IQl{(aa#a0SYm)zaz>1n=`H@FiQT_r?a zc9jx!;XOW!PefmIg$#AU6*|<#Hs7*uvnhG86*APtR_IU{+wx&En^6~<7NIUOtwLR3 z>*<`jxTFMiVMz_@qS`K|U#ZJVX;2rI5+N_G-E>FZ6150Q-D%3@m%g~hBTMD~Ivk!J+>4~onO%A)GqLXiQJF<(%R@m(1{NUSc{`hT2!(M)ye z$jDm)aNakej-HA-VS1I(FS_tA@WA2yPxB=KovdJ%>+S6Menmmfs|y8MnmZI9 zaVb9`0aw^%Bqok`WHxs_iVjPl528s4>^+8uvrdW(a8HuisTb1q+y(IV?{3? z?rgmif*Oa1Z3qD!C>pz08EJXzJx`HA=!Q(jF{m0}}5oj~k5=ve@Nd&9uQ zC-uW!7^L}4*{JR6f}W39*ky91K`?4vDV#0WV-(HcmX5S>EC#%l22nB@O>Km{?S+KR ziL)v;iM|e2TB+rKdc<1lvT@lHapEDQXjQZ-3AbaOQfvH0EFg+0JkV-n zf&B91S;^$tJbC@KHnB*wv=f8Ch6|4U&foNqN#Cf-MzR^5g(!YFxPilxe2Pj|L_)<) zPTWx^mB{j(GyaxJrw*iN$JS_M8sty z=OHw9dqEEmbcq)Rsop4mOu6)?rAYkV5NbZzK=(>L`qXP2f*&)dY!LqaB z9^%kvbOodE24T^9NRX_UQ!SNiu2}@f9tsr8j|v=wzAK}6QjAuAN`SBl(NvNs_=$!~ zXKmN{dbQBuk?3HoAWg{hVxI8$%xQYD0xql^b`aJ+{tC?p8M(McBqN7J+VLv!ETRFI zZhsEl#+-^w)Rr?*ZOFRJZBf|hCYmBo)Ct7tZgx+W_{sG9biSa&%LpjwsefM1ci6kF zR2WKdh(|MaeHSx-W}1B!wyr(krRM4<%ixU~mcQO1K@<4&Qbp}!QEiAPScOEI@Q4lD z*B+&Y@%4%qx`2~uvFRStC7Ds>8BICQ)xqfj4cZ(Jk9^-pAm5i?#Ms2ofmsL#L-^j6 zn<2>9M5&e`Q42cFS1lBN5M{u#jznd1vP5l^$+u5g@IobjB7R4Nmg{2|2Yv7*{4C{f zG-!hrp&n$Da44pD8R<0)QummJ8PTUr-jkI3489s?$WKG`p6u&<`7~Y2gSWu38BTTs z^bu7sC;Jy23K+d41iSRUs=kGy_th%!-Qh;ygF{y|(g&zxCWBofMto(>rXh3OB=W3x zgNXUYTEJ_6hk9`*57X_ApnMd2G2Q3@MilVnYRBeF8C{r4VJm|JQNee2)4OkEh4Z}J zt~PL&f-zrhtY=l6H-cK9P*nLu8o}iy9LOb;kXYCXOyAMp6=2jNS5z_QE7Q-&(k@hd zOBmTK=K5Nz^2iL89ML>k1uz>%~s0|@nqzOVsyeE zZxwp-^*6e73piWO{@4}sa3Yn5ds6rqSy*po-x;w61^!;1W!b*_$+vt6K&_@1bZw0! zq&ZN3X1|qE^wgI+wiU2F7dB`TdS~v8AgFGG(w9wLI6SCjMfGE)=`n`b3xBU|03=rI zbJnt_R=%`hyn%R_+z6jd9$*|#sjyY)m12GbU${9`E7`{{`gX-JRa4s%{mKYhA8%Ep z8v^7J&9O43zL*;vLfS0#KIPh9Pi{SPZSlu{cjmdl%NVMj6(9MCJ>;dHSqMxlNzrj0 zN0&83l-hI-W;Ais@hK8x~BCkt4|YJV-}TBXLAFDn(X2ijK)1^u9`RPOIjA6mGbG z4_YILM8y2eOWpJo%cBzxt(5B7lfQ{Y(~Eel zYlhr_o7v-tst?F0mc^UoMye^g6h|0-bER_5N~e?sNf@Wx*}EhjhDT{7J*krjQ+*Ag zzR>~IsoW$&LN`j1JEPlF$NQv| zuIZbCR37S^f^;t9o04Prt8a?ad3T#7X}#BtnzT;rW=SevcB2}-OZ%4WD4y*`ae4eeR8lM6UN{ zElLl3qavjvzD#BQfAzs{Fi>?AK`OllJFYI(O>?&gortLH8I3cg>+M1Va_=Sw!- z%$8Ghx(Y~5Q7|e>-F*4HMPK5V+XiGwqbGU$?(akIInZlKa#?K_#{{PeZ|F=C^?U42 zXLsU7w0F$H64>v5mY1P(4_pRZ){_u<&!J)ybdSnmERDq|jVbt~_ejZ04NVs1ZX`Be zG&Nnx0npglwZsqka5wDED{VR@;4824=R0ub*M0!GcV8awzcM-U&XwGu|oDLruE9P46J+AtT!hak;(lcVY!KjT@n`3~v7DLC=D}GRt#CK8Uk%md2dC zedv_=mR!FQme=0n_@ei-hw1ZTrzWRz8!+w=c|qTO+swA#R*QQgjWweIucwbQhHse^ z_}ywPB!~)sWw)6>Q5F1y^}Eg`Y7-q z^UtJ(T4O@Qz~)Hv`*oDxks@hMeCoAtu_}<_>FG2G$)f8FqayHHp~YhDl_I%h{%$ui;x&Ibpd>P zrcS4SGHL1>BUm-fa#V&*U5(JTsmlKQ7Ke7whd@Op9s~;w@?o$hL^}`` zLZm~X79kuAwE)#{sOhu=qShE~NW7M#9Tc@1`LL*ENC!qOK{+&P1^U5J>(C94nol)A zYWfI6q!t=&kTf~$0Yw@f^#EemyA3W-9b?%3n*h4QW#%sWhxuZ`?pDuB8vJ6qd6dV0 zIOvt(#p$S=+Au=KB5;P`cU4hbstm{yikaa%330bF;nviv&(M(7! zx-L%IZ_9)B=)>ie2Jyi8QH^{EZIq;c9ZWw;k`Alaa)blywG`D*d#yt|=w7RhHvHZe zrX7f{b;*b1YeCY%`C5!}n7-DcAF!_#>4xrWC8|OET4#je{91Cff!$^oL0u7tbDLcU ziKBo=R?NPze|@3lfBA`+|1&ZF7h3*L{|_zyXR`0B;{B1hsHEk(+Jihaa9H%W&@i>U(64`5tHo9j=?A}8Pf(L1)z3y%ZtL89O2CvPGq zQ!BPlzx=$45jk-L;Dq&poH-T^_)mBqFY24 zP8rnrf~o&@jc(S@W2z5-FPX1y`cPb-dNT_W6!T+JrdtB!FRIs@>3~poT?u?b4;Gz+ z*Td5$J`>-`dFz6owKoc_7F?m5^>@RwAdOrWMo8^U(R2=q6-p$ic7-A(a~~ZHT!-T6 zRuo+om2h=^ZFDHS?|Sq#D~HYus4HGIUrPDVz~?>rQ5+s|1-#IIauix_F)*%q?fA@b z-knU}nFXye#XA733iz|y+|M@P#%zQ?xPim|4g=n=>X=CBuTcDN&u`H!XlJnw9GTzI zH@rV^_T?H20?fDenMwbmU+4nr52=6d^(lce>Lcbdy}n?V&cTh7l z)pD=Pk;aPZQcb*n5$)olPP}2w{pr_VaJ)-7iNd?oh(_@)6=WpuQh`JDE?q#8yi1o% zl*!`-5_5|80gN`qyC&n!&1+=zm8z1B>A5PQ*q*CvF#gBG_FR=*ysZ3_EVEFLf` z=AmLt2!(zmk8~K00KJuE5dLIDsn5t_<{R8tKUA&H+^M%%%snf0&zu!DDZOMGzHp_Cr;hp2su3E86df~@@_r9j8k&x41>hdPr&6ssP|95QDr8#q@r_Qz zXo}fOp`nt0Q;WqR6IR9;N@p>a%GN_ERkIJsG|Iu5PN6n7l8KDb2Siq!@Z8@uQa>6q z@@5*ViBDZeVe{pD zN2;`&{edkYT29$;jKW12t9aIXn5D!Trt7z6X!h!+r+(|9a3T4{NefAut3(Rgyt}Ga zm?ANM_c-1-T$_Llr|JIOVDKykhj!pZ&X~h2aAe2_Ggll~AV@7?j>Jp{0Kw+BjGssf z$*Z+T=0?nQVx)?p?GqeWa8OpcNj)oG>4r}3PNE{fZ3|Pfd7!SoLef~bi_CzAOLGa? zDCzLhsY+W$hhoPsO$LrU@bkS{R01hGh2e{T9-19~?y*W@EPAp6$6!)y&KDV?qr0i- zEQe1*UT1M%Bz}488hHjzaIj3t!8@ zAH4>Y^f88@N{npIQb`cbTk0aCjzg6&-TbAdK{SV{6sUTgN`bWNxso9sYbrIexj-dB zWU-e5WH$AM!l<1Zsp)&E@>$&uwN-k5DKv(;c&RvQGbT41mk;aBYPVw34g7R`5B%57 z{Qhx9sW4y8cBK6E_n(RRzfkf;@!Ze8lPDb0hq5)G_thnRjDETj8@czagvaP!mbK{! z#Rtnb^(Xqr~h$yQc28Ieazg2(6&l@8@Ns02pt43#Eb zSE%r+Bb2UF+FX!!RFwj8H>HFq+u@ee7$$-{Mk|yuPQIazplAd;v6&qPww01f7#+4Z z74UdK#-Q*yXn+p=W+&v``3y`#&j5o^G?9qEi}Mr2w(5C3VQ=g9`5YJj}=j z1ft1cjwZ7}cVwFzc4KX9&_V~xcfEJAA|jn^?r67V?5MY7>^@^V#*TP@D~9GPi$WcO zAkK&qIuy&3V~B;y&oqXTagZQm87k8zr;o4}o-28g>(FIngdB`vE9@wD$=FsZkJ-g> zNH&X5(RBk?ZD!V;WMtW#O0D=ouja98pu}3Q4jpd3wsIR6#i5Oa64M6pkHusXkJMX#iSd#@fIwzJ&`V&8sjpQdYiq5eV9 zaU@NGrT12R-p)4TRLAd6)5T(SH-^ycX_N{ggZAYSV_EX|7;{yxrp^C$KGU|44Q>@945m~+>3ZTQpSuH4ExKN#&+zj)F%LRe=!}|CP}S0rO#TA z>md-dM0Lz!H%VQ4R8{FI9!F4xp<$)VlD^hRQ9XgRE&IgB$)y(bqBj}2BEwad2VRqAhA)bmE;s=o+CzwFk<7@%hZ-T6#hk@ z#k0lsZkmiH#C&%I8{+I+o)_9<2$|jA0TsG&4=o9v&e3xzL+9mb(jjv3G)a+6sGEcc zoI95?RL+)56?#ugiynoWR<6a!{3@41V>vr6RcSmO z4H}d-^Q9c6OW;z8aEAU-h*LKEFJ-Cba#t!ubE|6=l8MzqzoXA`HinMT<48g!Dz!@KZ#<$ z3#P=yjqTd-DV9O7JF4P-FxjLV4B@U@SJZpWm#(NkHSt^1^Y-g6jC426wE&rq<%1BJ zm*s{Mji2R)7{#>uh7`W9<%1BBx8;Klxxb}dk-+1B@NYr;9sp-YmY`52Jc{3oFoH( z@DH^@L92!Zbi!mrJ;OjghI|<=gi^rc0U_Uhw>^U+KPG4yf5?2aG*NI9cD6j%k%3{z zL=3$PCg|7-oX{shV|Tn2Sg!su+5KYTm%{SFAB{>X#c)x}k6F4QzD6kmb567IT|_H*>TmBY|SjvBMyh5ybFE9wi{1ROp{fk)@4Q zj}wLt$2Q<{aQL@Dh*l`p4NM|VfvE}8);$Fo+4fdgHLa$pZn~x!#+){T<5%N|3aq+f zf}ys8(|kqr(MeIIZmnDiH)`#RlvnJ}`Pd@C-0kqWs$lE#^7G;e@{7s`ao>LXVTjaT;o3YQ%*Ho546 zF}b=MQ{`Q*r6TfKk3QixP%WF9taYjvx`0JkmTk2v3!FRk!B6(lfyuq(WmGjLO9tK# z_ZC(Act%yVvsi8|U}=6=1H57lmK!&t&b~*_K16Bc?74}RBqQWbwhPmLon}3iR1cDj zr!?*t>lep9b3$g{A~oCzE;U# zHR=i@bjd83ianP3a-}$i?NXB@H(YLLjhIDBljWn#m>HupR%$AgmP%cQ&`kL#GvZgG zHBg#_M$Fs@rpZmUF|$d3X_VA-=uCr}2(?|%EJgga?p9Avt0mk0SkJcb%|$Ra%@LU# zzFuv&^RJ5;`}b-&W6S9ie)@|W37Bnqj~q}yxf|`!_k~6;k7jQfCVrH^rjYa9V{D~d z`U-p8i3t=5e95OlM|MPI_ym840Zppq5&x|6e`4eH0a>c)!v%eRqzS}F%@L*$m!i~@ zh}&wTW|MFt(I_--=Ex=!S31h+;)iD@j2$|k%cUsc9Og=hZWhxhG-?$goypvg8a0FT zvza!%akEM|qq$W2>oXesrD*I%qKL;*4I?G$bAJ?3vN_|W4Dqb-rWjSLP&<=R16-6u ztN<4!5G_o|xrhaS1Kd`ShZAkZO@34V^SwaB3~EzypLlr28pr%%Z(5Z+;GORDlTozf z9=IN%^^E082~ZO?$GddwgsU<^PCZ!=YK{MI?q^S;n{)$?-1KVX31bfT3{SxsiyT~! zxo>hx286eflkfep9h8A~Nxt|-ed zlrR}MsHhRRiuC~4v~*#9I`D`s=6It1{6gdGS|S^Pn~Lutw~@*^H-e-JEUJQ15@hf? zKP(7S_G*bI9IUS;tl3p$;9l$i4Twu^L^g>(-32xauiHga6~ge80ElT8y%vTvIcxwT zVooZqxoC5Liz_f*RK5y~9(l4rV+NosnAkBRuej*n4LgEl!R-;97Q`eeT!mUy+~al{#w1FxG0BkW zxehk;o0XilJjLz>bL_;nBFlEucbZg-aq6Ao>lJt}3}3Q{P{7Z3vl0|dVtFYQ8a87! zVn69tk6jOQEXAN)pye7O*w*i*Aa5U$JFcmJ_`dZ`+L_;0advp zdGaz^_B3AtFSYN&UHD)Xsv)y=P!4HCG)u@*xy$z|fXlOdshPQdPoWj2qX29x5glxQ z=my{oD4oPGICC)_*MF1OCuG{k`JSG_K>t6E(t)S;sR%k{CCqUZ(1PyT>Ez3ZabEb! zW40HwIR_Vji6~z=wdrr`B(s^~TGB0I`DCBZph{BdTw$vrE zwK&7W!D6QHQdDG7z#)27jyQioB84x1NFQDnB_64)ny;>tp76NvV0PWKB=pW)R3YhL zafT*8 zSi5_s)%DRldB8}9{B^*+W*4$J!-0JWB*#}3c6d_tf7m{@0x@Ort@uUT=EKUgiK;?e zyT>fdlHmejWXq$%36Dg*le@Zq<-`+#E4rpvX2nM=lnh(KgA@ywXM1>N_05Fc{hjQm z8egA$6*lOLGHn;3ZK+CV;zwwBy-8&+A5%9e=9LLr>u)E#hO{luLj@{BKhB~Ql^Sz2 zUKki$O9{q_7M{w(Jn}|iJ$cBh1CoY3wJwGiW`l3!Zo`%z3DkscbLe`1c>zbQ@Mb2na}+b{;T{U7 zjI!6Cv{Lt-3@jcE89uUX^Zii+lT%<28V_I>K66T+g0u zx9s=Ld^eR5OV`ugZnjwh$^gW_n{IdPezuuCu&3#IJzqYek|~(jC9qm)aTysHc)G-h%;oIXg0Ax!p^wg<@wW*3 z~4DZZFWCLv*>E% z)dJ5@%ncz7RLy3?!6ByYyRZ@N*>v;x9eW(t%&tKIm_TR0Q&rUB*aEMdn6PZm&e#GVa zQI>KQ#F3q>ykZW^Q=A3t z!WlRW9K|7MfmS|uZN)n&;56 zzO_#!0i>pChXp;uf~Ej~PUc69dk1}ENghcYtuz%q=3c%%E@AukLc<^s20$opOM{C; z9>yvXSj46fe`!WdD=5r1fRm(QB#(`~iZ;L!_ZV0n3O7BeBR@!~Oowvv;_BZ`-YBR3 zz?7#aK5!VhDC7Z{0RS0P9%2v4=We_%+nucqWy8~eZBRF1q37tJ_wxD&6k?HE6p+!O zN(fJ8(+AIwI*2GRF{w%*wL?C4;e_~J&=y4$EtD8P})-h?_u2Dg1 z2huNJZ(<`K?pI80if!^s3@!rd7$y88r%7$S+f46fOqKR}bGKUzE9~LP?n-dJ_q~4- z?UNN8A;I%oA?jY&fegKOW*CIOrLn~hMFsB1!@p4pb>$&?OrXg=1^_Vc zP}{9_0H@Zk4ri6!>u^-n%MNB;b+&_fd7q2&84*(zgLc|rKTz25hy)N4^&oVVslUitP7w2BT~ zjzh!Bt5!vaWVfiB{TXF#>W_fBA=?;vaFn7u9#FV`m~xoENIrQJp~HX`Fi3iC;1cW1 zf2->sb^QT3v>IQ83QVS(Cw8~m>}G$kCpP=zZnl;ioY;0Zz5A{EQ_*R&ht2e9##Rpx z+u3eQoszBmZQ;CmD4K4^tPERH+peN+zlRyX*g%)B-I6@Ava%O0pN6$2a7uW}Eby{x z!}}-hdBuL9&IVaL+yTR1h~4|(Kb29J=`)B|-G;<4tJ z<+6o5j34FOOA_t@PaEAvs?ng>e+#Ad(9qJ&EY=%j(G=tz>7c^QpKZZRinylj{ThT+ zMEeHj4nPzptBy=NJaGc0W7DFbbaYx2)UP-sc~=}>!F!?J%!-jN)isrYUU1S^Er$+I zVT9KLqUan#cCCR}Y3#U%0~)M|Z-fBD%cR`0$kAAkJti>H-<)BwFku;9e^t%UN-IO` zr8C5CIz#NIGrW#E!|PkK0JHt*i3wgGUBwX}p0>d~PI;=J%Vbgy-U3XX)THxCqrfwn z>a9j7!3;PDdscb~W4{wF{hb$R`HSlHMz}O=l|ieIoo&FYq!9j{ecWcVSXCX5LW~vh8szrcJz-c(vld zL095=~1*r7vpe`(McG81wywVy3_Bfv$x&`wAov)rYG)$ zZV6EjUVTvgaz&KC>}Wx{p8n6PmnL5q9oy(`zxX`s_1~XVtUiPXUkDKX_e(%j@ z%bqWP_7YsoAHVHb-`1nw?%Njh+kK0wc)MqTm9GyFUq5fwivb0v8nLj@Q4cF|Ob}%TcuL*=8|c_R7%j-{!ksFZTa# zR*<-iC$<%F_UqnF`!Mz%U|Zwum%F#r+g*Tk z8$~V!1<#Lc)4&s|RA&JhT5Sce}mv`|=A9Fds*BxLu7T3bxKun(IOBomcuH%|77)(t*ByGmJ{kI^Zjey84E`6VR z*uHDC7cv-5tlj;bsJpKs%W(ifYhm<%Jk#AFxmy>O6y}CNfWi-M;TES?CCqCc3(p<6gG$ZKN^U!_1^zo&UJz2&`_*Mgm5n^C(XeBQX;mS)xrqdP_Jn z;GPnI*aL-9I7uJ|)1AUTkx^ zftY--mfHKxE}WI7+>i47xqov9cs?ISw}&V22<<8Xpz`pzoULQ#v(A>c<07IxF-L*g z*exu*%@kDs^6CC9h`#nl7%ZWvH_&u-G52LiB`jj;?8@O^fFM5ppN4r6@k zn~PrnCyG*4+jX&_L72KWN5|?mz;uHkf@5R#r8fB3)Jn5N&Wp&<0X{jiZP{g`bKes& zs-k1%u{8tFS~pkqU|1cl>bTHgZ!X$Ma6%kaia;?KEZr$#(XQ7EhM)p060VUT0||L< z!1Il3SlH^CFBF>YQ_ygKsw=^w;m@55vh16NrZNc2o~_RuD+mMLXJOXFyYunwVKdwT zQ_2`)UMd$YqTVmR2dVYOF7`WgO)swB0bt83v)`fR+($(31W6%#iTdC@{w9~&iZkc< z0^+Y}73bF47R?6kI z(|t$S>ty|_BU#OW+Bvq%V>2kY36ri*=(#~d@?H#SL}*rB$v+J4U42o65VZbaol<_lByuZ-tgSP|JL?nTTA?P^;iBHT?F z;MUI`VAv6TBc!x8eWnd2WOB^Y^qrt8YcQ)-IvRm9)NN*e1dsWd$0=dz%egw@w^WnL zlNcdEp(c#bdAItpe?l&ntL_`SwwLF&hA>Ib{%eVCQ9F9#_4|!z6`NCiM%Afcd_##u zfMtQhW4X4{ccz*J(m6QbVEyaKO?$uGe}|XvTY-~wO|kV;jjv9odf(6NEdp3PZJ;~- zL&x+SKqzj1_FyRKk^6nDgm-iY5Rfgpmt(#SZXikjmvs;K5LzBEFTo($UgmJUHR#yc zheD7+m|~rS5h`jk0vGAUrw}?fzL~U*B&FXH3S)=aQrPRDY&Ph@5XeOwFseLJWwG*-h2a3fs zZY2=SzLhYTgA@omS@IH9ojL|RKyAQQ#xputR7R{SGFQtzW^B|<94U#LEC>d7RR!!>G_xeKY>t3))6;{Kp;0ga1(VWIIsxI64N_%)c;@jw zOx$!}uNoiE(9u#ndK)7DWl&W*S!XO356%%5%cP;+CM8}BEpqYbZAeLiWv!j1okW<# zFe+P5cWJewOv=55I%u*NVmNn*QP`?<6T&s1kHU)vI z>s&(dFq`_}Hqhj&`pcCSKsvT*+=w+S2mS^gIjKUYO^r~RZ)R$v`DUZ2|pmq#lDx!lL7 zvmupa#58&#+1?B8crV0bIbW1)_uj_?JtfG+C2UGW{V-XEZdjL(?6e@`XRaNF1t)~8I!ENV1trpB= zAF$*-FtXNKf#pG^#3Y5)TOhPdH9s5d59lkBy!+%DXDde5P*>f5K#N~J+yxH8gp9-tX+=JX< z$4W9*9!feoS=J=E`PC%eFr02O2({5N$9acb0aCDv=R0tdyDS!j^sD@ZIt7^k+irgW zVU=V+FY+Ljn8P=J31bK)EH=C=a&5Kjj|ryLcN=bZ>~0C${RYnG2Zil! z!#1<+^MXQbE)UVo*!ph0`>~#Fap}v|a>jPg>%|P0yOv{rqNA$YG(KVvI9K$E9c8#R z`C33OfYB-tbja5d1pU{w1b&}#VHLqFHYi%}(I`GGGCRtcie#xo@cCe`3>0W$#Dba1 z!!2zmW(mt1zZA59Uk?8i^vI52*JJm@AI%p2%;>o>L4}viouJ_5)eo+%!l7AljL%PF z>&!)UM=pGSTNo$Zw>{-7{csy-azA^RN|R#w{KW32%jsr5+p^t?-Osn{#q=20V5^6R?QFNjB3A_hDqb)VdKo;Nt2Vf#Ucz#LVznQOZ_vB8(&S*0XeTnHj^&TH z!!D?>48yo4nQkZ6j>aba53cZOfo{4M38k5@xGdv((jJQO5c z+!OyA zgMxt$q03;W39f{UkbvG?D=1ZSy;S&%7EjQBTrUJDnrltK%9k*38dME@5`XYG9(oNO z&$>~YJj%{pHNYX&?JM#mzd~Ey98?SKQ>x;9(Q9E)F!~_^2hSQiPx?fXFmc}Kb;_I> z`s4cOU6*2?*@3xg!jID9Q06qD`H0)pK_5X%Ce;9PA@CO|onZK=^C?D;9bQkox9pdH zG`4Kc4sy!MJZrBbPhsOr;|L2J1Y9oR9PyYoBFggY%#(K?L}CPzqfZ*jOWltFZcVT~ zZpAFIW6rV3p&wbc>YWm7vhtB!CmpHab9mm7A5X3mTV(k9ekxP}-+Idr)Fmu;i=k_T z<*0y)73LO?&*%-FWNa+HV_}2ilgkc&kOps?oVhh3i&|$AKEsI3-y&s{n*{7J5~!Lz zK3jQVUyoJcX-4 z4yUd{H{60?6g{kF%B`yM4)z2)v4}vkmDg?_ev7-9ABlc`mvf=rY^!D~5R z@P=aba2sf{bA2v)v{`X}54fVy4c7l*wr^l9bWqiJPojBp+DyE>5`yj#>@uSYEuv_MR2IFzy`)*eUm;yj+;s z4n%-N+469Sj5|g6ON@$tB59;`TM6J+ZsUEO-N>VDv%EU1!Qq4kmY1!|x~6XDm7#`= zZmY|Q;oPJIYJST2EE9AY~4%4BdI z0xV@=C;{X&XL}7qtGQXA8rem&Kq&-=L&HpqCvPI;Kk^=qh+V~h>H?*&mF$H_=JB(^ z6>F_HgAaY1BMe$Au%QRcipSew7gSh2VO*0Ow-cd<8=UkOAZNg`cbj68rCStHS&N+n zkSyhox5Fl~`!m{~0OZ1k00iQ@bc@r^NFLrD@yOVd&v*q*&7(J&I zDgH5bF0}&X@=i{FWP2Gl4U?-4DbYPE7l%RT+>Q>@$YASjE6bqDv~$oBq)$#(C1)B$ z<0jo?Q}!(YGYMYU1`!n^w%mlH!ivqF!+>Zh!%J1+!~k?i>e&{INsaGhB|McsfOFRd z6z`X}kM}RCBiLRz-WsHj(qiCp-y9P^8ivenr5+6okyem@!8g3kDR;m@3QIlQ2AUY| zr~?p9a@j@;#s5O{DW7e@h<`Jqa9|K%5qk{>Xi{ozEO0vt)0>FNhI^rH$xQ9uJ7O=q z##R)G$?Jd0H9<9q<-p<(ll%|Y&}QX41HdwE$pU=+q!nZIS#ERmzS8`OQqzP1A^n5jWxfypyK6w>)NB-)Xbz9V+a(89I zAQF21bSrAIo^Ga3?BCDx-ZDJg8ZnYvH+n%HHDOKx z+K>r} zhw{ASugia`x0Xa z_IGMC?zq!5P+%x5Fl1-SnZ@s@H0mNO$CgO(K6$z1|}6sdiA2h~Ms> zH=EgV$JUScz;6L6zlu9Y1Z@nWmQZ{o+D{7EGXxP!x>#IE@Ird$0t{TrtD z<^t!b{e@MfBG!1xo#4t5W#Drfs+f>xOkI>cX1=5#dA6d_f4^5W&i9JO{$9~2->VFT zwJ$r;WQ^S9!6`;pO+xR?tE+{n1ryKOe@54wMAS9sKJWY~hc>C9VpxgqW^(z@Kt(xu z9-;KgZP#L6%c@7!1I#c?C{9XLZT;Mo_*tq0j8YeV80TTosD*Uh9iur;&OF|S3CEU_ zTRX361xe?5e>u&-rkhNLI;o)po(YA{ZAeK1X10}Ol);;%-~e{gi$`xm)W6Km?m~d_ zl6x6P+%-5f3FgYM_XOC37rv%)*e76z`#-sz5`g23B)tizNGxvY>Rkj9ez1Jkdq?F0 z8|ZCPe&hk{3M`)Qz+Hl2*@dD_GTy;Vt>guobNOrwf97)+EmR7AE3yNyqPudVSd#+S zJ^llEm17tKsc2{!R10SmkK7=;InlQ z-Mw9$f`ELs{PA|!1r?U<4sP(0e}7OK)zhu0Iue*b0Mz8GwDMHA?)?9Tgi zKHLEgZ&WfVCNrzIoZ1b zvl82dAH4#C?a&Kjd8}6X(+rlBO!-M_#c6T9fzhT|ppwH6R_3Mb>?Wc{XTXsk3YX!g z%aCBG$u7w<*0yI5HONFDKg4BvSF(`=Pc1SqvxL1#LZ>Klb;C)ddkgn!sx_zwx(2tT ze?giYs`2I3N(C50Z*~^+8683^!PYUby@5o1 zk2DJdcCcIzmF!Eai)^6Ny?xQLyb!lkf3D%;=afL;EXtfL^%a~Z^>TNXLzVg(96R;W zO5eN3{75oWr}OZ$q2>bbwkL8S8Umq!YnM5pkT|3<%dZD^XcQ<@9|b=Vq@Mes=;EOc z1O0R>s*Z$pk`SoLXwk}Z6X-c;`RHxP#I{lfk8a%o<8d5>@I|i4eT;xxaRfCf^}}tT3HLM4#KR0gR!PJqvb|-$ zyjro7sFf&KbO<;dm1$5P+i7np_*=iFw;}3Zawlt~!Ds2@{b}G62jFA?Ds?w3CNwsP zoCd(<8%(i~M%AR1l%zZg&y$p8Areb4D3M^aLG|fiMqi+_S@GmelgDLL7Yh;%-lkhQ zX)=&u9pM+(>4)1ullAm*lQL#Pf1FMFL=XQYA9G4qiyU+?te}#3QcxwNR zm`@-uixvqfd--e&X0mtFVz)(jU$~4b@UIR9HjH?{%CqX&bm;kNLu|su zN6g+x(B*yT*yI$qENm;X_O9m^XI~)w5QH1>R32tD=^`N5ye6O`YrPL9H?<=I4jXo-xc5Sau#Fwr0=l!KL|L}WRuI9M;7Neu$N z4xhOPUgvBXnmV%UJ`1O;p|c7mB|IU)#|>gm`a z%;bfpacpqR*IX;Le=YmOWphbr73CH{sxO?#A84wkE*~l`QJTYus-)BST^)#{BQuJo zCE;0MHgAHmvmgoMlshCNjyyRghY0;W@#~6;tovfHGvULFP=Sf#CUTY4?8BPN=%DV@ zDt#)cxr*sTqQ6oa9*PgsopQxCU+#DCntO_}~HJc$r+kx(=uDl#qB??C0K zo^D0u#@|^UiPO=V^N3VkA$m%cvp!9C%|GWS^ls2^C#aT3V0i&@nWVCtk-Ia)m?NRx zzg=jcN%d?Cf5xaU=wiix!!y{;GV23ccp-Fak$CbZVzRMbpST~!?_b@(ir-=DPA0?& zQ!6Y>X!u$~c5J;?DaVBauUax<9(g*A4fgZ&fj^mC32!P;6*dW8-tMujEhLhN%mT-? z0z$l)5v@a$rFUbAH*S*`(?hM<(g-MTA{l;D?;7wGe{{IXVrU)KO}HtKW06K zm|s0%f3dubgJ(dAdlWN;EDk=-g33Q#fEyB{;@v?jvU>PNuGHTqRwjd1h#bPcTsP39 z9sp?iOY0ziCxhd10Ji$BSP8AZ3qtaaKF=>`1AS!ucsp!zNQ^cK1F1(;YS9LuIj@>i zD{iu#KW=8b=gpGctu`~ZnLW<8yV(Zz?af7Wf5*R={#ZTlwzwjetTw;=TtaVzL>8S@ zauEty{-S)jRls+8rx5eesr>oW(^%Vl53AD@}9#J8w;whsAhplu;mVrYm)s8Y|wx|!n2BE_#xJ8@AAY!vF>JA#zXwNVNXmrx13uv|^+eQ;} z-gkC%_Ik&|uzP2cD7N0AUAug?1!L63bg{~W!3w_xS8OVVyNw3^C-dzmfnCVS~1$E!Tah%*ZJ8ZO!8z z1`o$j_mea@hC1k6y!e0ZlEweKk-SUNh;FJKTgSY{Apls$MZzxn=9m%Umx}i5(n>zSbVLw8Gb=9o1gZw8%hYaE1ERIQ=YdtX+lpaa! z2ku~?+*1;M+J`F3`^4&ysxmkCx5iZsX|llK>C3nqp>;8!GB5iY%HV-XJN3UlH1g= zl}zQq5e}z0+syf~nsN;YUypk`Eu9u>H-I3hm7F$zljxAeNaVxOaRy{+t-tO?DJ>%q z-dPr5 zD?bmhp%#i>n{==WDD08D?NQLg*pcvhK&|mQt9}?_BZHXw*u_>hf3g8$m29Ybm~T;Q zG6q;?>W}+CgAH6i0745-j#m)i1~q%A9XJeeX$30oFH{HKTy3GGIL z0k zZnkHkp{`u0i`0Xhb(B}CQ=azyPB{Z@LSB5*bU~90h-xf;8zIiLG2^Cn3L{`Uw9Fvo zJ1MFnqujUOYio{%f=gKPK0OxVdU?Uv?!yXFh&+1MV_XmDW}TJ z2trwz2%TOtP?d2liGrL>>OoG$q)x(0Na6m-Q6?|Mf9aXWN9Udvi-I0D@duA5@@m%k zE_HG=5)Yn654wX}q@PSQ0LMC@;h0Ckt^%#yTL)(#bE=}msv|CApkkWr%DpPhZC(B< zRgKGgt5)wgrW_3CGjBXwyUIB}65O9-Pe1k4oz9oPxEK7{lRMJq%-kPjIv=ek1|?~Y z+0ApafAXBAXOeurFi5>#E!^3NIFpGogN$ZLNGQ*v0G_gjp`kJ;$qiLBO(#eC_xY*t?mpU0j% z^wvvvC0t_3ymj2Zbc28|a{`Duce4adcrSiWRL=;Y+v#3Z9KD(W0Q$at>BX6Z_@xO$ ze;j5g%ymg0M;tZ|hJ-piFKw4Z;aA|a{%eENw}k5u5q>|(%4*u~NQ+d96OnMD1bEHf zM`Dvz_>uUBDDY!;=Hqb=XlMuoY57VRb-kNFjF<8jbntmi*J|q^!*(c4_Y&;Lsxd|F zD%I@b_)}O%-Q*%vi+QiiS-OK!MhYq-f6yjTndZhE^Ulccdos%Jn9DsWqFv$}b;)Km z;vI;4Z#a9$(IoCaLjvDno{)N3Qr7v-(1Ie(VAXXV&F~0(xP>LfAtwK zaAv<$cjs4($MtOJjps9C(06A!b{^DkqP)JR`kM)kmmf;CS0@{6(y~ks`cEwlhHawg zyFvP_)LSgII*w=`{i_y{oSi;)NxD^TU6D2icw_2MO=6m8$qpKy|H=tzQXTjNzR^1k z2*x&|vEIU1CufQHduesheV`E-fBvW}a-vOmp&$C<#ZDvQJ{BXEi(IQQ1fxvJzB>2` z;UlPhi&jR}j#<*Jc6k~ssUPO^iFRUlww`Jy=If+(;_=KgNGrU-Yo}k#ne^IMu~zz(w_FePf3wf8)JE>3 zcKY>9V{^h&KejWTaz7O**|Njut01aRTUycwo2bmv!YF;KQltmqi`c7438I2<2i>Hu zL~TqW33Ak*x_%Nlszm8QbW(qBuPK%KkVwV$Tm0@gjMZ(F63eHV?o%y#a%Al5&L1{dakS@f4l1B6KlL`uSv{d z?#zgFR5ElzKPv%hFJO|mwT8?OYQ%HB$G&0EMRk9=!!^I|B3uP*IiF1Wqj>bO9$Dup z_9)eNjWVvk4y0)XHcFLRrDSPU?It8Bpy@;(Mb~20Ml*(4OJxCpue|t3?So>ZBOK@jv1fBdI zI!rxZ22glDmZHE)`%;poYNV7KC5h3zplJ{wCBkh3Uc%TgjfTU>70U?4dI{+|MBM&GNwZChcen80DRv-Yl zfMR!H*^^1B)J$k(B%n2o6azJ^0f8VkHZl;z+(yPww7ikw;6^x7lCnLHjHqOq zBZC=_e_Rz)9~no{>IZ~VHUN@QRcwJ|ECsV5846}0B&8@D3(1IZyP+NuOs8H3P*JZ3 zu#`0I0X(qMJ%9z)zn8LrTGCPuR4ZQ!QdH2F^3-(or8v_GRZsa}3WVDMNKp`z04c=4 zI-rZaaGvhq3_gx9R7AE4qlxKzyMfW_Ia!x-6HseEn??W-yvho$>7a ze?TQ`6#z5kcjcfh0Tc#tjiJPYy2((2LS1GkL3s>y)+XTTR}Qu}h8h9QvyQkAQGDEy z=U(g0NRCZ&ws|30-fXSSM*-WJrSU5zt&3-zY!)w(ctN1=0nLsNMVh&dV~A-O|LSH^ z`<7cmijIv>cb;1>;Js5*e{xl$7dZ`RfA=B*>6*SsuqxIsQdFztAU(9mNLr>e3Q(vu zjRdJ|P@}>#twgSU!UJNJ)Rd%Y>La15Tl>g>aDyKSNz>*>LRB&Qk)ha6t;vXJV#3u+ zHcjv|gQkYQ7fLWnRz*@)ddS$QU^@dtQch$4r&0v-q<#S~3nc(U;ej4P1KTM< zV46D65H#qS0s>OLDuF=ZHcKE{e}F~;=qo`uN)}K+V1dN~+ChO(85&958mb=)H;4jq zRBWQ4NJXCTH1%<(Fn)-=QvnCKl$Fd0sh8i~kaX|Yf7)`~*2}V@4a)MDC4`ce> zPu*e)%ri5Z0*cYJn}X4;Y#a2grxds`R~9NtBIcAS&zXMhs&sm;|7`6%ck>cFm__Mf)uv6l}r;`1>>JIKg~Oqf^`@WsA3=nM5^0}!N6cMF&IwOQcOY>_vNe7FHNsw&Pd|l zWH_Hro!N*yvp*(sZ}f_Ee;zs*A6*BFG~>bT?|>W?6Few#m#0-$AQcqhVg+v12jr+3 z_9;NYwtY}0!d;%4NgkAib;qu4mrh)*Rg0&!k1~V9hfRt?p0Z_QvU_T6IIS62=7!Sg5O7?>= zB-n%yh67s>LU2GsLI?_KO9){pniE2hY8HhMBEmGRXIBVens3@vO%x$Ch?OFQV_>M* zk0;;V<*Km`(laxde`kIFVrn$z586rb(*&!)rwihF!W)N29@l# zzTx7EPElgC)?9FIskiFY*(KKWR#wnfLX~UPXmV*5m#b12K+_=cZ4U+#vkC@E6LCWW z?)DI1!73e_m}YpuPrB_mP?n6okz${|i6?aWUShKOMG(Vof1@29wbh6Ilx6ciRb||` zQf!f_2=lUsOJN~Fyxh0I?8R~@{lJpPMQ>RVuOV9uM%d$Z1$ z(<}ydKK^Mpe`MfPW$GOlH+k0sd>yulsX2S+B<5U5o-ud{&|RC2PF6Wapej9Gej5mD_wkW?VmyKiuXtVIeaoJ|r{k zl3*hvf(^*TstPWZyiv2!(mOJ;Sk9*luWvteDViU+XweMOV8E@(dVSwbct{4@*= zu;M0$8`_PcoJ~o1%<*Lv7(>|>z*n$xkkEoOPIFR5naqP0Kisg-E)O^S7iWl08TD-$ zkvkECWx2tfDcj;yMZ>L<##Xvs_e}F!YuJ!>e}a=$wBD@wSx8r2xc?CTld?A)Ng=n@ z@A`oTdh`?tWWWL2l##{q``G>u6E_1BS1KFI*#zd zMq6-!&nIV0=(W|b+dGf2%Hk*h`?=B-CaeY<7gMBuF}GcLe6Zw{C_c|C$XZ~Jlurje zBq}7-oqT!(AXmcVW9bkDCM=1%9cUbV_VBb~oCALR)PmlcqtbVmI(UX@l%1Fv4f1y2F z@;|B1D_ug|V0B21Qk7#WukiorM%}pXM?>m7XM)*mYHW@~!jqakDa~4}sI{Xe#x6UI zQfqA0a}yN3i2W$>8kHO5etBfu?4TzhQNnfh;HLm}332p7F?xcm0DEW=ZkAuU~fVg_5pj?gQJUn9_9 zk36QNBKebjvw$hT3K$75?qA;GZ!Pb+Vh2utT6n*R^W7Ow+Bjl3!*1nH*f_R9_J(Bg zIB}j3iEQ#|Lp|BZarcF(e=+*tzfh8uAGp-wqu{paA-%FE>bqdA$|%0RTIIj}1ndy3 z9E(PBPo1@vM<}qIo6{dHDe#c{NOjLDBPv;yfrxK@p5PH{199jLcCGo^i|a5UK}YLZ zbtp^GvByvrVq!j_EKJLkLRpHYSp`JSxn4PP2b0(;gqXhh+mkTf-Hjz92RCjGA(ERN~d8G`;r@ zVyw#$@x^fm$PEERY<_H)h3;(@gkNYk4X>=-qbE&Ec}-oEu*}J;%zFFO7nHWzCl>Rv z?J~sNHa}6hyHl5ufB98G`7t-zlDtY1<%LQw0ns+T06T`-Ap0bm3Lhm80 zRXS8Rs8N^K##B6xU;LSZzslfRnO#zm)aX7zk*&5`y4I=>#v)gR&TI&!TFEMQtDPI! zK`%&7CU#P+rbUX1goP!nq7uIf+Y(k!AzeoT3271Jh23J*e=d@22`S$VbgES(@fcy9 z=B(I~G9KGo+ptMRSf7zDsvtx4cZjG8?XH<`ZlX3M{hr1#7Fc+N+vSustLlDG0&Ps$ zO&5~dJyRVZ8|@9`0*bVrUNVuF)BetiX1sna<~l$884S3p*Y9Zm(*fyuoKuF@KlVG- zYs!9^uy#iZf4ounB$WqR>lb+@cJNs=Pd#w*U_YYUD2duUXt;m<1i2FOaEvoQX`;4C z{k5F;lN-seL^R>Y>jw-a`en*1@QB}E?EoHT&Y8zVow&;o7z#*{@EUuJT~EVtQj~cW zC|7eA<4PFJ)d<}JPasYo8}63BX$=6 zcS>~yyb;$506e9-28ytM6A`gfxldmuzQRlWYn|h~8|goJ8i7#iB-bd_(sh)G{dU+a zyh^Cye`n2?Bkr*c(W1nwQ(XZ+g}4B~>J(R?AN*}qfBCzS{7S^Rn{EK|=2l=AZsePZ z9d|f;M&gOCNPL?lN7c@2KW)seVY)jjk@)uR3Q$9*geNB3Cgwidl**i|AHTcYuN{9q z_}054mnL7BCHKsdZ=<|u?Rw2fX%c@Bf6E`Be?LQeH^NddKl$*OD7BJVp$Vjis=uMx z2cHx0|6;!hfZLz4{jw7=aF$c@;LK)hy&cb1-f}(k#`9UPLN^R-1v+vc)=%ab_pAat z^&Zqvbxa`st|eDMP$skUD?YaM^3nAcr-%#Ega?18y8;m!R)?%bA{L$f24)DP#g&_` zf2d<)e%(^vSpWh(DDrt!6~81UTaJn#&8THO;qTkXGWewwcYDv{23kN@0bl8{D~2~E z4@_nQ8`9VYmTeGo8{7juFt&(5fsALyGYh$DqQG68E>ZM`ZD?uIRtKKLea*taYv+j5HR#Lwo&=6qW zVt>engncy?!6O-)^Z);Nl(@(ePtHS+u70hC&SYYKY0(1LLrfMC=k@{*$xmVRUBIDV zCP6B0QN^Ug5DBH zDBOBD=LavYhC`yFsIZW)G~c8}9k>P7ttH&XCi}elO>o?^gV=163``;@ss%v4D14MZ z*loR68rS3r2Q~WFAfNnUSb(z`9_9r{kDbsrl5YOHjbds?fWjV7h1@><^nbtJ>3~m` z&8AcjV?fmURXOF}iLmN%L$^F~5lmeR3Pm0Q7anFzD-q&}1Im(KPC!9*^j6l_PTqRW zkr7%sd9W1j=hV;BDyff%co~h7*Yt(L+!RBZak^`#vI2|AAKvQ?Hrn8`Fypdm7I%UW z9xPB{D8u-#idHlvr>&|fP=8#g<2LW*!ep93kR}}*hPM=-Jf~yOssy#iolRSHK82G8 zjP?-rjUtMd_yyUYJS`e!yiE){fE~Z?MGc<9&10J>SO$S$Ki>uD#8+J6#s~K&Ad%Z7 zh-(4_z97j8GtQXCa$=`u-&=bAKyP;d4lCqtI$ntQ}sI>T?UJN+IKH>hwX z{IcnX;|-q|^YN_T|2_b@bSI9--TSX5b5q!V*3$(BXTdGfU~d+33Y%ogTD?$ew%SuhO?Bi@^fxYQrZ}@FEU%GbC%kjzzc>49r(ni}&UC(*40v->S^M{G^r+=M_o{krmDth+Me|-Ii zm1%S~TCo|!26#MQeX&v-^W{ISO#O?+(9*&?^ZHglWp|2)w7M7 zSS|RvXQL)+vV|;rxgStT@^*MHqU$9NqWIlAf`O@r^>z&R- z24|UuG6*TegMX<4?<4UKQ9z25e-ndhYoPn6EO1D1l)P}&eS&bhZ<+j!s&;@wwh1~i zN<#XMLq)wjI6@IF4~{Iye1jZVVdq_T7gqRZ>+vL_^ z6B@8&+kaz7^hp`CWk~xP|F8=%Q0w>osOtR{gQKFR)e91Kmu$1P_j4Mu-{!vD*$9Z6 zrvcvqXKbcK$tZdbFMuTT%RNdyPuoEQ64yo}C-XZ1=?3Ib?DSrhPnxaLaZ`WV4H*P! zoaU`FdfDSV`>eQln&-bbLv+eWO8Q<~PeC5i<$sy3atsW&=wjI>>6VmxN<#lbzY=b+ zI;09eNf_i9%ZB`%{#8-obOd;?N0t6J^(+Mq z9c{5gadA#&&eVm>pxR=@FI*nA@J=J=ro_9nec%d;(IQ1~zoWS&^d6JdExC7?s<_yD zt_C;c-K~26hLu2wz27eNTHIYXj5owLHW&A+UoNrrfObczck9D<-zpL+Z{~&^AaQ%Yd4nmn2c{~tfF$Jl$M?>3^go4J=$GWXfakx_#&*|L+ z6>0oR6*XJ6#R)HPT-&r&__bB8DzVYSWl=7=HOh)$Pr0H;4$}EJe%*^22!H+l3o@Xj zKz1FDf(IC&uYO#|w> z-`;xsBTB;b4RQ)Jzz+yvBY&ibNKtKIcNr$af;a*XIx{&b*twI5oP81GDR>l_NMgJY zJU^NUdbL%g#>x}2_$W|oO>M%niU-bt(^-qlJ13bIC+eB~tu?GQ@LD5HPmcOX(~+Y$ z(sU$gjWiuWuh>N@Xjx?nxEq+)Lldh^+V{nmod{OyobvGM+9#gba>uP^L*x`RSO}?3~}_@ z0jN7jeHW{omgWB{18Sw%)Az6m{@gv-n~!cKY%KWrRmh?Det)u`A)+^JKG<2lpgbg0 z*?)%yfE`~H{UV4WLzr=+YD=b@$Qoz#FH7{EEQHIaj-D7M|GDF{6XC*32jVwNx&S^w`AatyG@k**N3mn;`4skz{z*j;UaQj$HD9@ zq{7+R>=d8j2#R?(BA zGqX5p86Wa^Y2HZ~HouFE1xtdGgOV)Tc(D)4}uol|Q zQ@j$EA;+U3__hnc8vIq!{;)qvz)=0ALV>CGMxi7?{dGbGZ}cvqDoE=^LREi_Bs7oUFdR_|3=__{TR{kq} zP`r$mGHEGJq?k+(s}k4ZO5f6%YlB>qLJ^U>X$r84Z)LSRLdltFCl}#!S^hi-Vt+geGh?3d}Pn&VQyz&u&$MQPw6NTleGLXa6_+*~Z^Q@#dhFGs>?Ok3eI_h<0_wn)I4;2u}C8Ama6-PgtW4b$`J^=~ngHlEL!5Dy6Jsf3TIh=w~HPP39|6xwRs+^i-Tst)eqk0Ze zR+tk^$7jvJD-jMU>%Z*<0e?(uMj+6Ng9FN=B6$7!1qFhbBh#vGAVxV#!aR*az%i@- zunREwHkg)Cj~me~zp1~_Pd5Y&{5FdPR^A3Q2_rv2!^vWZE5WkZ zFL|U5JYbp2q9pb67C&aAhbOXHFBbEq=Z=W896padcj&E`u6&cD$tB*eg=++#j2{G& zOr6DIJbPLh(-srQdw-lSrx?VuX4V`hEn+ZomOsWbg9dIvlksf*Q;Q??9pw8=@!9Rf zgJFy4t57K*yf%B|VrI z`ifjwA`2UNWM-?sgVRETeI&ooR=^#iqM(>S$V%3S8?VUFVSkhO?8#&xpD1L+wmAvpZRk zRu5ybbRWk*rK4RA{O(M~BmU=_oklRI3uoy}iL>_R8P7cT$z5Wg<_m8;pE(oqIG(t&P~cGL%3DHqJAVMu8nLKEv*=`aYS)up%EPca9<`xEfZlUOTQEjl91^)O!&n0i3#)DwYRpb(k&F2}O&mqt^ zb|^HYTYtZbOS3)g2}hIazz#%zRkYEF$AIo>oRKgMSRZIY#$Zr+6sD6I83qw_BL!sD zhqZc>fQ8IyDR+6HP9$f22$}rq$C%WdzS6w3k>8??v4qi3+;pSZv-KlP11#pJc?qpk zu@p@@Y|5#F`?~Y#_}C)+i$(TVdw=ZN z+;b<7*wFQ4f{a`^PwwhZY$(cc^AnP-H0aDmTL_bBXQP32({KS@xx+R36oz((af^y{ zk#T`uTU#QKw=pBOHFO`=PsmJnHk^+dWimwU<9IekMm{^MXJjPHq=$_B&vdbLC&yBLP-h{oJjQI5DJI-8+y(N0#8Pjtfu%W-E5A(@*h>ykZQ4ES-0iOF4d*XA)+)d+mcextRXUJfo#*fS# zIi7=zoH|ecz(@WQANd6z`4t&C8;_935`)fHjh9G7=E4~v6K#y4$)gxUUw^;Ypvqmg z=ul_#nTyQjWB$uz^iaS`2`<|J43OIh8+ExArtvy0x}Z4 zTcRItW**^wDaZ4Li+g3(fW65Ind&U3At+Muq`smsU3(tSdwF3_*i z1$N~*-Wt6ZEPvXlgw@yo{RbI(%asl8^Z4nRJT2_N+3wi0vQ7y4$uR&ndG%}Mxl_VJ zI@rK_qX#S4@zh;f0nbOn>B17(#()_=S(r3DXZ3C6E!RU28T^y&(tm#P2?=%mSco0E zGsV3;TzJAS#BzZQoy>7>Cl$(!pk;k9z?{f7TLI^tYmw$1l02 zQ{3xlPQ^Ys3+8$@#D8Y8f&XiPp40ime_Y%h52vmebBy0qMyu3&K(p3;t;Eu^{j?i0 z7$+f3%3&Q)dg>?s4&W$B7tH+!B|LT)%zDf~%6n8=7Q(}rl0AL5E2Mh2E+Z1Zl=eqm ze8zB*-4cjky=D@4%FNG;y7TuBtJAkVn1R!Tr#lU%FWoqvCx157Kas?5PoOSIL#HTb zjbr{kTOnA!-S;y0gVKp(?uB|pgBavyQVHIYt$`o&^sq{+JfL_YuHA-fHs}%5C21u* z?nK)Uyv)L`-bQu)1jQ^JbK7Pb4rR(!&=V@x25$h*Li# z7r6u%`!>JzV%48X{?*N-aOY0~(d7{695vXoO+MNBMSr=864J){krlHS|3dSG#_~MY z-*qG(ygXJ%gld16Ic%CGE=Bu(Av@X5A>`SKSTujUg6atmc7Y__)CorMMC z*t6TgR(})cfjllA%phZzWgZ^HG2v^z%pmf&GnUg(Ft ztT)bM-=cC)woy#+CDnhCGPP3>adpHa8f7^xXn#mfyD~d+aOp*vS3y~T_omJF65L=s z^4z4%KcJgaMeHEVVqkw)B}YYRiJWe?jSoNzaMAe^Tl9kN4)*Af`xFWKKo4o%+xmNP z{ar`$0rx#Zrp>C>cZvsKTK5eG7=I^sT`fl_FQy$Wi&sqk%U0XsgKbe@;4O7I|7AupB$r( zU;W0HtRd$uk5Fb8)5`JVXvZd&^er)4mVawbm6=hR*9cz6v?$CMgp5@Y5m`fGoyIBx zj9_R{}9C= zvLOrrMM~aOyYoI*Hy_Y4Acz?Y2H4 zP@4M!XWZgvG@}+f<7B>m?`bw4e8M5^Y@u7UV|lb%O{6xfljJl>=$4@jGQ;G5n53@~ znCkGY^i43kqjGTnKIHuCUesWbr+@5_Rmv}L)sbumT@sLHn+98`fLh?Pb2;QZq(O$L zr)gqIkj7~))P5{Ts0!Mu?IV+Ibq>L`QYp&7+J4JQHwucYudI{(sfYqywkE zoM6RV(j5=(DYuzYf$_e^4O}2~sKjM+^=p)ul`nlGRKl{~qw?yPZ}ifGCeLo-LsUMt z_xPGk-6Gh|IixXM_W?vyQrUnKk@E=GiU#4pYS17W{A>im709)RGASHspeHE+hy4q( zPXmxJM*R_HIM%<3NA-5*SbqUd-wG_zl6e{zi1`~FiX4^KC^i@{7X_`t)IC%&Yu2!3 zKQ<3$nw8lNMH;|80-}WVsz@kh`Ekso)&H-!hrs-7pJ7GT!7pB{H1;4X^VZ}5oy{L9 z?bl5!fB@cTwFHRS%1-TzM@FP7TGE}t&}FFyW=jPpz+TGx8D`y45Pz!8#qifB{ibFu@5{aviTUL+CYYzFj9~n4)yD$Ig2(Un~&pyq7C&(b%V*K4jG zfUmRccw~@;ob4T6^^+H0|Mws72FWwl0Q$+_|NV!44=l_v)EG(Xi-O$oPXap?3mf_27hwz2kXURzVzJD zc_6&LdhLSw#Q{=`uH?s+Sr@>&Jo}r}c6t5=W)gozOJ(($UL_a|`S5=f%Arza4{7p7 z%T$_qIf(sAsB85fzCUrYJY|!8qoUJY4ad)JC+50ie9h>u3@D`b;mRho10^)}vw})T zEf{??`+q{BrI{&=UxS%4va{;%8q6IG@z+`7-|%DFcrHC9%KgyK>6iX4(|mLxt@+&` z{}LReZQ2jWqKs-0qTi8ZbrYXlCmQ6xA-V2M49f9U>Voo9Xn%(5Z*C+zOWh~+M*1r1 z7gk!LN>Pwfja2&C@mj delta 41649 zcmV)VK(D{|%>wYv0+54$d*e2>ge&fKCWQr`1RdnVeiDQ$$KLFxTC;)}%HE{OF|A^lIKRNSQ1C z8)tSZziQ(C&G967;J8+R$2<5bDh#nS4_Tl~(Av9r)FV%sZAD2M2AmZiOr^TeL)Oq= zEZ_;UNWG3(o_h>@9w2^yOW%4Utj2-mBhn(ve#R|aNi4IBi1n=W5XL@Y*3)?JVzxQ~ z^sVF>6^L7RVs1GsJ!Sr$iLB#(pu|1KTnuE$olf$e*p}zvLbCwB-fJd7&CeoX*kCYk z=B);cdVlYh){1&@@2dA2d5?EErbWTQGb~CXm03{=pcoY;ZMaE)QAeSbBBD7_GRcgI zW(8DJqLiR8BuY4e8BwwkjEItj)Rms`u)5I-ieo-hJQU-hjzcgV>Nw2Wf^IgHWK5%> zf})uWB@)eGxFDj}b2MW?{A*ea$K7T_-OF)>aZTlpAKbuIDeW&)gEZ^-7>0_b;F&2o zkIG2N@hB!r&Khoipj05F(nB;(aw3^&(!@tKOmYDVvm{3o7$rFw!6eB^NL_V}hSg0M zNE~CNprM!|6%4@;sbF~Z1KkM8xtJzMfkZPvav+-damGWg)p(|de;dXrf5REFD;DO! zU8B+s-!&1WLA*x97|PFasHKWJtk<}NgZniVj^?JU1Xxkpr4ZWM)PoEY$Hoci|OOn9~%Gvu(0y8y2?A{|jETQ+0J9aaF z$TL5jwV3aJc8eJbZV`sT(Zbq}azR70>@K-Pw%w%+hIMzz9Bkh;0Fg@<&&InXQ(1Yf zI+%9er4WIocPW8y>s=}gxArcHIHOz>6={_FfJU+TK2R~Nz6R)UyRQL?U$3xjze_%% z_4fgdW&d4*u`Ix5E>Y{ivH~C7C_%6?3JjWgQ38p7?23|)VNjH?!IngwgjIrgwnK@e zG8&o%Fs+4Bfxt{C+4%NBi5_kklqj5D?+l03*;Pyw8=%5r4E}Z6@KL``L#!s)<9rE5 z9N;S^*2rEGv4->uAa?b}8pPMXFYj(1*!F3?UTt=>J2u_iew*)Rx4Wm!Y|C~(*RxJ% zOyh=s5eWE7f)?`|^>pD^+V)PtM^cOAdNJMIuQrc3vL9)U(zRZy$F7|6^+tC1%H#Dd zf{9imp;>8lCXu05m%y;q>b$|`+64@;H1UkKI+e<9yQ+a{y46JpthYKI-+-&rhud&< z8qP>}Nkkgz&af!P+!+zWp1S}JH|Z{bxOE4A+pw#%5pBCOES7m!hhkZHADIL-AI;8d zIaiGY#4`;(qNyx|k4h+p!bj|Id!dnuU($%y!$&xo5z!%qYD;|7qA)2wst{NfA4L!h zjE_*H{VcQfCs`Cv^!7!=%m|Y>`~R5K9x!2B}l2jE}1tm{vz!guvXW z0;4eqW*rPKqUTyVWJcqJQJlPQkf{F0E&rH(uSKTbrf1D zBAO^AlgvbERzNjTN(l-RrGyiIm?$M1!9*!pNS*f?53B30pg1N<#X~Vs>No@wrH;d_ zE$AjnNyao$Dkz$XQX&*Ie%IHQ@z#1 z6#ufJWpzDeMec@Cc<^GQP~2GGq%;^54X2n@$1V;N7S~W(;)5z;;y1rs000SSMA)J4 zN7j);5>Y(cf|=ZkAJ*cBdzX6-U{+(yoY-mJ=Gq4(bFjk`n}U1rtYbm~hD>$Lv2Mbo zwGsy2JFI5)lE?yoC$uwZ>~n`yCQIl9U~>R-Zg@B(oaEz*FDtA%$BC(mLNk?seEG1LvBhe7H?HD1^+WylPX0FG{@#0^ zCW)(j-GKRj1)|!-3W88f_@pEGWCf1LV}MzYnt+RqDdQ>IRv;$@iCVx2vy??~X!9g7 znE_*_$I1L?d{rKZ?{0rWc6}?zgjrpB6kjYa<0DtTF#4ogFNEbhYh=|Vi=r@26PA}f z_cPBbE(J$U#$v(#_tWE=J#1D_>((9iX9BgAtqY%jXD(2C;Dbnel7wY*H z#q5@PD4VI`4dYf@TzrH7Rt~#V;#NhnjB4&MM-usMD>Y{fqokr9Dma>do6Q zaJny`@1L+nsrJQv9(ZF}vqLr?TaA~z|2OUqJHzn$d2ZKL1KZl2@~iQlHn+u7r6xr6tv-ATV& zF)?E-CXlG)VFr0Wfu1ICPcclZw`UT}4c(r9LcMI;o?1iA*`Bh!EZF{9hDK{oAp|?M zTX`hwOy4~F4>HZvwX>_u@6*j)&3L9U&>M7GQuPfoBqi@bYQ3?OdpvpKpUbi7^3QF0 z|4{2x-Sfl!Fn+(4S%MUbuO7cB3jND=l_ar_+(1S>|3OFnwoT}tbj#3Lx)Po_p>D!| z+}Y%P_r2@!&XqIK(VrXK@)vEuwq*R%CL(IrwQc9yVzI2Ny_L8&BN~)PoHQx9|KH7+ z)ZXVf%p%lpsymsc=@%Y6j9J?}4?!rzEfnI^ei-90`M%LK({DvhrklsU>y{Ao?R3e0 z--zy>?N)4k+tZx~QNme1geVPI&V%58hb-ZN_=A`23{*(JMeGmt2J}-Hwj|eEw4V>6 zry8mgqGuXE{i<5tWJTvU;0A$oT(+^awrODqRj79D$uchZ&37y)J6L%)^ z08#b-)F0|xt=3~QQLN0)Vxg59oR=Sx4jIzKJs*r|1*4e1xM7xzr|P+Xf$UGm8Ze5* zO`_G&x|GZpZP^9vD#CjnS=s)whO!p3e)V2@{4%6ftVK>ZRWS*m?P~AKBLG@?x&0GjPBbtY6_ccY{{p8<=t#I+dR&fvpYKJ z&Q*f36esztZS<_xcB6czHj6|7EtadqWN;HPHX{e-VCs{iL#{)R+|kMPWcPf5x@p*v7T@Hr!rk`|^{ z=B2W8d=A3bPxuag!2K|A?eUf6n!)(0VI-PBX1MDBQ~lru&Zmi!`WCM1s=5Csj5OuK z^K0yWiopvDijS@;_vUVO8E1<(~G26gP(O7JpP?&Ya z#cH*Gd{AKuZsyDB<|kXNXB)%2c8#-HiS`czJwS9oRA_Tm`SZ|=TrpJ#MUTc!NS}z( zs3|~V2Y7qb6Wr*l5(W^a&-6odC1&(x~dg!#^7*XS^`KzN;OpK+{1! zemx8FuZ2Omn17!we)bz-;3~h*ci&b|J9aliTTFkl?P9efQygLh0r2CPJxc0vzTOTn zbpV-B3jOUGsKR#sxL(Y}$KUQmZq&D-)$4CGK_sZJGt(;KU&AahNLH?sKoU4C>nRt1 z9BH7IO6%3{v(5UJ)!kXz?wP>{p3eLfDx2BvX>&G!B5H)MJYL@plcW+Ze+ze*ZLl;v zOm6Ua*D3FooA}DzEI73^b`$%>V0cr{ci=`E;bP8YPnqP z483y(I{h7V1|t2h>NOA1V4?Ed^5X$W4r0Y7DYh+cgv4H z4{*BjbEH9#8B?GylZ2v9`hd@9@ zlklT_gdu>Fk}U$XE)8|nG98_Jpvx8e(nYO#H#)lCQ%HUWQBXW^Xmw)d28WOx0=hDb z3%igIPn-eZ&5wP5`E6q1K z;Rer-Ry32H4a&T{4m1rrYX+}*nbFyG7u(Q}*a&8b4vTYtfw~EaUM@xOBz$ll)eRji zO!gNn@P^&ZZk`_4V!r&&9;a(|`)#^>nBB2&tJQZ5KiO4*#eBPym%yWV#yj^R7lKZx(P$>?68**%5Lq1 zI5ri#-O#r`%jNuhaY6-y(h;QdOxPzYIC6)b!tfa@Glkd(5it;mUnVIJcuX!fN{(Xg zhc6s0Q+apQwUR6zYkqk$Tinl+fEFx&{~}Uw9v-lv3z7d69f$m%^rba_1O;f#%t8e~!F-;kiptr$!%EM}=mK(?& zYxQP>imh7EP%O`@?O={~P!1zZmZ;HtD}iqCYiC9xpC|?P;)`)Ddt+H3gAp@-nZTh~ zSMI4qNuX>=Lm6P}uN5IaAb5yx0TEeximibIdL6jGrHzr~t?;rh974?^2Ym3LnR0MF z4zaG}b5~wh$0D5YHBhbxY5b*}72NK0wULj`p84EQ!#7dSUU-~fFnNjs!O9}n$4HnM zmXMIb9(<8Mu)nyUu`Ch24tNiLRvTBg18MAIkjhFTrnYX3L6q&Q&K=Iwg=l*rMzzzh zFoFgb=w?OmeyJNKSva+?;tj4Vs%@xWu*-v9CG*QQrhKCuB{Wa|>MHb7I}|@ddPenN zQ{v_CCsVnp3mBjrNSZKtQUdB!heG8=W%*SqK2I$*R^kd2d#>@2<>F|6`}`7$gCDJf z5@lVJ!##W+1tphe7f#mYy*}@@2X!z)v9c!NC9+r%9Gbox%YGIwqO{5y3$tC;u|zHN zOaiNI)}dIoYy`TNjDP{(03syYv^StYKG)TnZjXi`y_q{8@jQ>=zn zp%Gha0VQjzrGN)HxCEzvp|$%0iP!22B7aL`i{aGzf{EXc6lCOHq`=~4A9e>4l!o4c zOp?EcrtUtBeJfo>+Iu>vH>yyR@-P!l(k2Hlv{D)L!1XOJ!36s$E3e`m`du!#1}D0V zxN_4JMS4{s6L8&tf*PeU0X0FVirljke?zRZQOwhHu%+}6${yr@dwyf$poU+eCezJk z`V%i{lbh9QfryjagfMX{8MptBe|`B4AF6M{LSo)8R@2=tU$BX|X?$AVBI4%D9WL!( zUvYV;pF{9aKZfA_hKrkR?x(jiROXNAVt$86e4MTkY3r5BH6n4ln4^~9cDI=?A8>(B zx0ucD3AYtLVK?I@C+v3ogx!#zkXy3kt#_EU`f0hH-p}w`i@H|T^&^intl6ukKjxFn z85|JKEl(sI#!S72gB_}A$30q;_!%q#=aVHGKom0xtTCnz#TsYoOzc)(XQS+LI0KV; z8XXFd7+j^!cnB-9=aZlsTLPWoll>ZX9qtQQ$LT12jQ0HaY%}PJraHKdll+t&LnhC4 zUZ#_e8(x3KisiOaq|K`7iTj{$q#nHZLi*)K?rRu3Z1@0s;yM6B*ZETU+?Cg{2j)l3RSN|It zNu!^V_^YiV{A&v{d50cT0LjU)X>PzgR~U!GYm2ad<2Z{{04Mvz?Pm<|pWL@(X@IL@ z@j@4HGP|4ZrtD_E+p_6qww$uZ>GnG?vHeB1-{$u_a+Tlbce`(dDmU}x_ScUbYka z@ztTpVRuyY(%HKyba}lmp9~E|* zcJbH>o1L5=e4EW5zU^q(%Wv}=BJzTayd?nVeG}^Fsi+gCR~h}H3;zNS9NteZPQ`zj z$E^eNt>n2F^yuaC!%b8|Nwz0d(8DbH_^RP@AA%|=y7YTt_?$)TWW^4hNF0VKb_s27 zndqZ$rdv6g`~$mfYx@0sv)!@H?BRcDG2JLF8lC0CX7#kDVdvh7KSVCJGzz=<@+W(o zFA3;m1+!dlXHR!43UXduDA3Z}q4X8)q4 zexC&zi_+`~hXh*ck3SY&0+j$&hmhmRs(#K- z#J`yGYLcoH8~N!3V%I^>0@!~W1|~kLA8x}S&2P#^ZC7XXe8j>olM4-kQR_nC#d1AH z(G0HXNE^puz*}h$C6m$AM#$SOZ)hlRzNO)=^`s`#HQ1di+Pb4$fX&@)RHQ# zp1O_02?OFDg37$QR0*FG_F{SN2x7X$%HOc$XpYS=k4b3K1GCX4(j`<+xt`l{+p7F`Gyn%o>pGYwT>J!#6F^yqk-U>YX5 zvLCVb9w&o4bY&u{x|o&7ovT!MX?fDo1D;T&U9_8&Vg*9MMWJ{+ph0t=gd5~eG<0wz zm$_0_I*%!OLdvy=g8xENI&wb|aoNau2#wud(8B{=;)Ow~Hwu4KF1=|f62G@ZPh(Cq zSW7V3fUV)ufk86iFBOQts}fNM|H-mI+4U%a(w9V*g+MhlGCT>LWIa_af$iO69*2#Q z)Ep&}J0%jj?qAEOfP8s&NHRjO?5wzlIP@7^!6>{zShOAzBrE1rOXZqt7QwNH0>$#9 z0tcb*$|#-`qm_RWAZ$W3l_Uy&q2bb5+jYKPEp&J!Iv6WR6EeM+Cp>=PG`&~>7gi2C z2x}jIh312dT-+j(kwYTwc$Ih-(SS?0KZkB(PDLha%bBP)WL@UAC~R~SO_3++1mbiz zyCX~dWcp(|U(n%Y1QhhtKP~4w?A=x>3?(?kqZzxtiy412&Atj-*BG zU+<8h34D64qV}<Q9qOv(zqBhFp z+ovperV@Vc& zUyU>5ry+Vzb~9f-PS^6_EpTjxlidJ)L>0`*{#l0tMlT7$F1@d+Z=vXYwF-Q9xDoi^ z&=rmJ0qU5^V3&vyUsM zvH4O)7p79!%HTj$@ZIh7_8VE@JT14Y4cw(*%vT%hSrzAvpw=f8RX&kMaCr#_a>*nl z7PbP@cl5Uf7`4b1Rm}Oy^fR)w3l-lIMmCGNzSgQdGD9UtG*8xeqFH7Rr?BNUdjCwt zWzv7*HgNJ93LG3NE_K2w=B^q|;Y88oeAi{f9WuU{eN^2gzJi+n(RRmb5=b}s)*5nG zAajE(;e>p;+8=YX)pA2T8Tq~#o$$w7g`V7er%Shhv*qlMT`>U4wko|+%#Yv; zH-~B^`}kSkt~jP@YFnaT8A0pgt%`I*fIOl(R>ss9bAv-jo2A~TT>IxkE%CY*m>x;A=UxA?~6 zYwHg^g05O6i>=_unL4R3atj{8^cZ&fzo#gjPv}y|^XNx0{Y!nrg2^#*1Ua7v=_qO> zj>tx($cjhNG1-IOS4qxk)!dK54flURYXp&qn4fv6o1S8Mbi$#PQayX}H?fHP?Ku6o zo*6LFALz~2beYPP)cS$ZX{=#-5s!7vkQ;C_dmK^q0U5=zc$3^nHAR==2*Yo#RL)uH zl(HZRp z`kh-eY2DAw!lYj4MoDsKbermUpOn%yeN~XkLw!|{&SiX6atwd~?f-Y!3yW4tvPR!JlIi6NDjtr&Gy-|_K_1>&S>49%lq;$l$2@?9_+hnQT@@?95-uV{QaVry{ zuf9!?#AV+oNbI@)Hk+>Hb>)oW$UVv4ay7jpWoj6OytUiow&hp_v zcGezyv0_(V!XZozD`u&eu)US=krO0TO9>ff^C-hfa;;9Dk`dM{F9gS0th|&ZU8QUi zqg|f7P$XTKJl7&$kZgaH8{xB2EUyha_8 zRlEx&(&f7kS|f-=#C*z?x^t;WbmvhjeJ-rQ9i;jux$@(?Nixc`r9D06O4MhhM|z}c z!R}~viIz?;L@3uxFQn9(AsP|^+It*d^lo-PeOm0)I!2(Mk1s-Jn3uz&_dPA$eGipDMh3S5FUsc2mXjtqDdz{rOIft z9=Xi2x@FVF`~i6&t&_!kYWp1<{|A$cX9V*RiPm?PGPMjvAu(SPK$VBz=ypqUGMNE$ zu0d$Sd=R2CW6p($ESb6pi7`_bz_(}WbSi(7rmiu9Rnsg-W!Ti!2yL6X43T+Lm!Pq5 z>I#%bPF;t>&Z+b9O`STO)Y_>Fjc4#E(X|zm43UCMJV0s%^5L0l@YD2GDHrymHV3f(X$=~RQDWREZeN|}F= z2f%G{Xa{`=RAk~ou+ShM25UmJ17RUVIuvRV!og4rPz{HgPCFoKjnRh0OF7y>QLB*; zi&}CyV+0ejS&qtttg8{4kaZa%6S6KrV?x#y zC{4(^4uuI>=i{4@bvmgDSr;13gw&$z;-vkyJZO(TTwZ7p51b#>$cNBIN!owG^rIx{ zuzD#+IKW;?Q4O`1I<$lCrP^r2?{#6?f%sCFd`P|&BpsYD#VCjAOD*~V`%;l^=)P2< z8pJPkMi|a7B}W_BZFUya6>&JX*=3M83V3A2>(@_+e%X!*aA zeP0#tkF*9A3UuF~RQP|<6{3Ha&~?zMDw6e0UAN`i zm!6;HK!ZOQ*X5uQBkRb)Atp_^$;mxXU_r;kO{rpv5FLP_4g0W9(5Y$<_=_8-6mVB` z&!STi-Lr#_=P|RR44-=lRC(vo%t+WI-%_(_KBY)7Nh_CJvcfLl6sAHWK%Sn7oUIoz7-*qv_K+R8k$66W;CI3Y>b?YWnknuT)zU|&GdNBRpeegUJ8@dX%lfUiSo3K)H8zW@`IFy5e^6A4E2 zOEPxx5{%^q8FL_CtC`DrxTY^1Kt0#r3IIvmik+ zKPF|mB|!e7dcBzr2zA$$z(@38(K&cMJZ<7L@tvHvF8GV~MxoV$3v{#oZg>`?k;}pe zshugB&Oxz4i3HWIP^4t;ql1C#P(0m=qN}13uCA|*4u$t!kG^K*(3t^s#jEB^DIXg6 zyeB`3!y~SM7g~RgLdz`%#x<`UpE=IElj%FNpf#p=2Y^)pe^#5j*#_L0jqnFIaM<5r z!24Al6Dj=_ivR8TExHBmEY^V|^E>*6_Xp0tTw_6i`PM!&>0k5|n8{Pq>cyOfhC zyi1K}6z@_&M)EEdI8^V_85GI8bk0PXJf0yjr+6R0Xj8mPGTz+0Mn+$$D%qHxs}hRs zxw-`7e>`l@RSCxQT%AE_3K-jSbqOXYVKmQGLB#i5eIR2OFTUrhBx8B5o-NNSt_KGi zsKqPY(8+)I8XabX^nhzq*tcTwfLSpQ6=Omu^dots!*B%Xtt^A^CnHLIMiw*Q;Kur) zYJKKTy~SegS*iQNSz(jXOQzv7H`+>xBbdU^I}8w%Q@niYm>;bgp>asjF*7Oe_i&}5 z>9|$^?(usn)tUpP%w?}ard1!`=tPXBn7tGlDmj0(SR688WsITpBF0kLdMKr8_5qnj zIXKfP)W$|Kkumy!$chu5`@2T!M`K3bOk;Hsli|d&kI==aPOMXYA8Z}6rLyPRV2xd| zjBU5;DBE{DH$bC>!NENu!NgZFnG=fV+F^v>TGGX5V;Y{Y`j`*@@ZC9(H(_(jKIsEw zXY_xrC4S$s<1lGn;@5w>q_?C){3A!^@~Sl8%(^>+b@1eIb;s_eyD7Zg_YioTJ+kG~ zBisF4&$gsWn-zIxHY+y0-_15`zMSt!m3Ff~umwcRDI1PaxCmnv&w3BDlvu-b{niZ4 zUfuN6Z#@()B)>RmAxU$UNI{!-7u5<=B<6n}#~X)h6OiFF-Jcr_p2gtM4xGptbC?B= z4EbQ@iUSJ-sU^&jnCSo@*!-696GYs(8=vd zR0OzfVM;a+)YVr=8tZnE8PITPE+HEw9bP(BY0KzP?D(b0z>x=jzBh|XAZ4d8eAa(M zv%_C{tdbauo~*zzm=v4yMTY3;ZYp~D*tj<`)`8s_-IpGPo@>7o@?$qhX$we6Fq3$6 zeU;3dIOcdzG_St&ETM(RYNsug!neFF(+sAPKH7k)#6%ZMT2@jZp;h>dF{2a?cv|F; zR!rtF$b8zObdx+o^!W*Rl5&U9_sf4uZM43*Pzz%>B^l0UZ&6Ir0ZH(Li+?eykzOf~ ze(*|xshqe`HM1H+uRfEb(7X4-*K+VjuK^`}j3KBJBb&2S5`^=Xy2z;GP$f(^f2nB@ z&0#79s$Qp3AnkfCWQfO_N{wtTP)QJ3?4?YNtkO`kt$NR<}cKm7aeKjbSdH zD~{TX$<4;){d%+7t=Mz}KONr#f3un2J45oC0`WJ-RuX6!Xdpc zTLXGuUDC(srz^3Md(TREjP7Mwn~qR?F#QANszxcIyxg>tt5S<}kXh~jzF2VC2qFY0`Ct3a>gs={lv&1!+fBDG+y4N{F%@ZaIx%BDiC; zLMh|q8|ny(Mz9l`*I_2qYVm<42oPqu#$A>l`xxpYY< zw8S-j)R9L@(hWS4uE!mZ`=og&M>k55XTlc!OxdETCMSwrep?cH=2u1wg+RFfld|OL zHrpvWrLk2C5ZhW(hipEm;I7ZZjBG$4nhfS>G7EG^wz*+9*2V@cbg+EadnYR*(#htI zc3Z}ddP~OcGqz*wh_`=YXuh&2)FBAsj3}W)u{=43Sg8C=V<;I12{M+UGHr7D2y5ZF zk{7uST}DR8!5Fr}j&hfbZKd*9 z;pS^A*KtuC+DIrdZ4m!hOePWO?BH2wSR@=~{6ze4u=rtMCGmgN@}ALXZg4a>%URqR z(GDzbEo-`)gi2vD+pf2}>FsxL$JSfv`)sqEEpE2kv83)c^B+1g{}^hE>GEzYt<8#F zNd@;_-QRC#yAi~`{oFoI*YraDgQDX|ngmPlt@yN^ZN{mNKOU!x#p-qpq1odo6+{N@ z%Ol3J*<2qo4HFI=F8pVTgO{=qYj$>r;-s$v7D_3+*^ehMl+<@pz<+87&z0 zmobg)*juSj0Olm`?EVg@(3N{= zN$_-zo^u&GFHe&Wk&CBEiey6FBt+ocIhUbwww$ZbdsSE)wizR+-;H(~{&4S)S4iv2E_5@$EIYs05l2Ep#Aiu=K2lWs7CyKY@k?=@e# zqW;vxZ%xnJZ(kYdZkkI0G9SwaAu=z^6(t%!%M~$-Y4sH;d|%54AtGY0 z$K`*6AeGPMgAkF|r9p?p@A5&1*7MRJN9B9@ASE|8=e8=#tx0upU^0sONWPyBx+LD8 zW);Gz=m$YU56}lKIv-G@6tNemQIpUQ)S^e|3A(OI<_l_+q?+kp6&te=QhJ0wiqZLm z8npYWHRw=yhZuhkWRKw>9R-nxHKPm_*5{VL>&!!-4(CXp z5GoMww2uZN9`=!)3T~bYBHEd$9Eh0dI6UHAekaFMyd!7vK8-myI4`AN=mJh=FT$+a zo!zV3;AE2j6ka9yPxV$SyuAM~-uJiy5tsvcCX<3I)9gp-yE=zRB%nNtL~QXbsnCA` ze( zAq{egr|&uic7XEncG%=L%5IAp56r7=0G(JOzb|5foF^M(e;M%|N0f9z!p`k6bnZb^ z%i^kPbhv2WscU(v#A%8}{-5C_8GwJkuN4YfH7uYLCL`(@2J$iF%Wxr-0v-MxVsFD8B|EFb*Q zsH9R17Zu!h1D1EcGy;VYPC$-nQ%*K2RT4DA(rU#Xr`zvfqZ5WK*Hy8Y+q{37qcs@` z6oZZ(2C0l7hClKs0qLYd|740RZLE5nFmyP!0hfcrzYRjPLa}aO5^)MlO_;XsDagpS zx5BDvHBEKXHO(;Qv>6<~8b?%M)fE#AwH2J^E2581iYk4xRHcD$E0t8y`-dTWBT4au zvN$GUDsT*F&}0MF1wNtU6WD)wjRK6MHRT=@Ii<{P6S)*u%yO^|lw8dyysZ(MWMn3t zjZ^|g8=1|>kT?D=qQ6b#2q0Nq(oV~13RZN-lr9@EhAeH|5>?t3bugAOmF-%wT= z$;VE8)jlzM-KL(s8gVg|DJ4Hk>%uDafyFa$OV!#&P=0u z0~EYaCR|n@xoT*G5ExEXc!J$m*b zN+V~_O{^ptA$PJ}nC^cx>#3xAkYqfialcrN138%148q`Fn?Sf`0 z;;(hPdVE|h+3x3hwuNslg0X3i$mH<#YP+4^EN1NAtL2O>r;qsQFK#4Yw&^``Kmp}$ zv_sz)8ofN4y=9pAQU01j&UcTom2&AT>~SY1P$cjrp9US-5tZQ+{2c}~sg_6lv&#R8 zjn@ZcsiqHS^pSri5Fa&1m_nS3QcohTtBsmX!ihwq(72f+n@n8jD5r}bzA$0z(D_`> zMG5CH7eaKim`0&ds|e{#=8Dv)8Kj@hwCRnTRl*s~xzb;s(csTTV>c2-JeF!0DN&#M zqll8t8P8>iXN_0Is9J^EnT#6Xq9kGkxF~^WVM1PtSTKLUZ3THa(N^5#yZWCW1sY~h zo09v)!!y=6<`;X@s^kIhbf=$;q9ymh^$4wJELTc^ny5M6rDG>tl?ig{$%0U8{C{&l zdlcQI8*t>NS0hgtbGT=C3eH&M;CdXl?CW&dvi}nQ&mz~M%||XklZ}{Ljv5YJ+wzo! zVHi@UpQ3*-F~kULxFye6D&cZPS$?5}$-qHHjlfl`2f(JK3-i-~M{F_26ZPk38ZWLT zvJtqc_#Sc_sjPD&NUFf1DkvpE1~2o&f-q&TmUzO!`dY%8T}1}&#SYMbxYR~ullaqJ zV6*VLT{Kl83{MGwm}b#yVMvq11|TBlq~el`Hn)Gc0OLjFtH9`yCkr%Y0Lp@i9W(NR zi~ilPBS;q99?@w*Op?OIj!}8R#V_4jj7gND#dnKbf{}|B-$_z{4I}5a@z~d2(d+@u zA~Fe@;8<2c&c-tgav-*CP{-n#2WM2Q7F&lRx2;PwX7jpWqxOmwo5ETs=*R{`fhDjR zF3^7zpOL_FDA01;MDH(gy5MB^PLt&xdK9sGW7{ zM_AfE5`4=(g^-mc_24zYZB}!e`tMV@RdYEG=2IT@R*AT(BelG=i`-t3eO~rrr ztv5W4$&5zjOdwQ`V@3Xit=z z6*^}K>dC7J?BiHD^}*TSxpoSu${op*m(jAv`4V`keHZS`2dhvGnXQ9zNF$8=`tuP%0U|WgkU_*a50B=C)B!g|9qjdoi1HaKTv=p@Zc{EP3M1!TqEku$W&_OtG}* z1Pv#hR|hNeQkIB9F6V_PY`J4gT_RhHGdvtDW(v6z_;bl?c zk;N@EOj|&fG*G)@8?}dvhBpobH@x2c&_mIjV`PWw@&@W$*Kwp1F0{w=>0Uy%t zBnews&)SBwG9(Pv_s_7te}?t_GoVLZMZqEE1+CXELsKF_Z?qzN)ap zldAv2_OTU+DT{B#&)PO0R;Eo<72?`GW?_~L7YHL;9u-b_B8-?}cA+HWd8uHY-7+#nS zzLC2PTYe-^6S~f!>*aq19JR_9brXqHe(g+j=pIHYP| z6Wasq1?a}O3G;bs*+ser^IohN1td~+3LO*_>_VJwj%eW#k5iYUq$HiE*IT#b;@ z1votWkE%Nu__;M?;`$LrVkQaqP&j3jz5b+?y6cx6sC)+9D99l2( z)AIXr_4|^HPM31VtiXYWPwA-;#>4_*Hjk??`|qdef-Qfa77OfFG~cr6V*aq4-4T!< zRy$U7gvj)Tdlo4x$(MM1QITbOjkrgKtUkkZK;74hz z*sJC2VS0b}Fx#=)>Fu}K-5kxLtC3d=JVP-zgfLJwn+*qtn6@7P!$3U0!bZ4b)6K&V z>~UO^XUiXJ8uEIzo&UkM>*?=Hc0U*Mu<7k?E@lqcYUMmnR<9*C{g21TDsBY^(3U2v zobkV4b`6@Uq87&%c;&=|&4ZT+pIS}+ak+uId&43tX(G0N?5lIPYujmwrd=)NyPb5k z>U)H4X*Nqai;|2xp~1?hAwT9vT&^EwDOW)p*~v;ym~gc_UH_b5a*sUV^2!&rk?FpG z_NX(>psTvdOj72juqMDO=CC})S-{Smfy2O29D){T<#ShFpR5A!{r3|OWbn`L1{>=k z%uN;q;O$#~oj^A|$?L3!)7IUiT-)orVXs@B`@)AI_O9IOuObqZJ3t51${?)$N&IbK z#`22X?RDvfkW}moG+OY6BZ;Gx zrlQB(%eTiRZ2w+p7zDxq2<2^QaB;}PSVaPh*c2jv&8TSwh1mvhk~ECuv9VXt23X=A z1It6>>HwmDgpvv$dgY zcp9(`>Lx7o93AvtUjKkXEOLtiGCEWV;mK_J;Q3Jp5d|hDRSBea$mg!SKACQAzcK0M zy9Zo<3Ahzilh*AT6{L0`{rvSNHuB+q#nh(QCcnhsETE22!as7F)YiMr z^mfKnX|Ff8yT!1=9-i#31m}C-`zO&pS-}w!Jiis9?sXl=(0gZwLHJu5TkKF&@cy8K z`!*1OkcK!nx&|PUA`D%BMtS{;*-au{NJLtH6c5ZHLMgc^_XmD&(K`&R{^0p=H)O)p zQ7_9Ca~3xI87^x%%5>$yd`zIp-UtvdLCDK7o>Um?#lop1YTzkPoM)ScMI$b*~|-PM4? z^~03I{66x@s|X#=tAIh$a|M@JFTA>c#!=TFkYlRxMX11Jx_M-`tIclq2YY0*KW=Ah zxlxI2chlSN-Jgn1o851wk2AKqzu(SwTk4c-xJ7!ndlG?Ttb^ATc0E02Q zeC@X5k(Jf3eEu}7HGxyYQ)YpePaEDpanCFE^>jAK;^8(BeN2u@YWBwMOg?gdE2jE! z=y^OgbKN$)e^pGal$@0p;4^|sOq1UecqEWkZZV*Beopz|H2}fBWX-j*G?d$o#Df5r zReKs`ftA?>lv+Einz9c?$vt9NoIDb$-kWF^549Z*-jdac$rJZt#Rlu_?NniWaMd`A zAOJ&vadB%zcZ*PuUWZK9d90Ox)}@e^XvmGtLZc17M^`F69vmU(gS$zESy}=ylJ_oS zddj&3{2rwi=)1oUJD&U8gn>F;s5qdmlRnh?k(2@8YOolWF zy=cZYh?U$0E{?M!BsKLw9fo+U`DMBMAP?0?`8JV+d%#me*O6*8DE2gesl70?bTfC@39e76tVi4oTkm zhF9=js5hlzq)T;8Wxy7k^i|86!&4aHwSXvk2_d`BK&&)&+`|D4R>UbnfZ=6QZaw5^ zEXZCF80l}$uvnO|46mwxW@x3AA@A_P7w+b1=YVJaofxJ|ndQ}IAd%Twl7>FGBIeI`;IOxU*`BfSy_RQq8O}!k zXyCgrDH}8Is0rEjxE0eTUQ4`MabR+3n~_45`~@3Ghgpk8yTvDEvJvO_VwBhDEBGV$S~iWiR|sA zqdto#KD;uS%IG}H?QXi@hAxjxQvTKuvBcOm!m$B)js-60_n=Ty`YT>`;F zY-5@7H_MMa8E)ecGWi?kxk2{U2c%L^1Rcpgackvh zwY)s+$`@mReX`u3y;-P7KE8y1lTi(ee}$2TFXoT))=&)BG7D@#XA`!f{ithmFL-vJ zMA)jpME4knugv3zbTA}#kEbCN*hN6sAiC4en)P~bwYcl^-tEunve$b}T|~e4O->E9;u^Y^-iV2# zFM(~_6bB{gs5}EHT|wZlVeVI(*~4b_wCq(q9yZgT{ob3+mOWqWCAgSBeA}_Utw+Dz zw=L+m`xaI4cFzJUUmqa8e%h=T0}5_4yX*h*&)H&svHHEw`^(klak}X9X8#PU2FcTo zjg-=o*W>7!9j|{?V_d*{mZNCfv&~|@?3JP4zs+~OUhMzftRQh2Pi!mV?6F1HR&Dqb=H;P;e3Z5Tnrhz9^sm=m2 zwAvzwjy{PAq$ekl=;TNM+&6S=c^ZVOf_xC@zKOTD0#?%N%@M1otG7Z_W`dkX)#gx% zpxwA&V$Cy-#VlJb7Em`I-4)0uzlBNFJv&BSi8eHQFmBH zmg4||&%)?=rn^IHw=OIx%oTwEg&$nSbCX-HVTFRznKyfT6C~OY*e>4zd>%ITGocGSkiNDF1){rhKfAl(Jk{_3XrKKBJtZ!D-_ErccR#RPB zsUqejdqjF5&3q3LSlxV$1dK%IQJy4!Mq(yBvP7GJ^ptaKLFm-K? zj@4~|=>|ar$HwZ*Y4EYBm1c>5oEMRy1AKC3+p^0>=e{RmR7JupF0<1**6VMWe}D{r4^r!m zo$Yt%nqFMK1HhJ7U%x}kxsQn636etg67|7*{7o*k6=%-z1;k&|F!U0plxQ@{Pe6cf zs7o{-8ov)rxhF=XFapi5%ZD4%TK-K~X6oV#=;{>=YT|e{AwmsOBW76wB=pkBjY~J% zTV=+?PHDugRL&-<9h7)~DL!Z8rrdCS0tTh%6k^{Etdz^^qx+7qm&y89N3xm$wR3Fe z$7WD)6DD1s&~t-^Zuh|rGvLPX|&5rGe07{+wzHar4qNSDq+8nVX&Dl%1)MSG?q zXH*R)3SWuHFhY(k#DV5s6)zE8vY+W-79OdxC@!>cLijVu#ww zYWq2FBRKddyAhQKnJ-M)zcQY0VMS!0xEC=ew5x56h;TPyfLk$pfMG}UjgZpX^qDr8 zkjXJm(|3ZZtih~S>1YIApl&lGc+6jToD!zKoU0>#OEsxHi4hVMYQhMecdH-!C*)$e z=)SRQdwFha2$S@G?7x=S7PX@%UccXnR{t0okH^Ip*8o29orDS@&=cq2&Sd5)6{U+&OSH@RIcce6hbfp^o*@AD-hZ}tNbHs4OSTRfil z6tjoTR9-NONd4cl$LV6Ry2T@YpKX@21s-oPUq1bThkKkot~NgrdGjq|;XOWW5sPk# z+S=Be)$I%uvqrCXy6$~JME<_KyLrIlZDtRXolqKo_w`)`!v?t3{!bJLu5~DZSO%hG z?K9U)-GGHJJdRyqN~w8)oRgy9(M(VUQ~Of%YA0k14it-N+)5yteJf!w2PqJCvg9SI zI&};KwMi@`iN}2er12q8pe6@~|vY>i(Pi*>@fX94U#LEC>d7 zRR!!xG_xeKY>t3))6>1{A(3>6sR}p;?Wc#6wNWGi29w%RIsxXB6;fq?_`>6Tn7HY{ zUNt_xKu1gQ=yizvmqAtOWW8Xqc<>Tou}m83byDKR&>|O)UWb$o)sWAB?Xd&sRTTzpB9LiIs z#q_Cr?rut*)XaiTABZu3oO@Q3a3Xl*5`opN%q(?*Zdqe~2K9@9$hBGrYf})Yy3SP; zaDt1KhVrXGhp#NT+(Xo`0V{LMjaQlb;pOWxCXE@A>{vSpn5Y*r5t06uNJZ0mqh`hV zaPMFpGJ)KEXu@K^i--Zty({;f0kf$eZUaqj)PH`s!hC}|HBG61DxxN+l^T=tVD!ae z7pQFeiUcOsa$gbIAjn1HJxgOwpBX_U*GM8a@IuI~N&|(&6qH*Iy-aKci3QxSJW%U3 zj0ww4{!ft7w0jl8lZE>~xlP#cU*vx=@pDxqx7ttoXa&}hhGDqRl612zQ+f(i=-CwVpXz@u{%7%st2*cB~|0 z<)NgblVwekn_o@h4a4asgHRhSbDVd`6(9wxc)kNSxy@ohNN?mX)G5dW*mnC12&*Im zdXWdI#2mhVNf<*YAy+b)84Qr|r9ncjQn;IFMdHe)Bozu{2k5CEqLT2+fFc$8I}e8@8Ek zpB5Bib9snv#@4s%-Ou%Gi%VawmNT|{S}$g}+_fBk6CG9ErtuMbz`3AL>?p&n$(I6h z0gP6GphLctAn3m?CGh){Gph(@u|d&#k4Eunk=aqkR3u9!g3kwgWuQP4BNoh59&Twn zF-ut9_@$r){BroGphtEDyB@nI{%E%FXGYJB2`ap7?gRxduYPcC6%NgcV|;!ZTQ6Kx zcjUr*@sWd5;Pmk<&x}0w2vn|`L*xh`)UQB<2+A2V1x7cd@ zPqwLn}}C|3Ki_y)aeD@_h2iFP7G>RA4GJM4@K z%P@>`#A!n2bQ3+r{I5?J)HNyzF7jgX`&-Ua;H(sq)+^c1lfZ zNhdJ^Tz6K3MIUdZxPYBe!Py3I4YLg)>gas?_taoa?qbW>X5a$VvC*!B@Pn+KrsK&O|OI^wmj*Wg!hs1=~mR_*7Cen zmPT0$bDJ4Ld+ev`q3{*n^>UG#Xa$_F(?@5 z5V{O@n&3*v2np!TwSrPL*K>uxXz>Jp&Gk%xqPf-ttb7Rrr$N=gC-Dc52Np+ByV z-eoEFnH`v`Cj2Np4rNXgnvb|m9rO{TWKs>#JC%(M17@)S0{G>)*qLBQn_&JmAkBcd$N&OCYdK_o^XIr^lbywv>|;MN4&<5tWP zJLVjl9Qu)EtKKQWCMzGwWzvxfK8NQW`SIjBu|Me`ki)5~ z&<(dB7)1}OnR2VDyn{W#PAnqOY~{6^hu`AP=0{?p_rB-&0x98en^+?C6n0+1Jzw&(pXA#MkP@$k6h<=wD=QTndN!;uUySh95tT1$ z2=}#@%{{Pvc2uRa_mJC@y4yfsm-=zGfFKhk&~Rn)(d&?s1WQvp%cLK@PI|XJ7rdcZ zJ=_MG>|CFV9&J{f-vh2_bc6MOnC%-_3*A(Qr`)csWJT)QCX;%9)2#uINeY0OeDqeD zyfFd%+2zA+pz`*Kt%}$nSGZ?y#qMKZId*CQ7q`1XJ1mg8**6nol+Sdiip(HBB9L$N z!9m0_sq7Gol%K>1VB#k07Rd)zy^B+>fumLfJC+x3vAt&n&y0Hq0(Q#%C@&XgwgV9$ zQMNo>BI8aG{t}~qqDUHP-Btp)mD_kd7KfNly)qeGhX6}i z7)k&+&DmZ9(Q0lMs77|yEKmx;;m|PC;>oKB`H#GZBVreSvARI%YbAT(k$L>Z;EJ_Y zoWX~_&JhN!71+=NX2s*}urn$wpD?aTj@yaQ!wpV)4UjWn*}G0L$J3#()E2@qJCDH_{E_%M0yj+dDBcHs8yCZ*f$+|9TP`SG@VGs#D zf4UVlSx-09NA~Zh`EoaVm~F~58V4b|1YMVZ%nvrRFlIUzX67|0TlqCuHVHL)$Hmq@ zD<0IW&b9E|KV@%maGET}JqAr8Z z%J)-nBPOGALT~%%CsK@%RQNbdLtC%W;7M#x-1Fpgc*CKgwEM9q0e?L>go&S&XKl!T z1l|+nHIF&+ca~c^g@xs*bJ!+(LV77AWrN1m;BVY!Nl{{YhmP6#C$NU(GvQhJO#;OKqG>hy*>EbsFGE#w7kR`h#s|5Aq7B`SJmnwodBfbj_xl&GaWV zgWnm|f&I+Oy;K6^ty?m0KW3Yo)po`fvmdj?zu4+&w|?4*|65|@QeEw}k*>Wv_G7wu znv?lnSpuHhlT=?OA=&t*7cknSNpvywX9L$X{dhaonK%YM})o zxvk#lL|)=ynKu#eLb-$_&(Df<$H3K;^7+fvl=2Uk-1bD6e2dP^d13gRLH8@=Pq(7# zNZ1E}Kuz-8%JaF;%9y#3ESE2I0Vg-2oS&mm^bCu9ld;h9Ha(D9ly%>K-jMod# zUTl^4E`Hp}pH#AdJ2(tV?1Havy48QvzhQcBE^waOUszQtVvXnA39cMb20o{uiV1nf z)J552=1U5aXDb^0dqv}XuW0P=6^-(}%1~JQvLj8#$Xy&%wJ^0{;#vF8 z=$ey=y5`*Foj>K!CN)$HEAfBbOfLT!s3<4TBa~jb?OM!hS@o!TfEk7f#Yu^(t)H6` zKTCChQR>1E<2(!+wUDm6V>HLf3y=3(d!WPFSE0|5TLx|Ud9o34Gv9$xiaiM0rr33g|Dd`_6gYG z{!ebF1mHL$NpHd_5{p~9dKZC&A1vSX-ch;026~;8A9(<~0*mK6aOYrHcA;pKjCU|o zD|v?ITt3@^`P@Ydm4fd@b^um%S8fz*QUJThe;}`N3}YY_4K2fpHeoVipuvTXV6Yu! zsQFeAOB4Kb9$g1FohN@QVOgR=pdL9c+V^pJ@NF|tVuW3qRi(#cW>|?-w!Qobv0j?2 z(|57T4j(6JCL>V`t9Eh~G7#mDx5Lh;u-wA9CV6fpdfa-JJKllWE*@`($;B0>SB8Cq zjqX6WzM{!y@;tK~Ch|Zom=g6;!Q>izwhp4Zw~JE{kk6Js-VT2|qr$S?!401C?+;3& zdb$-=M*`~xs2dpBTKV!QC8S3s~GdSNV&)hd6Q!IF|GKS`}P zEv`2(+7t^^a`=D2%Dj}lxQVFI8F1u>!ezMWG9(ykvP-gzwe1;14KfkP4{@2^m24!z zQ;Q7DEMaew&?$;s-Eb1=-om|@Y7OdvF2OBnkS2#}e0jA}0mjf9U9$>HP9|Z~478Mn z62zvfLmTqwZ*{O36JPvb=886j^S8*eT)M;?8JMPUlJ0-Cq|^3*l?*{Icm^lw2}^~d z4aX_1M3&&28l{4;05Z!{Mu*T!uyqVw*7|X1ud!?5J8Z-0P8+S{G%mJ+ zBWC*I;dSFp)H2);Q4oB&f|`{2;Wp5O`4n?5cMy)CpFUGvvl(QH1LT7a54aux*HY~8XH7T1K{!vrdUX$ zYSKzdQXYjblbdBB5_2#pkzlkz_32>7J z?;{2Hq>Pw;jN@5-NUMVV9^5Kk`$ zgNhKyi(G?^EA3461)!y;9&Q7P|G0shGW}P05+UFsp=d-@WLm7>fyz-m-HOVMzZZEV zPDg9bBT{vR=qXiR^l7?F{!4yB?+X2Tf@*mLmKPwGNh-S;xjQqAITG6a+l2<2RL{15 zV2t{LE>`?EJcHdVvp%4O7ecodi6^fjCL8PZk^5o%e&YsK{0>`pG9gZwT47m2!`B+J zW9zj_IW8P{)shkO$kSE;24)izE(cnwcb5_!UG)#o|V&~zf-hK|51g8Jb$kYTxX(W=xzb9t4RSTbTxc{ko6 zF7As1jU*?+#j#)x%eErT#XtG8wc&|ws$%{H)aZ!V&LJO0J==jv&<#TBt+wfXvM3B3{$S#(y(Stw-ri}K}G z0pID3SFg6hW4|X_yx0bIfBEfeKeBqW4Q%Eu){0Qjp0$UzNb%@($fsV{ zr4qpX=wunq8ai?$*B({mJ%=YY7F1tR%>t8P%N=Cj!4LVV%H}Ut~e<% z7^fPm9c9dHQ6Gd2LWfgui#Cfv#Acn<9WPzjV9*2@9gO8^^S*O z_s%3yY`sIfcKK`z#;A+wVwDMl6@Ck@*i;P3p?tOlGr1|Rx?hBLdDX$y!At&A3|arD zxijl>6vr0zpE=K7-I;xVYxQ{~Y$C#)p015^s242^vP}mDiXn#l^;Z($A#Bi=wB@=F zl^Gd@zO8xO1OM+v@-9gux~X<-9rGH80ALvx3A^Zn?zWVE4lv=$3cxPDzmbM34(wJ?R(hO>pd;DI48-yu;U;AF7(=`}u!UYRx ztWQI>={rOvu!2?T1!b-0mnkw`p-aG-Vz(i##F{8rXXdlmVwzWWw$z_4`|xD&;~@8j zEYPY(zzR|_%I1C%RV9DHZjPqww<5#|v$%r@a)^@XP#us(aa|1jCJ@*yKKEi)vxHV~ zkST*l8FaznpLRok>Ns_T{Rj!xRkO|x@}CeLGK7P(I3{hb^~79IdL*$QxPyUmPf7S` zAF3?x6RSh2%G})F8do)>$pVL`FXL{6g6&H$Mx}cCIA^iYVfE7sixEI<{)9Wos6Xxl zsnisJcFG;7l)XfyfXls6jN7otwoXYcpHCId&+wK8<(!FsXG^F`pg%RNLXZ+guuA`e zki(`ah-&C;5Pc{1>WzdTO}5dlQVde4E~lUc|0UV8v5+d9g~5_aZd1orGL;8MIGpBe zGv~)@$~7Q-J?`zabXut00D_=aa@zb&qC*xVkq<}58IY;9{<;^Xw2VM_XIX@mw;u|R z`}5iz!lhP!JYV=bDt&`G2>rN=4PO1LI(Zj6@Z&&u_9tapvLRKcQK$q--gjJCUgecY zO5{g)K8JBnqy@0~B}k$5*F>el%cxQZm9fO_f*=0Z4=DRVCCn0#y|aL<{5-^lS}1yL z(!naAut)B;M?n)~N5bm?wZ`kL`eBHT3}WhI7hBnX$Oed2vZ3l>zD2Fc7+{&HKkfq! zHgNp_2rWdVQB+!tO3N^5;ZIbWk4sZIUO|8x)a;>l;4s9c6{xtsP-(b%E3kXX8)o(> z>HwptJ(!~QIhyS0J1P*h*HPSN{f$dQoj7+XChY|i7AKfA+<~8=PUsoZSbbOUJ^SA6 z{qVhicGGF)bYHU-8bg}T`l!)5u?5wkl=-f7AqK;dkZ%1dF0rv<=dR?09tc)@L+*p7 zP_sGqWha7ntZkmcM@lbDr3dzL-W6PT$v~=?T-Q8)OW#+f^RJ~Rv>OQq+?ISqx7;y^ zOoxw854EMv+2kM$em+4i1oSBi0`qu{7!X2#|B}aF1HzhUWPKLCw@Aaf*`9@lx^kf| zQV(+0QC_J|dD{0o~U?M-Hwvxz=Nc_PoID~}nN76UYlUFZq?-zA#fkJupqhPOxy^N^fn&NDK z$|C-&AH}VUGi_c>--(~^%(_AXFw^Y?WH}|gKOI$}R3@+^h0T7|fnxOSg2pr`c@&1+ zv}i{Z+lSCRN^=}qt@dKbDoOTH?$d;Xk-tmQqKtyV7+HK2d774{oGLRT2xVm=bb8G| zRmQa>3UW572RRj!IteQwh5I8%nY<8xr)M4?oqJj=3VPVYA3UDOt6Ar})XC9EJa`&C z=nig?elpPj9P5CFV;%*&3bb}_9h`y8sfrS-j<}40ifOVd_o_6vb@{7QH7@V1TD{|# zaxk3Fyzy-9D(Cn}aDR?H{nS%;I$!?cUhrp6?ns|AbAOQOe6*ezl%zFgH_y#~%5#>U zN%Hx^AoY5+aAzapOeV^ZcN$c@A9EYvJdI2(}%@r`ch?VM{?Mtu|6i_e%MQc z^nrfbobJe59+lJxQRt^Ge1n>QD>8$$!fofPpGW+Vqg8_12immO$50vz$CUiQ^%p%< zM&jF!nE5+u20Hp%Q<+Uq$zgHcZ!s1>W}}BEvRW?|^QGsqS$#Qt9((T4TQA*}aET@J z)^YpN4FbN*2_Wj+%@Q=>z4$#*JtKf_r+ZOx^lAnG===7i7iSXUmnIBnFPkHJ0rjE$tb^LF88E}c8PD)C7acVcOdS);p`np zmk2b9>qX>#K)HRk5rpfU*VSY?JV1K2eE_kGHt5aEbN2&EJC9?^!RAA|9#*W+9UV0* zi9e>~XFFlfPmD6aG4D}nO3{BSJTdrva~yc~HNJ^7@|YZzeciekj#moouj4%Q8LaKeaR%wuz$e2I;d>Z?V+s zIHG;@uUbTMcKX;Q=~lUQMcN$Tjj2C1iD{xGJ7|3VD<`B$b>I{DM(;Er7~6=(dJAKn zoF(G#rPV?Afkt3|_@lDOi8kSde&~xAJB^6@Sd3UMa;?S?j4~zr>fk4YkD&G~S{YS4 zW=Xf&DM!j%?VHa z*v@#${Zyo6%MPEff~Y=iX-OY!qB2Vhqx7vxksg3AVy`A8hzi0Tbd$OgwK0h#$Wedl z`bp%d5~T;xN&UUOrc~-fA{ENl2)Z&Wznw1~? z&fQG4`5K|y$!?Hz=Gz;XH}SO49#m0a$A?)JTBF~ta=zY$8@Wn6`{-6eq1EoN{6(9p zqz0PtC&oUF(THriuYYFGtIU0!oCMQS|YYEh+k7n#L4;NOgOP zUK-qgq@oX_X;smOR57gR<3Qhw`WQ;)6@4IO3yVIOx{(ElrebFS0>V{0`*FI~7BZ@W z!G#1>WyTOivx{Dq1avbT&N-It!Q2@Xfs>;lFHTVTL&aQ$}x4|7Ll zWTK(SMYvYOFx&v(fi@fflA<{Wgb23m0Kim@JfKL_{;p~I0U>K!fdJqN1|bldifssl zr*0+!pn@$%04!DGksc)6jsyZxF)0Cm@s5}AnrkB5P6Yx{Gg*NW!PYAvpy@8+6N$9% z%*MEkbzT$@$_1mg)lLr+Xm}zeDBGaOiC}XS2+FL3DH^!+ks!7%lJtY&eB_d;vsjF0 zPbQ^OGog`@fYvlp4Aig&1cKPu$UqQt8yQ2<@`EX5N-z`ML|pgq!0t^fG+mJdE&da z)i;@&r=HLYN5pOVYW$~bNEe8IYkKUL+cZCDYNj8PUx7VcO=Y1o!*5Mtdi}@GZ^GDr zB62L7FN3nm>&s2HiFvOw(gu6h$t33NY34SLA*NyctD8yfTW$#{IyOGt zd2YRc_fAdy$yJSB=ge%lbiMke00I-4) zl$-{$gOYLfX%&aZ)rgH0!=9~bTP4F;Ft3t|L|*P2AU#JK)UdwIRzDbOwgsZJyEy{! z-~%HzEsRKnYYg=BbgYt;iD1JdJu*R`N)gPH`USu&lmHBc2YLt%Y^MZ)Y3e{j(4c1u z2uS&=1OkQIEP-f$0U8OQuLR*JSwI1S1r`fv2L(c9Xe4!OsD3QmAPUG)v5A5r70sfc zSde8D6b83x>L)_Ynm`mC%O)TgYTN|G0qvV$G!+vk7*W;A2}W%^jOlkjb&Dx5&&+5F zC`Qw63P!iGZP2%#QsBm1S*R$9m{VHSLL5H7J$y-6y_4gA?1ux^Hmw5V!PZq^BHZ8v zhD6>38kt$Cqj7E< z{+P(U(JRt_dFWt#bR8_xj0d;B19DVM@Swp0bR8WMA6}VL&kfUbUrvL@p_Cc8l zcX?_ic~BPC9lN$+9vFM}iiGgS05tl8K$PwNKv1yhACP9;|5^h;U%wP}#QnnccK;dSC{VNzG+i6QH0PSR*DdgfuUkQo_u$gtHwG= z&&*(dp3v1kEuA+%D%(71PII48e7561n-2dg?(rc}uU)LzNeZ&3-wwa{hKnmYMTyZ` zbHTZ#-l|t;msrzVSwUL~RjyT|$)#Cbu1Z}1O@qX@Js3#LDi|nD#0?F&+e3f_t8{E) zn&AOI>9*rQSu*-YihcSfp3v!giOJ>{K@7Wpjdpm{Rv-FPmd*QAm2u-ru|sJ6nCzRL(Lt^4 zq}5bfBpJuId3lS%{pIBvl!U<_@~`} zkbzT`sdrr5kXn!I>jpw60dQ}>UQQ9#Mqx6L95GT&Q?$6<5 zy&8XaF$ys8S%vPGtnuQKopTa#Y(kt@Zu0?|as530aGTSFh0L7zkj%78f{ly_HXswL zD!5egM$JY`@5snvIiD`PzWvapXnySGro$cL+yC8iyQJ1?H_Bs7R`5%1mvHfaOI6b} z$$0w=9n{LwX#1EhzHn_6_!;*gWlffNV(}UG6-~yvp!v{e37LTK(=ar^ikld2Xg7*- zHYMRP$Cp)L3}ssYU%|>jLJQJ3%}E($G7nn(aKk>kJlybKoFO`8)VF0s?nDfhQJB4Yx`fTj_e;GtFjxU>(NiRl z0S9bTMi$HOWA_L7F`kX)KZvt@TESZdE@io%k>PZNj{d#%{LL^uWHBx2BB!qreN)kB z!jZ*|$oX%%4*j0S84m_pzz-DW^0(18B~g-9CCU79e|OPoRsJ2axj9RJn$UZS%&SCg zP@9WXx<6Nt`8-~E^W`t{IG(uJ1GDj7AWD;?55)_*+LeQj0O8E(IKm4XZNUXTpPVtF z*H*)B?>xdPi=zPS=SowUuo`S!Op*G<+;-*h!ID#=_&l#5Yk@sdJ{|OssOZ4Pws!k_ ztG6*!l9JW)AK`0@6*;_r7)%D`Zz}~=vTIh9Qu-U>S7qAFAJm2%K0gWfX04Fo9#Z&b zhaYmeGquW^#OArTP&5rzkW%i1gfa^7-3tL?f}efxogaBsJYhJ%u$ z&54L~faO&jr6fGwVZo1seOJYo*dEzEJ@yN*`qjonPhQF>BPpAIg!XL7|D-;zbO~{T z)gd)XRgS5=!vCimb>q4p4XN{-31+jYu{jb6Pipq0G;6V<){dGOyX-JZt+7?lO;GeA z_M^mWRBn*_<&kZ(gPw#$3D?E1CCL znl6RfTRbl1+^4)|nsuX*Y%&0jEo$Matv~=}}8Eg?dLa!ixjX;Av@|co}bU?jY_e|d|)wY=ww9XS1I;r$}ccV|3lr@b=F!Q zp}=x(PJgtdz(ejM)jg|>sAN?JBEI=~f=8?k#GyCXwdQLtuET@`9j#~8p)5tm9z$7( ziTQ-GFfCIGWht6w6%aY+dgaI+Ok%HqF5`w70=^7?MYU!v{(z8!@XpQGjM^R#wj^xiv&u`WZz7snkS zHv|x|`LSIVy0=*nexcnoys~zWo-{4xHFZ(KGAFMx>+MrtP}*vrSj@||%Mf$h{6yvM zPF+TS=2r#f$J}U3@+wJ`FGe&(s$Phzi)dnL-nCdv3>&j~%1+J+y@#+?=}_IEMqOST zQ}H-{@n;JDDuZifc1cB2qx%F!w%TgxTB|-7i(C~tvmumfC9Bx2c5Y+`y&yT6*h#UP z7AYzc7M8GzO8hEpOISUHbR7vKq(zVyc8gJeyGXJnq4 zv^S6oDAIa*$wXdG`#UR|@%pux>-_L%FyN|QzoY$62c+k5P8nMN*zZ)YDf?x@+8rr> z@J8X2R32!pU*wtC!DrDt^}xx4{fKU(Bx>`Z;r{g#kT+LmKD`7B? zN9X8kKSni(zd0$_#3|J^urFvl1bria{gseUA<_ZZI>i;}MyO-}?3C&XSO>`>tMy_r zUwZC{ILqPl*mH;8dg-o+_iN$GyjFJjcLsp3bMrayFraX4nk(3i*j)hJDb*G5MqDcZ z@RaHrD8l|tM8rF%sV;@i6`Knop^#N&G?lEq{Q2{tWHi2us2I(7~YgTFqsW(NMjpV zwn5Boa1Zpr*dhW2GM-KEY|#%8CnZ5FL=+u1+G!>{rpF}#o*`l0x&)3cxbhzj`*j!< z={)>M=I^k3GjGE7_=k(-?$S6Jf9S?cQGg)BBC6|i0~WI)~b72ZfUaj0TB{a`MDoZ8@rJTbFMyHxUq;y8O0>{ z2LG4sc&&l0jgeYJ@ljZ-mxgVx1a+9NdZU2IJ#J~ty5HGbN&S96Lx6dUe<2$Z_SIAb zk7R7l|NrAr;v!2tIS)O$`n4K5lZpAIMGIUHFR^s)bc9}`ysZ3~l<~&A>~-|KQfmAH294 z4vC7Q!a}~%e3KS+;1*c7mT()J?DOh3!Ew(HViRf#s+WFKN>g3xJz^Jb*mBd~8S8Iu zB;&E3<0iaem)P#ao2-4DmWr-F?S`Bw(DZIe)N#kqu7HbG9XbZ~e-zDDT9IwU(=Nzh zIB`}hGIbV<@$3oEu2SH_=c*yHxC6>G*7d?P=(prmhw|H2KC)p~J(_&3xoJxPS5PBG zmB}v()Y*y8<2td~cgbIBgqvI5`NA|nhVmYVPDN`g z(Pu?n7D#O**BboeDa530nTQ4m=_#9c0%7sy7})mim4p|3VT2ma{KhtfB$-?13p8_p13M?jnc&|6uXoJtfjLW83+zCQ>ut0^O4CB8l zTG5c4wyLH;e{rFX+q{oQ^@O64V}dHf`1U6iym2+C$hkiYQ*< z7i53(v}ly^HZkk~cKo^*HFyd)k8P%483cm;d>5b-UvY^WAKagSL~fHHt_AqpR%2{| zN2kealw&s(gJ!tIZGm607oA@+LV?Jgg>3HW`&B2vgSe8(4?yV*T+iD>c!wkF%Kt_TuXoJ9(cho*gR{z8u=YPVLkKDoar$15w~>DMny8*MjrJ?F^^csyLrA12P9e|9Q*I$l_+=-EI2@%0~8rqS7G#byi} z;PHI*#Y%0=m;baf^)D7fOA~)hwv%OB8McvKHW3ZKTgh-uw$a;G&o*jewczWXjhd** z7P9P(C+^cvTja%ZZUg<3?UgMJ>IRL}=h!)Z!8Tcw`Oxv^OS4n1cRCXpoMjryAfylv zf2In&kHkMj0Vz)YO$@57f$pQSz#+v^^1@a33Bu{VW%4(w+5ryPCg{j03F$iy74`Dq z2t~L&II>W4Ry&@=$yu3}eoXNCVVV0`MneKHmjXdECl);>MVJ>(tbxyeLTQmR=!X69 zLIOYYgGRFqspx|srhbl{-EB@OHnWIRf9?<9H#I9g*W<6R$U-rpMPLnq9%$=7nf)wm zR%;1x#piysaG0Dlo(j!qjkS}7d`1O1h(!Vt3{Z{}cC@_73$n%Foj3Uh*?gSOBKl-* zCJTF~6<>BDj5>fs`pn6j*6OAFG$#3vd!Aw&uPehoBMKSBOq>`27Cvcv6&Jj zqv$!j0Fulv_bB;1Z3hiVTpNv?%(|c7uX|_toP5o&%WDulrnzzpAWsmdh zv*O}up8w(u(J3P->3eNG1$ju9e`mVNF)-Ysi)EXnTT<>R3H=ZKO1Q!5kShF;`!UD? z3bZ7`?UNsKGc2~al@z0P>c3F4d0gNwy8{NAgOxPC5#YfdRr=r5vlKLRw8aj^#W|Td zQx`IWYKsxSaCy|iJB^&167SNIw)y?O7FR)xgpQ~j^>uodrVfhjIxy053+8w3dtq%f>*x!~;@3Z@z-hKBw{o8iG z)4yx?yI78A9+5^QF&5)3S7bP!%$F;hVwUcGy5^GJy>H$Yd6&-FeM-OmcFXrM|zy159D`>)@$hu<}7UJHH_X~HC z85Ja>Id`1QohAKkf312@QSvmG_PLlsch72l2lad?hOW(hs^~-3rEq$W<@;Z9vVr*{)nr12|N)NIuj zC%nLMZPQla*H*cz#6}O7MY-tKC@X?J<%%9TNay4DbuVflfAsq=$bgap*>yMy9$Zk_Um4haEwSU$dGKRuwlWJKx7g49aehrX*Z;aSv+p{Rw+f43O!K`2HyGA`d+YI!C<)Uy z$SKeOKOlsSe~=;~MYVz5Wta#H;s`wG%;cnC=T0Va_C=7V;8A2EiSa`4{AeQR)mD)j zD^JMcqd=`SwF%EE9ykY1XDu%8oMc*@sAu-K*09#VYmGELIqD-#M~>b|(~+b#(sTs9 zVi&2PWtA!5ZeU&yO{_9$-xptYB3P+&%EPO3^AYHle_Vp(QNA#aZZ=`1h3M3ilpIj#z%#--z$DSrn{9lvQ4*~Zh9jN}O86AmM?c-Oy zigtPmf4zwRau$@PPX7t&>EwhR4*40Ddqn0gBOq4A9V9Vf(s)aF7S7#bXv0p&VaA!-z@hS`*PsgxsN(s(?m|^r78#WMNf^?KB^?oTc-wo4B zt!bo8zLyw^M}@@@9lTC#pojHQ7ZZ7>QvnzCM9YV)bREp>*UbN0eqck7CXxj*`LT7I zgvsRU#p4j0%1};O<`%H??Y5w$1u*~jO!2Y=fF6gNgxG2<2RhZT4*;<@k&^R9FKHVInGKr}W>ipk@3p#Rzhq31M<{XjTSDX<2hf8Z)UNp3wPnLmlx{C_#mC$e0YYQ`)n958L^(D!HO)iJ(pbHwgkIs7H5eDpaV%*1A zjh~jTw_eW7D8E)b0*x6X+SL_n(reBkINj%hh}VxkVU0S}e+3JrXI&C&mr0~8yf(Dv z7&Y$^fz-Gs9%9p;L(LlYM8av-Gagc-#!*te6Q2js{o`M{L;nJD?xM>8b_k90!x5xt zhXM*LPcsw_N)_b?V*pz9aFluFa0*7%L|^~?hdBYOa%z@w?bH~I>N!MNVNNg|pEU!o zL^!0Z|F#zde=w~Xfj}z`4k(X`;PvYl6bNFDOsl$q809Dl^E3(p$E^CpF2La1Z2p7o zEl|`GXr1Bjjj5C;y7b`MeIpm+x9giyU z3p(*DKG8xZzbvglZ4`d_e{4YiK!^SdorquXKmKI_e`%pBG3ZwtP#ZOBp({E zI&)@d(4ZiP#@VwzZbY~Irv5@d-4HbJ+bkAXc^l9qjQj)*CyODj1j}N-}h38 zTTC49e{sH?Vi3=oS#zAUh{4EN{us{;8n^{b#nR3jJoDTq zcZq?TFTC-5=1j=rc;d=JfkUAyZwcA$e*j2p#G?L*$y(chku^I}PuXdIWQgT+8!aVv zjS3vL`0$AxVc|JPZqhWyW`@x#Hj@5@P29$5np?;z;-=#q%k{#Mkugosk?5IZyGe9p zh2G<{^bH%CTNv!Qg`($0wZUc<_~QpXm%Moz4}vjQkxMW(pJ#YJhd|%hq0o?SfBh;h z&Gxh>98IbNI}rU<(MBU41G=YiM#3~;eV_>$gF)p{m`-M77(~#G6p&RP*6K|H7BZ)$ z+~tKjk(~7*Wb&&YV^VYaO7qf2ev3B75=KLD(~V-!){ig^u$Z6bCA3b(TBtHC_^0?( z`i!$1C&S#ZDW?wZXUaMH-_!?rf0~C5Zt7edG0A*FV2Yr!E+VXYavTxw6?pjds)nf55}KGjI6| z5%<#_KF;uXi|5f2k%nG@934npyoyx30|8SDWFo*vAdKe5+pk}U z6Nb6@983$Ir&7+SAj zEUaF^Pz%g5t}qLU*Tp#Oe;t#C*OB1e zANfywZ07knh{EX6g2aBn#na`bD4OyrLV$Vl{ViGIA9d4&6= z9M2an?v+^s_9iQ2s|PF;L|TwqfhJv>Atx4c9~PF>G= zBEyIEqZROSe=%Oz$ufR7SS*HQg`QhZ{XYF^gStYeE*}?5_X(Z4K)*^C*p=saYxG{Q z{Ar^SR$u@3A7tn)S2noMd zsh{{efTJW`F!vvn@Yr22>oEfHz(5{wKs0DH02LUIdRk!S4z(*Ep=d4A0Y~BVn^Cqsk-&&Z4_|P^_Y&M7PW_Nve@&bR z^0;)}$#~@*JNF$$!i+x+1+E{+aIq!}XX%ZdiG5+-cxJiTTD0W*`K<3D*gRR2ZF)J{Rf)e(OD|aD(y4bCWXvfNo9| zv4b#+f&E>T92KP{a=P6%J^(GiMdwRw(F?je*rP-4QzYmEJ*0JS>+i+&cOA(G-1i8X zHmh3SDIS1n-8UFu{GHr&wH%?mn1Ybd2q_@g-Y@ouIA~Z95G3G`+F;6w=t{rrtz;_UsLFR73Ku@G=Uc9oxpIH>xc(=40)K9Ba}8PARKtJ0-$aELll3=hA;pWC5;x4 zAt&Ca@}nMvlchNZCr8Rpj+7s^j+9lQ3!1s!WIX#uxE8E57Dgw8f0l8Syl9V&COyi) zII)aJMT?^4Ub}i5gwbGVA-uyxp)SQ6E=X;_so&7+Bzj+^!3!<5+xmn+Y3>W0af_eP zj9ToBlll6+r`de)35T?^g>KP~<8R^H^J8gYJtnn<&g7`1{tEBrimp%8mGBX z`>`OQDrl>=k4(1JIRw{Ar8I9$StE&@YG1Y_>dPpjGPW+{tjh3&Z1eQciijxa^b3dc z(AAkA<@~|#6x9`%ZwY3<7+l`i(otF zkj8M`2M|$7Wdlk?&Ldna8iWI@L4#=Uvk?eaAlDwsq;RBxo}>UA_Akgj4M4&e^+%ZD zSpOy-)!Uh4e+4*wE3iaM=4o6Y=5KH)a#UWU*kHh16toIc_fW;GS;Ln7*gTkNR%SO8 zX#n>Kh!WPTBB7M!$1#&u|G(lM0`s$dh80-{zj(3I*n_OhTayEHHh-kFUpK7)0(hg< z5+G(PJGCz!8Ih`JNp}WAm!%$814nn zftaY=bh0?1s%f061Rq^H)6TGdw_aFK_uqeYQmA?v!&u%9ktXf3x(j_IR`N;#}zz*@` zw7)7Uzgq3X94or7iMjy%ZLxr~lK8L-ApXwk*V_VCEw_0kJ!Gv7K!1+fFFO$fVayRm zf1pbmIgS5d3~OdHNy*q(H#?ZhX9EDyIKzajo{e}3PvV`je_{K>r^tQU*<(sM`Wf$;k3wF~AK z2S_oxk{?%QT>$U$>~B)r<@p!E1S>`l+f7E3Mw77VD!=Ke+!A0 zW~MNH4Q9&7&Z@s_Fn2J-UuTVf!;fj>x%8AM_d`FYU;4XD^U;O0=68eqOK_03X+I!~ zGO9(0en*nkO?+~lXpsMg8q$;WEFk-T=>AQ z4QcyCU8mdlNg{uXyiUg#0M;Jle=SPF^bO?5?l!~-P-~ZFX%V&NX0qA3A3vgUKTHn?zcz~RoU4^c{AG}DWTj_HH7ZB47Vcfo)QHXa zMS~HUc}YKU(bxL@Nj?3fK~t}0jm1umwHX?3feqPw-HRG5X`BW=&zILY zt&vYO8sNdxWd6Wo&4Y%Zj({DO_NOT_EMULATE –

DEBUG_ENHANCEMENT module-attribute ¤

DEBUG_ENHANCEMENT = False

groups module-attribute ¤

groups = {v: _wfor (k, v) in (items()) if startswith('CS_GRP_')}
-

ops module-attribute ¤

ops = {v: _Bfor (k, v) in (items()) if startswith('CS_OP_')}
-

access module-attribute ¤

access = {v: _4for (k, v) in (items()) if startswith('CS_AC_')}
+

ops module-attribute ¤

ops = {v: _afor (k, v) in (items()) if startswith('CS_OP_')}
+

access module-attribute ¤

access = {v: _Sfor (k, v) in (items()) if startswith('CS_AC_')}

DO_NOT_EMULATE module-attribute ¤

DO_NOT_EMULATE = {CS_GRP_INT, CS_GRP_INVALID, CS_GRP_IRET}

DisassemblyAssistant ¤

DisassemblyAssistant(architecture: X86_MATH_INSTRUCTIONS
 
   
 
 
  groups  module-attribute  ¤
 
groups = {v: _Afor (k, v) in (items()) if startswith('X86_GRP_')}
-
 
 
 
 
 
  ops  module-attribute  ¤
 
ops = {v: _2for (k, v) in (items()) if startswith('X86_OP_')}
-
 
 
 
 
 
  regs  module-attribute  ¤
 
regs = {v: _qfor (k, v) in (items()) if startswith('X86_REG_')}
-
 
 
 
 
 
  access  module-attribute  ¤
 
access = {v: _Cfor (k, v) in (items()) if startswith('CS_AC_')}
+   (pwndbg.aglib.disasm.x86.X86_MATH_INSTRUCTIONS)" href=#pwndbg.aglib.disasm.x86.X86_MATH_INSTRUCTIONS>X86_MATH_INSTRUCTIONS
 
   
 
 
  groups  module-attribute  ¤
 
groups = {v: _Mfor (k, v) in (items()) if startswith('X86_GRP_')}
+
 
 
 
 
 
  ops  module-attribute  ¤
 
ops = {v: _Wfor (k, v) in (items()) if startswith('X86_OP_')}
+
 
 
 
 
 
  regs  module-attribute  ¤
 
regs = {v: _Kfor (k, v) in (items()) if startswith('X86_REG_')}
+
 
 
 
 
 
  access  module-attribute  ¤
 
access = {v: _Ifor (k, v) in (items()) if startswith('CS_AC_')}
 
 
 
 
 
 
  X86_MATH_INSTRUCTIONS  module-attribute  ¤
 
X86_MATH_INSTRUCTIONS = {
     X86_INS_ADD: "+",
     X86_INS_SUB: "-",
diff --git a/dev/reference/pwndbg/aglib/regs/index.html b/dev/reference/pwndbg/aglib/regs/index.html
index 407dd6dad..46f73b70e 100644
--- a/dev/reference/pwndbg/aglib/regs/index.html
+++ b/dev/reference/pwndbg/aglib/regs/index.html
@@ -1,4 +1,4 @@
- regs - Documentation      
 
  
  
 
  
 
 
 
 
  
 
 
 
 
 
  
 
 
 
 
 
 
  regs ¤
 
 
Reading register value from the inferior, and provides a standardized interface to registers like "sp" and "pc".
 
Classes:
  
Functions:
  
Attributes:
  
 
 
  pc  instance-attribute  ¤
 
pc: str = name
+
 
 
Program counter register
 
 
 
 
  stack  instance-attribute  ¤
 
stack: str = name
+
 
 
Stack pointer register
 
 
 
 
  frame  class-attribute instance-attribute  ¤
 
frame: str | None = name if frame else None
+
 
 
Frame pointer register
 
 
 
 
  retaddr  instance-attribute  ¤
 
retaddr: tuple[str, ...] = tuple((name) for x in retaddr)
+
 
 
Return address register
 
 
 
 
  flags  instance-attribute  ¤
 
flags: dict[str, BitFlags] = flags
+
 
 
Maps name of flag register (eflags, cpsr) to a structure detailing what the bits mean
 
 
 
 
  extra_flags  instance-attribute  ¤
 
extra_flags = extra_flags
 
 
 
 
 
 
  gpr  instance-attribute  ¤
 
gpr: tuple[str, ...] = tuple((name) for x in gpr)
-
 
 
 
 
 
  misc  instance-attribute  ¤
 
misc: tuple[str, ...] = misc
-
 
 
 
 
 
  args  instance-attribute  ¤
 
args: tuple[str, ...] = args
-
 
 
 
 
 
  retval  instance-attribute  ¤
 
retval: str | None = retval
-
 
 
 
 
 
  kernel  instance-attribute  ¤
 
kernel: KernelRegisterSet | None = kernel
-
 
 
 
 
 
  reg_definitions  instance-attribute  ¤
 
reg_definitions: dict[str,  
List of native-size general-purpose registers
 
 
 
 
  misc  instance-attribute  ¤
 
misc: tuple[str, ...] = misc
+
 
 
List of miscellaneous, valid registers
 
 
 
 
  args  instance-attribute  ¤
 
args: tuple[str, ...] = args
+
 
 
Register-based arguments for most common ABI
 
 
 
 
  retval  instance-attribute  ¤
 
retval: str | None = retval
+
 
 
Return value register
 
 
 
 
  kernel  instance-attribute  ¤
 
kernel: KernelRegisterSet | None = kernel
+
 
 
Extra registers for kernel debugging
 
 
 
 
  reg_definitions  instance-attribute  ¤
 
reg_definitions: dict[str, Reg] = {}
-
 
 
 
 
 
  full_register_lookup  instance-attribute  ¤
 
full_register_lookup: dict[str,  
Map of register name to Reg objects containing information on the register
 
 
 
 
  full_register_lookup  instance-attribute  ¤
 
full_register_lookup: dict[str, Reg] = {}
-
 
 
 
 
 
  common  class-attribute instance-attribute  ¤
 
common: list[str] = []
-
 
 
 
 
 
  emulated_regs_order  instance-attribute  ¤
 
emulated_regs_order: list[ 
Map of register name to the full register it resides in. Example mapping: "eax" -> Reg("rax")
 
A full size register maps to itself.
 
 
 
 
  common  class-attribute instance-attribute  ¤
 
common: list[str] = []
+
 
 
Common registers which should be displayed in the register context
 
 
 
 
  emulated_regs_order  instance-attribute  ¤
 
emulated_regs_order: list[ 
 
 
 
  __contains__ ¤
 
__contains__(reg: str) -> bool
+
 
 
All valid registers
 
 
 
 
  __contains__ ¤
 
__contains__(reg: str) -> bool
 
 
 
 
 
 
  __iter__ ¤
 
__iter__() -> Iterator[str]
 
 
 
 
 
 
 
 
 
  PseudoEmulatedRegisterFile ¤
 
PseudoEmulatedRegisterFile(register_set: RegisterSet, ptrsize: int)
 
 
 
This class represents a set of registers that can be written, read, and invalidated.
 
The aim is to allow some manual dynamic/static analysis without the need for a full emulator.
 
The implementation can handle the behavior of architectures with partial registers, such as x86 (Ex: rax has "eax", "ax", "ah", and "al" as subregisters) or AArch64 (Ex: X0 contains W0). Most of the complexity of the bitshifts and masks arise from the necessity to handle these cases.
 
Methods:
  
Attributes:
 
 
 
 
  read_register ¤
 
read_register(reg: str) -> int | None
 
 
 
 
 
 
  invalidate_all_registers ¤
 
invalidate_all_registers() -> None
 
 
 
 
 
 
  invalidate_register ¤
 
invalidate_register(reg: str) -> None
-
 
 
Invalidate the bits that a write to this register would override.
 
This can be used when we statically detect that a register is written, but we don't know the concrete value that is written so we have to invalidate any current knowledge of the register's bits.
 
 
 
 
  __repr__ ¤
 
__repr__()
+
 
 
Invalidate the bits that a write to this register would override.
 
This can be used when we statically detect that a register is written, but we don't know the concrete value that is written so we have to invalidate any current knowledge of the register's bits.
 
 
 
 
  __repr__ ¤
 
__repr__() -> str
 
 
 
 
 
 
 
 
 
 
  
   
    
 
 
 
 
     
\ No newline at end of file
diff --git a/dev/search/search_index.json b/dev/search/search_index.json
index f7b33af57..1b12be5b4 100644
--- a/dev/search/search_index.json
+++ b/dev/search/search_index.json
@@ -1 +1 @@
-{"config":{"lang":["en"],"separator":"[\\s\\u200b\\-_,:!=\\[\\]()\"`/]+|\\.(?!\\d)|&[lg]t;|(?!\\b)(?=[A-Z][a-z])","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":""},{"location":"#pwndbg","title":"pwndbg","text":"
pwndbg (/pa\u028an\u02c8di\u02ccb\u028c\u0261/) is a GDB and LLDB plug-in that makes debugging suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.
 
It has a boatload of features, see our Features page and CHEATSHEET (feel free to print it!). If you have any questions you may read the documentation or asks us in our Discord server.
"},{"location":"#why","title":"Why?","text":"
Vanilla GDB and LLDB are terrible to use for reverse engineering and exploit development. Typing x/30gx $rsp or navigating cumbersome LLDB commands is not fun and often provides minimal information. The year is 2025, and core debuggers still lack many user-friendly features such as a robust hexdump command. WinDbg users are completely lost when they occasionally need to bump into GDB or LLDB.
 
Pwndbg is a Python module which can be loaded into GDB or run as a REPL interface for LLDB. It provides a suite of utilities and enhancements that fill the gaps left by these debuggers, smoothing out rough edges and making them more user-friendly.
"},{"location":"#installation","title":"Installation","text":"
See installation instructions.
"},{"location":"#what-about","title":"What about ...?","text":"
Many past (gdbinit, PEDA) and present projects (GEF, bata24/GEF) offer great features, but are hard to extend and are packaged as large single files (103KB, 195KB, 423KB, 4.12MB). Pwndbg aims to replace them with a faster, cleaner, and more robust implementation.
"},{"location":"#when-to-use-gdb-or-lldb","title":"When to Use GDB or LLDB?","text":"
Pwndbg supports both GDB and LLDB, and each debugger has its own strengths. Here's a quick guide to help you decide which one to use:
 Use Case Supported Debugger Debugging Linux binaries or ELF files GDB, LLDB Debugging Mach-O binaries on macOS LLDB Linux kernel debugging (qemu-system) GDB, LLDB Linux user-space emulation (qemu-user) GDB Embedded debugging (ARM Cortex M* or RISC-V/32) GDB, LLDB 
Pwndbg ensures a consistent experience across both, so switching between them is seamless.
 
The LLDB implementation in pwndbg is still in early-stage and may contain bugs or limitations. Known issues are tracked in GitHub Issues.
 
If you encounter any problems, feel free to report them or discuss on our Discord server.
"},{"location":"#compatibility-table","title":"Compatibility Table","text":"Feature Supported Version Notes pwndbg-gdb - Python 3.10+ - GDB 12.1+ Battle-tested on Ubuntu 22.04/24.04 pwndbg-lldb - Python 3.12+ - LLDB 19+ Experimental/early-stage support qemu-user QEMU 8.1+ vFile API is needed for vmmap qemu-system QEMU 6.2+ Supported version since ubuntu 22.04"},{"location":"#contributing","title":"Contributing","text":"
Pull requests are welcome \u2764\ufe0f. Check out the Contributing Guide.
"},{"location":"#acknowledgements","title":"Acknowledgements","text":"
Pwndbg was originally created by Zach Riggle, who is no longer with us. We want to thank Zach for all of his contributions to pwndbg and the wider security community.
"},{"location":"features/","title":"Features","text":""},{"location":"features/#features","title":"Features","text":"
Pwndbg has a great deal of useful features. You can a see all available commands at any time by typing the pwndbg command or by checking the Commands section of the documentation. For configuration and theming see the Configuration section. Below is a subset of commands which are easy to capture in screenshots.
"},{"location":"features/#disassembly-and-emulation","title":"Disassembly and Emulation","text":"
Pwndbg leverages the capstone and unicorn engines, along with its own instrospection, to display, annotate and emulate instructions.
 
Operands of instructions are resolved, conditions evaluated, and only the instructions that will actually be executed are shown.
 
 
This is incredibly useful when stepping through jump tables, PLT entries, and ROPping.
 
"},{"location":"features/#context","title":"Context","text":"
A useful summary of the current execution context is printed every time the debugger stops (e.g. breakpoint or single-step), displaying all registers, the stack, call frames, disassembly, and additionally recursively dereferencing all pointers.  All memory addresses are color-coded to the type of memory they represent.
 
 
A history of previous context output is kept which can be accessed using the contextprev and contextnext commands.
"},{"location":"features/#arguments","title":"Arguments","text":"
All function call sites are annotated with the arguments to those functions.  This works best with debugging symbols, but also works in the most common case where an imported function (e.g. libc function via GOT or PLT) is used.
 
 
"},{"location":"features/#splitting-layouting-context","title":"Splitting / Layouting Context","text":"
The context sections can be distributed among different tty by using the contextoutput command. Thus, if you want to make better use of some of the empty space in the default Pwndbg output, you can split the panes in your terminal and redirect the various contexts among them.
 
 
See Splitting the Context for more information.
"},{"location":"features/#gdb-tui","title":"GDB TUI","text":"
The context sections are available as native GDB TUI windows named pwndbg_[sectionname]. There are some predefined layouts coming with Pwndbg which you can select using layout pwndbg or layout pwndbg_code.
 
 
See GDB TUI for more information.
"},{"location":"features/#watch-expressions","title":"Watch Expressions","text":"
You can add expressions to be watched by the context. Those expressions are evaluated and shown on every context refresh. For instance by doing contextwatch execute \"info args\" we can see the arguments of every function we are in (here we are in mmap):
 
 
See contextwatch for more information.
"},{"location":"features/#integrations","title":"Integrations","text":""},{"location":"features/#ghidra","title":"Ghidra","text":"
With the help of radare2 or rizin it is possible to show the decompiled source code of the ghidra decompiler.
 
See Ghidra Integration for more information.
"},{"location":"features/#ida-probinary-ninja","title":"IDA Pro/Binary Ninja","text":"
Pwndbg is capable of integrating with IDA Pro or Binary Ninja by installing an XMLRPC server in the decompiler as a plugin, and then querying it for information.
 
This allows extraction of comments, decompiled lines of source, breakpoints, symbols, and synchronized debugging (single-steps update the cursor in the decompiler).
 
 
See Binary Ninja Integration or IDA Integration for setup information.
"},{"location":"features/#heap-inspection","title":"Heap Inspection","text":"
Pwndbg provides commands for inspecting the heap and the allocator's state. Currently supported are:
 
     
  • glibc malloc
    •  
  • jemalloc
    •  
  • linux's buddy allocator
    •  
  • linux's SLUB allocator
    •  
 
See some of the commands for glibc malloc:  
"},{"location":"features/#lldb","title":"LLDB","text":"
While most other GDB plugins are well GDB plugins, Pwndbg's implementation is debugger-agnostic. You can use Pwndbg with LLDB!
 
"},{"location":"features/#windbg-compatibility","title":"WinDbg Compatibility","text":"
For those coming from a Windows background, Pwndbg has a complete WinDbg compatibility layer.  You can dd, dps, eq, and even eb $rip 90 to your heart's content.
 
"},{"location":"features/#go-debugging","title":"Go Debugging","text":"
Pwndbg has support for dumping complex Go values like maps and slices, including automatically parsing out type layouts in certain cases.
 
See the Go debugging guide for more information.
"},{"location":"features/#so-many-commands","title":"So many commands","text":"
Go take a look at Commands! Here is some cool stuff you can do to get you started.
"},{"location":"features/#process-state-inspection","title":"Process State Inspection","text":"
Use the procinfo command in order to inspect the current process state, like UID, GID, Groups, SELinux context, and open file descriptors! Pwndbg works particularly well with remote GDB debugging like with Android phones.
 
 
"},{"location":"features/#rop-gadgets","title":"ROP Gadgets","text":"
Tools for finding rop gadgets statically don't know about everything that will be loaded into the address space and they can make mistakes about which addresses will actually end up executable. You can now rop at runtime with Pwndbg's rop and ropper.
 
"},{"location":"features/#search","title":"Search","text":"
Pwndbg makes searching the target memory space easy, with a complete and easy-to-use interface.  Whether you're searching for bytes, strings, or various sizes of integer values or pointers, it's a simple command away.
 
"},{"location":"features/#finding-leaks","title":"Finding Leaks","text":"
Finding leak chains can be done using the leakfind and probeleak commands. They recursively inspect address ranges for pointers, and report on all pointers found.
 
 
"},{"location":"features/#telescope","title":"Telescope","text":"
Inspecting memory dumps is easy with the telescope command.  It recursively dereferences a range of memory, letting you see everything at once.  As an added bonus, Pwndbg checks all of the available registers to see if they point into the memory range.
 
"},{"location":"features/#virtual-memory-maps","title":"Virtual Memory Maps","text":"
Pwndbg enhances the standard memory map listing and allows easy searching with vmmap.
 
 
"},{"location":"features/#tracking-glibc-heap-allocations","title":"Tracking glibc heap allocations","text":"
It can be very useful to see allocations happening in real time. It can give us a good idea of what the allocation pattern of a program looks like, and allows us to make informed decisions on how to optimize or attack it. The track-heap command does just that.
"},{"location":"features/#tracking-the-got","title":"Tracking the GOT","text":"
The Procedure Linkage Table (PLT) and Global Offset Table (GOT) are very interesting exploitation targets since they contain many often-accessed function pointers. You can track how your program goes through the GOT using the track-got command.
"},{"location":"features/#attach-to-a-process-by-name","title":"Attach to a process by name","text":"
The days of running pidof in a different terminal are over. Use attachp to attach to any process by name, pid, arguments or device file!
 
"},{"location":"setup/","title":"Setup","text":"
There are multiple ways to install Pwndbg, depending on whether you want to use it with GDB, with LLDB, use a portable release, or install it from source.
"},{"location":"setup/#installing-pwndbg-gdb","title":"Installing pwndbg-gdb","text":"
Install via curl/sh (Linux/macOS) 
curl --proto '=https' --tlsv1.2 -LsSf 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb\n
 Install via GNU wget/sh (Linux/macOS) 
wget --https-only --secure-protocol=TLSv1_2 -qO- 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb\n
 Install via BusyBox wget/sh (Linux/macOS) 
wget -qO- 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb\n
 Install via Homebrew (macOS) 
brew install pwndbg/tap/pwndbg-gdb\n
 Install via the Nix package manager (Linux/macOS) 
nix shell github:pwndbg/pwndbg\n
"},{"location":"setup/#official-pwndbg-packages","title":"Official Pwndbg packages","text":"
When installing with GDB, you may also download a package to install through your package manager of choice. Download the package from the releases page and pick the appropriate download from the second table.
 
RPM-based Systems (CentOS/Alma/Rocky/RHEL): 
dnf install ./pwndbg-2025.10.20.x86_64.rpm\n
 DEB-based Systems (Debian/Ubuntu/Kali): 
apt install ./pwndbg_2025.10.20_amd64.deb\n
 Alpine: 
apk add --allow-untrusted ./pwndbg_2025.10.20_x86_64.apk\n
 Arch Linux: 
pacman -U ./pwndbg-2025.10.20-1-x86_64.pkg.tar.zst\n
"},{"location":"setup/#distro-packages","title":"Distro packages","text":"
You may want to install Pwndbg through your distribution's package manager. This installation method is not officially supported because we cannot control the versions of the python dependencies Pwndbg uses in this case. Please use any other installation method when reproducing bug reports (portable package is probably simplest in this case). If a bug reproduces with a distro package but not with any of the supported installation methods, please report it to the package maintainer; if the problem cannot be fixed, let us know and we will add it to a list of known issues below.
 ArchGentoo 
sudo pacman -S pwndbg\n
 You will also need to source Pwndbg from your ~/.gdbinit. Add this line to the beginning of that file: 
source /usr/share/pwndbg/gdbinit.py\n
 Pwndbg will be started every time you invoke gdb now.
 
Note that the Arch package is quite outdated. Once it gets updated you will not need the source line in your ~/.gdbinit and will be able to run Pwndbg with the pwndbg and pwndbg-lldb commands. See packaging Pwndbg.
 
sudo emerge --ask dev-debug/pwndbg\n
 Pwndbg will now be available with the pwndbg and pwndbg-lldb commands.
"},{"location":"setup/#installing-pwndbg-lldb","title":"Installing pwndbg-lldb","text":"
These installation methods provide the 
pwndbg-lldb ./your-binary\n
 command.
 
Install via curl/sh (Linux/macOS) 
curl --proto '=https' --tlsv1.2 -LsSf 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb\n
 Install via Homebrew (macOS) 
brew install pwndbg/tap/pwndbg-lldb\n
 Install via the Nix package manager (Linux/macOS): 
nix shell github:pwndbg/pwndbg#pwndbg-lldb\n
"},{"location":"setup/#download-the-portable-version","title":"Download the Portable Version","text":"
You can download a portable release on the Pwndbg releases page. There are seperate releases for GDB and LLDB. Use the first table to pick the appropriate download for your system architecture. You can then unpack the archive with: 
tar -v -xf <archive-name>\n
 And run Pwndbg with 
./pwndbg/bin/pwndbg\n
 or 
./pwndbg/bin/pwndbg-lldb\n
 depending on which version you installed. You may add the appropriate file to your shell's PATH.
"},{"location":"setup/#removing-quarantine-flags-macos","title":"Removing Quarantine Flags (macOS)","text":"
When first setting up the portable version of Pwndbg in macOS, Gatekeeper will normally try to prevent any code in the extracted files from running until the user explicitly allows each file to be run. As we ship many files which would require this, the process of manually granting permission for each one to be run can get quite tiresome.
 
In order to do this to all files at once, you may choose to run the following command, which removes the quarantine flag from all extracted files at once:
 
xattr -rd com.apple.quarantine pwndbg\n
 
Assuming that the files were extracted to a folder called pwndbg.
"},{"location":"setup/#installing-from-source","title":"Installing from source","text":"
See contributing/Installing Pwndbg from source, you do not need the \"The development environment\" section. The TLDR is to run the following (but see the aforementioned link for more details): 
git clone https://github.com/pwndbg/pwndbg\ncd pwndbg\n./setup.sh\n
"},{"location":"blog/","title":"Blog","text":""},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/","title":"Pwndbg coding sprints report","text":"
(originally posted on https://disconnect3d.pl/2022/08/21/pwndbg-coding-sprints/)
 
This blog post is a report of the two coding sprints for the Pwndbg project that I organized first on the EuroPython 2022 conference and then, taking inspiration from the previous one, in the Hackerspace Krak\u00f3w, located in Cracow, Poland.
 
PS: If you are only looking for a list of things done, scroll down!
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#where-i-got-the-idea-for-sprints","title":"Where I got the idea for sprints?","text":"
I have recently attended the EuroPython 2022 conference and I enjoyed the \u201csprints\u201d there. In short, a sprint is a semi-organized event, where anyone can announce a project they will be working on and others can join them. This helps both the projects and the event participants to learn about the project and to make first-time contributions. At the EuroPython conference, there were 16 officially announced projects, but I know that even more projects were being worked on in practice. Of course, other communities or conferences also do this (e.g. NixCon).
 
At the EuroPython conference, I announced my own sprint to work on the Pwndbg project that I maintain. Having no expectations, I felt excited when four people showed up to learn something new and hack together on the project. Later, taking inspiration from it, I organized another sprint, this time in Cracow in the local Hackerspace with even a bigger response. Below, you can read a small report on the two sprints that have happened.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#my-general-idea-for-a-pwndbg-sprint","title":"My general idea for a Pwndbg sprint","text":"
Pwndbg is written in Python, so on one hand is easy to hack on, but on the other hand it is a plugin for GDB, a console debugger for native programs (e.g. ones written in C, C++, Go or Rust). The general idea of Pwndbg is to alleviate the pain points of working with and improve the UX of GDB when debugging assembly code, reverse engineering a binary or during exploit development.
 
Since not everyone is familiar with debuggers or the underlyings of programs execution (e.g. assembly code, CPU registers or stack or heap memory) I knew that I had to make some introduction to those concepts and if possible, prepare a list of simple tasks, so that people can get familiar with the codebase and the tool and contribute something.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#europython-2022-sprint","title":"EuroPython 2022 sprint","text":"
On the first sprint, four people showed up, mostly having no prior experience with the topic. We started with an introduction to what GDB and Pwndbg are and why and when they are useful.
 
For this, I took a small C program that had a buffer overflow bug: 
#include <stdio.h>\n#include <string.h>\n\nint main(int argc, char* argv[]) {\n    char name[16] = {0};\n\n    // NOTE: We copy the `argv[1]` string which may be of arbitrary length\n    // into the `name` buffer which is only of 16-bytes long. Thus, we can\n    // overwrite the stack memory of the program past the `name` buffer.\n    strcpy(name, argv[1]);\n\n    printf(\"Hello %s!\\n\", name);\n}\n
 
Then, after compiling it (gcc main.c), we ran the program twice to see that it will crash if we provide a too long string as its argument:
 
$ ./a.out Disconnect3d\nHello Disconnect3d!\n\n$ ./a.out Disconnect3d_at_EuroPython\nHello Disconnect3d_at_EuroPython!\n*** stack smashing detected ***: <unknown> terminated\nAborted (core dumped)\n
 
Then, I explained that the \"stack smashing detected\" we see is the \"stack canaries\" (also called \"stack cookies\") exploit mitigation added by compilers. This compiler feature adds a special 8-bytes canary value after the function's local variables located on the stack, so that then a stack frame may look like this:
 
------------------------------   lower addresses\nchar name[16];                         |\nuint8_t canary[8];                     |\nvoid* function_return_address;         V\n------------------------------   higher addresses\n
 
This local stack canary value is then filled in just after the function\u2019s prologue and is verified against a global value before the function returns to see if the stack was not corrupted (starting from the canary). Of course this may not detect all possible stack memory corruptions but it often makes it impossible to exploit a program (e.g. by changing the return address, also located on the stack), knowing just this vulnerability.
 
The stack canary mitigation can also be disabled. And if it were done (by passing in a -fno-stack-protector flag during compilation), we would get a different result when running the resulting program:
 
$ gcc -fno-stack-protector buf.c\n\n$ ./a.out Disconnect3d_on_EuroPython\nHello Disconnect3d_on_EuroPython!\nSegmentation fault (core dumped)\n
 
Now, the \"stack smashing detected\" is gone, but the program still crashed, because we still corrupted a part of its memory that we shouldn't have touched in a way that made the program do illegal things (e.g. accessing unmapped memory).
 
During the sprint, we also ran a GDB+Pwndbg session to see the exact instructions that placed the canary value on the stack memory, to see that our input string was located just before it and how the canary was checked just before the function was returned.
 
I am not going to describe all of this here, but you can see some of it in the below asciinema recording.
 
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#hackerspace-krakow-sprint","title":"Hackerspace Krak\u00f3w sprint","text":"
Since the second sprint was an ad-hoc event, I had to organize it myself. As a member of Hackerspace Krak\u00f3w, I was able to reserve the hackerspace's softroom, which is a perfect place for people to hack on things using their computers. Then, I advertised the event on the Hackerspace's mailing list and on a few other mediums.
 
I did not expect many people to come, especially that I advertised the sprint ~2 days before the event.
 
But... 8 people (!) showed up (excluding me). I prepared a document with some basic information and tasks, which can be found here (though, it is in Polish and it was modified during and after the sprint).
 
I won't lie: most people that came were friends of mine, some of which I play CTFs with. However, not all of them had really used or developed Pwndbg before.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#accomplishments-from-the-two-sprints","title":"Accomplishments from the two sprints","text":"
On the EP sprint, since we were just a group of four, we focused on small improvements to the codebase. In total, we did the following: * reviewed and merged the fs/gs_base fetching improvement PR, * pinned the project's dependencies, * updated the unicorn dependency version, * added a \"tip of the day\" feature, * improved the UX of using Pwndbg within a Python virtual environment, * and also worked on enhancing the display of arguments when stopping on a call to the printf functions family.
 
The last item from the list was the hardest to jump on and it still requires enhancements until it is merged. Nonetheless, all of this was a nice outcome from the whole sprint :).
 
On the second sprint, while we were a bigger group, we had much more limited time (since instead of having ~8 hours, we had just a few). Anyway, we were able to do the following:
 
     
  • Cleanup some code leftover after dropping Python 2 support,
    •  
  • Added documentation on how to debug Pwndbg using PyCharm remote debugging,
    •  
  • Reviewed and merged the PRs that sets $base_heap variable and a tip for it, which may be useful for heap exploitation,
    •  
  • Fix the X30 register display on AARCH64 targets,
    •  
  • Fix context args display when PC/IP register pointed to unmapped memory,
    •  
  • Fixed the xor and memfrob commands and added tests for them (! :D),
    •  
  • Worked on adding a way to dump memory that can be copied right away as C or Python code (this needs to be changed to a command flag),
    •  
  • Investigated a potential parsing issue, even looking at GDB's command parsing source code, implemented potential patch, which only later turned out to be redundant and the issue to be invalid.
    •  
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#summary-and-whats-next","title":"Summary and what's next?","text":"
Organizing those sprints helped me to get back to develop the Pwndbg project more and and attract more people to contribute to it. I also think that more conferences should have this kind of attractions (similarly as more conferences should have lightning talk sessions, heh).
 
Regarding the Pwndbg sprints, I am organizing another one this week in Cracow on Tuesday, so if you live nearby and are interested in learning about Pwndbg or contributing to the project, feel invited! :)
 
PS: Thanks a lot to @arturcygan for reviewing this blog post.
"},{"location":"commands/","title":"Index","text":""},{"location":"commands/#commands","title":"Commands","text":""},{"location":"commands/#breakpoint","title":"Breakpoint","text":"
     
  • break-if-not-taken - Breaks on a branch if it is not taken.
    •  
  • break-if-taken - Breaks on a branch if it is taken.
    •  
  • breakrva - Break at RVA from PIE base.
    •  
  • ignore - Set ignore-count of breakpoint number N to COUNT.
    •  
"},{"location":"commands/#context","title":"Context","text":"
     
  • context - Print out the currently enabled context sections.
    •  
  • contextnext - Select next entry in context history.
    •  
  • contextoutput - Sets the output of a context section.
    •  
  • contextprev - Select previous entry in context history.
    •  
  • contextsearch - Search for a string in the context history and select that entry.
    •  
  • contextunwatch - Removes an expression previously added to be watched.
    •  
  • contextwatch - Adds an expression to be shown on context.
    •  
  • regs - Print out all registers and enhance the information.
    •  
"},{"location":"commands/#darwinlibsystemmach-o","title":"Darwin/libsystem/Mach-O","text":"
     
  • commpage - Dumps all values from the macOS commpage.
    •  
"},{"location":"commands/#developer","title":"Developer","text":"
     
  • dev-dump-instruction - Dump internal PwndbgInstruction attributes.
    •  
  • log-level - Set the log level.
    •  
"},{"location":"commands/#disassemble","title":"Disassemble","text":"
     
  • emulate - Like nearpc, but will emulate instructions from the current $PC forward.
    •  
  • nearpc - Disassemble near a specified address.
    •  
"},{"location":"commands/#glibc-ptmalloc2-heap","title":"GLibc ptmalloc2 Heap","text":"
     
  • arena - Print the contents of an arena.
    •  
  • arenas - List this process's arenas.
    •  
  • bins - Print the contents of all an arena's bins and a thread's tcache.
    •  
  • fastbins - Print the contents of an arena's fastbins.
    •  
  • find-fake-fast - Find candidate fake fast or tcache chunks overlapping the specified address.
    •  
  • heap - Iteratively print chunks on a heap.
    •  
  • hi - Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
    •  
  • largebins - Print the contents of an arena's largebins.
    •  
  • malloc-chunk - Print a chunk.
    •  
  • mp - Print the mp_ struct's contents.
    •  
  • smallbins - Print the contents of an arena's smallbins.
    •  
  • tcache - Print a thread's tcache contents.
    •  
  • tcachebins - Print the contents of a tcache.
    •  
  • top-chunk - Print relevant information about an arena's top chunk.
    •  
  • try-free - Check what would happen if free was called with given address.
    •  
  • unsortedbin - Print the contents of an arena's unsortedbin.
    •  
  • vis-heap-chunks - Visualize chunks on a heap.
    •  
"},{"location":"commands/#integrations","title":"Integrations","text":"
     
  • ai - Ask GPT-3 a question about the current debugging context.
    •  
  • bn-sync - Synchronize Binary Ninja's cursor with GDB.
    •  
  • decomp - Use the current integration to decompile code near an address.
    •  
  • j - Synchronize IDA's cursor with GDB.
    •  
  • r2 - Launches radare2.
    •  
  • r2pipe - Execute stateful radare2 commands through r2pipe.
    •  
  • rop - Dump ROP gadgets with Jon Salwan's ROPgadget tool.
    •  
  • ropper - ROP gadget search with ropper.
    •  
  • rz - Launches rizin.
    •  
  • rzpipe - Execute stateful rizin commands through rzpipe.
    •  
  • save-ida - Save the ida database.
    •  
"},{"location":"commands/#kernel","title":"Kernel","text":"
     
  • binder - Show Android Binder information
    •  
  • buddydump - Displays metadata and freelists of the buddy allocator.
    •  
  • kbase - Finds the kernel virtual base address.
    •  
  • kbpf - Prints information about the linux kernel bpf progs and maps.
    •  
  • kchecksec - Checks for kernel hardening configuration options.
    •  
  • kcmdline - Return the kernel commandline (/proc/cmdline).
    •  
  • kconfig - Outputs the kernel config.
    •  
  • kcurrent - Displays the current kernel task debugged by the debugger (gdb/lldb) if pid == None
    •  
  • kdmabuf - Prints DMA buf info
    •  
  • kdmesg - Displays the kernel ring buffer (dmesg) contents.
    •  
  • kfile - Displays information about fds accessible by a kernel task.
    •  
  • klookup - Lookup kernel symbols
    •  
  • kmem-trace - Trace kernel memory (SLUB and buddy) allocations and frees.
    •  
  • kmod - Displays the loaded Linux kernel modules.
    •  
  • knft-dump - Dump all nftables: tables, chains, rules, expressions
    •  
  • knft-list-chains - Dump netfilter chains form a specific table
    •  
  • knft-list-exprs - Dump only expressions from specific rule
    •  
  • knft-list-flowtables - Dump netfilter flowtables from a specific table
    •  
  • knft-list-objects - Dump netfilter objects from a specific table
    •  
  • knft-list-rules - Dump netfilter rules form a specific chain
    •  
  • knft-list-sets - Dump netfilter sets from a specific table
    •  
  • knft-list-tables - Dump netfliter tables from a specific network namespace
    •  
  • ksyscalls - Displays Linux syscall table, including names and addresses of syscalls.
    •  
  • ktask - Displays information about kernel tasks.
    •  
  • kversion - Outputs the kernel version (/proc/version).
    •  
  • msr - Read or write to Model Specific Register (MSR)
    •  
  • p2v - Translate physical address to its corresponding virtual address.
    •  
  • pageinfo - Convert a pointer to a struct page to its corresponding virtual address.
    •  
  • pagewalk - Performs pagewalk.
    •  
  • slab - Prints information about the linux kernel's slab allocator SLUB.
    •  
  • v2p - Translate virtual address to its corresponding physmap address.
    •  
  • vmlinux - Load bzImage or vmlinux file to add kernel debug symbols.
    •  
"},{"location":"commands/#linuxlibcelf","title":"Linux/libc/ELF","text":"
     
  • argc - Prints out the number of arguments.
    •  
  • argv - Prints out the contents of argv.
    •  
  • aslr - Check the current ASLR status, or turn it on/off.
    •  
  • auxv-explore - Explore and print information from the Auxiliary ELF Vector.
    •  
  • auxv - Print information from the Auxiliary ELF Vector.
    •  
  • elfsections - Prints the section mappings contained in the ELF header.
    •  
  • envp - Prints out the contents of the environment.
    •  
  • errno - Converts errno (or argument) to its string representation.
    •  
  • got - Show the state of the Global Offset Table.
    •  
  • gotplt - Prints any symbols found in the .got.plt section if it exists.
    •  
  • libcinfo - Show libc version and link to its sources
    •  
  • linkmap - Show the state of the Link Map
    •  
  • onegadget - Find gadgets which single-handedly give code execution.
    •  
  • parse-seccomp - Parse a struct sock_fprog from memory and dump its filter
    •  
  • piebase - Calculate VA of RVA from PIE base.
    •  
  • plt - Prints any symbols found in Procedure Linkage Table sections if any exist.
    •  
  • strings - Extracts and displays ASCII strings from readable memory pages of the debugged process.
    •  
  • threads - List all threads belonging to the selected inferior.
    •  
  • tls - Print out base address of the current Thread Local Storage (TLS).
    •  
  • track-got - Controls GOT tracking
    •  
  • track-heap - Manages the heap tracker.
    •  
"},{"location":"commands/#memory","title":"Memory","text":"
     
  • distance - Print the distance between the two arguments, or print the offset to the address's page base.
    •  
  • dump-register-frame - Display the registers saved to memory for a certain frame type
    •  
  • gdt - Decode X86-64 GDT entries at address
    •  
  • go-dump - Dumps a Go value of a given type at a specified address.
    •  
  • go-type - Dumps a Go runtime reflection type at a specified address.
    •  
  • hexdump - Hexdumps data at the specified address or module name.
    •  
  • leakfind - Attempt to find a leak chain given a starting address.
    •  
  • memfrob - Memfrobs a region of memory (xor with '*').
    •  
  • mmap - Calls the mmap syscall and prints its resulting address.
    •  
  • mprotect - Calls the mprotect syscall and prints its result value.
    •  
  • p2p - Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
    •  
  • probeleak - Pointer scan for possible offset leaks.
    •  
  • search - Search memory for byte sequences, strings, pointers, and integer values.
    •  
  • telescope - Recursively dereferences pointers starting at the specified address.
    •  
  • vmmap-add - Add virtual memory map page.
    •  
  • vmmap-clear - Clear the vmmap cache.
    •  
  • vmmap-explore - Explore a page, trying to guess permissions.
    •  
  • vmmap - Print virtual memory map pages.
    •  
  • xinfo - Shows offsets of the specified address from various useful locations.
    •  
  • xor - XOR count bytes at address with the key key.
    •  
"},{"location":"commands/#misc","title":"Misc","text":"
     
  • asm - Assemble shellcode into bytes
    •  
  • checksec - Prints out the binary security settings using checksec.
    •  
  • comm - Put comments in assembly code.
    •  
  • cyclic - Cyclic pattern creator/finder.
    •  
  • cymbol - Manage custom C structures in pwndbg. Supports project-specific auto-loading from .gdbinit.
    •  
  • down - Select and print stack frame called by this one.
    •  
  • dt - Dump out information on a type (e.g. ucontext_t).
    •  
  • dumpargs - Prints determined arguments for call/syscall instruction.
    •  
  • getfile - Gets the current file.
    •  
  • hex2ptr - Converts a space-separated hex string to a little-endian address.
    •  
  • hijack-fd - Replace a file descriptor of a debugged process.
    •  
  • ipi - Start an interactive IPython prompt.
    •  
  • patch-list - List all patches.
    •  
  • patch-revert - Revert patch at given address.
    •  
  • patch - Patches given instruction with given code or bytes.
    •  
  • plist - Dumps the elements of a linked list.
    •  
  • sigreturn - Display the SigreturnFrame at the specific address
    •  
  • spray - Spray memory with cyclic() generated values
    •  
  • tips - Shows tips.
    •  
  • up - Select and print stack frame that called this one.
    •  
  • valist - Dumps the arguments of a va_list.
    •  
  • vmmap-load - Load virtual memory map pages from ELF file.
    •  
"},{"location":"commands/#process","title":"Process","text":"
     
  • killthreads - Kill all or given threads.
    •  
  • pid - Gets the pid.
    •  
  • procinfo - Display information about the running process.
    •  
"},{"location":"commands/#pwndbg","title":"Pwndbg","text":"
     
  • bugreport - Generate a bug report.
    •  
  • config - Shows Pwndbg-specific configuration.
    •  
  • configfile - Generates a configuration file for the current Pwndbg options.
    •  
  • heap-config - Shows heap related configuration.
    •  
  • memoize - Toggles memoization (caching).
    •  
  • profiler - Utilities for profiling Pwndbg.
    •  
  • pwndbg - Prints out a list of all Pwndbg commands.
    •  
  • reinit-pwndbg - Makes Pwndbg reinitialize all state.
    •  
  • reload - Reload Pwndbg.
    •  
  • theme - Shows Pwndbg-specific theme configuration.
    •  
  • themefile - Generates a configuration file for the current Pwndbg theme options.
    •  
  • version - Displays Pwndbg and its important deps versions.
    •  
"},{"location":"commands/#register","title":"Register","text":"
     
  • cpsr - Print out ARM CPSR or xPSR register.
    •  
  • fsbase - Prints out the FS base address. See also $fsbase.
    •  
  • gsbase - Prints out the GS base address. See also $gsbase.
    •  
  • setflag - Modify the flags register.
    •  
"},{"location":"commands/#stack","title":"Stack","text":"
     
  • canary - Print out the current stack canary.
    •  
  • retaddr - Print out the stack addresses that contain return addresses.
    •  
  • stack-explore - Explore stack from all threads.
    •  
  • stack - Dereferences on stack data with specified count and offset.
    •  
  • stackf - Dereferences on stack data, printing the entire stack frame with specified count and offset .
    •  
"},{"location":"commands/#start","title":"Start","text":"
     
  • attachp - Attaches to a given pid, process name, process found with partial argv match or to a device file.
    •  
  • entry - Start the debugged program stopping at its entrypoint address.
    •  
  • sstart - Alias for 'tbreak __libc_start_main; run'.
    •  
  • start - Start the debugged program stopping at the first convenient location
    •  
"},{"location":"commands/#stepnextcontinue","title":"Step/Next/Continue","text":"
     
  • nextcall - Breaks at the next call instruction.
    •  
  • nextjmp - Breaks at the next jump instruction.
    •  
  • nextproginstr - Breaks at the next instruction that belongs to the running program.
    •  
  • nextret - Breaks at next return-like instruction.
    •  
  • nextsyscall - Breaks at the next syscall not taking branches.
    •  
  • stepover - Breaks on the instruction after this one.
    •  
  • stepret - Breaks at next return-like instruction by 'stepping' to it.
    •  
  • stepsyscall - Breaks at the next syscall by taking branches.
    •  
  • stepuntilasm - Breaks on the next matching instruction.
    •  
  • xuntil - Continue execution until an address or expression.
    •  
"},{"location":"commands/#windbg","title":"WinDbg","text":"
     
  • bc - Clear the breakpoint with the specified index.
    •  
  • bd - Disable the breakpoint with the specified index.
    •  
  • be - Enable the breakpoint with the specified index.
    •  
  • bl - List breakpoints.
    •  
  • bp - Set a breakpoint at the specified address.
    •  
  • da - Dump a string at the specified address.
    •  
  • db - Starting at the specified address, dump N bytes.
    •  
  • dc - Starting at the specified address, hexdump.
    •  
  • dd - Starting at the specified address, dump N dwords.
    •  
  • dds - Dump pointers and symbols at the specified address.
    •  
  • dq - Starting at the specified address, dump N qwords.
    •  
  • ds - Dump a string at the specified address.
    •  
  • dw - Starting at the specified address, dump N words.
    •  
  • eb - Write hex bytes at the specified address.
    •  
  • ed - Write hex dwords at the specified address.
    •  
  • eq - Write hex qwords at the specified address.
    •  
  • ew - Write hex words at the specified address.
    •  
  • ez - Write a string at the specified address.
    •  
  • eza - Write a string at the specified address.
    •  
  • go - WinDbg compatibility alias for 'continue' command.
    •  
  • k - Print a backtrace (alias 'bt').
    •  
  • ln - List the symbols nearest to the provided value.
    •  
  • pc - WinDbg compatibility alias for 'nextcall' command.
    •  
  • peb - Not be windows.
    •  
"},{"location":"commands/#jemalloc-heap","title":"jemalloc Heap","text":"
     
  • jemalloc-extent-info - Prints extent information for the given address
    •  
  • jemalloc-find-extent - Returns extent information for pointer address allocated by jemalloc
    •  
  • jemalloc-heap - Prints all extents information
    •  
"},{"location":"commands/#musl","title":"musl","text":"
     
  • mallocng-dump - Dump the mallocng heap.
    •  
  • mallocng-explain - Gives a quick explanation of musl's mallocng allocator.
    •  
  • mallocng-find - Find slot which contains the given address.
    •  
  • mallocng-group - Print out information about a mallocng group at the given address.
    •  
  • mallocng-malloc-context - Print out the mallocng __malloc_context (ctx) object.
    •  
  • mallocng-meta-area - Print out a mallocng meta_area object at the given address.
    •  
  • mallocng-meta - Print out information about a mallocng group given the address of its meta.
    •  
  • mallocng-slot-start - Dump information about a mallocng slot, given its start address.
    •  
  • mallocng-slot-user - Dump information about a mallocng slot, given its user address.
    •  
  • mallocng-visualize-slots - Visualize slots in a group.
    •  
"},{"location":"commands/breakpoint/break-if-not-taken/","title":"Break if not taken","text":""},{"location":"commands/breakpoint/break-if-not-taken/#break-if-not-taken","title":"break-if-not-taken","text":"
(only in GDB)
 
usage: break-if-not-taken [-h] branch\n
 
Breaks on a branch if it is not taken.
"},{"location":"commands/breakpoint/break-if-not-taken/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help branch The branch instruction to break on."},{"location":"commands/breakpoint/break-if-not-taken/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/break-if-taken/","title":"Break if taken","text":""},{"location":"commands/breakpoint/break-if-taken/#break-if-taken","title":"break-if-taken","text":"
(only in GDB)
 
usage: break-if-taken [-h] branch\n
 
Breaks on a branch if it is taken.
"},{"location":"commands/breakpoint/break-if-taken/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help branch The branch instruction to break on."},{"location":"commands/breakpoint/break-if-taken/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/breakrva/","title":"Breakrva","text":""},{"location":"commands/breakpoint/breakrva/#breakrva","title":"breakrva","text":"
(only in GDB)
 
usage: breakrva [-h] [offset] [module]\n
 
Break at RVA from PIE base.
 
Alias: brva
"},{"location":"commands/breakpoint/breakrva/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help offset Offset to add. (default: 0) module Module to choose as base. Defaults to the target executable. (default: '')"},{"location":"commands/breakpoint/breakrva/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/ignore/","title":"Ignore","text":""},{"location":"commands/breakpoint/ignore/#ignore","title":"ignore","text":"
(only in GDB)
 
usage: ignore [-h] [N] COUNT\n
 
Set ignore-count of breakpoint number N to COUNT.
 
While the ignore count is positive, execution will not stop on the breakpoint.
 
By default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.
"},{"location":"commands/breakpoint/ignore/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help bpnum The breakpoint number N. count The number to set COUNT."},{"location":"commands/breakpoint/ignore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/context/","title":"Context","text":""},{"location":"commands/context/context/#context","title":"context","text":"
usage: context [-h] [--on] [--off] [subcontext ...]\n
 
Print out the currently enabled context sections.
 
This is the text that gets printed on every stop. It can be useful to run this command manually when you change some process/debugger state but don't want to step/continue (e.g. after using the down and up commands).
 
Alias: ctx
"},{"location":"commands/context/context/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help subcontext Submenu to display: 'regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'"},{"location":"commands/context/context/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --on Show the section(s) in subsequent context commands again. The section(s) have to be in the 'context-sections' list. --off Do not show the section(s) in subsequent context commands even though they might be in the 'context-sections' list."},{"location":"commands/context/context/#notes","title":"Notes","text":"
To see more commands related to context control run: 
pwndbg -c context\n
 To see context configuration run: 
config context\n
"},{"location":"commands/context/context/#usage-example","title":"Usage example","text":""},{"location":"commands/context/contextnext/","title":"Contextnext","text":""},{"location":"commands/context/contextnext/#contextnext","title":"contextnext","text":"
usage: contextnext [-h] [count]\n
 
Select next entry in context history.
 
Alias: ctxn
"},{"location":"commands/context/contextnext/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count The number of entries to go forward in history (default: 1)"},{"location":"commands/context/contextnext/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextoutput/","title":"Contextoutput","text":""},{"location":"commands/context/contextoutput/#contextoutput","title":"contextoutput","text":"
usage: contextoutput [-h] section path clearing [banner] [width]\n
 
Sets the output of a context section.
 
Alias: ctx-out
"},{"location":"commands/context/contextoutput/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help section The section which is to be configured. ('regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal') path The path to which the output is written clearing Indicates whether to clear the output banner Where a banner should be placed: both, top , bottom, none (default: 'both') width Sets a fixed width (used for banner). Set to None for auto"},{"location":"commands/context/contextoutput/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextprev/","title":"Contextprev","text":""},{"location":"commands/context/contextprev/#contextprev","title":"contextprev","text":"
usage: contextprev [-h] [count]\n
 
Select previous entry in context history.
 
Alias: ctxp
"},{"location":"commands/context/contextprev/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count The number of entries to go back in history (default: 1)"},{"location":"commands/context/contextprev/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextsearch/","title":"Contextsearch","text":""},{"location":"commands/context/contextsearch/#contextsearch","title":"contextsearch","text":"
usage: contextsearch [-h] needle [section]\n
 
Search for a string in the context history and select that entry.
 
Alias: ctxsearch
"},{"location":"commands/context/contextsearch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help needle The string to search for in the context history section The section to search in. If not provided, search in all sections"},{"location":"commands/context/contextsearch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextunwatch/","title":"Contextunwatch","text":""},{"location":"commands/context/contextunwatch/#contextunwatch","title":"contextunwatch","text":"
usage: contextunwatch [-h] num\n
 
Removes an expression previously added to be watched.
 
Aliases: ctx-unwatch, cunwatch
"},{"location":"commands/context/contextunwatch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help num The expression number to be removed from context"},{"location":"commands/context/contextunwatch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextwatch/","title":"Contextwatch","text":""},{"location":"commands/context/contextwatch/#contextwatch","title":"contextwatch","text":"
usage: contextwatch [-h] [{eval,execute}] expression\n
 
Adds an expression to be shown on context.
 
To remove an expression, see cunwatch.
 
Aliases: ctx-watch, cwatch
"},{"location":"commands/context/contextwatch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help cmd Command to be used with the expression. - eval: the expression is parsed and evaluated as in the debugged language. - execute: the expression is executed as a GDB command. (default: 'eval') expression The expression to be evaluated and shown in context"},{"location":"commands/context/contextwatch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextwatch/#examples","title":"Examples","text":"
For watching variables/expressions:\n    cwatch BUF\n    cwatch ITEMS[0]\n\nFor running commands:\n    cwatch execute \"ds BUF\"\n    cwatch execute \"x/20x $rsp\"\n    cwatch execute \"info args\"\n
"},{"location":"commands/context/regs/","title":"Regs","text":""},{"location":"commands/context/regs/#regs","title":"regs","text":"
usage: regs [-h] [regs ...]\n
 
Print out all registers and enhance the information.
"},{"location":"commands/context/regs/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help regs Registers to be shown"},{"location":"commands/context/regs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/darwin_libsystem_mach-o/commpage/","title":"Commpage","text":""},{"location":"commands/darwin_libsystem_mach-o/commpage/#commpage","title":"commpage","text":"
usage: commpage [-h] [-v]\n
 
Dumps all values from the macOS commpage.
"},{"location":"commands/darwin_libsystem_mach-o/commpage/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print detailed information."},{"location":"commands/developer/dev-dump-instruction/","title":"Dev dump instruction","text":""},{"location":"commands/developer/dev-dump-instruction/#dev-dump-instruction","title":"dev-dump-instruction","text":"
usage: dev-dump-instruction [-h] [-e] [-n] [address]\n
 
Dump internal PwndbgInstruction attributes.
 
Useful for debugging the disassembly and annotation subsystems in Pwndbg. See https://pwndbg.re/dev/contributing/improving-annotations/#bug-root-cause for more information.
"},{"location":"commands/developer/dev-dump-instruction/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to get the enhanced instruction from - must be in cache."},{"location":"commands/developer/dev-dump-instruction/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -e --emulate Force the use of emulation when enhancing the instruction, regardless of global 'emulate' setting. -n --no-emulate Disable the use of emulation when enhancing the instruction, regardless of global 'emulate' setting."},{"location":"commands/developer/log-level/","title":"Log level","text":""},{"location":"commands/developer/log-level/#log-level","title":"log-level","text":"
usage: log-level [-h] [{debug,info,warning,error,critical}]\n
 
Set the log level.
"},{"location":"commands/developer/log-level/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help level The log level to set. (default: 'warning')"},{"location":"commands/developer/log-level/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/disassemble/emulate/","title":"Emulate","text":""},{"location":"commands/disassemble/emulate/#emulate","title":"emulate","text":"
usage: emulate [-h] [-r REVERSE] [-t TOTAL] [pc] [lines]\n
 
Like nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"commands/disassemble/emulate/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pc Address to emulate near. lines Number of lines to disassemble."},{"location":"commands/disassemble/emulate/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --reverse Number of lines to show before the address. -t --total Total number of lines to show. This results in dynamic number of forward instructions depending on how many cached instructions are used."},{"location":"commands/disassemble/nearpc/","title":"Nearpc","text":""},{"location":"commands/disassemble/nearpc/#nearpc","title":"nearpc","text":"
usage: nearpc [-h] [-r REVERSE] [-t TOTAL] [-e] [pc] [lines]\n
 
Disassemble near a specified address.
 
Aliases: pdisass, u
"},{"location":"commands/disassemble/nearpc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pc Address to disassemble near. If this is the only argument and the value provided is small enough, it is interpreted as lines instead. lines Number of lines to disassemble."},{"location":"commands/disassemble/nearpc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --reverse Number of lines to show before the address. -t --total Total number of lines to show. This results in dynamic number of forward instructions depending on how many cached instructions are used. -e --emulate Whether to emulate instructions to find the next ones or just linearly disassemble."},{"location":"commands/glibc_ptmalloc2_heap/arena/","title":"Arena","text":""},{"location":"commands/glibc_ptmalloc2_heap/arena/#arena","title":"arena","text":"
usage: arena [-h] [addr]\n
 
Print the contents of an arena.
 
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/arena/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/arena/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/arenas/","title":"Arenas","text":""},{"location":"commands/glibc_ptmalloc2_heap/arenas/#arenas","title":"arenas","text":"
usage: arenas [-h]\n
 
List this process's arenas.
"},{"location":"commands/glibc_ptmalloc2_heap/arenas/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/bins/","title":"Bins","text":""},{"location":"commands/glibc_ptmalloc2_heap/bins/#bins","title":"bins","text":"
usage: bins [-h] [addr] [tcache_addr]\n
 
Print the contents of all an arena's bins and a thread's tcache.
 
Default to the current thread's arena and tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/bins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena. tcache_addr Address of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/bins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/","title":"Fastbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#fastbins","title":"fastbins","text":"
usage: fastbins [-h] [-v] [addr]\n
 
Print the contents of an arena's fastbins.
 
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all fastbins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/","title":"Find fake fast","text":""},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#find-fake-fast","title":"find-fake-fast","text":"
usage: find-fake-fast [-h] [--align] [--glibc-fastbin-bug]\n                      [--partial-overwrite]\n                      target_address [max_candidate_size]\n
 
Find candidate fake fast or tcache chunks overlapping the specified address.
"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target_address Address of the word-sized value to overlap. max_candidate_size Maximum size of fake chunks to find."},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --align Whether the fake chunk must be aligned to MALLOC_ALIGNMENT. This is required for tcache chunks and for all chunks when Safe Linking is enabled -b --glibc-fastbin-bug Does the GLIBC fastbin size field bug affect the candidate size field width? -p --partial-overwrite Consider partial overwrite candidates, default behavior only shows word-size overwrites."},{"location":"commands/glibc_ptmalloc2_heap/heap/","title":"Heap","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap/#heap","title":"heap","text":"
usage: heap [-h] [-v] [-s] [addr]\n
 
Iteratively print chunks on a heap.
 
Default to the current thread's active heap.
"},{"location":"commands/glibc_ptmalloc2_heap/heap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the first chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents."},{"location":"commands/glibc_ptmalloc2_heap/hi/","title":"Hi","text":""},{"location":"commands/glibc_ptmalloc2_heap/hi/#hi","title":"hi","text":"
usage: hi [-h] [-v] [-s] [-f] addr\n
 
Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/hi/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the interest."},{"location":"commands/glibc_ptmalloc2_heap/hi/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents. -f --fake Allow fake chunks. If set, displays any memory as a heap chunk (even if its not a real chunk)."},{"location":"commands/glibc_ptmalloc2_heap/largebins/","title":"Largebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/largebins/#largebins","title":"largebins","text":"
usage: largebins [-h] [-v] [addr]\n
 
Print the contents of an arena's largebins.
 
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/largebins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/largebins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all largebins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/","title":"Malloc chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#malloc-chunk","title":"malloc-chunk","text":"
usage: malloc-chunk [-h] [-f] [-v] [-s] [-d] [-n NEXT] addr\n
 
Print a chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --fake Is this a fake chunk? -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents. -d --dump Print a hexdump of the chunk. -n --next Print the next N chunks after the specified address. (default: 0)"},{"location":"commands/glibc_ptmalloc2_heap/mp/","title":"Mp","text":""},{"location":"commands/glibc_ptmalloc2_heap/mp/#mp","title":"mp","text":"
usage: mp [-h]\n
 
Print the mp_ struct's contents.
"},{"location":"commands/glibc_ptmalloc2_heap/mp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/","title":"Smallbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#smallbins","title":"smallbins","text":"
usage: smallbins [-h] [-v] [addr]\n
 
Print the contents of an arena's smallbins.
 
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all smallbins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/tcache/","title":"Tcache","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcache/#tcache","title":"tcache","text":"
usage: tcache [-h] [addr]\n
 
Print a thread's tcache contents.
 
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcache/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/tcache/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/","title":"Tcachebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#tcachebins","title":"tcachebins","text":"
usage: tcachebins [-h] [-v] [addr]\n
 
Print the contents of a tcache.
 
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address of the tcache bins."},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all tcachebins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/","title":"Top chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#top-chunk","title":"top-chunk","text":"
usage: top-chunk [-h] [addr]\n
 
Print relevant information about an arena's top chunk.
 
Default to current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/try-free/","title":"Try free","text":""},{"location":"commands/glibc_ptmalloc2_heap/try-free/#try-free","title":"try-free","text":"
usage: try-free [-h] addr\n
 
Check what would happen if free was called with given address.
"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address passed to free"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/","title":"Unsortedbin","text":""},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#unsortedbin","title":"unsortedbin","text":"
usage: unsortedbin [-h] [-v] [addr]\n
 
Print the contents of an arena's unsortedbin.
 
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show the \"all\" bin even if it's empty"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/","title":"Vis heap chunks","text":""},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#vis-heap-chunks","title":"vis-heap-chunks","text":"
usage: vis-heap-chunks [-h] [--beyond_top] [--no_truncate] [--all_chunks]\n                       [count] [addr]\n
 
Visualize chunks on a heap.
 
Default to the current arena's active heap.
 
Alias: vis
"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count Number of chunks to visualize. If the value is big enough and addr isn't provided, this is interpreted as addr instead. (default: 10) addr Address of the first chunk."},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -b --beyond_top Attempt to keep printing beyond the top chunk. -n --no_truncate Display all the chunk contents (Ignore the max-visualize-chunk-size configuration). -a --all_chunks Display all chunks (Ignore the default-visualize-chunk-number configuration)."},{"location":"commands/integrations/ai/","title":"Ai","text":""},{"location":"commands/integrations/ai/#ai","title":"ai","text":"
(only in GDB)
 
usage: ai [-h] [-M MODEL] [-t TEMPERATURE] [-m MAX_TOKENS] [-v] [-L]\n          [-c COMMAND]\n          [question ...]\n
 
Ask GPT-3 a question about the current debugging context.
"},{"location":"commands/integrations/ai/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help question The question to ask."},{"location":"commands/integrations/ai/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -M --model The OpenAI model to use. -t --temperature The temperature to use. -m --max-tokens The maximum number of tokens to generate. -v --verbose Print the prompt and response. -L --list-models List the available models. -c --command Run a command in the GDB debugger and ask a question about the output."},{"location":"commands/integrations/bn-sync/","title":"Bn sync","text":""},{"location":"commands/integrations/bn-sync/#bn-sync","title":"bn-sync","text":"
usage: bn-sync [-h]\n
 
Synchronize Binary Ninja's cursor with GDB.
 
Alias: bns
"},{"location":"commands/integrations/bn-sync/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/decomp/","title":"Decomp","text":""},{"location":"commands/integrations/decomp/#decomp","title":"decomp","text":"
usage: decomp [-h] [addr] [lines]\n
 
Use the current integration to decompile code near an address.
"},{"location":"commands/integrations/decomp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address to decompile near. lines Number of lines of decompilation to show."},{"location":"commands/integrations/decomp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/j/","title":"J","text":""},{"location":"commands/integrations/j/#j","title":"j","text":"
(only in GDB)
 
usage: j [-h]\n
 
Synchronize IDA's cursor with GDB.
"},{"location":"commands/integrations/j/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/r2/","title":"R2","text":""},{"location":"commands/integrations/r2/#r2","title":"r2","text":"
usage: r2 [-h] [--no-seek] [--no-rebase] [arguments ...]\n
 
Launches radare2.
 
Alias: radare2
"},{"location":"commands/integrations/r2/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to radare"},{"location":"commands/integrations/r2/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-seek Do not seek to current pc --no-rebase Do not set the base address for PIE according to the current mapping"},{"location":"commands/integrations/r2/#examples","title":"Examples","text":"
pwndbg> r2 -- -S -AA\nWARN: Relocs has not been applied. Please use `-e bin.relocs.apply=true` or `-e bin.cache=true` next time\nINFO: Analyze all flags starting with sym. and entry0 (aa)\n[...]\nINFO: Debugger commands disabled in sandbox mode\n[0x0001d3d0]> help\n\nWelcome to radare2!\n[...]\n
"},{"location":"commands/integrations/r2pipe/","title":"R2pipe","text":""},{"location":"commands/integrations/r2pipe/#r2pipe","title":"r2pipe","text":"
usage: r2pipe [-h] arguments [arguments ...]\n
 
Execute stateful radare2 commands through r2pipe.
"},{"location":"commands/integrations/r2pipe/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to r2pipe"},{"location":"commands/integrations/r2pipe/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/r2pipe/#examples","title":"Examples","text":"
pwndbg> r2pipe pdf @ sym.main\n            ; ICOD XREF from entry0 @ 0x1d3e8(r)\n\u250c 6786: int main (uint32_t argc, char **argv, char **envp);\n\u2502 `- args(rdi, rsi, rdx) vars(21:sp[0x40..0x18c])\n\u2502           0x0001b920      f30f1efa       endbr64\n\u2502           0x0001b924      4157           push r15\n\u2502           0x0001b926      4156           push r14\n\u2502           0x0001b928      4155           push r13\n\u2502           0x0001b92a      4154           push r12\n[...]\n\u2502           0x0001b966      85c0           test eax, eax\n\u2502       \u250c\u2500< 0x0001b968      7545           jne 0x1b9af\n\u2502       \u2502   0x0001b96a      e8311b0100     call sym.xtrace_init\n\u2502       \u2502   0x0001b96f      e80cff0000     call sym.check_dev_tty\n\u2502       \u2502   ; CODE XREF from main @ 0x1b988(x)\n\u2502      \u250c\u2500\u2500> 0x0001b974      833dd1680f..   cmp dword [obj.debugging_login_shell], 0 ; [0x11224c:4]=0\n\u2502     \u250c\u2500\u2500\u2500< 0x0001b97b      743d           je 0x1b9ba\n\u2502     \u2502\u254e\u2502   0x0001b97d      bf03000000     mov edi, 3\n[...]\n
"},{"location":"commands/integrations/rop/","title":"Rop","text":""},{"location":"commands/integrations/rop/#rop","title":"rop","text":"
usage: rop [-h] [--grep GREP] [--memlimit MEMLIMIT] [argument ...]\n
 
Dump ROP gadgets with Jon Salwan's ROPgadget tool.
 
Alias: ropgadget
"},{"location":"commands/integrations/rop/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help argument Arguments to pass to ROPgadget"},{"location":"commands/integrations/rop/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --grep String to grep the output for --memlimit String to grep the output for (default: '50MB')"},{"location":"commands/integrations/rop/#examples","title":"Examples","text":"
pwndbg> rop --grep 'pop rdi' -- --nojop\nGadgets information\n============================================================\n[...]\n0x0007dce8 : pop rdi ; or dword ptr [rax], eax ; add rsp, 0x28 ; ret\n0x0007d838 : pop rdi ; or dword ptr [rax], eax ; je 0x7d840 ; ret\n0x0005b13d : pop rdi ; pop rbp ; ret\n0x0001ee23 : pop rdi ; ret\n\nUnique gadgets found: 8514\n
"},{"location":"commands/integrations/ropper/","title":"Ropper","text":""},{"location":"commands/integrations/ropper/#ropper","title":"ropper","text":"
(only in GDB)
 
usage: ropper [-h] [argument ...]\n
 
ROP gadget search with ropper.
"},{"location":"commands/integrations/ropper/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help argument Arguments to pass to ropper"},{"location":"commands/integrations/ropper/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/ropper/#examples","title":"Examples","text":"
pwndbg> ropper -- --console\n[INFO] Load gadgets from cache\n[LOAD] loading... 100%\n[LOAD] removing double gadgets... 100%\n(bash/ELF/x86_64)>\n----\npwndbg> ropper -- --search 'pop rdi; ret;'\n[INFO] Load gadgets from cache\n[LOAD] loading... 100%\n[LOAD] removing double gadgets... 100%\n[INFO] Searching for gadgets: pop rdi; ret;\n\n[INFO] File: /usr/bin/bash\n0x000000000001ee23: pop rdi; ret;\n
"},{"location":"commands/integrations/rz/","title":"Rz","text":""},{"location":"commands/integrations/rz/#rz","title":"rz","text":"
usage: rz [-h] [--no-seek] [--no-rebase] [arguments ...]\n
 
Launches rizin.
 
Alias: rizin
"},{"location":"commands/integrations/rz/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to rizin"},{"location":"commands/integrations/rz/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-seek Do not seek to current pc --no-rebase Do not set the base address for PIE according to the current mapping"},{"location":"commands/integrations/rz/#examples","title":"Examples","text":"
pwndbg> rz -- -AA\n[x] Analyze all flags starting with sym. and entry0 (aa)\n[x] Analyze function calls\n[...]\n[x] Enable constraint types analysis for variables\n -- Use 'e asm.offset=true' to show offsets in 16bit segment addressing mode.\n[0x0001d3d0]>\n
"},{"location":"commands/integrations/rzpipe/","title":"Rzpipe","text":""},{"location":"commands/integrations/rzpipe/#rzpipe","title":"rzpipe","text":"
usage: rzpipe [-h] arguments [arguments ...]\n
 
Execute stateful rizin commands through rzpipe.
"},{"location":"commands/integrations/rzpipe/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to rzpipe"},{"location":"commands/integrations/rzpipe/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/rzpipe/#examples","title":"Examples","text":"
pwndbg> rzpipe pdf @ sym.main\n            ; DATA XREF from entry0 @ 0x1d3e8\n\u250c int main(int argc, char **argv, char **envp);\n\u2502           ; arg int argc @ rdi\n\u2502           ; arg char **argv @ rsi\n\u2502           ; arg char **envp @ rdx\n[...]\n\u2502           ; var uint64_t var_18ch @ stack - 0x18c\n\u2502           ; var int64_t var_188h @ stack - 0x188\n[...]\n\u2502           ; var int64_t canary @ stack - 0x40\n\u2502           0x0001b920      endbr64\n\u2502           0x0001b924      push  r15\n\u2502           0x0001b926      push  r14\n\u2502           0x0001b928      push  r13\n\u2502           0x0001b92a      push  r12\n[...]\n\u2502           0x0001b966      test  eax, eax\n\u2502       \u250c\u2500< 0x0001b968      jne   0x1b9af\n\u2502       \u2502   0x0001b96a      call  sym.xtrace_init\n\u2502       \u2502   0x0001b96f      call  sym.check_dev_tty\n\u2502       \u2502   ; CODE XREF from main @ 0x1b988\n\u2502      \u250c\u2500\u2500> 0x0001b974      cmp   dword [obj.debugging_login_shell], 0 ; [0x11224c:4]=0\n\u2502     \u250c\u2500\u2500\u2500< 0x0001b97b      je    0x1b9ba\n\u2502     \u2502\u254e\u2502   0x0001b97d      mov   edi, 3                               ; int s\n[...]\n
"},{"location":"commands/integrations/save-ida/","title":"Save ida","text":""},{"location":"commands/integrations/save-ida/#save-ida","title":"save-ida","text":"
(only in GDB)
 
usage: save-ida [-h]\n
 
Save the ida database.
"},{"location":"commands/integrations/save-ida/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/","title":"Jemalloc extent info","text":""},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#jemalloc-extent-info","title":"jemalloc-extent-info","text":"
usage: jemalloc-extent-info [-h] [-v] addr\n
 
Prints extent information for the given address
"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the extent metadata"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones."},{"location":"commands/jemalloc_heap/jemalloc-find-extent/","title":"Jemalloc find extent","text":""},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#jemalloc-find-extent","title":"jemalloc-find-extent","text":"
usage: jemalloc-find-extent [-h] addr\n
 
Returns extent information for pointer address allocated by jemalloc
"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the allocated memory location"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-heap/","title":"Jemalloc heap","text":""},{"location":"commands/jemalloc_heap/jemalloc-heap/#jemalloc-heap","title":"jemalloc-heap","text":"
usage: jemalloc-heap [-h]\n
 
Prints all extents information
"},{"location":"commands/jemalloc_heap/jemalloc-heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/binder/","title":"Binder","text":""},{"location":"commands/kernel/binder/#binder","title":"binder","text":"
usage: binder [-h]\n
 
Show Android Binder information
"},{"location":"commands/kernel/binder/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/buddydump/","title":"Buddydump","text":""},{"location":"commands/kernel/buddydump/#buddydump","title":"buddydump","text":"
usage: buddydump [-h] [-z ZONE] [-o ORDER] [-m MTYPE] [-p] [-c CPU] [-n NODE]\n                 [-f FIND]\n
 
Displays metadata and freelists of the buddy allocator.
"},{"location":"commands/kernel/buddydump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -z --zone Displays/searches lists only in the specified zone. -o --order Displays/searches lists only with the specified order. -m --mtype Displays/searches lists only with the specified mtype. -p --pcp-only Displays/searches only PCP lists. -c --cpu CPU nr for searching PCP. -n --node -f --find The address to find in page free lists."},{"location":"commands/kernel/kbase/","title":"Kbase","text":""},{"location":"commands/kernel/kbase/#kbase","title":"kbase","text":"
usage: kbase [-h] [-r] [-v]\n
 
Finds the kernel virtual base address.
"},{"location":"commands/kernel/kbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --rebase rebase loaded symbol file -v --verbose show more information relevant to the kbase (e.g. phys addr)"},{"location":"commands/kernel/kbpf/","title":"Kbpf","text":""},{"location":"commands/kernel/kbpf/#kbpf","title":"kbpf","text":"
usage: kbpf [-h] [-v] [-p] [-m]\n
 
Prints information about the linux kernel bpf progs and maps.
"},{"location":"commands/kernel/kbpf/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose (default: 0) -p --progs -m --maps"},{"location":"commands/kernel/kchecksec/","title":"Kchecksec","text":""},{"location":"commands/kernel/kchecksec/#kchecksec","title":"kchecksec","text":"
usage: kchecksec [-h]\n
 
Checks for kernel hardening configuration options.
"},{"location":"commands/kernel/kchecksec/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kcmdline/","title":"Kcmdline","text":""},{"location":"commands/kernel/kcmdline/#kcmdline","title":"kcmdline","text":"
usage: kcmdline [-h]\n
 
Return the kernel commandline (/proc/cmdline).
"},{"location":"commands/kernel/kcmdline/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kconfig/","title":"Kconfig","text":""},{"location":"commands/kernel/kconfig/#kconfig","title":"kconfig","text":"
usage: kconfig [-h] [-l FILE_PATH] [config_name]\n
 
Outputs the kernel config.
"},{"location":"commands/kernel/kconfig/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help config_name A config name to search for"},{"location":"commands/kernel/kconfig/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -l --load load kernel config file"},{"location":"commands/kernel/kcurrent/","title":"Kcurrent","text":""},{"location":"commands/kernel/kcurrent/#kcurrent","title":"kcurrent","text":"
usage: kcurrent [-h] [--set] [pid]\n
 
Displays the current kernel task debugged by the debugger (gdb/lldb) if pid == None     Displays the task with pid if pid != None.
"},{"location":"commands/kernel/kcurrent/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pid"},{"location":"commands/kernel/kcurrent/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --set sets the kernel task used for supported pwndbg commands (kfile, pagewalk), this option does not change internal mem (purely effects how certain commands behaves)"},{"location":"commands/kernel/kdmabuf/","title":"Kdmabuf","text":""},{"location":"commands/kernel/kdmabuf/#kdmabuf","title":"kdmabuf","text":"
usage: kdmabuf [-h]\n
 
Prints DMA buf info
"},{"location":"commands/kernel/kdmabuf/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kdmesg/","title":"Kdmesg","text":""},{"location":"commands/kernel/kdmesg/#kdmesg","title":"kdmesg","text":"
usage: kdmesg [-h] [-T]\n
 
Displays the kernel ring buffer (dmesg) contents.
"},{"location":"commands/kernel/kdmesg/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -T --ctime Print human-readable timestamps."},{"location":"commands/kernel/kfile/","title":"Kfile","text":""},{"location":"commands/kernel/kfile/#kfile","title":"kfile","text":"
usage: kfile [-h] [--fd [FD]] [pid]\n
 
Displays information about fds accessible by a kernel task.
"},{"location":"commands/kernel/kfile/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pid"},{"location":"commands/kernel/kfile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --fd"},{"location":"commands/kernel/klookup/","title":"Klookup","text":""},{"location":"commands/kernel/klookup/#klookup","title":"klookup","text":"
usage: klookup [-h] [-a] [symbol]\n
 
Lookup kernel symbols
 
Aliases: kallsyms, ks
"},{"location":"commands/kernel/klookup/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol Address or symbol name to lookup"},{"location":"commands/kernel/klookup/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --apply applies all the symbols that satisfy the filter"},{"location":"commands/kernel/klookup/#notes","title":"Notes","text":"
Using --apply makes sense for kernel modules. If you want to symbolize the whole kernel, use vmlinux-to-elf (marin-m/vmlinux-to-elf) or compile it yourself.
"},{"location":"commands/kernel/kmem-trace/","title":"Kmem trace","text":""},{"location":"commands/kernel/kmem-trace/#kmem-trace","title":"kmem-trace","text":"
usage: kmem-trace [-h] [-s] [-b] [-v] [-c COMMAND] [--all]\n
 
Trace kernel memory (SLUB and buddy) allocations and frees.
 
This command will execute next in the debugger, and print out all (de)allocations that happen until the command finishes. As such this makes most sense to call when the PC is on a function call instruction. Only (de)allocations triggered by the current function are considered (rather than other threads etc).
 
If neither -s nor -b are passed, both allocators are traced.
"},{"location":"commands/kernel/kmem-trace/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -s --trace-slab do only slab allocator tracing -b --trace-buddy do only buddy allocator tracing -v --verbose print backtraces -c --command trace during the execution of this command (default: 'next') --all display ALL memory allocations/frees regardless if they are triggered by the current function."},{"location":"commands/kernel/kmem-trace/#notes","title":"Notes","text":"
The --all flag may be helpful if you also want to trace frees scheduled with rcu or if the traced command steps out of the current function. You may also find -c finish and -c continue useful.
"},{"location":"commands/kernel/kmod/","title":"Kmod","text":""},{"location":"commands/kernel/kmod/#kmod","title":"kmod","text":"
usage: kmod [-h] [-l PATH] [module_name]\n
 
Displays the loaded Linux kernel modules.
"},{"location":"commands/kernel/kmod/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help module_name A module name substring to filter for"},{"location":"commands/kernel/kmod/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -l --load the path of the module to load"},{"location":"commands/kernel/knft-dump/","title":"Knft dump","text":""},{"location":"commands/kernel/knft-dump/#knft-dump","title":"knft-dump","text":"
usage: knft-dump [-h] [nsid]\n
 
Dump all nftables: tables, chains, rules, expressions
"},{"location":"commands/kernel/knft-dump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help nsid Network Namespace ID"},{"location":"commands/kernel/knft-dump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/knft-list-chains/","title":"Knft list chains","text":""},{"location":"commands/kernel/knft-list-chains/#knft-list-chains","title":"knft-list-chains","text":"
usage: knft-list-chains [-h] [--nsid NSID] [table_family] [table_name]\n
 
Dump netfilter chains form a specific table
"},{"location":"commands/kernel/knft-list-chains/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Netfilter table family (inet, ip, ip6, netdev, bridge, arp) table_name Table name"},{"location":"commands/kernel/knft-list-chains/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-exprs/","title":"Knft list exprs","text":""},{"location":"commands/kernel/knft-list-exprs/#knft-list-exprs","title":"knft-list-exprs","text":"
usage: knft-list-exprs [-h] [--nsid NSID]\n                       [table_family] [table_name] [chain_name] [rule_id]\n
 
Dump only expressions from specific rule
"},{"location":"commands/kernel/knft-list-exprs/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name chain_name Chain name rule_id Rule Handle ID"},{"location":"commands/kernel/knft-list-exprs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-flowtables/","title":"Knft list flowtables","text":""},{"location":"commands/kernel/knft-list-flowtables/#knft-list-flowtables","title":"knft-list-flowtables","text":"
usage: knft-list-flowtables [-h] [--nsid NSID] [table_family] [table_name]\n
 
Dump netfilter flowtables from a specific table
"},{"location":"commands/kernel/knft-list-flowtables/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Netfilter table family (inet, ip, ip6, netdev, bridge, arp) table_name Table name"},{"location":"commands/kernel/knft-list-flowtables/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-objects/","title":"Knft list objects","text":""},{"location":"commands/kernel/knft-list-objects/#knft-list-objects","title":"knft-list-objects","text":"
usage: knft-list-objects [-h] [--nsid NSID] [table_family] [table_name]\n
 
Dump netfilter objects from a specific table
"},{"location":"commands/kernel/knft-list-objects/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name"},{"location":"commands/kernel/knft-list-objects/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-rules/","title":"Knft list rules","text":""},{"location":"commands/kernel/knft-list-rules/#knft-list-rules","title":"knft-list-rules","text":"
usage: knft-list-rules [-h] [--nsid NSID]\n                       [table_family] [table_name] [chain_name]\n
 
Dump netfilter rules form a specific chain
"},{"location":"commands/kernel/knft-list-rules/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name chain_name Chain name"},{"location":"commands/kernel/knft-list-rules/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-sets/","title":"Knft list sets","text":""},{"location":"commands/kernel/knft-list-sets/#knft-list-sets","title":"knft-list-sets","text":"
usage: knft-list-sets [-h] [--nsid NSID] [table_family] [table_name]\n
 
Dump netfilter sets from a specific table
"},{"location":"commands/kernel/knft-list-sets/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name"},{"location":"commands/kernel/knft-list-sets/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-tables/","title":"Knft list tables","text":""},{"location":"commands/kernel/knft-list-tables/#knft-list-tables","title":"knft-list-tables","text":"
usage: knft-list-tables [-h] [--nsid NSID]\n
 
Dump netfliter tables from a specific network namespace
"},{"location":"commands/kernel/knft-list-tables/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/ksyscalls/","title":"Ksyscalls","text":""},{"location":"commands/kernel/ksyscalls/#ksyscalls","title":"ksyscalls","text":"
usage: ksyscalls [-h] [syscall_name]\n
 
Displays Linux syscall table, including names and addresses of syscalls.
"},{"location":"commands/kernel/ksyscalls/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help syscall_name A syscall name to search for"},{"location":"commands/kernel/ksyscalls/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/ktask/","title":"Ktask","text":""},{"location":"commands/kernel/ktask/#ktask","title":"ktask","text":"
usage: ktask [-h] [task_name]\n
 
Displays information about kernel tasks.
"},{"location":"commands/kernel/ktask/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help task_name A task name to search for"},{"location":"commands/kernel/ktask/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kversion/","title":"Kversion","text":""},{"location":"commands/kernel/kversion/#kversion","title":"kversion","text":"
usage: kversion [-h]\n
 
Outputs the kernel version (/proc/version).
"},{"location":"commands/kernel/kversion/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/msr/","title":"Msr","text":""},{"location":"commands/kernel/msr/#msr","title":"msr","text":"
usage: msr [-h] [-w [write_value]] [-l] [-r [MSR_RANGE]] [msr]\n
 
Read or write to Model Specific Register (MSR)
"},{"location":"commands/kernel/msr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help msr MSR value or name"},{"location":"commands/kernel/msr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -w --write value to write in MSR -l --list list common MSRs for the current arch -r --range dash separated range of MSRs to read (eg. --range=1-10 where 10 is included)"},{"location":"commands/kernel/p2v/","title":"P2v","text":""},{"location":"commands/kernel/p2v/#p2v","title":"p2v","text":"
usage: p2v [-h] paddr\n
 
Translate physical address to its corresponding virtual address.
"},{"location":"commands/kernel/p2v/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help paddr"},{"location":"commands/kernel/p2v/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/pageinfo/","title":"Pageinfo","text":""},{"location":"commands/kernel/pageinfo/#pageinfo","title":"pageinfo","text":"
usage: pageinfo [-h] page\n
 
Convert a pointer to a struct page to its corresponding virtual address.
"},{"location":"commands/kernel/pageinfo/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help page"},{"location":"commands/kernel/pageinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/pagewalk/","title":"Pagewalk","text":""},{"location":"commands/kernel/pagewalk/#pagewalk","title":"pagewalk","text":"
usage: pagewalk [-h] [--pgd ENTRY] vaddr\n
 
Performs pagewalk.
"},{"location":"commands/kernel/pagewalk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help vaddr virtual address to walk"},{"location":"commands/kernel/pagewalk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --pgd"},{"location":"commands/kernel/slab/","title":"Slab","text":""},{"location":"commands/kernel/slab/#slab","title":"slab","text":"
usage: slab [-h] {list,info,contains} ...\n
 
Prints information about the linux kernel's slab allocator SLUB.
"},{"location":"commands/kernel/slab/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help command"},{"location":"commands/kernel/slab/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/v2p/","title":"V2p","text":""},{"location":"commands/kernel/v2p/#v2p","title":"v2p","text":"
usage: v2p [-h] vaddr\n
 
Translate virtual address to its corresponding physmap address.
"},{"location":"commands/kernel/v2p/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help vaddr"},{"location":"commands/kernel/v2p/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/vmlinux/","title":"Vmlinux","text":""},{"location":"commands/kernel/vmlinux/#vmlinux","title":"vmlinux","text":"
usage: vmlinux [-h] [-t TOOL] filepath\n
 
Load bzImage or vmlinux file to add kernel debug symbols.
"},{"location":"commands/kernel/vmlinux/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filepath Path to the bzImage or vmlinux file to load"},{"location":"commands/kernel/vmlinux/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -t --tool Path to the vmlinux-to-elf tool (if not in PATH)"},{"location":"commands/linux_libc_elf/argc/","title":"Argc","text":""},{"location":"commands/linux_libc_elf/argc/#argc","title":"argc","text":"
usage: argc [-h]\n
 
Prints out the number of arguments.
"},{"location":"commands/linux_libc_elf/argc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/argv/","title":"Argv","text":""},{"location":"commands/linux_libc_elf/argv/#argv","title":"argv","text":"
usage: argv [-h] [i]\n
 
Prints out the contents of argv.
"},{"location":"commands/linux_libc_elf/argv/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help i Index of the argument to print out."},{"location":"commands/linux_libc_elf/argv/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/aslr/","title":"Aslr","text":""},{"location":"commands/linux_libc_elf/aslr/#aslr","title":"aslr","text":"
usage: aslr [-h] [{on,off}]\n
 
Check the current ASLR status, or turn it on/off.
 
Does not take effect until the program is restarted.
"},{"location":"commands/linux_libc_elf/aslr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help state Turn ASLR on or off (takes effect when target is started)"},{"location":"commands/linux_libc_elf/aslr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/auxv-explore/","title":"Auxv explore","text":""},{"location":"commands/linux_libc_elf/auxv-explore/#auxv-explore","title":"auxv-explore","text":"
usage: auxv-explore [-h]\n
 
Explore and print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/auxv/","title":"Auxv","text":""},{"location":"commands/linux_libc_elf/auxv/#auxv","title":"auxv","text":"
usage: auxv [-h]\n
 
Print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/elfsections/","title":"Elfsections","text":""},{"location":"commands/linux_libc_elf/elfsections/#elfsections","title":"elfsections","text":"
usage: elfsections [-h] [-R]\n
 
Prints the section mappings contained in the ELF header. If binary not start or use --no-rebase, the section permission based on section flags.
"},{"location":"commands/linux_libc_elf/elfsections/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -R --no-rebase Print the non-rebased section address."},{"location":"commands/linux_libc_elf/elfsections/#examples","title":"Examples","text":"
elfsections\nelfsections --no-rebase\n
"},{"location":"commands/linux_libc_elf/envp/","title":"Envp","text":""},{"location":"commands/linux_libc_elf/envp/#envp","title":"envp","text":"
usage: envp [-h] [name]\n
 
Prints out the contents of the environment.
 
Aliases: env, environ
"},{"location":"commands/linux_libc_elf/envp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help name Name of the environment variable to see."},{"location":"commands/linux_libc_elf/envp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/errno/","title":"Errno","text":""},{"location":"commands/linux_libc_elf/errno/#errno","title":"errno","text":"
usage: errno [-h] [err]\n
 
Converts errno (or argument) to its string representation.
"},{"location":"commands/linux_libc_elf/errno/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help err Errno; if not passed, it is retrieved from __errno_location"},{"location":"commands/linux_libc_elf/errno/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/got/","title":"Got","text":""},{"location":"commands/linux_libc_elf/got/#got","title":"got","text":"
(only in GDB)
 
usage: got [-h] [-p PATH_FILTER | -a] [-r] [symbol_filter]\n
 
Show the state of the Global Offset Table.
"},{"location":"commands/linux_libc_elf/got/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol_filter Filter results by symbol name. (default: '')"},{"location":"commands/linux_libc_elf/got/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --path Filter results by library/objfile path. (default: '') -a --all Process all libs/obfjiles including the target executable. -r --show-readonly Also display read-only entries (which are filtered out by default)."},{"location":"commands/linux_libc_elf/got/#examples","title":"Examples","text":"
> got\n    Print all writable GOT entries in the executable.\n> got -r puts\n    Print all GOT entries that contain the string \"puts\".\n> got -p libc\n    Print all writable GOT entries used by libc. (And any other loaded\n    object files that contain the string \"libc\" in their path).\n> got -ra\n    Print all GOT entries in the address space.\n
"},{"location":"commands/linux_libc_elf/gotplt/","title":"Gotplt","text":""},{"location":"commands/linux_libc_elf/gotplt/#gotplt","title":"gotplt","text":"
usage: gotplt [-h]\n
 
Prints any symbols found in the .got.plt section if it exists.
"},{"location":"commands/linux_libc_elf/gotplt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/libcinfo/","title":"Libcinfo","text":""},{"location":"commands/linux_libc_elf/libcinfo/#libcinfo","title":"libcinfo","text":"
usage: libcinfo [-h]\n
 
Show libc version and link to its sources
"},{"location":"commands/linux_libc_elf/libcinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/linkmap/","title":"Linkmap","text":""},{"location":"commands/linux_libc_elf/linkmap/#linkmap","title":"linkmap","text":"
usage: linkmap [-h]\n
 
Show the state of the Link Map
"},{"location":"commands/linux_libc_elf/linkmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/onegadget/","title":"Onegadget","text":""},{"location":"commands/linux_libc_elf/onegadget/#onegadget","title":"onegadget","text":"
usage: onegadget [-h] [--show-unsat] [--no-unknown] [-v]\n
 
Find gadgets which single-handedly give code execution.
 
Uses the onegadget tool by david942j.
"},{"location":"commands/linux_libc_elf/onegadget/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-unsat Show unsatisfiable gadgets. --no-unknown Do not show unknown gadgets. -v --verbose Show verbose output."},{"location":"commands/linux_libc_elf/parse-seccomp/","title":"Parse seccomp","text":""},{"location":"commands/linux_libc_elf/parse-seccomp/#parse-seccomp","title":"parse-seccomp","text":"
usage: parse-seccomp [-h] addr\n
 
Parse a struct sock_fprog from memory and dump its filter
"},{"location":"commands/linux_libc_elf/parse-seccomp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of sock_fprog structure in target process memory (e.g. 0xdeadbeef)"},{"location":"commands/linux_libc_elf/parse-seccomp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/piebase/","title":"Piebase","text":""},{"location":"commands/linux_libc_elf/piebase/#piebase","title":"piebase","text":"
usage: piebase [-h] [offset] [module]\n
 
Calculate VA of RVA from PIE base.
"},{"location":"commands/linux_libc_elf/piebase/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help offset Offset from PIE base. (default: 0) module Module to choose as base. Defaults to the target executable. (default: '')"},{"location":"commands/linux_libc_elf/piebase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/plt/","title":"Plt","text":""},{"location":"commands/linux_libc_elf/plt/#plt","title":"plt","text":"
usage: plt [-h] [-a]\n
 
Prints any symbols found in Procedure Linkage Table sections if any exist.
"},{"location":"commands/linux_libc_elf/plt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all-symbols Print all symbols, not just those that end in @plt"},{"location":"commands/linux_libc_elf/strings/","title":"Strings","text":""},{"location":"commands/linux_libc_elf/strings/#strings","title":"strings","text":"
usage: strings [-h] [-n N] [--save-as SAVE_AS] [page_names ...]\n
 
Extracts and displays ASCII strings from readable memory pages of the debugged process.
"},{"location":"commands/linux_libc_elf/strings/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help page_names Mapping to search [e.g. libc]. Can be used with multiple mappings [e.g libc heap stack] (default: '[]')"},{"location":"commands/linux_libc_elf/strings/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n Minimum length of ASCII strings to include (default: 4) --save-as Sets the filename for the output of this command [e.g. --save-as='out.txt']"},{"location":"commands/linux_libc_elf/threads/","title":"Threads","text":""},{"location":"commands/linux_libc_elf/threads/#threads","title":"threads","text":"
usage: threads [-h] [-c] [num_threads]\n
 
List all threads belonging to the selected inferior.
"},{"location":"commands/linux_libc_elf/threads/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help num_threads Number of threads to display. Omit to display all threads."},{"location":"commands/linux_libc_elf/threads/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -c --config Respect context-max-threads config to limit number of threads displayed."},{"location":"commands/linux_libc_elf/tls/","title":"Tls","text":""},{"location":"commands/linux_libc_elf/tls/#tls","title":"tls","text":"
usage: tls [-h] [-p] [-a]\n
 
Print out base address of the current Thread Local Storage (TLS).
"},{"location":"commands/linux_libc_elf/tls/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --pthread-self Try to get the address of TLS by calling pthread_self(). -a --all Do not truncate the dump output."},{"location":"commands/linux_libc_elf/track-got/","title":"Track got","text":""},{"location":"commands/linux_libc_elf/track-got/#track-got","title":"track-got","text":"
(only in GDB)
 
usage: track-got [-h] {enable,disable,info,query} ...\n
 
Controls GOT tracking
"},{"location":"commands/linux_libc_elf/track-got/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/track-heap/","title":"Track heap","text":""},{"location":"commands/linux_libc_elf/track-heap/#track-heap","title":"track-heap","text":"
(only in GDB)
 
usage: track-heap [-h] {enable,disable,toggle-break} ...\n
 
Manages the heap tracker.
 
The heap tracker is a module that tracks usage of the GLibc heap and looks for user errors such as double frees and use after frees.
 
Currently, the following errors can be detected:     - Use After Free
"},{"location":"commands/linux_libc_elf/track-heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/distance/","title":"Distance","text":""},{"location":"commands/memory/distance/#distance","title":"distance","text":"
usage: distance [-h] a [b]\n
 
Print the distance between the two arguments, or print the offset to the address's page base.
"},{"location":"commands/memory/distance/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help a The first address. b The second address."},{"location":"commands/memory/distance/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/dump-register-frame/","title":"Dump register frame","text":""},{"location":"commands/memory/dump-register-frame/#dump-register-frame","title":"dump-register-frame","text":"
usage: dump-register-frame [-h] [-p]\n                           {armcm-exception,armcm-exception2} [address]\n
 
Display the registers saved to memory for a certain frame type
"},{"location":"commands/memory/dump-register-frame/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help frame_type The type of frame to print address The address to read the frame from"},{"location":"commands/memory/dump-register-frame/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --print Show addresses of frame values"},{"location":"commands/memory/gdt/","title":"Gdt","text":""},{"location":"commands/memory/gdt/#gdt","title":"gdt","text":"
usage: gdt [-h] address [count]\n
 
Decode X86-64 GDT entries at address
 
See also:
 
     
  • https://wiki.osdev.org/Global_Descriptor_Table
    •  
  • https://wiki.osdev.org/GDT_Tutorial
    •  
"},{"location":"commands/memory/gdt/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address x86-64 GDTR base address (e.g. read from sgdt instruction from [16:79] bits) count Number of entries to dump (should be (GDTR.size+1)/8) (default: 8)"},{"location":"commands/memory/gdt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/gdt/#notes","title":"Notes","text":"
In 64-bit mode, the Base and Limit values are ignored, each descriptor covers the entire linear address space regardless of what they are set to.
"},{"location":"commands/memory/go-dump/","title":"Go dump","text":""},{"location":"commands/memory/go-dump/#go-dump","title":"go-dump","text":"
usage: go-dump [-h] [-x] [-f [DECIMALS]] [-d] [-p] ty address\n
 
Dumps a Go value of a given type at a specified address.
 
Alias: god
"},{"location":"commands/memory/go-dump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help ty Go type of value to dump, e.g. map[int]string, or the address of a type to resolve at runtime, e.g. 0x408860 address Address to dump"},{"location":"commands/memory/go-dump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -x --hex Display non-pointer integers as hex -f --decimals Configures the number of decimal places to display for floating points -d --debug Shows debug info, like addresses for slice/map elements, slice capacity, etc. -p --pretty Enables pretty printing"},{"location":"commands/memory/go-type/","title":"Go type","text":""},{"location":"commands/memory/go-type/#go-type","title":"go-type","text":"
usage: go-type [-h] address\n
 
Dumps a Go runtime reflection type at a specified address.
 
Alias: goty
"},{"location":"commands/memory/go-type/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump"},{"location":"commands/memory/go-type/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/hexdump/","title":"Hexdump","text":""},{"location":"commands/memory/hexdump/#hexdump","title":"hexdump","text":"
usage: hexdump [-h] [-C [{py,c}]] [address] [count]\n
 
Hexdumps data at the specified address or module name.
"},{"location":"commands/memory/hexdump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address or module name to dump (default: $sp) count Number of bytes to dump (default: 64)"},{"location":"commands/memory/hexdump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -C --code Output as Python or C code data definition (default: py)"},{"location":"commands/memory/leakfind/","title":"Leakfind","text":""},{"location":"commands/memory/leakfind/#leakfind","title":"leakfind","text":"
usage: leakfind [-h] [-p [PAGE_NAME]] [-o [MAX_OFFSET]] [-d [MAX_DEPTH]]\n                [-s [STEP]] [--negative_offset [NEGATIVE_OFFSET]]\n                [address]\n
 
Attempt to find a leak chain given a starting address.
 
Scans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.
"},{"location":"commands/memory/leakfind/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Starting address to find a leak chain from (default: $sp)"},{"location":"commands/memory/leakfind/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --page_name Substring required to be part of the name of any found pages -o --max_offset Max offset to add to addresses when looking for leak (default: 72) -d --max_depth Maximum depth to follow pointers to (default: 4) -s --step Step to add between pointers so they are considered. For example, if this is 4 it would only consider pointers at an offset divisible by 4 from the starting pointer (default: 1) --negative_offset Max negative offset to search before an address when looking for a leak (default: 0)"},{"location":"commands/memory/leakfind/#examples","title":"Examples","text":"
pwndbg> leakfind $rsp --page_name=filename --max_offset=0x48 --max_depth=6.\nThis would look for any chains of leaks that point to a section in filename\nwhich begin near $rsp, are never 0x48 bytes further from a known pointer,\nand are a maximum length of 6.\n
"},{"location":"commands/memory/memfrob/","title":"Memfrob","text":""},{"location":"commands/memory/memfrob/#memfrob","title":"memfrob","text":"
usage: memfrob [-h] address count\n
 
Memfrobs a region of memory (xor with '*').
"},{"location":"commands/memory/memfrob/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to start xoring at. count The number of bytes to xor."},{"location":"commands/memory/memfrob/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/mmap/","title":"Mmap","text":""},{"location":"commands/memory/mmap/#mmap","title":"mmap","text":"
usage: mmap [-h] [--quiet] [--force] addr length [prot] [flags] [fd] [offset]\n
 
Calls the mmap syscall and prints its resulting address.
 
Note that the mmap syscall may fail for various reasons (see man mmap) and, in case of failure, its return value will not be a valid pointer.
 
PROT values: NONE (0), READ (1), WRITE (2), EXEC (4)
 
MAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10),             ANONYMOUS (0x20)
 
Flags and protection values can be either a string containing the names of the flags or permissions or a single number corresponding to the bitwise OR of the protection and flag numbers.
"},{"location":"commands/memory/mmap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address hint to be given to mmap. length Length of the mapping, in bytes. Needs to be greater than zero. prot Prot enum or int as in mmap(2). Eg. \"PROT_READ|PROT_EXEC\" or 7 (for RWX). (default: '7') flags Flags enum or int as in mmap(2). Eg. \"MAP_PRIVATE|MAP_ANONYMOUS\" or 0x22. (default: '0x22') fd File descriptor of the file to be mapped, or -1 if using MAP_ANONYMOUS. (default: -1) offset Offset from the start of the file, in bytes, if using file based mapping. (default: 0)"},{"location":"commands/memory/mmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -q --quiet Disable address validity warnings and hints -f --force Force potentially unsafe actions to happen"},{"location":"commands/memory/mmap/#examples","title":"Examples","text":"
mmap 0x0 4096 PROT_READ|PROT_WRITE|PROT_EXEC MAP_PRIVATE|MAP_ANONYMOUS -1 0\n - Maps a new private+anonymous page with RWX permissions at a location\n   decided by the kernel.\n\nmmap 0x0 4096 PROT_READ MAP_PRIVATE 10 0\n - Maps 4096 bytes of the file pointed to by file descriptor number 10 with\n   read permission at a location decided by the kernel.\n\nmmap 0xdeadbeef 0x1000\n - Maps a new private+anonymous page with RWX permissions at a page boundary\n   near 0xdeadbeef.\n
"},{"location":"commands/memory/mprotect/","title":"Mprotect","text":""},{"location":"commands/memory/mprotect/#mprotect","title":"mprotect","text":"
usage: mprotect [-h] addr length prot\n
 
Calls the mprotect syscall and prints its result value.
 
Note that the mprotect syscall may fail for various reasons (see man mprotect) and a non-zero error return value can be decoded with the errno <value> command.
"},{"location":"commands/memory/mprotect/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Page-aligned address to all mprotect on. length Count of bytes to call mprotect on. Needs to be multiple of page size. prot Prot string as in mprotect(2). Eg. \"PROT_READ|PROT_EXEC\", \"rx\", or \"5\""},{"location":"commands/memory/mprotect/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/mprotect/#examples","title":"Examples","text":"
mprotect $rsp 4096 PROT_READ|PROT_WRITE|PROT_EXEC\nmprotect $rsp 4096 rwx\nmprotect $rsp 4096 7\nmprotect some_symbol 0x1000 PROT_NONE\n
"},{"location":"commands/memory/p2p/","title":"P2p","text":""},{"location":"commands/memory/p2p/#p2p","title":"p2p","text":"
usage: p2p [-h] mapping_names [mapping_names ...]\n
 
Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
 
Any chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.
"},{"location":"commands/memory/p2p/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help mapping_names Mapping name"},{"location":"commands/memory/p2p/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/probeleak/","title":"Probeleak","text":""},{"location":"commands/memory/probeleak/#probeleak","title":"probeleak","text":"
usage: probeleak [-h] [--max-distance MAX_DISTANCE] [--point-to POINT_TO]\n                 [--max-ptrs MAX_PTRS] [--flags FLAGS]\n                 [address] [count]\n
 
Pointer scan for possible offset leaks.
"},{"location":"commands/memory/probeleak/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Leak memory address (default: $sp) count Leak size in bytes (default: 64)"},{"location":"commands/memory/probeleak/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --max-distance Max acceptable distance between memory page boundary and leaked pointer (default: 0) --point-to Mapping name of the page that you want the pointers point to --max-ptrs Stop search after find n pointers, default 0 (default: 0) --flags flags of the page that you want the pointers point to. [e.g. rwx]"},{"location":"commands/memory/probeleak/#examples","title":"Examples","text":"
> probeleak $rsp 0x64\nLeaks 0x64 bytes starting at stack pointer and search for valid pointers.\n> probeleak $rsp 0x64 --max-dist 0x10\nAs above, but pointers may point 0x10 bytes outside of memory page.\n> probeleak $rsp 0x64 --point-to libc --max-ptrs 1 --flags rwx\nLeaks 0x64 bytes starting at stack pointer and search for one valid pointer\nwhich points to a libc rwx page.\n
"},{"location":"commands/memory/search/","title":"Search","text":""},{"location":"commands/memory/search/#search","title":"search","text":"
usage: search [-h] [-t {byte,short,word,dword,qword,pointer,string,bytes,asm}]\n              [-1] [-2] [-4] [-8] [-p] [--asm] [--asmbp] [-x] [-e] [-w]\n              [-s STEP] [-l LIMIT] [-a ALIGNED] [--save] [--no-save] [-n]\n              [--trunc-out]\n              value [mapping_name]\n
 
Search memory for byte sequences, strings, pointers, and integer values.
 
By default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.
"},{"location":"commands/memory/search/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help value Value to search for mapping_name Mapping to search [e.g. libc]"},{"location":"commands/memory/search/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -t --type Size of search target (default: 'bytes') -1 --byte Search for a 1-byte integer -2 --short Search for a 2-byte integer -4 --dword Search for a 4-byte integer -8 --qword Search for an 8-byte integer -p --pointer Search for a pointer-width integer --asm Search for an assembly instruction --asmbp Set breakpoint for found assembly instruction -x --hex Target is a hex-encoded (for bytes/strings) -e --executable Search executable segments only -w --writable Search writable segments only -s --step Step search address forward to next alignment after each hit (ex: 0x1000) -l --limit Max results before quitting the search. Differs from --trunc-out in that it will not save all search results before quitting -a --aligned Result must be aligned to this byte boundary --save Save results for further searches with --next. Default comes from config 'auto-save-search' --no-save Invert --save -n --next Search only locations returned by previous search with --save --trunc-out Truncate the output to 20 results. Differs from --limit in that it will first save all search results"},{"location":"commands/memory/telescope/","title":"Telescope","text":""},{"location":"commands/memory/telescope/#telescope","title":"telescope","text":"
usage: telescope [-h] [-r] [-f] [-i] [address] [count]\n
 
Recursively dereferences pointers starting at the specified address.
"},{"location":"commands/memory/telescope/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to telescope at. (default: $sp) count The number of lines to show. (default: 8)"},{"location":"commands/memory/telescope/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --reverse Show  previous addresses instead of next ones -f --frame Show the stack frame, from rsp to rbp -i --inverse Show the stack reverse growth"},{"location":"commands/memory/vmmap-add/","title":"Vmmap add","text":""},{"location":"commands/memory/vmmap-add/#vmmap-add","title":"vmmap-add","text":"
usage: vmmap-add [-h] start size [flags] [offset]\n
 
Add virtual memory map page.
"},{"location":"commands/memory/vmmap-add/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help start Starting virtual address size Size of the address space, in bytes flags Flags set by the ELF file (r - read, w - write, x - executable) (default: '') offset Offset into the original ELF file that the data is loaded from (default: 0)"},{"location":"commands/memory/vmmap-add/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap-clear/","title":"Vmmap clear","text":""},{"location":"commands/memory/vmmap-clear/#vmmap-clear","title":"vmmap-clear","text":"
usage: vmmap-clear [-h]\n
 
Clear the vmmap cache.
"},{"location":"commands/memory/vmmap-clear/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap-explore/","title":"Vmmap explore","text":""},{"location":"commands/memory/vmmap-explore/#vmmap-explore","title":"vmmap-explore","text":"
usage: vmmap-explore [-h] address\n
 
Explore a page, trying to guess permissions.
"},{"location":"commands/memory/vmmap-explore/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address of the page to explore"},{"location":"commands/memory/vmmap-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap/","title":"Vmmap","text":""},{"location":"commands/memory/vmmap/#vmmap","title":"vmmap","text":"
usage: vmmap [-h] [-w] [-x] [-s] [-A LINES_AFTER] [-B LINES_BEFORE]\n             [-C CONTEXT] [--gaps]\n             [gdbval_or_str]\n
 
Print virtual memory map pages.
 
Unnamed mappings are named as [anon_%#x] where %#x is high part of their start address. This is useful for filtering with vmmap or search commands.
 
Known issues with vmmap: For QEMU user targets, the QEMU's gdbstub does not provide memory maps information to GDB until [0] is finished & merged. We try to deal with it without parsing the QEMU process' /proc/$pid/maps file, but if our approach fails, we simply create a [0, 0xffff...] vmmap which is not great and may result in lack of proper colors or inability to search memory with the search command.
 
For QEMU kernel, we use gdb-pt-dump that parses page tables from the guest by reading /proc/$pid/mem of QEMU process. If this does not work for you, use set kernel-vmmap-via-page-tables off to refer to our old method of reading vmmap info from monitor info mem command exposed by QEMU. Note that the latter may be slower and will not give full vmmaps permission information.
 
For coredump debugging, GDB also lacks all vmmap info but we do our best to get it back by using the info proc mappings and maintenance info sections commands.
 
As a last resort, we sometimes try to explore the addresses in CPU registers and if they are readable by GDB, we determine their bounds and create an \"\" vmmap. However, this method is slow and is not used on each GDB stop. 
Memory pages can also be added manually with the use of vmmap-add, vmmap-clear and vmmap-load commands. This may be useful for bare metal debugging.
 
[0] https://lore.kernel.org/all/20220221030910.3203063-1-dominik.b.czarnota@gmail.com/
 
Aliases: lm, address, vprot, libs
"},{"location":"commands/memory/vmmap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help gdbval_or_str Address or module name filter"},{"location":"commands/memory/vmmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -w --writable Display writable maps only -x --executable Display executable maps only -s --expand-shared-cache Expand all entries in the DYLD Shared Cache (Darwin only) -A --lines-after Number of pages to display after result (default: 1) -B --lines-before Number of pages to display before result (default: 1) -C --context Number of pages to display around the result --gaps Display unmapped memory gap information in the memory map."},{"location":"commands/memory/xinfo/","title":"Xinfo","text":""},{"location":"commands/memory/xinfo/#xinfo","title":"xinfo","text":"
usage: xinfo [-h] [address]\n
 
Shows offsets of the specified address from various useful locations.
"},{"location":"commands/memory/xinfo/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to inspect (default: $pc)"},{"location":"commands/memory/xinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/xor/","title":"Xor","text":""},{"location":"commands/memory/xor/#xor","title":"xor","text":"
usage: xor [-h] address key count\n
 
XOR count bytes at address with the key key.
"},{"location":"commands/memory/xor/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to start xoring at. key The key to use. count The number of bytes to xor."},{"location":"commands/memory/xor/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/asm/","title":"Asm","text":""},{"location":"commands/misc/asm/#asm","title":"asm","text":"
usage: asm [-h] [-f {hex,string}]\n           [--arch {powerpc64,aarch64,powerpc,riscv32,riscv64,sparc64,mips64,msp430,alpha,amd64,sparc,thumb,cris,i386,ia64,m68k,mips,s390,none,avr,arm,vax}]\n           [-v AVOID] [-n] [-z] [-i INFILE]\n           [shellcode ...]\n
 
Assemble shellcode into bytes
"},{"location":"commands/misc/asm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help shellcode Assembler code to assemble (default: '[]')"},{"location":"commands/misc/asm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --format Output format (default: 'hex') --arch Target architecture -v --avoid Encode the shellcode to avoid the listed bytes (provided as hex) -n --newline Encode the shellcode to avoid newlines -z --zero Encode the shellcode to avoid NULL bytes -i --infile Specify input file"},{"location":"commands/misc/checksec/","title":"Checksec","text":""},{"location":"commands/misc/checksec/#checksec","title":"checksec","text":"
usage: checksec [-h] [-f FILE]\n
 
Prints out the binary security settings using checksec.
"},{"location":"commands/misc/checksec/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --file Specify the file to run checksec on."},{"location":"commands/misc/checksec/#examples","title":"Examples","text":"
pwndbg> checksec\nFile:     /usr/bin/bash\nArch:     amd64\nRELRO:      Full RELRO\nStack:      Canary found\nNX:         NX enabled\nPIE:        PIE enabled\nSHSTK:      Enabled\nIBT:        Enabled\n
"},{"location":"commands/misc/comm/","title":"Comm","text":""},{"location":"commands/misc/comm/#comm","title":"comm","text":"
usage: comm [-h] [--addr address] comment\n
 
Put comments in assembly code.
"},{"location":"commands/misc/comm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help comment The text you want to comment"},{"location":"commands/misc/comm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --addr Address to write comments"},{"location":"commands/misc/cyclic/","title":"Cyclic","text":""},{"location":"commands/misc/cyclic/#cyclic","title":"cyclic","text":"
usage: cyclic [-h] [-a charset] [-n length] [-t seconds] [-l lookup_value]\n              [-d]\n              [count] [filename]\n
 
Cyclic pattern creator/finder.
"},{"location":"commands/misc/cyclic/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count Number of characters to print from the sequence (default: print the entire sequence) (default: 100) filename Name (path) of the file to save the cyclic pattern to"},{"location":"commands/misc/cyclic/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --alphabet The alphabet to use in the cyclic pattern (default: abcdefghijklmnopqrstuvwxyz) -n --length Size of the unique subsequences (defaults to the pointer size for the current arch) -t --timeout Timeout in seconds for --detect (default: 2) -o --lookup Do a lookup instead of printing the sequence (accepts constant values as well as expressions) -d --detect Detect cyclic patterns in registers (Immediate values and memory pointed to by registers)"},{"location":"commands/misc/cyclic/#notes","title":"Notes","text":"
If you want to write the cyclic pattern to memory, use the spray command!
"},{"location":"commands/misc/cymbol/","title":"Cymbol","text":""},{"location":"commands/misc/cymbol/#cymbol","title":"cymbol","text":"
(only in GDB)
 
usage: cymbol [-h] {add,remove,edit,load,show,file,show-all} ...\n
 
Manage custom C structures in pwndbg. Supports project-specific auto-loading from .gdbinit.
"},{"location":"commands/misc/cymbol/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help subcommand Available subcommands"},{"location":"commands/misc/cymbol/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/cymbol/#notes","title":"Notes","text":"
The cymbol command loads custom C structs and symbols into the debugger using GCC under the hood.
 
Usage Example:     cymbol file --force ./structs.h
 
--force:     Use this flag to force symbol reloading, even if symbols with the same name already exist.
 
Warning:     If a loaded structure defines a symbol that already exists, the debugger may prefer the original     symbol or behave unexpectedly. It\u2019s recommended to use unique struct names to avoid     symbol conflicts.
 
Tip:     You can add this command to your .gdbinit file for automatic loading:         cymbol file --force ./path/to/structs.h
"},{"location":"commands/misc/down/","title":"Down","text":""},{"location":"commands/misc/down/#down","title":"down","text":"
(only in GDB)
 
usage: down [-h] [n]\n
 
Select and print stack frame called by this one.
 
Aliases: do, dow
"},{"location":"commands/misc/down/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help n The number of stack frames to go down. (default: 1)"},{"location":"commands/misc/down/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/dt/","title":"Dt","text":""},{"location":"commands/misc/dt/#dt","title":"dt","text":"
usage: dt [-h] typename [address]\n
 
Dump out information on a type (e.g. ucontext_t).
 
Optionally overlay that information at an address.
"},{"location":"commands/misc/dt/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help typename The name of the structure being dumped. Use quotes if the type contains spaces (e.g. \"struct malloc_state\"). address The address of the structure."},{"location":"commands/misc/dt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/dumpargs/","title":"Dumpargs","text":""},{"location":"commands/misc/dumpargs/#dumpargs","title":"dumpargs","text":"
usage: dumpargs [-h] [-f]\n
 
Prints determined arguments for call/syscall instruction.
 
Alias: args
"},{"location":"commands/misc/dumpargs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --force Force displaying of all arguments."},{"location":"commands/misc/getfile/","title":"Getfile","text":""},{"location":"commands/misc/getfile/#getfile","title":"getfile","text":"
(only in GDB)
 
usage: getfile [-h]\n
 
Gets the current file.
"},{"location":"commands/misc/getfile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hex2ptr/","title":"Hex2ptr","text":""},{"location":"commands/misc/hex2ptr/#hex2ptr","title":"hex2ptr","text":"
usage: hex2ptr [-h] hex_string\n
 
Converts a space-separated hex string to a little-endian address.
"},{"location":"commands/misc/hex2ptr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help hex_string Hexadecimal string to convert (e.g., '00 70 75 c1 cd ef 59 00')."},{"location":"commands/misc/hex2ptr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hijack-fd/","title":"Hijack fd","text":""},{"location":"commands/misc/hijack-fd/#hijack-fd","title":"hijack-fd","text":"
usage: hijack-fd [-h] fdnum newfile\n
 
Replace a file descriptor of a debugged process.
 
The new file descriptor can point to:
 
     
  • a file
    •  
  • a pipe
    •  
  • a socket
    •  
  • a device, etc.
    •  
"},{"location":"commands/misc/hijack-fd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help fdnum File descriptor (FD) number to be replaced with the specified new socket or file. newfile Specify a file or a socket.  For files, the filename must start with / (e.g., /etc/passwd).  For sockets, the following formats are allowed: - 127.0.0.1:80 (default is TCP) - tcp://[::1]:80 - udp://example.com:80 - tcp+ipv6://example.com:80"},{"location":"commands/misc/hijack-fd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hijack-fd/#examples","title":"Examples","text":"
1. Redirect STDOUT to a file:\n   `hijack-fd 1 /dev/null`\n\n2. Redirect STDERR to a socket:\n   `hijack-fd 2 tcp://localhost:8888`\n
"},{"location":"commands/misc/ipi/","title":"Ipi","text":""},{"location":"commands/misc/ipi/#ipi","title":"ipi","text":"
(only in GDB)
 
usage: ipi [-h]\n
 
Start an interactive IPython prompt.
"},{"location":"commands/misc/ipi/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch-list/","title":"Patch list","text":""},{"location":"commands/misc/patch-list/#patch-list","title":"patch-list","text":"
usage: patch-list [-h]\n
 
List all patches.
"},{"location":"commands/misc/patch-list/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch-revert/","title":"Patch revert","text":""},{"location":"commands/misc/patch-revert/#patch-revert","title":"patch-revert","text":"
usage: patch-revert [-h] address\n
 
Revert patch at given address.
"},{"location":"commands/misc/patch-revert/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to revert patch on"},{"location":"commands/misc/patch-revert/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch/","title":"Patch","text":""},{"location":"commands/misc/patch/#patch","title":"patch","text":"
usage: patch [-h] [-q] address ins\n
 
Patches given instruction with given code or bytes.
"},{"location":"commands/misc/patch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to patch ins instruction[s]"},{"location":"commands/misc/patch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -q --quiet don't print anything"},{"location":"commands/misc/plist/","title":"Plist","text":""},{"location":"commands/misc/plist/#plist","title":"plist","text":"
usage: plist [-h] [-s SENTINEL] [-i INNER_NAME] [-f FIELD_NAME] [-o OFFSET]\n             [-c COUNT]\n             path next\n
 
Dumps the elements of a linked list.
 
This command traverses the linked list beginning at a given element, dumping its contents and the contents of all the elements that come after it in the list. Traversal is configurable and can handle multiple types of linked lists, but will always stop when a cycle is detected.
 
The path to the first element can be any GDB expression that evaluates to either the first element directly, or a to pointer to it. The next element is the name of the field containing the next pointer, in either the structure itself or in the structure given by --inner.
 
An address value may be given with --sentinel that signals the end of the list. By default, the value used is NULL (0).
 
If only one field inside each node is desired, it can be printed exclusively by specifying its name with --field.
 
This command supports traversing three types of linked lists, classified by how the next pointer can be found in the structure and what type it is:     1 - Next pointer is field of structure, type is the same as structure.     2 - Next pointer is field of inner nested structure, pointed to type is the         same as outer structure.     3 - Next pointer is field of inner nested structure, pointed to type is the         same as inner structure. Types 2 and 3 require --inner to be specified.
 
Example 1:
 
struct node {\n    int value;\n    struct node *next;\n};\nstruct node node_c = { 2, NULL };\nstruct node node_b = { 1, &node_c };\nstruct node node_a = { 0, &node_b };\n
 
pwndbg> plist node_a next 0x4000011050 : {   value = 0,   next = 0x4000011040  } 0x4000011040 : {   value = 1,   next = 0x4000011010  } 0x4000011010 : {   value = 2,   next = 0x0 } 
Example 2:
 
struct node_inner_a {\n    struct node_inner_a *next;\n};\nstruct inner_a_node {\n    int value;\n    struct node_inner_a inner;\n};\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\n
 
pwndbg> plist inner_a_node_a -i inner next 0x4000011070 : {   value = 0,   inner = {     next = 0x4000011068    } } 0x4000011060 : {   value = 1,   inner = {     next = 0x4000011028    } } 0x4000011020 : {   value = 2,   inner = {     next = 0x0   } } 
Example 3:
 
struct inner_b_node;\nstruct node_inner_b {\n    struct inner_b_node *next;\n};\nstruct inner_b_node {\n    int value;\n    struct node_inner_b inner;\n};\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\n
 
pwndbg> plist inner_b_node_a -i inner next 0x4000011090 : {   value = 0,   inner = {     next = 0x4000011080    } } 0x4000011080 : {   value = 1,   inner = {     next = 0x4000011030    } } 0x4000011030 : {   value = 2,   inner = {     next = 0x0   } }"},{"location":"commands/misc/plist/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help path The first element of the linked list next The name of the field pointing to the next element in the list"},{"location":"commands/misc/plist/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -s --sentinel The address that stands in for an end of list marker in a non-cyclic list (default: 0) -i --inner The name of the inner nested structure where the next pointer is stored -f --field The name of the field to be displayed, if only one is desired -o --offset The offset of the first list element to display. Defaults to zero. (default: 0) -c --count The number of elements to display. Defaults to the value of dereference-limit."},{"location":"commands/misc/sigreturn/","title":"Sigreturn","text":""},{"location":"commands/misc/sigreturn/#sigreturn","title":"sigreturn","text":"
usage: sigreturn [-h] [-a] [-p] [address]\n
 
Display the SigreturnFrame at the specific address
"},{"location":"commands/misc/sigreturn/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to read the frame from"},{"location":"commands/misc/sigreturn/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Show all values in the frame in addition to common registers -p --print Show addresses of frame values"},{"location":"commands/misc/spray/","title":"Spray","text":""},{"location":"commands/misc/spray/#spray","title":"spray","text":"
usage: spray [-h] [--value VALUE] [-x] addr [length]\n
 
Spray memory with cyclic() generated values
"},{"location":"commands/misc/spray/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address to spray length Length of byte sequence, when unspecified sprays until the end of vmmap which address belongs to (default: 0)"},{"location":"commands/misc/spray/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --value Value to spray memory with, when prefixed with '0x' treated as hex string encoded big-endian -x --only-funcptrs Spray only addresses whose values points to executable pages"},{"location":"commands/misc/tips/","title":"Tips","text":""},{"location":"commands/misc/tips/#tips","title":"tips","text":"
usage: tips [-h] [-a]\n
 
Shows tips.
"},{"location":"commands/misc/tips/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Show all tips."},{"location":"commands/misc/up/","title":"Up","text":""},{"location":"commands/misc/up/#up","title":"up","text":"
(only in GDB)
 
usage: up [-h] [n]\n
 
Select and print stack frame that called this one.
"},{"location":"commands/misc/up/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help n The number of stack frames to go up. (default: 1)"},{"location":"commands/misc/up/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/valist/","title":"Valist","text":""},{"location":"commands/misc/valist/#valist","title":"valist","text":"
usage: valist [-h] addr [count]\n
 
Dumps the arguments of a va_list.
"},{"location":"commands/misc/valist/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the va_list count Number of arguments to dump (default: 8)"},{"location":"commands/misc/valist/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/vmmap-load/","title":"Vmmap load","text":""},{"location":"commands/misc/vmmap-load/#vmmap-load","title":"vmmap-load","text":"
usage: vmmap-load [-h] [filename]\n
 
Load virtual memory map pages from ELF file.
"},{"location":"commands/misc/vmmap-load/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filename ELF filename, by default uses current loaded filename."},{"location":"commands/misc/vmmap-load/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/musl/mallocng-dump/","title":"Mallocng dump","text":""},{"location":"commands/musl/mallocng-dump/#mallocng-dump","title":"mallocng-dump","text":"
usage: mallocng-dump [-h] [-ma META_AREA]\n
 
Dump the mallocng heap.
 
May produce lots of output.
 
Alias: ng-dump
"},{"location":"commands/musl/mallocng-dump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -ma --meta-area Dump only the meta area at the provided address."},{"location":"commands/musl/mallocng-dump/#notes","title":"Notes","text":"
Since the command may produce lots of output, you may want to pipe it to less with | ng-dump | less -R.
 
The [index] next to the metas is their index in the doubly linked list pointed to by ctx.freed_meta_head. The [index] next to the slots is the slot's index inside of its group (thus, these will always be sequential).
 
Notice that the pointers in the output of this command aren't colored according to their mapping's color but rather according to the object's allocation status. Color legend: allocated; freed; available.
"},{"location":"commands/musl/mallocng-explain/","title":"Mallocng explain","text":""},{"location":"commands/musl/mallocng-explain/#mallocng-explain","title":"mallocng-explain","text":"
usage: mallocng-explain [-h]\n
 
Gives a quick explanation of musl's mallocng allocator.
 
Alias: ng-explain
"},{"location":"commands/musl/mallocng-explain/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/musl/mallocng-find/","title":"Mallocng find","text":""},{"location":"commands/musl/mallocng-find/#mallocng-find","title":"mallocng-find","text":"
usage: mallocng-find [-h] [-a] [-m] [-s] address\n
 
Find slot which contains the given address.
 
Returns the start of the slot. We say a slot 'contains' an address if the address is in [start, start + stride).
 
Alias: ng-find
"},{"location":"commands/musl/mallocng-find/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to look for."},{"location":"commands/musl/mallocng-find/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Print out all information. Including meta and group data. -m --metadata If the given address falls onto some in-band metadata, return the slot which owns that metadata. In other words, the containment check becomes [start - IB, end). -s --shallow Return the biggest slot which contains this address, don't recurse for smaller slots. The group  which owns this slot will not be a nested group."},{"location":"commands/musl/mallocng-group/","title":"Mallocng group","text":""},{"location":"commands/musl/mallocng-group/#mallocng-group","title":"mallocng-group","text":"
usage: mallocng-group [-h] [-i INDEX] address\n
 
Print out information about a mallocng group at the given address.
 
Alias: ng-group
"},{"location":"commands/musl/mallocng-group/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address of the group object."},{"location":"commands/musl/mallocng-group/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -i --index Print start address of slot at given index (0-indexed)."},{"location":"commands/musl/mallocng-malloc-context/","title":"Mallocng malloc context","text":""},{"location":"commands/musl/mallocng-malloc-context/#mallocng-malloc-context","title":"mallocng-malloc-context","text":"
usage: mallocng-malloc-context [-h] [address]\n
 
Print out the mallocng __malloc_context (ctx) object.
 
Alias: ng-ctx
"},{"location":"commands/musl/mallocng-malloc-context/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Use the provided address instead of the one Pwndbg found."},{"location":"commands/musl/mallocng-malloc-context/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/musl/mallocng-meta-area/","title":"Mallocng meta area","text":""},{"location":"commands/musl/mallocng-meta-area/#mallocng-meta-area","title":"mallocng-meta-area","text":"
usage: mallocng-meta-area [-h] [-i INDEX] address\n
 
Print out a mallocng meta_area object at the given address.
 
Aliases: ng-metaarea, ng-ma
"},{"location":"commands/musl/mallocng-meta-area/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address of the meta_area object."},{"location":"commands/musl/mallocng-meta-area/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -i --index Print address of meta at given index (0-indexed)."},{"location":"commands/musl/mallocng-meta/","title":"Mallocng meta","text":""},{"location":"commands/musl/mallocng-meta/#mallocng-meta","title":"mallocng-meta","text":"
usage: mallocng-meta [-h] address\n
 
Print out information about a mallocng group given the address of its meta.
 
Alias: ng-meta
"},{"location":"commands/musl/mallocng-meta/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address of the meta object."},{"location":"commands/musl/mallocng-meta/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/musl/mallocng-slot-start/","title":"Mallocng slot start","text":""},{"location":"commands/musl/mallocng-slot-start/#mallocng-slot-start","title":"mallocng-slot-start","text":"
usage: mallocng-slot-start [-h] [-a] address\n
 
Dump information about a mallocng slot, given its start address.
 
Alias: ng-slots
"},{"location":"commands/musl/mallocng-slot-start/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The start of the slot (not including IB)."},{"location":"commands/musl/mallocng-slot-start/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Print out all information. Including meta and group data."},{"location":"commands/musl/mallocng-slot-user/","title":"Mallocng slot user","text":""},{"location":"commands/musl/mallocng-slot-user/#mallocng-slot-user","title":"mallocng-slot-user","text":"
usage: mallocng-slot-user [-h] [-a] address\n
 
Dump information about a mallocng slot, given its user address.
 
Alias: ng-slotu
"},{"location":"commands/musl/mallocng-slot-user/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The start of user memory. Referred to as p in the source."},{"location":"commands/musl/mallocng-slot-user/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Print out all information. Including meta and group data."},{"location":"commands/musl/mallocng-visualize-slots/","title":"Mallocng visualize slots","text":""},{"location":"commands/musl/mallocng-visualize-slots/#mallocng-visualize-slots","title":"mallocng-visualize-slots","text":"
usage: mallocng-visualize-slots [-h] address [count]\n
 
Visualize slots in a group.
 
Alias: ng-vis
"},{"location":"commands/musl/mallocng-visualize-slots/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address which is inside some slot. count The amount of slots to visualize. (default: 10)"},{"location":"commands/musl/mallocng-visualize-slots/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/process/killthreads/","title":"Killthreads","text":""},{"location":"commands/process/killthreads/#killthreads","title":"killthreads","text":"
(only in GDB)
 
usage: killthreads [-h] [-a] [thread_ids ...]\n
 
Kill all or given threads.
 
Switches to given threads and calls pthread_exit(0) on them. This is performed with scheduler-locking to prevent other threads from operating at the same time.
 
Killing all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).
"},{"location":"commands/process/killthreads/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help thread_ids Thread IDs to kill."},{"location":"commands/process/killthreads/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Kill all threads except the current one."},{"location":"commands/process/pid/","title":"Pid","text":""},{"location":"commands/process/pid/#pid","title":"pid","text":"
usage: pid [-h]\n
 
Gets the pid.
 
Alias: getpid
"},{"location":"commands/process/pid/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/process/procinfo/","title":"Procinfo","text":""},{"location":"commands/process/procinfo/#procinfo","title":"procinfo","text":"
usage: procinfo [-h]\n
 
Display information about the running process.
"},{"location":"commands/process/procinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/bugreport/","title":"Bugreport","text":""},{"location":"commands/pwndbg/bugreport/#bugreport","title":"bugreport","text":"
usage: bugreport [-h] [--run-browser | --use-gh]\n
 
Generate a bug report.
"},{"location":"commands/pwndbg/bugreport/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -b --run-browser Open browser on github/issues/new -g --use-gh Create issue using Github CLI"},{"location":"commands/pwndbg/config/","title":"Config","text":""},{"location":"commands/pwndbg/config/#config","title":"config","text":"
usage: config [-h] [filter_pattern]\n
 
Shows Pwndbg-specific configuration.
"},{"location":"commands/pwndbg/config/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to config parameters names/descriptions"},{"location":"commands/pwndbg/config/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/configfile/","title":"Configfile","text":""},{"location":"commands/pwndbg/configfile/#configfile","title":"configfile","text":"
(only in GDB)
 
usage: configfile [-h] [--show-all]\n
 
Generates a configuration file for the current Pwndbg options.
"},{"location":"commands/pwndbg/configfile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-all Display all configuration options."},{"location":"commands/pwndbg/heap-config/","title":"Heap config","text":""},{"location":"commands/pwndbg/heap-config/#heap-config","title":"heap-config","text":"
usage: heap-config [-h] [filter_pattern]\n
 
Shows heap related configuration.
"},{"location":"commands/pwndbg/heap-config/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to config parameters names/descriptions"},{"location":"commands/pwndbg/heap-config/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/memoize/","title":"Memoize","text":""},{"location":"commands/pwndbg/memoize/#memoize","title":"memoize","text":"
usage: memoize [-h]\n
 
Toggles memoization (caching).
 
Useful for diagnosing caching-related bugs. Decreases performance.
"},{"location":"commands/pwndbg/memoize/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/profiler/","title":"Profiler","text":""},{"location":"commands/pwndbg/profiler/#profiler","title":"profiler","text":"
usage: profiler [-h] {start,stop} ...\n
 
Utilities for profiling Pwndbg.
 
Check out the ./profiling folder for other useful utilities. Use ./profiling/print_stats.py to generate a report from a .pstats file.
"},{"location":"commands/pwndbg/profiler/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help command"},{"location":"commands/pwndbg/profiler/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/pwndbg/","title":"Pwndbg","text":""},{"location":"commands/pwndbg/pwndbg/#pwndbg","title":"pwndbg","text":"
usage: pwndbg [-h] [-c CATEGORY_ | --list-categories] [filter_pattern]\n
 
Prints out a list of all Pwndbg commands.
"},{"location":"commands/pwndbg/pwndbg/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to commands names/docs"},{"location":"commands/pwndbg/pwndbg/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -c --category Filter commands by category --list-categories List command categories"},{"location":"commands/pwndbg/reinit-pwndbg/","title":"Reinit pwndbg","text":""},{"location":"commands/pwndbg/reinit-pwndbg/#reinit-pwndbg","title":"reinit-pwndbg","text":"
(only in GDB)
 
usage: reinit-pwndbg [-h]\n
 
Makes Pwndbg reinitialize all state.
"},{"location":"commands/pwndbg/reinit-pwndbg/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/reload/","title":"Reload","text":""},{"location":"commands/pwndbg/reload/#reload","title":"reload","text":"
(only in GDB)
 
usage: reload [-h]\n
 
Reload Pwndbg.
"},{"location":"commands/pwndbg/reload/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/theme/","title":"Theme","text":""},{"location":"commands/pwndbg/theme/#theme","title":"theme","text":"
usage: theme [-h] [filter_pattern]\n
 
Shows Pwndbg-specific theme configuration.
"},{"location":"commands/pwndbg/theme/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to theme parameters names/descriptions"},{"location":"commands/pwndbg/theme/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/themefile/","title":"Themefile","text":""},{"location":"commands/pwndbg/themefile/#themefile","title":"themefile","text":"
(only in GDB)
 
usage: themefile [-h] [--show-all]\n
 
Generates a configuration file for the current Pwndbg theme options.
"},{"location":"commands/pwndbg/themefile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-all Force displaying of all theme options."},{"location":"commands/pwndbg/version/","title":"Version","text":""},{"location":"commands/pwndbg/version/#version","title":"version","text":"
(only in GDB)
 
usage: version [-h]\n
 
Displays Pwndbg and its important deps versions.
"},{"location":"commands/pwndbg/version/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/cpsr/","title":"Cpsr","text":""},{"location":"commands/register/cpsr/#cpsr","title":"cpsr","text":"
usage: cpsr [-h] [cpsr_value]\n
 
Print out ARM CPSR or xPSR register.
 
Aliases: xpsr, pstate
"},{"location":"commands/register/cpsr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help cpsr_value Parse the given CPSR value instead of the actual one."},{"location":"commands/register/cpsr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/fsbase/","title":"Fsbase","text":""},{"location":"commands/register/fsbase/#fsbase","title":"fsbase","text":"
(only in GDB)
 
usage: fsbase [-h]\n
 
Prints out the FS base address. See also $fsbase.
"},{"location":"commands/register/fsbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/gsbase/","title":"Gsbase","text":""},{"location":"commands/register/gsbase/#gsbase","title":"gsbase","text":"
(only in GDB)
 
usage: gsbase [-h]\n
 
Prints out the GS base address. See also $gsbase.
"},{"location":"commands/register/gsbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/setflag/","title":"Setflag","text":""},{"location":"commands/register/setflag/#setflag","title":"setflag","text":"
usage: setflag [-h] flag value\n
 
Modify the flags register.
 
Alias: flag
"},{"location":"commands/register/setflag/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help flag Flag for which you want to change the value value Value to which you want to set the flag - only valid options are 0 and 1"},{"location":"commands/register/setflag/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/setflag/#examples","title":"Examples","text":"
On X86/X64:\n    setflag ZF 1        -- set zero flag\n    setflag CF 0        -- unset carry flag\n\nOn ARM:\n    setflag Z 0         -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n    info reg eflags     -- on x86/x64\n    info reg cpsr/xpsr  -- on ARM (specific register may vary)\n
"},{"location":"commands/register/setflag/#notes","title":"Notes","text":"
This command supports flags registers that are defined for architectures in the pwndbg/regs.py file.
"},{"location":"commands/stack/canary/","title":"Canary","text":""},{"location":"commands/stack/canary/#canary","title":"canary","text":"
usage: canary [-h] [-a]\n
 
Print out the current stack canary.
"},{"location":"commands/stack/canary/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Print out stack canaries for all threads instead of the current thread only."},{"location":"commands/stack/retaddr/","title":"Retaddr","text":""},{"location":"commands/stack/retaddr/#retaddr","title":"retaddr","text":"
usage: retaddr [-h]\n
 
Print out the stack addresses that contain return addresses.
"},{"location":"commands/stack/retaddr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/stack/stack-explore/","title":"Stack explore","text":""},{"location":"commands/stack/stack-explore/#stack-explore","title":"stack-explore","text":"
usage: stack-explore [-h]\n
 
Explore stack from all threads.
"},{"location":"commands/stack/stack-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/stack/stack/","title":"Stack","text":""},{"location":"commands/stack/stack/#stack","title":"stack","text":"
usage: stack [-h] [-f] [-i] [count] [offset]\n
 
Dereferences on stack data with specified count and offset.
"},{"location":"commands/stack/stack/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count number of element to dump (default: 8) offset Element offset from $sp (support negative offset) (default: 0)"},{"location":"commands/stack/stack/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --frame Show the stack frame, from rsp to rbp -i --inverse Show reverse stack growth"},{"location":"commands/stack/stackf/","title":"Stackf","text":""},{"location":"commands/stack/stackf/#stackf","title":"stackf","text":"
usage: stackf [-h] [count] [offset]\n
 
Dereferences on stack data, printing the entire stack frame with specified count and offset .
"},{"location":"commands/stack/stackf/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count number of element to dump (default: 8) offset Element offset from $sp (support negative offset) (default: 0)"},{"location":"commands/stack/stackf/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/attachp/","title":"Attachp","text":""},{"location":"commands/start/attachp/#attachp","title":"attachp","text":"
(only in GDB)
 
usage: attachp [-h] [--no-truncate] [--retry] [--user USER] [-e] [-a] [target]\n
 
Attaches to a given pid, process name, process found with partial argv match or to a device file.
 
This command wraps the original GDB attach command to add the ability to debug a process with a given name or partial name match. In such cases, the process identifier is fetched via the pidof <name> command first. If no matches are found, then it uses the ps -eo pid,args command to search for partial name matches.
 
Original GDB attach command help:     Attach to a process or file outside of GDB.     This command attaches to another target, of the same type as your last     \"target\" command (\"info files\" will show your target stack).     The command may take as argument a process id or a device file.     For a process id, you must have permission to send the process a signal,     and it must have the same effective uid as the debugger.     When using \"attach\" with a process id, the debugger finds the     program running in the process, looking first in the current working     directory, or (if not found there) using the source file search path     (see the \"directory\" command).  You can also use the \"file\" command     to specify the program, and to load its symbol table.
"},{"location":"commands/start/attachp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target pid, process name, part of cmdline to be matched or device file to attach to (uses current loaded file name if not provided)"},{"location":"commands/start/attachp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-truncate dont truncate command args --retry retry until a target is found --user username or uid to filter by -e --exact get the pid only for an exact command name match -a --all get pids also for partial cmdline matches etc"},{"location":"commands/start/entry/","title":"Entry","text":""},{"location":"commands/start/entry/#entry","title":"entry","text":"
usage: entry [-h] [args ...]\n
 
Start the debugged program stopping at its entrypoint address.
 
Note that the entrypoint may not be the first instruction executed by the program. If you want to stop on the first executed instruction, use the GDB's starti command or LLDB's process launch -s.
 
Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable).  Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
 
With no arguments, uses arguments last specified (with \"run\" or \"set args\").  To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
 
To start the inferior without using a shell, use \"set startup-with-shell off\".
"},{"location":"commands/start/entry/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help args The arguments to run the binary with."},{"location":"commands/start/entry/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/sstart/","title":"Sstart","text":""},{"location":"commands/start/sstart/#sstart","title":"sstart","text":"
(only in GDB)
 
usage: sstart [-h]\n
 
Alias for 'tbreak __libc_start_main; run'.
"},{"location":"commands/start/sstart/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/start/","title":"Start","text":""},{"location":"commands/start/start/#start","title":"start","text":"
(only in GDB)
 
usage: start [-h] [args ...]\n
 
Start the debugged program stopping at the first convenient location from this list: main, _main, start, _start, init or _init. You may specify arguments to give it.
 
Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable).  Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
 
With no arguments, uses arguments last specified (with \"run\" or \"set args\").  To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
 
To start the inferior without using a shell, use \"set startup-with-shell off\".
 
Aliases: main, init
"},{"location":"commands/start/start/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help args The arguments to run the binary with."},{"location":"commands/start/start/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextcall/","title":"Nextcall","text":""},{"location":"commands/step_next_continue/nextcall/#nextcall","title":"nextcall","text":"
usage: nextcall [-h] [symbol_regex]\n
 
Breaks at the next call instruction.
"},{"location":"commands/step_next_continue/nextcall/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol_regex A regex matching the name of next symbol to be broken on before calling."},{"location":"commands/step_next_continue/nextcall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextjmp/","title":"Nextjmp","text":""},{"location":"commands/step_next_continue/nextjmp/#nextjmp","title":"nextjmp","text":"
usage: nextjmp [-h]\n
 
Breaks at the next jump instruction.
 
Alias: nextjump
"},{"location":"commands/step_next_continue/nextjmp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextproginstr/","title":"Nextproginstr","text":""},{"location":"commands/step_next_continue/nextproginstr/#nextproginstr","title":"nextproginstr","text":"
usage: nextproginstr [-h]\n
 
Breaks at the next instruction that belongs to the running program.
"},{"location":"commands/step_next_continue/nextproginstr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextret/","title":"Nextret","text":""},{"location":"commands/step_next_continue/nextret/#nextret","title":"nextret","text":"
usage: nextret [-h]\n
 
Breaks at next return-like instruction.
"},{"location":"commands/step_next_continue/nextret/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextsyscall/","title":"Nextsyscall","text":""},{"location":"commands/step_next_continue/nextsyscall/#nextsyscall","title":"nextsyscall","text":"
usage: nextsyscall [-h]\n
 
Breaks at the next syscall not taking branches.
 
Alias: nextsc
"},{"location":"commands/step_next_continue/nextsyscall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepover/","title":"Stepover","text":""},{"location":"commands/step_next_continue/stepover/#stepover","title":"stepover","text":"
usage: stepover [-h] [addr]\n
 
Breaks on the instruction after this one.
 
Alias: so
"},{"location":"commands/step_next_continue/stepover/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address to break after."},{"location":"commands/step_next_continue/stepover/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepret/","title":"Stepret","text":""},{"location":"commands/step_next_continue/stepret/#stepret","title":"stepret","text":"
usage: stepret [-h]\n
 
Breaks at next return-like instruction by 'stepping' to it.
"},{"location":"commands/step_next_continue/stepret/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepsyscall/","title":"Stepsyscall","text":""},{"location":"commands/step_next_continue/stepsyscall/#stepsyscall","title":"stepsyscall","text":"
usage: stepsyscall [-h]\n
 
Breaks at the next syscall by taking branches.
 
Alias: stepsc
"},{"location":"commands/step_next_continue/stepsyscall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepuntilasm/","title":"Stepuntilasm","text":""},{"location":"commands/step_next_continue/stepuntilasm/#stepuntilasm","title":"stepuntilasm","text":"
usage: stepuntilasm [-h] mnemonic [op_str ...]\n
 
Breaks on the next matching instruction.
"},{"location":"commands/step_next_continue/stepuntilasm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help mnemonic The mnemonic of the instruction op_str The operands of the instruction"},{"location":"commands/step_next_continue/stepuntilasm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/xuntil/","title":"Xuntil","text":""},{"location":"commands/step_next_continue/xuntil/#xuntil","title":"xuntil","text":"
(only in GDB)
 
usage: xuntil [-h] target\n
 
Continue execution until an address or expression.
"},{"location":"commands/step_next_continue/xuntil/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target Location to stop execution at"},{"location":"commands/step_next_continue/xuntil/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bc/","title":"Bc","text":""},{"location":"commands/windbg/bc/#bc","title":"bc","text":"
(only in GDB)
 
usage: bc [-h] [which]\n
 
Clear the breakpoint with the specified index.
"},{"location":"commands/windbg/bc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to clear. (default: '*')"},{"location":"commands/windbg/bc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bd/","title":"Bd","text":""},{"location":"commands/windbg/bd/#bd","title":"bd","text":"
(only in GDB)
 
usage: bd [-h] [which]\n
 
Disable the breakpoint with the specified index.
"},{"location":"commands/windbg/bd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to disable. (default: '*')"},{"location":"commands/windbg/bd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/be/","title":"Be","text":""},{"location":"commands/windbg/be/#be","title":"be","text":"
(only in GDB)
 
usage: be [-h] [which]\n
 
Enable the breakpoint with the specified index.
"},{"location":"commands/windbg/be/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to enable. (default: '*')"},{"location":"commands/windbg/be/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bl/","title":"Bl","text":""},{"location":"commands/windbg/bl/#bl","title":"bl","text":"
(only in GDB)
 
usage: bl [-h]\n
 
List breakpoints.
"},{"location":"commands/windbg/bl/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bp/","title":"Bp","text":""},{"location":"commands/windbg/bp/#bp","title":"bp","text":"
(only in GDB)
 
usage: bp [-h] where\n
 
Set a breakpoint at the specified address.
"},{"location":"commands/windbg/bp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help where The address to break at."},{"location":"commands/windbg/bp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/da/","title":"Da","text":""},{"location":"commands/windbg/da/#da","title":"da","text":"
usage: da [-h] address [max]\n
 
Dump a string at the specified address.
"},{"location":"commands/windbg/da/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump max Maximum string length (default: 256)"},{"location":"commands/windbg/da/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/db/","title":"Db","text":""},{"location":"commands/windbg/db/#db","title":"db","text":"
usage: db [-h] address [count]\n
 
Starting at the specified address, dump N bytes.
"},{"location":"commands/windbg/db/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of bytes to dump. (default: 64)"},{"location":"commands/windbg/db/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dc/","title":"Dc","text":""},{"location":"commands/windbg/dc/#dc","title":"dc","text":"
usage: dc [-h] address [count]\n
 
Starting at the specified address, hexdump.
"},{"location":"commands/windbg/dc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of bytes to hexdump. (default: 8)"},{"location":"commands/windbg/dc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dd/","title":"Dd","text":""},{"location":"commands/windbg/dd/#dd","title":"dd","text":"
usage: dd [-h] address [count]\n
 
Starting at the specified address, dump N dwords.
"},{"location":"commands/windbg/dd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of dwords to dump. (default: 16)"},{"location":"commands/windbg/dd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dds/","title":"Dds","text":""},{"location":"commands/windbg/dds/#dds","title":"dds","text":"
usage: dds [-h] addr\n
 
Dump pointers and symbols at the specified address.
 
Aliases: kd, dps, dqs
"},{"location":"commands/windbg/dds/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address to dump from."},{"location":"commands/windbg/dds/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dq/","title":"Dq","text":""},{"location":"commands/windbg/dq/#dq","title":"dq","text":"
usage: dq [-h] address [count]\n
 
Starting at the specified address, dump N qwords.
"},{"location":"commands/windbg/dq/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of qwords to dump. (default: 8)"},{"location":"commands/windbg/dq/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ds/","title":"Ds","text":""},{"location":"commands/windbg/ds/#ds","title":"ds","text":"
usage: ds [-h] address [max]\n
 
Dump a string at the specified address.
"},{"location":"commands/windbg/ds/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump max Maximum string length (default: 256)"},{"location":"commands/windbg/ds/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dw/","title":"Dw","text":""},{"location":"commands/windbg/dw/#dw","title":"dw","text":"
usage: dw [-h] address [count]\n
 
Starting at the specified address, dump N words.
"},{"location":"commands/windbg/dw/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of words to dump. (default: 32)"},{"location":"commands/windbg/dw/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eb/","title":"Eb","text":""},{"location":"commands/windbg/eb/#eb","title":"eb","text":"
usage: eb [-h] address [data ...]\n
 
Write hex bytes at the specified address.
"},{"location":"commands/windbg/eb/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The bytes to write."},{"location":"commands/windbg/eb/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ed/","title":"Ed","text":""},{"location":"commands/windbg/ed/#ed","title":"ed","text":"
usage: ed [-h] address [data ...]\n
 
Write hex dwords at the specified address.
"},{"location":"commands/windbg/ed/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The dwords to write."},{"location":"commands/windbg/ed/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eq/","title":"Eq","text":""},{"location":"commands/windbg/eq/#eq","title":"eq","text":"
usage: eq [-h] address [data ...]\n
 
Write hex qwords at the specified address.
"},{"location":"commands/windbg/eq/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The qwords to write."},{"location":"commands/windbg/eq/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ew/","title":"Ew","text":""},{"location":"commands/windbg/ew/#ew","title":"ew","text":"
usage: ew [-h] address [data ...]\n
 
Write hex words at the specified address.
"},{"location":"commands/windbg/ew/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The words to write."},{"location":"commands/windbg/ew/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ez/","title":"Ez","text":""},{"location":"commands/windbg/ez/#ez","title":"ez","text":"
usage: ez [-h] address data\n
 
Write a string at the specified address.
"},{"location":"commands/windbg/ez/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The string to write."},{"location":"commands/windbg/ez/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eza/","title":"Eza","text":""},{"location":"commands/windbg/eza/#eza","title":"eza","text":"
usage: eza [-h] address data\n
 
Write a string at the specified address.
"},{"location":"commands/windbg/eza/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The string to write."},{"location":"commands/windbg/eza/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/go/","title":"Go","text":""},{"location":"commands/windbg/go/#go","title":"go","text":"
(only in GDB)
 
usage: go [-h]\n
 
WinDbg compatibility alias for 'continue' command.
"},{"location":"commands/windbg/go/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/k/","title":"K","text":""},{"location":"commands/windbg/k/#k","title":"k","text":"
(only in GDB)
 
usage: k [-h]\n
 
Print a backtrace (alias 'bt').
"},{"location":"commands/windbg/k/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ln/","title":"Ln","text":""},{"location":"commands/windbg/ln/#ln","title":"ln","text":"
usage: ln [-h] [value]\n
 
List the symbols nearest to the provided value.
"},{"location":"commands/windbg/ln/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help value The address you want the name of."},{"location":"commands/windbg/ln/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/pc/","title":"Pc","text":""},{"location":"commands/windbg/pc/#pc","title":"pc","text":"
usage: pc [-h]\n
 
WinDbg compatibility alias for 'nextcall' command.
"},{"location":"commands/windbg/pc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/peb/","title":"Peb","text":""},{"location":"commands/windbg/peb/#peb","title":"peb","text":"
usage: peb [-h]\n
 
Not be windows.
"},{"location":"commands/windbg/peb/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"configuration/","title":"Configuration","text":"
Pwndbg can be configured in various ways. You can tune features, control what it displays, how it displays it, and even what is going on under the hood.
 
There are three \"scopes\" of configuration parameters currently:
 
     
  1. the config scope - for generic parameters
    2.  
  2. the heap scope - for heap-related parameters
    3.  
  3. the theme scope - for Pwndbg theming
    4.  
 
To see the parameters belonging to these scopes, use the config, heap-config, and theme commands respectively. You can also use the configfile and themefile commands to save your live configuration to a file which you can then load in your ~/.(gdb/lldb)init file (after sourcing Pwndbg!).
 
To see the value of any parameter, use show param-name. To set the value, use set param-name param-value. To see a more detailed description of the parameter use help set param-name.
 
If you wish to use a theme different from the default one, check out pwndbg/pwndbg-themes. If you made a theme yourself, feel free to open a PR!
"},{"location":"configuration/config/","title":"Config","text":""},{"location":"configuration/config/#config","title":"config","text":""},{"location":"configuration/config/#ai-anthropic-api-key","title":"ai-anthropic-api-key","text":"
(only in GDB)
 
Anthropic API key.
 
Defaults to ANTHROPIC_API_KEY environment variable if not set.
 
Default: ''  
"},{"location":"configuration/config/#ai-history-size","title":"ai-history-size","text":"
(only in GDB)
 
Maximum number of questions and answers to keep in the prompt.
 
Default: 3  
"},{"location":"configuration/config/#ai-max-tokens","title":"ai-max-tokens","text":"
(only in GDB)
 
The maximum number of tokens to return in the response.
 
Useful when limiting verbosity or conserving resources. Set to a lower value to restrict output.
 
Default: 100  
"},{"location":"configuration/config/#ai-model","title":"ai-model","text":"
(only in GDB)
 
The name of the large language model to query.
 
Changing this affects the behavior, response quality, and cost (if applicable) of AI responses.
 
Default: 'gpt-3.5-turbo'  
"},{"location":"configuration/config/#ai-ollama-endpoint","title":"ai-ollama-endpoint","text":"
(only in GDB)
 
Ollama API endpoint.
 
Defaults to OLLAMA_ENDPOINT environment variable if not set.
 
Default: ''  
"},{"location":"configuration/config/#ai-openai-api-key","title":"ai-openai-api-key","text":"
(only in GDB)
 
OpenAI API key.
 
Will default to OPENAI_API_KEY environment variable if not set.
 
Default: ''  
"},{"location":"configuration/config/#ai-show-usage","title":"ai-show-usage","text":"
(only in GDB)
 
Whether to show how many tokens are used with each OpenAI API call.
 
Default: off  
"},{"location":"configuration/config/#ai-stack-depth","title":"ai-stack-depth","text":"
(only in GDB)
 
Rows of stack context to include in the prompt for the ai command.
 
Default: 16  
"},{"location":"configuration/config/#ai-temperature","title":"ai-temperature","text":"
(only in GDB)
 
The temperature specification for the LLM query.
 
This controls the degree of randomness in the response.
 
Default: 0  
"},{"location":"configuration/config/#attachp-resolution-method","title":"attachp-resolution-method","text":"
(only in GDB)
 
How to determine the process to attach when multiple candidates exists.
 
Default: 'ask' Valid values: 'none', 'oldest', 'newest', 'ask'
"},{"location":"configuration/config/#auto-explore-auxv","title":"auto-explore-auxv","text":"
Stack exploration for AUXV information; it may be really slow.
 
Default: 'warn' Valid values: 'warn', 'yes', 'no'
"},{"location":"configuration/config/#auto-explore-pages","title":"auto-explore-pages","text":"
Whether to try to infer page permissions when memory maps are missing.
 
This command can cause errors.
 
Default: 'warn' Valid values: 'yes', 'warn', 'no'
"},{"location":"configuration/config/#auto-explore-stack","title":"auto-explore-stack","text":"
Stack exploration; it may be really slow.
 
Default: 'warn' Valid values: 'warn', 'yes', 'no'
"},{"location":"configuration/config/#auto-save-search","title":"auto-save-search","text":"
Automatically pass --save to \"search\" command.
 
Default: off  
"},{"location":"configuration/config/#bn-autosync","title":"bn-autosync","text":"
Whether to automatically run bn-sync every step.
 
Default: off  
"},{"location":"configuration/config/#bn-il-level","title":"bn-il-level","text":"
The IL level to use when displaying Binary Ninja decompilation.
 
Default: 'hlil' Valid values: 'disasm', 'llil', 'mlil', 'hlil'
"},{"location":"configuration/config/#bn-rpc-host","title":"bn-rpc-host","text":"
Binary Ninja XML-RPC server host.
 
Default: '127.0.0.1'  
"},{"location":"configuration/config/#bn-rpc-port","title":"bn-rpc-port","text":"
Binary Ninja XML-RPC server port.
 
Default: 43717  
"},{"location":"configuration/config/#bn-timeout","title":"bn-timeout","text":"
Time to wait for Binary Ninja XML-RPC, in seconds.
 
Default: 2  
"},{"location":"configuration/config/#context-backtrace-lines","title":"context-backtrace-lines","text":"
Number of lines to print in the backtrace context.
 
Default: 8  
"},{"location":"configuration/config/#context-clear-screen","title":"context-clear-screen","text":"
Whether to clear the screen before printing the context.
 
Default: off  
"},{"location":"configuration/config/#context-code-lines","title":"context-code-lines","text":"
Number of source code lines to print by the context command.
 
Default: 10  
"},{"location":"configuration/config/#context-code-tabstop","title":"context-code-tabstop","text":"
Number of spaces that a  in the source code counts for. 
Default: 8  
"},{"location":"configuration/config/#context-disasm-lines","title":"context-disasm-lines","text":"
Number of additional lines to print in the disasm context.
 
Default: 10  
"},{"location":"configuration/config/#context-ghidra","title":"context-ghidra","text":"
When to try to decompile the current function with ghidra.
 
Doing this is slow and requires radare2/r2pipe or rizin/rzpipe.
 
Default: 'never' Valid values: 'always', 'never', 'if-no-source'
"},{"location":"configuration/config/#context-history-size","title":"context-history-size","text":"
Number of context history entries to store.
 
Default: 50  
"},{"location":"configuration/config/#context-integration-decompile","title":"context-integration-decompile","text":"
Whether context should fall back to decompilation with no source code.
 
Default: on  
"},{"location":"configuration/config/#context-max-threads","title":"context-max-threads","text":"
Maximum number of threads displayed by the context command.
 
Default: 4  
"},{"location":"configuration/config/#context-output","title":"context-output","text":"
Where Pwndbg should output (\"stdout\" or file/tty).
 
Default: 'stdout'  
"},{"location":"configuration/config/#context-reserve-lines","title":"context-reserve-lines","text":"
When to reserve lines after the prompt to reduce context shake.
 
The \"if-ctx-fits\" setting only reserves lines if the whole context would still fit vertically in the current terminal window. It doesn't take into account line-wrapping due to insufficient terminal width.
 
Default: 'if-ctx-fits' Valid values: 'never', 'if-ctx-fits', 'always'
"},{"location":"configuration/config/#context-sections","title":"context-sections","text":"
Which context sections are displayed (controls order).
 
Default: 'regs disasm code ghidra stack backtrace expressions threads heap_tracker'  
"},{"location":"configuration/config/#context-stack-lines","title":"context-stack-lines","text":"
Number of lines to print in the stack context.
 
Default: 8  
"},{"location":"configuration/config/#cymbol-editor","title":"cymbol-editor","text":"
(only in GDB)
 
Path to the editor for editing custom structures.
 
Default: ''  
"},{"location":"configuration/config/#debug-events","title":"debug-events","text":"
(only in GDB)
 
Display internal event debugging info.
 
Default: off  
"},{"location":"configuration/config/#decompiler","title":"decompiler","text":"
Framework that your ghidra plugin installed.
 
Default: 'radare2' Valid values: 'radare2', 'rizin'
"},{"location":"configuration/config/#default-visualize-chunk-number","title":"default-visualize-chunk-number","text":"
Default number of chunks to visualize.
 
Default: 10  
"},{"location":"configuration/config/#dereference-limit","title":"dereference-limit","text":"
Max number of pointers to dereference in a chain.
 
Default: 5  
"},{"location":"configuration/config/#disasm-annotations","title":"disasm-annotations","text":"
Display annotations for instructions.
 
Default: on  
"},{"location":"configuration/config/#disasm-inline-symbols","title":"disasm-inline-symbols","text":"
Replacing constant operands with their symbol in the disassembly.
 
Default: on  
"},{"location":"configuration/config/#disasm-reg-alias","title":"disasm-reg-alias","text":"
Force the disassembly to use register aliases (e.g. aarch64 x29 -> fp).
 
The register aliasing is done by capstone, see: https://github.com/capstone-engine/capstone/blob/next/docs/cs_v6_release_guide.md#:~:text=None.-,Register%20alias,-Register%20alias%20
 
Enabling this may make disassembly slower.
 
Default: off  
"},{"location":"configuration/config/#disasm-telescope-depth","title":"disasm-telescope-depth","text":"
Depth of telescope for disasm annotations.
 
Default: 3  
"},{"location":"configuration/config/#disasm-telescope-string-length","title":"disasm-telescope-string-length","text":"
The number of characters in strings to display in disasm annotations.
 
Default: 50  
"},{"location":"configuration/config/#emulate","title":"emulate","text":"
Unicorn emulation of code from the current PC register.
 
Emulate can be:
 
     
  1. off             - no emulation is performed
    2.  
  2. jumps-only      - emulation is done only to resolve branch instructions
    3.  
  3. on              - emulation is done to resolve registers/memory values etc.
    4.  
 
Emulation can slow down Pwndbg. Disabling it may improve performance. Emulation requires >1GB RAM being available on the system and ability to allocate RWX memory.
 
Default: 'on' Valid values: 'on', 'off', 'jumps-only'
"},{"location":"configuration/config/#emulate-annotations","title":"emulate-annotations","text":"
Unicorn emulation for instruction annotations.
 
Refers to register and memory value annotations.
 
Default: on  
"},{"location":"configuration/config/#emulate-future-annotations","title":"emulate-future-annotations","text":"
Unicorn emulation for future instruction's annotations.
 
Default: on  
"},{"location":"configuration/config/#exception-debugger","title":"exception-debugger","text":"
Whether to debug exceptions raised in Pwndbg commands.
 
Default: off  
"},{"location":"configuration/config/#exception-verbose","title":"exception-verbose","text":"
Print a full stacktrace for exceptions raised in Pwndbg commands.
 
Default: off  
"},{"location":"configuration/config/#gcc-compiler-path","title":"gcc-compiler-path","text":"
(only in GDB)
 
Path to the gcc/g++ toolchain for generating imported symbols.
 
Default: ''  
"},{"location":"configuration/config/#gdb-workaround-stop-event","title":"gdb-workaround-stop-event","text":"
(only in GDB)
 
Asynchronous stop events to improve 'commands' functionality.
 
Note that this may cause unexpected behavior with Pwndbg or gdb.execute.
 
Values explained:
 
     
  • disabled - Disable the workaround (default).
    •  
  • disabled-deadlock - Disable only deadlock detection; deadlocks may still occur.
    •  
  • enabled - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).
    •  
 
Default: 'disabled' Valid values: 'disabled', 'disabled-deadlock', 'enabled'
"},{"location":"configuration/config/#go-dump-indent-amount","title":"go-dump-indent-amount","text":"
The indent amount for go-dump pretty printing.
 
Default: 4  
"},{"location":"configuration/config/#go-dump-line-width","title":"go-dump-line-width","text":"
The soft line width for go-dump pretty printing.
 
Default: 80  
"},{"location":"configuration/config/#hexdump-bytes","title":"hexdump-bytes","text":"
Number of bytes printed by hexdump command.
 
Default: 64  
"},{"location":"configuration/config/#hexdump-group-use-big-endian","title":"hexdump-group-use-big-endian","text":"
Use big-endian within each group of bytes in hexdump command.
 
When on, use big-endian within each group of bytes. Only applies to raw bytes, not the ASCII part. See also hexdump-highlight-group-lsb.
 
Default: off  
"},{"location":"configuration/config/#hexdump-group-width","title":"hexdump-group-width","text":"
Number of bytes grouped in hexdump command.
 
If -1, the architecture's pointer size is used.
 
Default: -1  
"},{"location":"configuration/config/#hexdump-limit-mb","title":"hexdump-limit-mb","text":"
The maximum size in megabytes (MB) hexdump will read.
 
Set the maximum size in megabytes (MB) that the hexdump command will attempt to read at once.     Prevents GDB crashes due to excessive memory allocation requests.     Set to 0 for unlimited (use with caution).
 
Default: 10  
"},{"location":"configuration/config/#hexdump-width","title":"hexdump-width","text":"
Line width of hexdump command.
 
Default: 16  
"},{"location":"configuration/config/#ida-rpc-host","title":"ida-rpc-host","text":"
(only in GDB)
 
Ida xmlrpc server address.
 
Default: '127.0.0.1'  
"},{"location":"configuration/config/#ida-rpc-port","title":"ida-rpc-port","text":"
(only in GDB)
 
Ida xmlrpc server port.
 
Default: 43718  
"},{"location":"configuration/config/#ida-timeout","title":"ida-timeout","text":"
(only in GDB)
 
Time to wait for ida xmlrpc in seconds.
 
Default: 2  
"},{"location":"configuration/config/#integration-function-lookup","title":"integration-function-lookup","text":"
Use integration to look up function type signatures.
 
Default: on  
"},{"location":"configuration/config/#integration-provider","title":"integration-provider","text":"
Which provider to use for integration features.
 
Default: 'none' Valid values: 'none', 'binja', 'ida'
"},{"location":"configuration/config/#integration-smart-enhance","title":"integration-smart-enhance","text":"
Use integration to determine when to disassemble during enhancing.
 
Default: on  
"},{"location":"configuration/config/#integration-symbol-lookup","title":"integration-symbol-lookup","text":"
Whether to use integration to look up unknown symbols.
 
Default: on  
"},{"location":"configuration/config/#kernel-vmmap","title":"kernel-vmmap","text":"
The method to get vmmap information when debugging via QEMU kernel.
 
Values explained:
 
     
  • page-tables - read /proc/$qemu-pid/mem to parse kernel page tables to render vmmap
    •  
  • monitor - use QEMU's monitor info mem to render vmmap
    •  
  • none - disable vmmap rendering; useful if rendering is particularly slow
    •  
 
Note that the page-tables method will require the QEMU kernel process to be on the same machine and within the same PID namespace. Running QEMU kernel and GDB in different Docker containers will not work. Consider running both containers with --pid=host (meaning they will see and so be able to interact with all processes on the machine).
 
Default: 'page-tables' Valid values: 'page-tables', 'monitor', 'none'
"},{"location":"configuration/config/#left-pad-disasm","title":"left-pad-disasm","text":"
Whether to left-pad disassembly.
 
Default: on  
"},{"location":"configuration/config/#max-decimal-number","title":"max-decimal-number","text":"
Show all numbers greater than this in hex.
 
For negative numbers, their absolute value is used.
 
Set the parameter to 'unlimited' if you want all values in decimal. Specially, set the parameter to zero if you want all values in hex.
 
The assembly instruction operands come from capstone, and are thus not controlled by this setting. For consistency with them, leave this setting at 9 (the default).
 
Default: 9  
"},{"location":"configuration/config/#max-visualize-chunk-size","title":"max-visualize-chunk-size","text":"
Max display size for heap chunks visualization (0 for display all).
 
Default: 0  
"},{"location":"configuration/config/#nearpc-backwards-lines","title":"nearpc-backwards-lines","text":"
Number of lines before the pc to print for the nearpc command.
 
Default: 5  
"},{"location":"configuration/config/#nearpc-integration-comments","title":"nearpc-integration-comments","text":"
Whether to show comments from integration provider.
 
Default: on  
"},{"location":"configuration/config/#nearpc-lines","title":"nearpc-lines","text":"
Number of lines to print for the nearpc command.
 
Default: 10  
"},{"location":"configuration/config/#nearpc-num-opcode-bytes","title":"nearpc-num-opcode-bytes","text":"
Number of opcode bytes to print for each instruction.
 
Default: 0  
"},{"location":"configuration/config/#nearpc-opcode-separator-bytes","title":"nearpc-opcode-separator-bytes","text":"
Number of spaces between opcode bytes.
 
Default: 1  
"},{"location":"configuration/config/#nearpc-show-args","title":"nearpc-show-args","text":"
Whether to show call arguments below instruction.
 
Default: on  
"},{"location":"configuration/config/#objc-max-function-arguments","title":"objc-max-function-arguments","text":"
Maximum number of arguments to resolve for an Objective-C method call.
 
Default: 32  
"},{"location":"configuration/config/#objc-max-function-types-depth","title":"objc-max-function-types-depth","text":"
Maximum allowed depth for a type in an Objective-C method call.
 
Default: 32  
"},{"location":"configuration/config/#safe-linking","title":"safe-linking","text":"
Whether glibc uses safe-linking.
 
Default: auto Valid values: on, off, auto.
"},{"location":"configuration/config/#show-compact-regs","title":"show-compact-regs","text":"
Whether to show a compact register view with columns.
 
Default: off  
"},{"location":"configuration/config/#show-compact-regs-columns","title":"show-compact-regs-columns","text":"
The number of columns (0 for dynamic number of columns).
 
Default: 2  
"},{"location":"configuration/config/#show-compact-regs-min-width","title":"show-compact-regs-min-width","text":"
The minimum width of each column.
 
Default: 20  
"},{"location":"configuration/config/#show-compact-regs-separation","title":"show-compact-regs-separation","text":"
The number of spaces separating columns.
 
Default: 4  
"},{"location":"configuration/config/#show-flags","title":"show-flags","text":"
Whether to show flags registers.
 
Default: off  
"},{"location":"configuration/config/#show-retaddr-reg","title":"show-retaddr-reg","text":"
Whether to show return address register.
 
Default: on  
"},{"location":"configuration/config/#show-tips","title":"show-tips","text":"
Whether to display the tip of the day on startup.
 
Default: on  
"},{"location":"configuration/config/#syntax-highlight","title":"syntax-highlight","text":"
Source code / assembly syntax highlight.
 
Default: on  
"},{"location":"configuration/config/#telescope-dont-skip-registers","title":"telescope-dont-skip-registers","text":"
Don't skip a repeated line if a registers points to it.
 
Default: on  
"},{"location":"configuration/config/#telescope-frame-print-retaddr","title":"telescope-frame-print-retaddr","text":"
Print one pointer past the stack frame.
 
Default: on  
"},{"location":"configuration/config/#telescope-framepointer-offset","title":"telescope-framepointer-offset","text":"
Print offset to framepointer for each address, if sufficiently small.
 
Default: on  
"},{"location":"configuration/config/#telescope-lines","title":"telescope-lines","text":"
Number of lines to printed by the telescope command.
 
Default: 8  
"},{"location":"configuration/config/#telescope-skip-repeating-val","title":"telescope-skip-repeating-val","text":"
Whether to skip repeating values of the telescope command.
 
Default: on  
"},{"location":"configuration/config/#telescope-skip-repeating-val-min","title":"telescope-skip-repeating-val-min","text":"
Minimum amount of repeated values before skipping lines.
 
Default: 3  
"},{"location":"configuration/config/#vmmap-prefer-relpaths","title":"vmmap-prefer-relpaths","text":"
Show relative paths by default in vmmap.
 
Default: on  
"},{"location":"configuration/heap/","title":"Heap","text":""},{"location":"configuration/heap/#heap","title":"heap","text":""},{"location":"configuration/heap/#glibc","title":"glibc","text":"
Glibc version for heap heuristics resolution (e.g. 2.31).
 
Default: ''  
"},{"location":"configuration/heap/#global-max-fast","title":"global-max-fast","text":"
The address of global_max_fast.
 
Default: '0'  
"},{"location":"configuration/heap/#heap-corruption-check-limit","title":"heap-corruption-check-limit","text":"
Amount of chunks to traverse for the bin corruption check.
 
The bins are traversed both forwards and backwards.
 
Default: 64  
"},{"location":"configuration/heap/#heap-dereference-limit","title":"heap-dereference-limit","text":"
Number of chunks to dereference in each bin.
 
Default: 8  
"},{"location":"configuration/heap/#main-arena","title":"main-arena","text":"
The address of main_arena.
 
Default: '0'  
"},{"location":"configuration/heap/#mp","title":"mp","text":"
The address of mp_.
 
Default: '0'  
"},{"location":"configuration/heap/#ng-search-on-fail","title":"ng-search-on-fail","text":"
Let the ng-slot* commands search the heap if necessary.
 
For freed, avail(able) and corrupted slots, it may be impossible to recover the start of the group and meta.
 
When this option is set to True, the ng-slotu and ng-slots commands will search the heap to try to find the correct meta/group.
 
Default: on  
"},{"location":"configuration/heap/#ng-vis-count","title":"ng-vis-count","text":"
Default count for ng-vis.
 
Default: 10  
"},{"location":"configuration/heap/#resolve-heap-via-heuristic","title":"resolve-heap-via-heuristic","text":"GDBLLDB 
The strategy to resolve heap via heuristic.
 
Values explained:
 
     
  • auto - Pwndbg will try to use heuristics if debug symbols are missing
    •  
  • force - Pwndbg will always try to use heuristics, even if debug symbols are available
    •  
  • never - Pwndbg will never use heuristics to resolve the heap
    •  
 
If the output of the heap related command produces errors with heuristics, you can try manually setting the libc symbol addresses. For this, see the heap_config command output and set the main_arena, mp_, global_max_fast, tcache and thread_arena addresses.
 
Note: Pwndbg will generate more reliable results with proper debug symbols. Therefore, when debug symbols are missing, you should try to install them first if you haven't already.
 
They can probably be installed via the package manager of your choice. See also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .
 
E.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and 32-bit binaries): 
sudo apt-get install libc6-dbg\nsudo dpkg --add-architecture i386\nsudo apt-get install libc-dbg:i386\n
 If you used setup.sh on Arch based distro you'll need to do a power cycle or set environment variable manually like this: 
export DEBUGINFOD_URLS=https://debuginfod.archlinux.org\n
 
In addition, even you have the debug symbols of libc, you might still see the following warning when debugging a multi-threaded program: 
warning: Unable to find libthread_db matching inferior's thread library, thread\ndebugging will not be available.\n
 
You'll need to ensure that the correct libthread_db.so is loaded. To do this, set the search path using: 
set libthread-db-search-path <path having correct libthread_db.so>\n
 Then, restart your program to enable proper thread debugging.
 
Default: 'auto' Valid values: 'auto', 'force', 'never'
 
The strategy to resolve heap via heuristic.
 
Values explained:
 
     
  • auto - Pwndbg will try to use heuristics if debug symbols are missing
    •  
  • force - Pwndbg will always try to use heuristics, even if debug symbols are available
    •  
  • never - Pwndbg will never use heuristics to resolve the heap
    •  
 
If the output of the heap related command produces errors with heuristics, you can try manually setting the libc symbol addresses. For this, see the heap_config command output and set the main_arena, mp_, global_max_fast, tcache and thread_arena addresses.
 
Note: Pwndbg will generate more reliable results with proper debug symbols. Therefore, when debug symbols are missing, you should try to install them first if you haven't already.
 
They can probably be installed via the package manager of your choice. See also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .
 
E.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and 32-bit binaries): 
sudo apt-get install libc6-dbg\nsudo dpkg --add-architecture i386\nsudo apt-get install libc-dbg:i386\n
 If you used setup.sh on Arch based distro you'll need to do a power cycle or set environment variable manually like this: 
export DEBUGINFOD_URLS=https://debuginfod.archlinux.org\n
 
Default: 'auto' Valid values: 'auto', 'force', 'never'
"},{"location":"configuration/heap/#tcache","title":"tcache","text":"
The address pointed by tcache.
 
Default: '0'  
"},{"location":"configuration/heap/#thread-arena","title":"thread-arena","text":"
The address pointed by thread_arena.
 
Default: '0'  
"},{"location":"configuration/theme/","title":"Theme","text":""},{"location":"configuration/theme/#theme","title":"theme","text":""},{"location":"configuration/theme/#backtrace-address-color","title":"backtrace-address-color","text":"
Color for backtrace (address).
 
Default: 'none'  
"},{"location":"configuration/theme/#backtrace-frame-label","title":"backtrace-frame-label","text":"
Frame number label for backtrace.
 
Default: ''  
"},{"location":"configuration/theme/#backtrace-frame-label-color","title":"backtrace-frame-label-color","text":"
Color for backtrace (frame label).
 
Default: 'none'  
"},{"location":"configuration/theme/#backtrace-prefix","title":"backtrace-prefix","text":"
Prefix for current backtrace label.
 
Default: '\u25ba'  
"},{"location":"configuration/theme/#backtrace-prefix-color","title":"backtrace-prefix-color","text":"
Color for prefix of current backtrace label.
 
Default: 'none'  
"},{"location":"configuration/theme/#backtrace-symbol-color","title":"backtrace-symbol-color","text":"
Color for backtrace (symbol).
 
Default: 'none'  
"},{"location":"configuration/theme/#banner-color","title":"banner-color","text":"
Color for banner line.
 
Default: 'blue'  
"},{"location":"configuration/theme/#banner-separator","title":"banner-separator","text":"
Repeated banner separator character.
 
Default: '\u2500'  
"},{"location":"configuration/theme/#banner-title-color","title":"banner-title-color","text":"
Color for banner title.
 
Default: 'none'  
"},{"location":"configuration/theme/#banner-title-position","title":"banner-title-position","text":"
Banner title position.
 
Default: 'center' Valid values: 'center', 'left', 'right'
"},{"location":"configuration/theme/#banner-title-surrounding-left","title":"banner-title-surrounding-left","text":"
Banner title surrounding char (left side).
 
Default: '[ '  
"},{"location":"configuration/theme/#banner-title-surrounding-right","title":"banner-title-surrounding-right","text":"
Banner title surrounding char (right side).
 
Default: ' ]'  
"},{"location":"configuration/theme/#bn-decomp-style","title":"bn-decomp-style","text":"
Decompilation highlight theme for Binary Ninja.
 
Default: 'dark' Valid values: 'dark', 'light'
"},{"location":"configuration/theme/#chain-arrow-color","title":"chain-arrow-color","text":"
Color of chain formatting (arrow).
 
Default: 'normal'  
"},{"location":"configuration/theme/#chain-arrow-left","title":"chain-arrow-left","text":"
Left arrow of chain formatting.
 
Default: '\u25c2\u2014'  
"},{"location":"configuration/theme/#chain-arrow-right","title":"chain-arrow-right","text":"
Right arrow of chain formatting.
 
Default: '\u2014\u25b8'  
"},{"location":"configuration/theme/#chain-contiguous-marker","title":"chain-contiguous-marker","text":"
Contiguous marker of chain formatting.
 
Default: '...'  
"},{"location":"configuration/theme/#chain-contiguous-marker-color","title":"chain-contiguous-marker-color","text":"
Color of chain formatting (contiguous marker).
 
Default: 'normal'  
"},{"location":"configuration/theme/#code-prefix","title":"code-prefix","text":"
Prefix marker for 'context code' command.
 
Default: '\u25ba'  
"},{"location":"configuration/theme/#code-prefix-color","title":"code-prefix-color","text":"
Color for 'context code' command (prefix marker).
 
Default: 'none'  
"},{"location":"configuration/theme/#comment-color","title":"comment-color","text":"
Color for comment.
 
Default: 'gray'  
"},{"location":"configuration/theme/#context-flag-bracket-color","title":"context-flag-bracket-color","text":"
Color for flags register (bracket).
 
Default: 'none'  
"},{"location":"configuration/theme/#context-flag-changed-color","title":"context-flag-changed-color","text":"
Color for flags register (flag changed).
 
Default: 'underline'  
"},{"location":"configuration/theme/#context-flag-set-color","title":"context-flag-set-color","text":"
Color for flags register (flag set).
 
Default: 'green,bold'  
"},{"location":"configuration/theme/#context-flag-unset-color","title":"context-flag-unset-color","text":"
Color for flags register (flag unset).
 
Default: 'red'  
"},{"location":"configuration/theme/#context-flag-value-color","title":"context-flag-value-color","text":"
Color for flags register (register value).
 
Default: 'none'  
"},{"location":"configuration/theme/#context-register-changed-color","title":"context-register-changed-color","text":"
Color for registers label (change marker).
 
Default: 'red'  
"},{"location":"configuration/theme/#context-register-changed-marker","title":"context-register-changed-marker","text":"
Change marker for registers label.
 
Default: '*'  
"},{"location":"configuration/theme/#context-register-color","title":"context-register-color","text":"
Color for registers label.
 
Default: 'bold'  
"},{"location":"configuration/theme/#disable-colors","title":"disable-colors","text":"
Whether to color the output or not.
 
Default: off  
"},{"location":"configuration/theme/#disasm-branch-color","title":"disasm-branch-color","text":"
Color for disasm (branch/call instruction).
 
Default: 'bold'  
"},{"location":"configuration/theme/#disasm-branch-off","title":"disasm-branch-off","text":"
Marker for branches that will NOT be taken.
 
Default: '\u2718'  
"},{"location":"configuration/theme/#disasm-branch-on","title":"disasm-branch-on","text":"
Marker for branches that WILL be taken.
 
Default: '\u2714'  
"},{"location":"configuration/theme/#enhance-comment-color","title":"enhance-comment-color","text":"
Color of value enhance (comment).
 
Default: 'none'  
"},{"location":"configuration/theme/#enhance-integer-value-color","title":"enhance-integer-value-color","text":"
Color of value enhance (integer).
 
Default: 'none'  
"},{"location":"configuration/theme/#enhance-string-value-color","title":"enhance-string-value-color","text":"
Color of value enhance (string).
 
Default: 'none'  
"},{"location":"configuration/theme/#enhance-unknown-color","title":"enhance-unknown-color","text":"
Color of value enhance (unknown value).
 
Default: 'none'  
"},{"location":"configuration/theme/#go-dump-debug","title":"go-dump-debug","text":"
Color for 'go-dump' command's debug info when --debug is specified.
 
Default: 'blue'  
"},{"location":"configuration/theme/#hexdump-address-color","title":"hexdump-address-color","text":"
Color for hexdump command (address label).
 
Default: 'none'  
"},{"location":"configuration/theme/#hexdump-ascii-block-separator","title":"hexdump-ascii-block-separator","text":"
Block separator char of the hexdump command.
 
Default: '\u2502'  
"},{"location":"configuration/theme/#hexdump-byte-separator","title":"hexdump-byte-separator","text":"
Separator of single bytes in hexdump (does NOT affect group separator).
 
Default: ' '  
"},{"location":"configuration/theme/#hexdump-colorize-ascii","title":"hexdump-colorize-ascii","text":"
Whether to colorize the hexdump command ascii section.
 
Default: on  
"},{"location":"configuration/theme/#hexdump-highlight-group-lsb","title":"hexdump-highlight-group-lsb","text":"
Highlight LSB of each group.
 
Applies only if hexdump-use-big-endian actually changes byte order.
 
Default: 'underline'  
"},{"location":"configuration/theme/#hexdump-normal-color","title":"hexdump-normal-color","text":"
Color for hexdump command (normal bytes).
 
Default: 'none'  
"},{"location":"configuration/theme/#hexdump-offset-color","title":"hexdump-offset-color","text":"
Color for hexdump command (offset label).
 
Default: 'none'  
"},{"location":"configuration/theme/#hexdump-printable-color","title":"hexdump-printable-color","text":"
Color for hexdump command (printable characters).
 
Default: 'bold'  
"},{"location":"configuration/theme/#hexdump-separator-color","title":"hexdump-separator-color","text":"
Color for hexdump command (group separator).
 
Default: 'none'  
"},{"location":"configuration/theme/#hexdump-special-color","title":"hexdump-special-color","text":"
Color for hexdump command (special bytes).
 
Default: 'yellow'  
"},{"location":"configuration/theme/#hexdump-zero-color","title":"hexdump-zero-color","text":"
Color for hexdump command (zero bytes).
 
Default: 'red'  
"},{"location":"configuration/theme/#highlight-breakpoints","title":"highlight-breakpoints","text":"
Whether to highlight breakpoints.
 
Default: on  
"},{"location":"configuration/theme/#highlight-color","title":"highlight-color","text":"
Color added to highlights like source/pc.
 
Default: 'green,bold'  
"},{"location":"configuration/theme/#highlight-pc","title":"highlight-pc","text":"
Whether to highlight the current instruction.
 
Default: on  
"},{"location":"configuration/theme/#highlight-source","title":"highlight-source","text":"
Whether to highlight the closest source line.
 
Default: on  
"},{"location":"configuration/theme/#memory-code-color","title":"memory-code-color","text":"
Color for executable memory.
 
Default: 'red'  
"},{"location":"configuration/theme/#memory-data-color","title":"memory-data-color","text":"
Color for all other writable memory.
 
Default: 'purple'  
"},{"location":"configuration/theme/#memory-guard-color","title":"memory-guard-color","text":"
Color added to all guard pages (no perms).
 
Default: 'cyan'  
"},{"location":"configuration/theme/#memory-heap-color","title":"memory-heap-color","text":"
Color for heap memory.
 
Default: 'blue'  
"},{"location":"configuration/theme/#memory-rodata-color","title":"memory-rodata-color","text":"
Color for all read only memory.
 
Default: 'normal'  
"},{"location":"configuration/theme/#memory-stack-color","title":"memory-stack-color","text":"
Color for stack memory.
 
Default: 'yellow'  
"},{"location":"configuration/theme/#memory-wx-color","title":"memory-wx-color","text":"
Color added to all WX memory.
 
Default: 'underline'  
"},{"location":"configuration/theme/#message-breakpoint-color","title":"message-breakpoint-color","text":"
Color of breakpoint messages.
 
Default: 'yellow'  
"},{"location":"configuration/theme/#message-debug-color","title":"message-debug-color","text":"
Color of debug messages.
 
Default: 'blue'  
"},{"location":"configuration/theme/#message-error-color","title":"message-error-color","text":"
Color of error messages.
 
Default: 'red'  
"},{"location":"configuration/theme/#message-exit-color","title":"message-exit-color","text":"
Color of exit messages.
 
Default: 'red'  
"},{"location":"configuration/theme/#message-hint-color","title":"message-hint-color","text":"
Color of hint and marker messages.
 
Default: 'yellow'  
"},{"location":"configuration/theme/#message-info-color","title":"message-info-color","text":"
Color of info messages.
 
Default: 'white'  
"},{"location":"configuration/theme/#message-notice-color","title":"message-notice-color","text":"
Color of notice messages.
 
Default: 'purple'  
"},{"location":"configuration/theme/#message-signal-color","title":"message-signal-color","text":"
Color of signal messages.
 
Default: 'bold,red'  
"},{"location":"configuration/theme/#message-status-off-color","title":"message-status-off-color","text":"
Color of off status messages.
 
Default: 'red'  
"},{"location":"configuration/theme/#message-status-on-color","title":"message-status-on-color","text":"
Color of on status messages.
 
Default: 'green'  
"},{"location":"configuration/theme/#message-success-color","title":"message-success-color","text":"
Color of success messages.
 
Default: 'green'  
"},{"location":"configuration/theme/#message-system-color","title":"message-system-color","text":"
Color of system messages.
 
Default: 'light-red'  
"},{"location":"configuration/theme/#message-warning-color","title":"message-warning-color","text":"
Color of warning messages.
 
Default: 'yellow'  
"},{"location":"configuration/theme/#nearpc-address-color","title":"nearpc-address-color","text":"
Color for nearpc command (address).
 
Default: 'normal'  
"},{"location":"configuration/theme/#nearpc-argument-color","title":"nearpc-argument-color","text":"
Color for nearpc command (target argument).
 
Default: 'bold'  
"},{"location":"configuration/theme/#nearpc-branch-marker","title":"nearpc-branch-marker","text":"
Branch marker line for nearpc command.
 
Default: '    \u2193'  
"},{"location":"configuration/theme/#nearpc-branch-marker-color","title":"nearpc-branch-marker-color","text":"
Color for nearpc command (branch marker line).
 
Default: 'normal'  
"},{"location":"configuration/theme/#nearpc-branch-marker-contiguous","title":"nearpc-branch-marker-contiguous","text":"
Contiguous branch marker line for nearpc command.
 
Default: ' '  
"},{"location":"configuration/theme/#nearpc-breakpoint-color","title":"nearpc-breakpoint-color","text":"
Color for nearpc command (breakpoint marker).
 
Default: 'red'  
"},{"location":"configuration/theme/#nearpc-breakpoint-prefix","title":"nearpc-breakpoint-prefix","text":"
Breakpoint marker for nearpc command.
 
Default: 'b+'  
"},{"location":"configuration/theme/#nearpc-integration-comments-color","title":"nearpc-integration-comments-color","text":"
Color for nearpc command (integration comments).
 
Default: 'bold'  
"},{"location":"configuration/theme/#nearpc-prefix","title":"nearpc-prefix","text":"
Prefix marker for nearpc command.
 
Default: '\u25ba'  
"},{"location":"configuration/theme/#nearpc-prefix-color","title":"nearpc-prefix-color","text":"
Color for nearpc command (prefix marker).
 
Default: 'none'  
"},{"location":"configuration/theme/#nearpc-symbol-color","title":"nearpc-symbol-color","text":"
Color for nearpc command (symbol).
 
Default: 'normal'  
"},{"location":"configuration/theme/#nearpc-syscall-name-color","title":"nearpc-syscall-name-color","text":"
Color for nearpc command (resolved syscall name).
 
Default: 'red'  
"},{"location":"configuration/theme/#prompt-alive-color","title":"prompt-alive-color","text":"
Prompt alive color.
 
Default: 'bold,green'  
"},{"location":"configuration/theme/#prompt-color","title":"prompt-color","text":"
Prompt color.
 
Default: 'bold,red'  
"},{"location":"configuration/theme/#prop-name-color","title":"prop-name-color","text":"
Color used to highlight the name in name-value pairs.
 
Used heavily in mallocng commands.
 
Default: 'bold'  
"},{"location":"configuration/theme/#prop-title-color","title":"prop-title-color","text":"
Color used to highlight the title of name-value pair groups.
 
Used heavily in mallocng commands.
 
Default: 'green'  
"},{"location":"configuration/theme/#prop-value-color","title":"prop-value-color","text":"
Color used to highlight the value in name-value pairs.
 
Used heavily in mallocng commands.
 
Default: 'yellow'  
"},{"location":"configuration/theme/#syntax-highlight-style","title":"syntax-highlight-style","text":"
Source code / assembly syntax highlight stylename of pygments module.
 
Default: 'monokai'  
"},{"location":"configuration/theme/#telescope-offset-color","title":"telescope-offset-color","text":"
Color of the telescope command (offset prefix).
 
Default: 'normal'  
"},{"location":"configuration/theme/#telescope-offset-delimiter","title":"telescope-offset-delimiter","text":"
Offset delimiter of the telescope command.
 
Default: ':'  
"},{"location":"configuration/theme/#telescope-offset-delimiter-color","title":"telescope-offset-delimiter-color","text":"
Color of the telescope command (offset delimiter).
 
Default: 'normal'  
"},{"location":"configuration/theme/#telescope-offset-separator","title":"telescope-offset-separator","text":"
Offset separator of the telescope command.
 
Default: '\u2502'  
"},{"location":"configuration/theme/#telescope-offset-separator-color","title":"telescope-offset-separator-color","text":"
Color of the telescope command (offset separator).
 
Default: 'normal'  
"},{"location":"configuration/theme/#telescope-register-color","title":"telescope-register-color","text":"
Color of the telescope command (register).
 
Default: 'bold'  
"},{"location":"configuration/theme/#telescope-repeating-marker","title":"telescope-repeating-marker","text":"
Repeating values marker of the telescope command.
 
Default: '... \u2193'  
"},{"location":"configuration/theme/#telescope-repeating-marker-color","title":"telescope-repeating-marker-color","text":"
Color of the telescope command (repeating values marker).
 
Default: 'normal'  
"},{"location":"contributing/","title":"Contributing Guide","text":""},{"location":"contributing/#contributing-overview","title":"Contributing Overview","text":"
Thank you for your interest in contributing to Pwndbg!
 
Note that while it is recommended that your pull request (PR) links to an issue (which can be used for discussing the bug / feature), you do not need to be assigned to it - just create the PR and it will be reviewed.
 
To start, install Pwndbg from source and set it up for development. For common tasks see:
 
     
  • Adding a command
    •  
  • Adding a configuration option
    •  
  • Improving annotations
    •  
 
Regardless of the contents of your PR, you will need to lint and test your code so make sure to read those sections. It is also likely you will need to update the documentation.
 
Read General developer notes to get more familiar with the various systems in place in Pwndbg. If you have any questions don't hesitate to ask us on our discord server!
"},{"location":"contributing/#linting","title":"Linting","text":"
The lint.sh script runs isort, ruff, shfmt, and vermin. isort and ruff (mostly) are able to automatically fix any issues they detect. You may apply all available fixes by running 
./lint.sh -f\n
 
Note
 
You can find the configuration files for these tools in pyproject.toml or by checking the arguments passed inside lint.sh.
 
When submitting a PR, the continuous integration (CI) job defined in .github/workflows/lint.yml will verify that running ./lint.sh succeeds, otherwise the job will fail and we won't be able to merge your PR.
 
It is recommended to enable the pre-push git hook to run the lint if you haven't already done so. You may re-run ./setup-dev.sh to set it.
"},{"location":"contributing/#running-tests","title":"Running tests","text":"
Your PR will not be merged without passing the testing CI. Moreover, it is highly recommended you write a new test or update an existing test whenever adding new functionality to Pwndbg. To see how to do this, check out Writing tests.
 
To run the tests in the same environment as the testing CI, you can use the following docker commands. 
# General (x86_64) test suite\ndocker compose run --rm --build ubuntu24.04-mount ./tests.sh -d gdb -g gdb\n# Cross-architecture tests\ndocker compose run --rm --build ubuntu24.04-mount ./tests.sh -d gdb -g cross-arch-user\n# Kernel tests (x86_64 and aarch64)\ndocker compose run --rm --build ubuntu24.04-mount ./kernel-tests.sh\n# Unit tests\ndocker compose run --rm --build ubuntu24.04-mount ./unit-tests.sh\n
 This comes in handy particularly for cross-architecture tests because the docker environment has all the cross-compilers installed. The active pwndbg directory is mounted, preventing the need for a full rebuild whenever you update the codebase.
 
Remove the -mount if you want the tests to run from a clean slate (no files are mounted, meaning all binaries are recompiled each time).
 
If you wish to focus on some failing tests, you can filter the tests to run by providing an argument to the script, such as <docker..> ./tests.sh heap, which will only run tests that contain \"heap\" in the name. See ./tests.sh --help for more information and other options. You can also do this with the cross-arch and kernel tests.
 
If you want to, you may also run the tests with nix or run them bare.
"},{"location":"contributing/#running-tests-with-nix","title":"Running tests with nix","text":"
You will need to build a nix-compatible gdbinit.py file, which you can do with 
nix build .#pwndbg-dev\n
 Then simply run the test by adding the --nix flag: 
./tests.sh --nix [filter]\n
"},{"location":"contributing/#running-without-docker","title":"Running without docker","text":"
If you wish to improve Pwndbg support for your distribution (or the testing infrastructure) you may run the testing suite without the docker container.
 
The commands are analogous to the docker commands. 
# General (x86_64) test suite\n./tests.sh -d gdb -g gdb\n# Cross-architecture tests\n./tests.sh -d gdb -g cross-arch-user\n# Kernel tests (x86_64 and aarch64)\n./kernel-tests.sh\n# Unit tests\n./unit-tests.sh\n
"},{"location":"contributing/#updating-documentation","title":"Updating Documentation","text":"
All the documentation is written in markdown files in the ./docs/ folder. The docs are built into a website using mkdocs (you may see the configuration in ./mkdocs.yml), pushed to the gh-pages branch, and published via github pages. All of this happens in the CI.
 
In general, for your PR to be accepted you will only need to Update the auto-generated documentation.
"},{"location":"contributing/#update-the-auto-generated-documentation","title":"Update the auto-generated documentation","text":"
The ./docs/commands, ./docs/functions, and ./docs/configuration folders are automatically generated1 by extracting the necessary information from the source code. If your changes modify things like a command's description, a configuration's valid values, a convenience function's arguments - i.e. pretty much anything that's user-facing - you must run 
./scripts/generate-docs.sh\n
 to update the documentation. You need to have a supported version of GDB and LLDB installed for this to work. Commit these changes in a separate commit.
 
If you forget to do that the CI will detect a discrepency between the documentation and source code (using the ./scripts/verify-docs.sh script, which you may also invoke yourself) and prevent your PR from being merged (until you push new changes, re-running the CI).
"},{"location":"contributing/#manual-updates","title":"Manual updates","text":"
Of course, if you wish to update some other part of the documentation, you may simply modify the necessary markdown files. All autogenerated files (or parts of files) will have noticable markers written as markdown comments, for instance: 
<!-- THIS PART OF THIS FILE IS AUTOGENERATED. DO NOT MODIFY IT. See scripts/generate-docs.sh -->\n
 In case you want to add something that cannot be cleanly viewed from the debugger, like a video, screenshot, or long example, every command markdown file also has a dedicated part at the bottom for hand-written text which you can use. The ./scripts/generate-docs.sh script will never delete these hand-written parts, so if you are for instance renaming a command you will have to transfer this part by copy pasting it to the new file.
 
If you wish to preview the documentation locally, you may do so by running: 
./scripts/docs-live.sh\n
 The build will take some time due to the Source section being built. You may disable this by temporarily commenting these lines 
  - api-autonav:\n      modules: ['pwndbg']\n      nav_section_title: \"Source\"\n
 in the mkdocs.yml file. This will provide much faster build times (but make sure not to commit those changes!). Visit http://127.0.0.1:8000/pwndbg/ to see the docs. Note that the Home section will not be available (it is generated in the CI by copying the README.md), and the site will lack the version selector.
 
     
  1.  
    Actually, the ./docs/configuration/index.md file is hand-written, and the intro text to the ./docs/functions/index.md file is defined in the doc generating file's source code.\u00a0\u21a9
     
    2.  
"},{"location":"contributing/adding-a-command/","title":"Adding a Command","text":""},{"location":"contributing/adding-a-command/#command-skeleton","title":"Command skeleton","text":"
To add a command to Pwndbg, create a new python file in pwndbg/commands/my_command.py where my_command is the name of the command you want to add.  The most basic command looks like this: 
import argparse\nimport pwndbg.commands\n\nparser = argparse.ArgumentParser(description=\"Command description.\")\nparser.add_argument(\"arg\", type=str, help=\"An example argument.\")\n\n@pwndbg.commands.Command(parser, category=pwndbg.commands.CommandCategory.MISC)\ndef my_command(arg: str) -> None:\n    \"\"\"Print the argument\"\"\"\n    print(f\"Argument is {arg}\")\n
 Next, import this file in the load_commands function in pwndbg/commands/__init__.py.
 
That's all you need to get it working! 
pwndbg> my-command foo\nArgument is foo\n
"},{"location":"contributing/adding-a-command/#getting-started","title":"Getting started","text":"
Let's see what arguments the @pwndbg.commands.Command decorator takes. It is defined in pwndbg/commands/__init__.py: 
    def __init__(\n        self,\n        parser_or_desc: argparse.ArgumentParser | str,\n        *,  # All further parameters are not positional\n        category: CommandCategory,\n        command_name: str | None = None,\n        aliases: List[str] = [],\n        examples: str = \"\",\n        notes: str = \"\",\n        only_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n        exclude_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n    ) -> None:\n        # ...\n
 We will cover the first four arguments now, and come back to the rest later.
 
If your command takes no arguments you can pass the description of the command as the first argument (parser_or_desc) to the constructor. Otherwise you will be passing an argparse.ArgumentParser object there.
 
The only other required argument is category. The category determines how commands are grouped together in the output of the pwndbg command and in the documentation. Peruse the list of all commands inside a debugger (by running the pwndbg command) and decide in which category your command fits best. The enum of all command categories is defined at the top of the pwndbg/commands/__init__.py file.
"},{"location":"contributing/adding-a-command/#picking-a-command-name","title":"Picking a command name","text":"
Next, the command_name argument. It is optional because if it is not specified the command name will be the same as the function you used to define the command (except the underscores are replaced with dashes). As such, it is generally not needed to specify this argument.
 
That being said, it is important to pick a good name for your command. Ideally your command name should be one to two words that are not delimited by a dash (e.g. errno, libcinfo, buddydump) since that is easiest to remember and type.
 
If your command is porting behavior from some other debugger or tool, you should consider using the same name they use so users don't need to relearn it when switching.
 
If the command name contains three or more words, you should use dashes to make it more legible. If that is the case, or if the name is long, consider providing an alias that makes it quicker to type (like vis-heap-chunks [vis]).
 
You provide aliases to a command by specifying a list of strings to the aliases argument. Again, you may provide aliases to help users transitioning from other tools/debuggers (e.g. nearpc [pdisass, u]).
"},{"location":"contributing/adding-a-command/#the-arguments-your-command-will-take","title":"The arguments your command will take","text":"
We are using argparse.ArgumentParser from the python standard library to define command arguments. Take a look at the python documentation to see how it works. Let's take a look at an example from the source (the setflag command): 
parser = argparse.ArgumentParser(description=\"Modify the flags register.\")\n\nparser.add_argument(\n    \"flag\",\n    type=str,\n    help=\"Flag for which you want to change the value\"\n )\n\nparser.add_argument(\n    \"value\",\n    type=int,\n    help=\"Value to which you want to set the flag - only valid options are 0 and 1\",\n)\n
 For usage inside Pwndbg, to instantiate an argparse.ArgumentParser object, you must pass the description argument and may pass the epilog argument. Everything else, including prog, usage, formatter_class etc. will be set up by Pwndbg (by the @pwndbg.commands.Command decorator). Here we see only the description was provided.
 
Add arguments to your command with parser.add_argument. Again, consult the python documentation for an explanation. One nice thing specific to Pwndbg is that by setting an argument's type to int, it will also accept debugger values and symbols that can resolve to an int. For instance: 
pwndbg> setflag ZF (1-1)\nSet flag ZF=0 in flag register eflags (old val=0x206, new val=0x206)\npwndbg> setflag ZF $rdi\nSet flag ZF=1 in flag register eflags (old val=0x246, new val=0x246)\npwndbg> setflag ZF (int)main^(int)main\nSet flag ZF=0 in flag register eflags (old val=0x246, new val=0x206)\n
 Be careful when deciding which arguments are positional, and which are optional. Especially take care if you have positional arguments which are not required, think about which of those will be specified more often by users and put them first.
 
Your function signature should match the arguments you defined with argparse (and their order!), unsurprisingly the setflag function has this signature: 
def setflag(flag: str, value: int) -> None:\n
 You can see the help of your command with my_command -h or help my_command, so for setflag: 
pwndbg> help setflag\nusage: setflag [-h] flag value\n\nModify the flags register.\n\npositional arguments:\n  flag        Flag for which you want to change the value\n  value       Value to which you want to set the flag - only valid options are 0 and 1\n\noptions:\n  -h, --help  show this help message and exit\n\nExamples:\nOn X86/X64:\n    setflag ZF 1        -- set zero flag\n    setflag CF 0        -- unset carry flag\n\nOn ARM:\n    setflag Z 0         -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n    info reg eflags     -- on x86/x64\n    info reg cpsr/xpsr  -- on ARM (specific register may vary)\n\nNotes:\nThis command supports flags registers that are defined for architectures in the pwndbg/regs.py file.\n\nAlias: flag\n
 Eh? Where is all that extra text coming from? Well the Alias: flag line is being automatically generated by Pwndbg but...
"},{"location":"contributing/adding-a-command/#examples-notes-and-debugger-support","title":"Examples, notes, and debugger support","text":"
Coming back to the arguments of the pwndbg.commands.Command constructor: 
    def __init__(\n        self,\n        parser_or_desc: argparse.ArgumentParser | str,\n        *,  # All further parameters are not positional\n        category: CommandCategory,\n        command_name: str | None = None,\n        aliases: List[str] = [],\n        examples: str = \"\",  #  <--- we left off here\n        notes: str = \"\",\n        only_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n        exclude_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n    ) -> None:\n        # ...\n
 You may supply the examples and notes arguments to add additional text at the end of the command's help. It is defined like so for setflag: 
@pwndbg.commands.Command(\n    parser,\n    aliases=[\"flag\"],\n    category=CommandCategory.REGISTER,\n    examples=\"\"\"\nOn X86/X64:\n    setflag ZF 1        -- set zero flag\n    setflag CF 0        -- unset carry flag\n\nOn ARM:\n    setflag Z 0         -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n    info reg eflags     -- on x86/x64\n    info reg cpsr/xpsr  -- on ARM (specific register may vary)\n    \"\"\",\n    notes=\"\"\"\nThis command supports flags registers that are defined for architectures in the pwndbg/regs.py file.\n    \"\"\",\n)\n@pwndbg.commands.OnlyWhenRunning\ndef setflag(flag: str, value: int) -> None:\n    # ....\n
 When writing this (and the command description for that matter), you should consider what it will look like in the documentation after being parsed as markdown.
 
As for only_debuggers and exclude_debuggers, you must use (usually one of) them if your command does not work an all debuggers that Pwndbg supports. For instance, if it uses some features from pwndbg.gdblib (which should be avoided if at all possible). In such a case, you probably also need to conditionally import it in the load_commands function.
"},{"location":"contributing/adding-a-command/#can-your-command-be-invoked-all-the-time","title":"Can your command be invoked all the time?","text":"
In most cases a command cannot be legally invoked at every moment in a debugging session, or for every debugging session. For instance, you can't use heap commands if the heap isn't initialized yet, you can't use kernel commands if you're not debugging a kernel.
 
To make sure these cases are properly handled, Pwndbg provides certain decorators. They are defined in pwndbg/commands/__init__.py. Check the source to see an up-to-date list, but here are some important ones: 
OnlyWhenRunning\nOnlyWhenLocal\nOnlyWithFile\nOnlyWhenQemuKernel\nOnlyWhenUserspace\nOnlyWithKernelDebugInfo\nOnlyWithKernelSymbols\nOnlyWhenPagingEnabled\nOnlyWithTcache\nOnlyWhenHeapIsInitialized\nOnlyWithResolvedHeapSyms\n
 Feel free to add more of these decorators yourself!
 
Another very important one is OnlyWithArch, defined in pwndbg/aglib/proc.py. Does your command work on all architectures? If not, make sure to specify this decorator and pass in the architectures which you do support.
"},{"location":"contributing/adding-a-command/#actually-implementing-the-command","title":"Actually implementing the command","text":"
There is no single right way to do it. You will want to read the source of some similar commands and see how they work. Check out the general developer notes, and feel free to ask a question on the discord server. Good luck!
"},{"location":"contributing/adding-a-parameter/","title":"Adding a Configuration Option","text":"
Configuration options are also called \"parameters\" in the source. Let's take a look at an existing parameter gdb-workaround-stop-event defined in pwndbg/gdblib/events.py. 
DISABLED = \"disabled\"\nDISABLED_DEADLOCK = \"disabled-deadlock\"\nENABLED = \"enabled\"\n\ngdb_workaround_stop_event = config.add_param(\n    \"gdb-workaround-stop-event\",\n    DISABLED,\n    \"asynchronous stop events to improve 'commands' functionality\",\n    help_docstring=f\"\"\"\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `{DISABLED}` - Disable the workaround (default).\n+ `{DISABLED_DEADLOCK}` - Disable only deadlock detection; deadlocks may still occur.\n+ `{ENABLED}` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n    \"\"\",\n    param_class=pwndbg.lib.config.PARAM_ENUM,\n    enum_sequence=[DISABLED, DISABLED_DEADLOCK, ENABLED],\n)\n
 To understand it, let's also look at the signature of the Config.add_param function defined in pwndbg/lib/config.py: 
    def add_param(\n        self,\n        name: str,\n        default: Any,\n        set_show_doc: str,\n        *,\n        help_docstring: str = \"\",\n        param_class: int | None = None,\n        enum_sequence: Sequence[str] | None = None,\n        scope: Scope = Scope.config,\n    ) -> Parameter:\n        # ...\n
 So, the first argument specifies the name by which the parameter will be used inside the debugger. The second argument specifies the default value of the parameter.
"},{"location":"contributing/adding-a-parameter/#set_show_doc","title":"set_show_doc","text":"
The third argument is a very brief description of what the parameter is for. The argument is called set_show_doc due to how it is used in GDB. 
pwndbg> set gdb-workaround-stop-event enabled\nSet asynchronous stop events to improve 'commands' functionality to 'enabled'.\n   |------------------------------------------------------------|\n
 
pwndbg> show gdb-workaround-stop-event\nAsynchronous stop events to improve 'commands' functionality is 'enabled'. [...]\n|-----------------------------------------------------------|\n
 It is therefore recommended to use a noun phrase rather than describe an action. However, it sometimes may be necessary to break this rule to retain the brevity of the description.
 
The set_show_doc argument should be short because it is displayed with the config family of commands. 
pwndbg> config\nName                               Documentation                                                            Value (Default)\n----------------------------------------------------------------------------------------------------------------------------\nai-anthropic-api-key               Anthropic API key                                                        ''\nai-history-size                    maximum number of questions and answers to keep in the prompt            3\nai-max-tokens                      the maximum number of tokens to return in the response                   100\nai-model                           the name of the large language model to query                            'gpt-3.5-turbo'\nai-ollama-endpoint                 Ollama API endpoint                                                      ''\nai-openai-api-key                  OpenAI API key                                                           ''\nai-show-usage                      whether to show how many tokens are used with each OpenAI API call       off\nai-stack-depth                     rows of stack context to include in the prompt for the ai command        16\nai-temperature                     the temperature specification for the LLM query                          0\nattachp-resolution-method          how to determine the process to attach when multiple candidates exists   'ask'\nauto-explore-auxv                  stack exploration for AUXV information; it may be really slow            'warn'\nauto-explore-pages                 whether to try to infer page permissions when memory maps are missing    'warn'\nauto-explore-stack                 stack exploration; it may be really slow                                 'warn'\nauto-save-search                   automatically pass --save to \"search\" command                            off\nbn-autosync                        whether to automatically run bn-sync every step                          off\n[...]\n
 Because of the various contexts in which a parameter can be show, the first letter of the set_show_doc string should be lowercase (unless the first word is a name or an abbreviation) and there should be no punctuation at the end. This way, Pwndbg and GDB can more easily modify the string to fit it into these contexts.
"},{"location":"contributing/adding-a-parameter/#help_docstring","title":"help_docstring","text":"
While help_docstring is not mandatory, it is highly recommended to use it. Put a detailed explanation of what the parameter does here, and explain any caveats. This string does not have a size limit and is shown with the following command in GDB and LLDB: 
pwndbg> help set gdb-workaround-stop-event\nSet asynchronous stop events to improve 'commands' functionality.\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `disabled` - Disable the workaround (default).\n+ `disabled-deadlock` - Disable only deadlock detection; deadlocks may still occur.\n+ `enabled` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n\nDefault: 'disabled'\nValid values: 'disabled', 'disabled-deadlock', 'enabled'\n
 Note that the last two lines are automatically generated by Pwndbg.
 
When writing this explanation, it is important to take into account how it will be displayed in the documentation after being parsed as markdown. See what gdb-workaround-stop-event looks like here. If there wasn't an empty line between Values explained: and + `disabled`.. the list wouldn't have rendered properly.
"},{"location":"contributing/adding-a-parameter/#param_class","title":"param_class","text":"
This argument describes the type of the parameter. It will be used by GDB to perform input validation when the parameter is being set so it is important to set this to the correct value. The possible values are defined in pwndbg/lib/config.py, use the most restrictive one that fits: 
# Boolean value. True or False, same as in Python.\nPARAM_BOOLEAN = 0\n# Boolean value, or 'auto'.\nPARAM_AUTO_BOOLEAN = 1\n# Signed integer value. Disallows zero.\nPARAM_INTEGER = 2\n# Signed integer value.\nPARAM_ZINTEGER = 3\n# Unsigned integer value. Disallows zero.\nPARAM_UINTEGER = 4\n# Unsigned integer value.\nPARAM_ZUINTEGER = 5\n# Unlimited ZUINTEGER.\nPARAM_ZUINTEGER_UNLIMITED = 6\n# String value. Accepts escape sequences.\nPARAM_STRING = 7\n# String value, accepts only one of a number of possible values, specified at\n# parameter creation.\nPARAM_ENUM = 8\n# String value corresponding to the name of a file, if present.\nPARAM_OPTIONAL_FILENAME = 9\n
 For more information (for instance about what None or \"unlimited\" mean) see https://sourceware.org/gdb/current/onlinedocs/gdb.html/Parameters-In-Python.html .
"},{"location":"contributing/adding-a-parameter/#enum_sequence","title":"enum_sequence","text":"
If the param_class is set to pwndbg.lib.config.PARAM_ENUM then the enum_sequence argument must be supplied as well. It should constitute an array of legal values. GDB and (our) LLDB (driver) won't allow setting the parameter to any other value. The legal values will be automatically displayed at the end of help_docstring as previously shown.
 
If it isn't immediately obvious what the enum values do, explain them in help_docstring using same format that gdb-workaround-stop-event uses.
"},{"location":"contributing/adding-a-parameter/#scope","title":"scope","text":"
The scope argument has the default value of pwndbg.lib.config.Scope.config and is used to group parameters. The legal values are: 
class Scope(Enum):\n    # If you want to add another scope here, don't forget to add\n    # a command which prints it!\n    config = 1\n    theme = 2\n    heap = 3\n
 The parameters of each scope are printed using a different command. The config scope is printed with config, the heap scope is printed with heap-config and the theme scope is printed with theme. The config and theme scopes also have corresponding configfile and themefile commands which export the values of all the parameters from those scopes.
"},{"location":"contributing/adding-a-parameter/#the-theme-scope","title":"The theme scope","text":"
You should never directly pass this scope to pwndbg.config.add_param. Instead use the pwndbg.color.theme.add_param and pwndbg.color.theme.add_color_param wrapper commands like this: 
# pwndbg/aglib/nearpc.py\nnearpc_branch_marker = pwndbg.color.theme.add_param(\n    \"nearpc-branch-marker\", \"    \u2193\", \"branch marker line for nearpc command\"\n)\n
 
# pwndbg/color/context.py\nconfig_highlight_color = theme.add_color_param(\n    \"highlight-color\", \"green,bold\", \"color added to highlights like source/pc\"\n)\n
"},{"location":"contributing/adding-a-parameter/#using-the-parameter-in-code","title":"Using the parameter in code","text":"
Usually when a parameter is defined its value is also set to a variable, for instance gdb_workaround_stop_event = ... in the initial example. This isn't necessary, as all registered parameters are available as pwndbg.config.<parameter_name_except_with_underscores> so in our example, we could also access the gdb-workaround-stop-event parameter as pwndbg.config.gdb_workaround_stop_event.
 
That being said, defining the variable can reduce code verbosity: 
# pwndbg/aglib/godbg.py\nline_width = pwndbg.config.add_param(\n    \"go-dump-line-width\", 80, \"the soft line width for go-dump pretty printing\"\n)\n
 Since the variable is scoped to the godbg.py file, its name can be short, and we don't have to write pwndbg.config.go_dump_line_width every time.
"},{"location":"contributing/adding-a-parameter/#using-color-parameters","title":"Using color parameters","text":"
Note that the theme.add_color_param() function returns a ColorParameter object instead of a Parameter. The parameter should be used via its color_function() method: 
# pwndbg/aglib/godbg.py\ndef fmt_debug(self, val: str, default: str = \"\") -> str:\n    if self.debug:\n        return debug_color.color_function(val)\n    else:\n        return default\n
 Though you will also see generateColorFunction(debug_color)(val) being used in the code to the same effect.
"},{"location":"contributing/dev-notes/","title":"Developer Notes","text":""},{"location":"contributing/dev-notes/#random-developer-notes","title":"Random developer notes","text":"
Feel free to update the list below!
 
     
  •  
    If you want to play with Pwndbg functions under GDB, you can always use GDB's pi which launches python interpreter or just py <some python line>.
     
    •  
  •  
    If you want to do the same in LLDB, you should type lldb, followed by script, which brings up an interactive Python REPL. Don't forget to import pwndbg!
     
    •  
  •  
    Do not access debugger-specific functionality - eg. anything that uses the gdb, lldb, or gdblib modules - from outside the proper module in pwndbg.dbg.
     
    •  
  •  
    Use aglib instead of gdblib, as the latter is in the process of being removed. Both modules should have nearly identical interfaces, so doing this should be a matter of typing pwndbg.aglib.X instead of pwndbg.gdblib.X. Ideally, an issue should be opened if there is any functionality present in gdblib that's missing from aglib.
     
    •  
  •  
    We have our own pwndbg.config.Parameter - read about it in Adding a Configuration Option.
     
    •  
  •  
    The dashboard/display/context we are displaying is done by pwndbg/commands/context.py which is invoked through GDB's and LLDB's prompt hook, which are defined as prompt_hook in both pwndbg/gdblib/prompt.py and pwndb/dbg/lldb/hooks.py .
     
    •  
  •  
    We change a bit GDB settings - this can be seen in pwndbg/dbg/gdb.py under GDB.setup - there are also imports for all Pwndbg submodules.
     
    •  
  •  
    Pwndbg has its own event system, and thanks to it we can set up code to be invoked in response to them. The event types and the conditions in which they occurr are defined and documented in the EventType enum, and functions are registered to be called on events with the @pwndbg.dbg.event_handler decorator. Both the enum and the decorator are documented in pwndbg/dbg/__init__.py.
     
    •  
  •  
    We have a caching mechanism (\"memoization\") which we use through Python's decorators - those are defined in pwndbg/lib/cache.py - just check its usages
     
    •  
  •  
    To block a function before the first prompt was displayed use the pwndbg.decorators.only_after_first_prompt decorator.
     
    •  
  •  
    Memory accesses should be done through pwndbg/aglib/memory.py functions.
     
    •  
  •  
    Process properties can be retrieved thanks to pwndbg/aglib/proc.py - e.g. using pwndbg.aglib.proc.pid will give us current process pid
     
    •  
  •  
    We have a wrapper for handling exceptions that are thrown by commands - defined in pwndbg/exception.py - current approach seems to work fine - by using set exception-verbose on - we get a stacktrace. If we want to debug stuff we can always do set exception-debugger on.
     
    •  
  •  
    Some of Pwndbg's functionality require us to have an instance of pwndbg.dbg.Value - the problem with that is that there is no way to define our own types in either GDB or LLDB - we have to ask the debugger if it detected a particular type in this particular binary (that sucks). We do that in pwndbg/aglib/typeinfo.py and it works most of the time. The known bug with that is that it might not work properly for Golang binaries compiled with debugging symbols.
     
    •  
"},{"location":"contributing/dev-notes/#support-for-multiple-debuggers","title":"Support for Multiple Debuggers","text":"
Pwndbg is a tool that supports multiple debuggers, and so using debugger-specific functionality outside of pwndbg.dbg.X is generally discouraged, with one imporant caveat, that we will get into later. When adding code to Pwndbg, one must be careful with the functionality being used.
"},{"location":"contributing/dev-notes/#the-debugger-api","title":"The Debugger API","text":"
Our support for multiple debuggers is primarily achieved through use of the Debugger API, found under pwndbg/dbg/, which defines a terse set of debugging primitives that can then be built upon by the rest of Pwndbg. It comprises two parts: the interface, and the implementations. The interface contains the abstract classes and the types that lay out the \"shape\" of the functionality that may be used by the rest of Pwndbg, and the implementations, well, implement the interface on top of each supported debugger.
 
As a matter of clarity, it makes sense to think of the Debugger API as a debugger-agnostic version of the lldb and gdb Python modules. Compared to both modules, it is much closer in spirit to lldb than to gdb.
 
It is important to note that a lot of care must be exercised when adding things to the Debugger API, as one must always add implementations for all supported debuggers of whatever new functionality is being added, even if only to properly gate off debuggers in which the functionality is not supported. Additionally, it is important to keep the Debugger API interfaces as terse as possible in order to reduce code duplication. As a rule of thumb, if all the implementations of an interface are expected to share code, that interface is probably better suited for aglib, and it should be further broken down into its primitives, which can then be added to the Debugger API.
 
Some examples of debugging primitives are memory reads, memory writes, memory map acquisition, symbol lookup, register reads and writes, and execution frames. These are all things that one can find in both the GDB and LLDB APIs.
 
The entry point for the Debugger API is pwndbg.dbg, though most process-related methods are accessed through a Process object. Unless you really know what you're doing, you're going to want to use the objected yielded by pwndbg.dbg.selected_inferior() for this.
"},{"location":"contributing/dev-notes/#aglib","title":"aglib","text":"
Along with the Debugger API, there is also aglib, found under pwndbg/aglib/, in which lives functionality that is both too broad for a single command, and that can be shared between multiple debuggers. Things like QEMU handling, ELF and dynamic section parsing, operating system functionality, disassembly with capstone, heap analysis, and more, all belong in aglib.
 
In order to facilitate the process of porting Pwndbg to the debugger-agnostic interfaces, and also because of its historical roots, aglib is intended to export the exact same functionality provided by gdblib, but on top of a debugger-agnostic foundation.
 
If it helps, one may think of aglib like a pwndbglib. It takes the debugging primitives provided by the Debugger API and builds the more complex and interesting bits of functionality found in Pwndbg on top of them.
"},{"location":"contributing/dev-notes/#mappings-from-gdb-and-lldb-to-the-debugger-api","title":"Mappings from GDB and LLDB to the Debugger API","text":"
Here are some things one may want to do, along with how they can be achieved in the GDB, LLDB, and Pwndbg Debugger APIs.
 GDBLLDBDebugger API 
Setting a breakpoint at an address: 
gdb.Breakpoint(\"*<address>\")\n
 Querying for the address of a symbol: 
int(gdb.lookup_symbol(<name>).value().address)\n
 Setting a watchpoint at an address: 
gdb.Breakpoint(f\"(char[{<size>}])*{<address>}\", gdb.BP_WATCHPOINT)\n
 
Setting a breakpoint at an address: 
lldb.target.BreakpointCreateByAddress(<address>)\n
 Querying for the address of a symbol: 
lldb.target.FindSymbols(<name>).GetContextAtIndex(0).symbol.GetStartAddress().GetLoadAddress(lldb.target)\n
 Setting a watchpoint at an address: 
lldb.target.WatchAddress(<address>, <size>, ...)\n
 
# Fetch a Process object on which we will operate.\ninf = pwndbg.dbg.selected_inferior()\n
 Setting a breakpoint at an address: 
inf.break_at(BreakpointLocation(<address>))\n
 Querying for the address of a symbol: 
inf.lookup_symbol(<name>)\n
 Setting a watchpoint at an address: 
inf.break_at(WatchpointLocation(<address>, <size>))\n
"},{"location":"contributing/dev-notes/#exception-to-use-of-debugger-agnostic-interfaces","title":"Exception to use of Debugger-agnostic interfaces","text":"
Some commands might not make any sense outside the context of a single debugger. For these commands, it is generally okay to talk to the debugger directly. However, they must be properly marked as debugger-specific and their loading must be properly gated off behind the correct debugger. They should ideally be placed in a separate location from the rest of the commands in pwndbg/commands/.
"},{"location":"contributing/dev-notes/#porting-public-tools","title":"Porting public tools","text":"
If porting a public tool to Pwndbg, please make a point of crediting the original author. This can be added to CREDITS.md noting the original author/inspiration, and linking to the original tool/article. Also please be sure that the license of the original tool is suitable to porting into Pwndbg, such as MIT.
"},{"location":"contributing/dev-notes/#minimum-supported-versions","title":"Minimum Supported Versions","text":"
Our goal is to fully support all Ubuntu LTS releases that have not reached end-of-life, with support for other platforms on a best-effort basis. Currently that means all code should work on Ubuntu 22.04, and 24.04 with GDB 12.1 and later. This means that the minimum supported Python version is 3.10, and we cannot use any newer Python features unless those features are backported to this minimum version.
 
Note that while all code should run without errors on these supported LTS versions, it's fine if older versions don't support all of the features of newer versions, as long as this is handled correctly and this information is shown to the user. For example, we may make use of some GDB APIs in newer versions that we aren't able to provide alternative implementations for in older versions, and so in these cases we should inform the user that the functionality can't be provided due to the version of GDB.
 
The lint.sh script described in the previous section runs vermin to ensure that our code does not use any features that aren't supported on Python 3.10.
"},{"location":"contributing/improving-annotations/","title":"Improving Annotations","text":"
Alongside the disassembled instructions in the dashboard, Pwndbg also has the ability to display annotations - text that contains relevent information regarding the execution of the instruction. For example, on the x86 MOV instruction, we can display the concrete value that gets placed into the destination register. Likewise, we can indicate the results of mathematical operations and memory accesses. The annotation in question is always dependent on the exact instruction being annotated - we handle it in a case-by-case basis.
 
The main hurdle in providing annotations is determining what each instruction does, getting the relevent CPU registers and memory that are accessed, and then resolving concrete values of the operands. We call the process of determining this information \"enhancement\", as we enhance the information provided natively by GDB.
 
The Capstone Engine disassembly framework is used to statically determine information about instructions and their operands. Take the x86 instruction sub rax, rdx. Given the raw bytes of the machine instructions, Capstone creates an object that provides an API that, among many things, exposes the names of the operands and the fact that they are both 8-byte wide registers. It provides all the information necessary to describe each operand. It also tells the general 'group' that a instruction belongs to, like if its a JUMP-like instruction, a RET, or a CALL. These groups are architecture agnostic.
 
However, the Capstone Engine doesn't fill in concrete values that those registers take on. It has no way of knowing the value in rdx, nor can it actually read from memory.
 
To determine the actual values that the operands take on, and to determine the results of executing an instruction, we use the Unicorn Engine, a CPU emulator framework. The emulator has its own internal CPU register set and memory pages that mirror that of the host process, and it can execute instructions to mutate its internal state. Note that the Unicorn Engine cannot execute syscalls - it doesn't have knowledge of a kernel.
 
We have the ability to single-step the emulator - tell it to execute the instruction at the program counter inside the emulator. After doing so, we can inspect the state of the emulator - read from its registers and memory. The Unicorn Engine itself doesn't expose information regarding what each instruction is doing - what is the instruction (is it an add, mov, push?) and what registers/memory locations is it reading to and writing from? - which is why we use the Capstone engine to statically determine this information.
 
Using what we know about the instruction based on the Capstone engine - such as that it was a sub instruction and rax was written to - we query the emulator after stepping in to determine the results of the instruction.
 
We also read the program counter from the emulator to determine jumps and so we can display the instructions that will actually be executed, as opposed to displaying the instructions that follow consecutively in memory.
"},{"location":"contributing/improving-annotations/#enhancing","title":"Enhancing","text":"
Everytime the inferior process stops (and when the disasm context section is displayed), we display the next handful of assembly instructions in the dashboard so the user can understand where the process is headed. The exact amount is determined by the context-disasm-lines setting.
 
We will be enhancing the instruction at the current program counter, as well as all the future instructions that are displayed. The end result of enhancement is that we get a list of PwndbgInstruction objects, each encapsulating relevent information regarding the instructions execution.
 
When the process stops, we instantiate the emulator from scratch. We copy all the registers from the host process into the emulator. For performance purposes, we register a handler to the Unicorn Engine to lazily map memory pages from the host to the emulator when they are accessed (a page fault from within the emulator), instead of immediately copying all the memory from the host to the emulator.
 
The enhancement is broken into a couple stops:
 
     
  1. First, we resolve the values of all the operands of the instruction before stepping the emulator. This means we read values from registers and dereference memory depending on the operand type. This gives us the values of operands before the instruction executes.
    2.  
  2. Then, we step the emulator, executing a single instruction.
    3.  
  3. We resolve the values of all operands again, giving us the after_value of each operand.
    4.  
  4. Then, we enhance the \"condition\" field of PwndbgInstructions, where we determine if the instruction is conditional (conditional branch or conditional mov are common) and if the action is taken.
    5.  
  5. We then determine the next and target fields of PwndbgInstructions. next is the address that the program counter will take on after using the GDB command nexti, and target indicates the target address of branch/jump/PC-changing instructions.
    6.  
  6. With all this information determined, we now effectively have a big switch statement, matching on the instruction type, where we set the annotation string value, which is the text that will be printed alongside the instruction in question.
    7.  
 
We go through the enhancement process for the instruction at the program counter and then ensuing handful of instructions that are shown in the dashboard.
"},{"location":"contributing/improving-annotations/#when-to-use-emulation-reasoning-about-process-state","title":"When to use emulation / reasoning about process state","text":"
In general, the code aims to be organized in a way as to allow as many features as possible even in the absence of emulation. If there is information that can be determined statically, then we try to expose it as an alternative to emulation. This is so we can display annotations even when the Unicorn Engine is disabled. For example, say we come to a stop, and are faced with enhancing the following three instructions in the dashboard:
 
1.     lea    rax, [rip + 0xd55]\n2. >   mov    rsi, rax      # The host process program counter is here\n3.     mov    rax, rsi\n
 
Instruction 1, the lea instruction, is already in the past - we pull our enhanced PwndbgInstruction for it from a cache.
 
Instruction 2, the first mov instruction, is where the host process program counter is at. If we did stepi in GDB, this instruction would be executed. In this case, there is two ways we can determine the value that gets written to rsi.
 
     
  1. After stepping the emulator, read from the emulators rsi register.
    2.  
  2. Given the context of the instruction, we know the value in rsi will come from rax. We can just read the rax register from the host. This avoids emulation.
    3.  
 
The decision on which option to take is implemented in the annotation handler for the specific instruction. When possible, we have a preference for the second option, because it makes the annotations work even when emulation is off.
 
The reason we could do the second option, in this case, is because we could reason about the process state at the time this instruction would execute. This instruction is about to be executed (Program PC == instruction.address). We can safely read from rax from the host, knowing that the value we get is the true value it takes on when the instruction will execute. It must - there are no instructions in-between that could have mutated rax.
 
However, this will not be the case while enhancing instruction 3 while we are paused at instruction 2. This instruction is in the future, and without emulation, we cannot safely reason about the operands in question. It is reading from rsi, which might be mutated from the current value that rsi has in the stopped process (and in this case, we happen to know that it will be mutated). We must use emulation to determine the before_value of rsi in this case, and can't just read from the host processes register set. This principle applies in general - future instructions must be emulated to be fully annotated. When emulation is disable, the annotations are not as detailed since we can't fully reason about process state for future instructions.
"},{"location":"contributing/improving-annotations/#what-if-the-emulator-fails","title":"What if the emulator fails?","text":"
It is possible for the emulator to fail to execute an instruction - either due to a restrictions in the engine itself, or the instruction inside segfaults and cannot continue. If the Unicorn Engine fails, there is no real way we can recover. When this happens, we simply stop emulating for the current step, and we try again the next time the process stops when we instantiate the emulator from scratch again.
"},{"location":"contributing/improving-annotations/#caching-annotations","title":"Caching annotations","text":"
When we are stepping through the emulator, we want to remember the annotations of the past couple instructions. We don't want to nexti, and suddenly have the annotation of the previously executed instruction deleted. At the same time, we also never want stale annotations that might result from coming back to point in the program to which we have stepped before, such as the middle of a loop via a breakpoint.
 
New annotations are only created when the process stops, and we create annotations for next handful of instructions to be executed. If we continue in GDB and stop at a breakpoint, we don't want annotations to appear behind the PC that are from a previous time we were near the location in question. To avoid stale annotations while still remembering them when stepping, we have a simple caching method:
 
While we are doing our enhancement, we create a list containing the addresses of the future instructions that are displayed.
 
For example, say we have the following instructions with the first number being the memory address:
 
   0x555555556259 <main+553>    lea    rax, [rsp + 0x90]\n   0x555555556261 <main+561>    mov    edi, 1                          EDI => 1\n   0x555555556266 <main+566>    mov    rsi, rax\n   0x555555556269 <main+569>    mov    qword ptr [rsp + 0x78], rax\n   0x55555555626e <main+574>    call   qword ptr [rip + 0x6d6c]    <fstat64>\n\n \u25ba 0x555555556274 <main+580>    mov    edx, 5                  EDX => 5\n   0x555555556279 <main+585>    lea    rsi, [rip + 0x3f30]     RSI => 0x55555555a1b0 \u25c2\u2014 'standard output'\n   0x555555556280 <main+592>    test   eax, eax\n   0x555555556282 <main+594>    js     main+3784                   <main+3784>\n\n   0x555555556288 <main+600>    mov    rsi, qword ptr [rsp + 0xc8]\n   0x555555556290 <main+608>    mov    edi, dword ptr [rsp + 0xa8]\n
 
In this case, our next_addresses_cache would be [0x555555556279, 0x555555556280, 0x555555556282, 0x555555556288, 0x555555556290].
 
Then, the next time our program comes to a stop (after using si, n, or any GDB command that continues the process), we immediately check if the current program counter is in this list. If it is, then we can infer that the annotations are still valid, as the program has only executed a couple instructions. In all other cases, we delete our cache of annotated instructions.
 
We might think \"why not just check if it's the next address - 0x555555556279 in this case? Why a list of the next couple addresses?\". This is because when source code is available, step and next often skip a couple instructions. It would be jarring to remove the annotations in this case. Likewise, this method has the added benefit that if we stop somewhere, and there happens to be a breakpoint only a couple instructions in front of us that we continue to, then previous couple annotations won't be wiped.
"},{"location":"contributing/improving-annotations/#other-random-annotation-details","title":"Other random annotation details","text":"
     
  • We don't emulate through CALL instructions. This is because the function might be very long.
    •  
  • We resolve symbols during the enhancement stage for operand values.
    •  
  • The folder pwndbg/aglib/disasm contains the code for enhancement. It follows an object-oriented model, with arch.py implementing the parent class with shared functionality, and the per-architecture implementations are implemented as subclasses in their own files.
    •  
  • pwndbg/aglib/nearpc.py is responsible for getting the list of enhanced PwndbgInstruction objects and converting them to the output seen in the 'disasm' view of the dashboard.
    •  
"},{"location":"contributing/improving-annotations/#adding-or-fixing-annotations","title":"Adding or fixing annotations","text":"
We annotate on an instruction-by-instruction basis. Effectively, imagine a giant switch statement that selects the correct handler to create an annotation based on the specific instruction. Many instruction types can be grouped and annotated using the same logic, such as load, store, and arithmetic instructions.
 
See pwndbg/aglib/disasm/aarch64.py as an example. We define sets that group instructions using the unique Capstone ID for each instruction, and inside the constructor of DisassemblyAssistant we have a mapping of instructions to a specific handler. The _set_annotation_string function will match the instruction to the correct handler, which set the instruction.annotation field.
 
If there is a bug in an annotation, the first order of business is finding its annotation handler. To track down where we are handling the instruction, you can search for its Capstone constant. For example, the RISC-V store byte instruction, sb, is represented as the Capstone constant RISCV_INS_SB. Or, if you are looking for the handler for the AArch64 instruction SUB, you can search the disasm code for _INS_SUB to find where we reference the appropriate Capstone constant for the instruction and following the code to the function that ultimately sets the annotation.
 
If an annotation is causing a crash, is it most likely due to a handler making an incorrect assumption on the number of operands, leading to a list index out of range error. One possible source of this is that a given instruction has multiple different disassembly representations. Take the RISC-V JALR instruction. It can be represented in 3 ways:
 
jalr rs1        # return register is implied as ra, and imm is implied as 0\njalr rs1, imm   # return register is implied as ra\njalr rd, rs1, imm\n
 
Capstone will expose the most \"simplified\" one possible, and the underlying list of register operands will change. If the handler doesn't take these different options into account, and rather assumes that jalr always has 3 operands, then an index error can occur if the handler accesses instruction.operands[2].
"},{"location":"contributing/improving-annotations/#bug-root-cause","title":"Bug root cause","text":"
When encountering an instruction that is behaving strangely (incorrect annotation, or there is a jump target when one shouldn't exist, or the target is incorrect), there are a couple routine things to check.
 
1. Use the dev-dump-instruction command to print all the enhancement information. With no arguments, it will dump the info from the instruction at the current address. If given an address, it will pull from the instruction cache at the corresponding location.
 
If the issue is not related to branches, check the operands and the resolved values for registers and memory accesses. Verify that the values are correct - are the resolved memory locations correct? Step past the instruction and use instructions like telescope and regs to read memory and verify if the claim that the annotation is making is correct. For things like memory operands, you can try to look around the resolved memory location in memory to see the actual value that the instruction dereferenced, and see if the resolved memory location is simply off by a couple bytes.
 
Example output of dumping a mov instruction:
 
mov qword ptr [rsp], rsi at 0x55555555706c (size=4) (arch: x86)\n        ID: 460, mov\n        Raw asm: mov    qword ptr [rsp], rsi\n        New asm: mov    qword ptr [rsp], rsi\n        Next: 0x555555557070\n        Target: 0x555555557070, Target string=, const=None\n        Condition: UNDETERMINED\n        Groups: []\n        Annotation: [0x7fffffffe000] => 0x7fffffffe248 \u2014\u25b8 0x7fffffffe618 \u25c2\u2014 '/usr/bin/ls'\n        Operands: [['[0x7fffffffe000]': Symbol: None, Before: 0x7fffffffe000, After: 0x7fffffffe000, type=CS_OP_MEM, size=8, access=CS_AC_WRITE]] ['RSI': Symbol: None, Before: 0x7fffffffe248, After: 0x7fffffffe248, type=CS_OP_REG, size=8, access=CS_AC_READ]]]\n        Conditional jump: False. Taken: False\n        Unconditional jump: False\n        Declare unconditional: None\n        Can change PC: False\n        Syscall:  N/A\n        Causes Delay slot: False\n        Split: NO_SPLIT\n        Call-like: False\n
 
2. Use the Capstone disassembler to verify the number of operands the instruction groups.
 
Taken the raw instruction bytes and pass them to cstool to see the information that we are working with:
 
cstool -d mips 0x0400000c\n
 
The number of operands may not match the visual appearance. You might also check the instruction groups, and verify that an instruction that we might consider a call has the Capstone call group. Capstone is not 100% correct in every single case in all architectures, so it's good to verify. Report a bug to Capstone if there appears to be an error, and in the meanwhile we can create a fix in Pwndbg to work around the current behavior.
 
3. Check the state of the emulator.
 
Go to pwndbg/emu/emulator.py and uncomment the DEBUG = -1 line. This will enable verbose debug printing. The emulator will print it's current pc at every step, and indicate important events, like memory mappings. Likewise, in pwndbg/aglib/disasm/arch.py you can set DEBUG_ENHANCEMENT = True to print register accesses to verify they are sane values.
 
Potential bugs:
 
     
  • A register is 0 (may also be the source of a Unicorn segfault if used as a memory operand) - often means we are not copying the host processes register into the emulator. By default, we map register by name - if in Pwndbg, it's called rax, then we find the UC constant named U.x86_const.UC_X86_REG_RAX. Sometimes, this default mapping doesn't work, sometimes do to differences in underscores (FSBASE vs FS_BASE). In these cases, we have to manually add the mapping.
    •  
  • Unexpected crash - the instruction at hand might require a 'coprocessor', or some information that is unavailable to Unicorn (it's QEMU under the hood).
    •  
  • Instructions are just no executing - we've seen this in the case of Arm Thumb instructions. There might be some specific API/way to invoke the emulator that is required for a certain processor state.
    •  
"},{"location":"contributing/improving-annotations/#creating-small-cross-architecture-programs","title":"Creating small cross-architecture programs","text":"
If you are encountering a strange behavior with a certain instruction or scenario in a non-native-architecture program, you can use some great functions from pwntools to handle the compilation and debugging. This is a great way to create a small reproducible example to isolate an issue.
 
The following Python program, when run from inside a tmux session, will take some AArch64 assembly, compile it, and run it with GDB attached in a new tmux pane. It will search your system for the appropriate cross compiler for the architecture at hand, and run the compiled binary with QEMU.
 
from pwn import *\n\ncontext.arch = \"aarch64\"\n\nAARCH64_GRACEFUL_EXIT = \"\"\"\nmov x0, 0\nmov x8, 93\nsvc 0\n\"\"\"\n\nout = make_elf_from_assembly(STORE)\n# Debug info\nprint(out)\ngdb.debug(out)\n\npause()\n
"},{"location":"contributing/making-a-gif/","title":"Making a Pwndbg gif","text":""},{"location":"contributing/making-a-gif/#the-rundown","title":"The rundown","text":"
If you wish to make a gif of your terminal while using Pwndbg (usually to add an example of some command/workflow to the website) you should use charmbracelet/vhs. This ensures a consistent look to the gifs throughout the documentation, makes them easily updateable when UI changes are made, and just makes them more easily reproducable and modifiable in general.
 
Note
 
Here \"gif\" really means \"a video that loops\", in practice it is better to use .webm with .mp4 as a fallback because they are better optimized file formats.
 
The workflow to creating a gif is simple. Start a recording: 
vhs record > my_thingy.tape\n
 Whatever you now do in the terminal will be \"recorded\" to the my_thingy.tape file. Exit the shell to save the recording. The tape probably isn't ready to use as-is. You will want to add some metadata and fixup some lines.
 Example 
This is the tape used to generate the gif at https://pwndbg.re/dev/commands/context/context/ : 
# https://github.com/charmbracelet/vhs\n\nOutput pwndbg.mp4\nOutput pwndbg.webm\n\nSet FontSize 24\nSet Width 1920\nSet Height 1080\nSet TypingSpeed 100ms\n\nSleep 1s\nType \"pwndbg /bin/sh\"\nEnter\nSleep 2s\nType \"start\"\nEnter\nSleep 3s\nType \"stepsyscall\"\nSleep 3s\nEnter 1\nSleep 3s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"context\"\nSleep 4s\nEnter 1\nSleep 7s\nType \"down\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"ctx\"\nSleep 4s\nEnter 1\nSleep 7s\n
 
You may now run 
vhs my_thingy.tape\n
 and it will generate a gif with the filename you specified in the tape (the Output line in the example).
 
Make sure to commit the .tape file along with the gif.
"},{"location":"contributing/making-a-gif/#recording-in-docker","title":"Recording in Docker","text":"
If the setup for the gif is not highly involved, you may want to use a Dockerfile to generate the gif to ensure reproducability (or if wish to make sure your environment variables aren't visible during the debugging session). Here is a sample Dockerfile you can modify to your liking: 
# https://github.com/charmbracelet/vhs\nFROM ghcr.io/charmbracelet/vhs\n\n# Install Pwndbg\nRUN apt update && apt install -y git \\\n    && git clone https://github.com/pwndbg/pwndbg.git /pwndbg \\\n    && cd /pwndbg \\\n    && ./setup.sh\n\n# Create a pwndbg executable in PATH so we can run with\n# `pwndbg /bin/sh`.\nRUN echo '#!/bin/sh\\ngdb --quiet \"$@\"' > /usr/local/bin/pwndbg \\\n    && chmod +x /usr/local/bin/pwndbg\n\n# Make sure uv.lock.hash is created so we don't get\n# a message about updating during the gif.\nRUN gdb /bin/sh --batch\n\n# The ENTRYPOINT and CMD are defined in the vhs docker image.\n
 you can use a script like this to run it easily. 
#!/bin/sh\n\nset -e\n\nIMAGE_NAME=\"vhs-pwndbg\"\n\nrm -f .gdb_history\ndocker build -t \"$IMAGE_NAME\" .\ndocker run --rm -v \"$(pwd)\":/vhs \"$IMAGE_NAME\" my_thingy.tape\n
"},{"location":"contributing/setup-pwndbg-dev/","title":"Setup Pwndbg for Development","text":""},{"location":"contributing/setup-pwndbg-dev/#installing-pwndbg-from-source","title":"Installing Pwndbg from source","text":"
Run the following: 
git clone https://github.com/pwndbg/pwndbg\ncd pwndbg\n./setup.sh\n
 Officially supported is Ubuntu 22.04 and later, but the setup script also supports the following distributions:
 
     
  • Debian-based OSes (via apt-get)
    •  
  • Fedora and Red Hat (via dnf)
    •  
  • Clear (via swiped)
    •  
  • OpenSUSE LEAP (via zypper)
    •  
  • Arch and Manjaro (via community AUR packages)
    •  
  • Void (via xbps)
    •  
  • Gentoo (via emerge)
    •  
 
Tip
 
If you have an older ubuntu version you may still use Pwndbg:
 
     
  • for Ubuntu 20.04 use the 2024.08.29 release
    •  
  • for Ubuntu 18.04 use the 2023.07.17: ubuntu18.04-final release
    •  
 
however if you wish to contribute, it is recommended you upgrade your distribution.
"},{"location":"contributing/setup-pwndbg-dev/#running-with-gdb","title":"Running with GDB","text":"
Pwndbg requires GDB 12.1 or later. If the GDB version your distro provides is too old, build GDB from source: 
sudo apt install libgmp-dev libmpfr-dev libreadline-dev texinfo  # required by build\ngit clone git://sourceware.org/git/binutils-gdb.git\nmkdir gdb-build\ncd gdb-build\n../binutils-gdb/configure --enable-option-checking --disable-nls --disable-werror --with-system-readline --with-python=$(which python3) --with-system-gdbinit=/etc/gdb/gdbinit --enable-targets=all --disable-binutils --disable-ld --disable-gold --disable-gas --disable-sim --disable-gprof\nmake -j $(nproc)\n
 Since the ./setup.sh script made it so you source Pwndbg from your ~/.gdbinit, Pwndbg will start up automatically any time you run gdb.
"},{"location":"contributing/setup-pwndbg-dev/#running-with-lldb","title":"Running with LLDB","text":"
Pwndbg requires LLDB 19 or later. You can get it like this on Ubuntu 24.04: 
sudo apt install -y lldb-19 liblldb-19-dev\n
 but it will be added to your PATH as lldb-19 so you should either alias it or export it in your shell: 
export PATH=/usr/lib/llvm-19/bin/:$PATH\n
 so you can invoke it as lldb. Also export this environment variable: 
export LLDB_DEBUGSERVER_PATH=/usr/lib/llvm-19/bin/lldb-server\n
 Pwndbg doesn't use the lldb driver binary directly, it drives its own REPL and interacts with LLDB through liblldb. You can run Pwndbg with LLDB by running: 
uv run pwndbg-lldb [binary-to-debug]\n
"},{"location":"contributing/setup-pwndbg-dev/#the-development-environment","title":"The development environment","text":"
After installing Pwndbg like described above, there are a few ways to set up the development environment. The simplest one is by running: 
./setup-dev.sh\n
 but you can also use the docker container or develop using nix.
 
Note
 
For a proper development environment you must be able to run Pwndbg with both GDB and LLDB, otherwise you won't be able to use some important development features (like doc generation).
"},{"location":"contributing/setup-pwndbg-dev/#development-from-docker","title":"Development from docker","text":"
You can create a Docker image with everything already installed for you. You can use docker compose 
docker compose run -i main\n
 or build and run the container with 
docker build -t pwndbg .\ndocker run -it --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -v `pwd`:/pwndbg pwndbg bash\n
"},{"location":"contributing/setup-pwndbg-dev/#development-using-nix","title":"Development using Nix","text":"
Pwndbg supports development with Nix which installs all the required development dependencies:
 
     
  1. Install Nix with Determinate Nix Installer.
    2.  
  2. Enter the development shell with nix develop or automate this with direnv.
    3.  
  3. Run local changes with pwndbg or pwndbg-lldb. Run tests with ./tests.sh.
    4.  
"},{"location":"contributing/writing-tests/","title":"Writing Tests","text":""},{"location":"contributing/writing-tests/#overview","title":"Overview","text":"
Note
 
This is written under the assumption you already know how to run the tests.
 
In Pwndbg we have four types of tests: extensive x86_64 GDB tests, cross-architecture tests, linux kernel tests and unit-tests. They are all located in subdirectories of ./tests.
 
The x86_64 tests encompass most of the Pwndbg testing suite. If your tests do not belong in any of the other categories, they should go here. Since we do not yet perform testing on LLDB, these are run from inside GDB and are located in the ./tests/library/gdb directory. They can be run with ./tests.sh -d gdb -g gdb.
 
The cross-architecture tests are run using qemu-user emulation. They test architecture-specific logic and are located in the ./tests/library/qemu-user directory. They can be run with ./tests.sh -d gdb -g cross-arch-user.
 
The linux kernel tests are run using qemu-system emulation. They are located in the ./tests/library/qemu_system directory and run for a variety kernel configurations and architectures.
 
The unit tests are not run from within a debugger, but rather directly with pytest. They are located in the ./tests/unit_tests/ directory.
 
Here are the options supported by ./tests.sh which you can get by running ./tests.sh -h. 
usage: tests.py [-h] -g {gdb,dbg,cross-arch-user} -d {gdb} [-p] [-c] [-v] [-s] [--nix] [--collect-only] [test_name_filter]\n\nRun tests.\n\npositional arguments:\n  test_name_filter      run only tests that match the regex\n\noptions:\n  -h, --help            show this help message and exit\n  -g {gdb,dbg,cross-arch-user}, --group {gdb,dbg,cross-arch-user}\n  -d {gdb}, --driver {gdb}\n  -p, --pdb             enable pdb (Python debugger) post mortem debugger on failed tests\n  -c, --cov             enable codecov\n  -v, --verbose         display all test output instead of just failing test output\n  -s, --serial          run tests one at a time instead of in parallel\n  --nix                 run tests using built for nix environment\n  --collect-only        only show the output of test collection, don't run any tests\n
"},{"location":"contributing/writing-tests/#writing-tests_1","title":"Writing tests","text":"
Each test is a Python function that runs inside of an isolated GDB session. Using a pytest fixture at the beginning of each test, GDB will attach to a binary or connect to a QEMU instance. Each test runs some commands and uses Python assert statements to verify correctness. We can access Pwndbg library code like pwndbg.aglib.regs.rsp as well as execute GDB commands with gdb.execute().
 
We can take a look at tests/library/gdb/tests/test_symbol.py for an example of a simple test. Looking at a simplified version of the top-level code, we have this:
 
import gdb\nimport pwndbg\nimport tests\n\nBINARY = tests.get_binary(\"symbol_1600_and_752.native.out\")\n
 
Since these tests run inside GDB, we can import the gdb Python library. We also import the tests module, which makes it easy to get the path to the test binaries located in tests/gdb-tests/tests/binaries. You should be able to reuse the binaries in this folder for most tests, but if not feel free to add a new one.
 
Here's a small snippet of the actual test:
 
def test_hexdump(start_binary):\n    start_binary(BINARY)\n    pwndbg.config.hexdump_group_width.value = -1\n\n    gdb.execute(\"set hexdump-byte-separator\")\n    stack_addr = pwndbg.aglib.regs.rsp - 0x100\n
 
pytest will run any function that starts with test_ as a new test, so there is no need to register your new test anywhere. The start_binary argument is a function that will run the binary you give it, and it will set some common options before starting the binary. Using start_binary is recommended if you don't need any additional customization to GDB settings before starting the binary, but if you do it's fine to not use it.
"},{"location":"contributing/writing-tests/#qemu-tests","title":"QEMU Tests","text":"
Our gdb tests run in x86. To debug other architectures, we use QEMU for emulation and attach to its debug port. These tests are located in tests/library/qemu-user/tests. Test creation is identical to our x86 tests - create a Python function with a Pytest fixture name as the parameter (it matches based on the name), and call the argument to start debugging a binary. The qemu_assembly_run fixture takes in a Python string of assembly code, compiles it in the appropriate architecture, and runs it - no need to create an external file or edit a Makefile.
"},{"location":"functions/","title":"Index","text":""},{"location":"functions/#functions","title":"Functions","text":"
Pwndbg provides a set of functions which can be used during expression evaluation to quickly perform common calculations. These can even be passed to other commands as arguments. Currently, they only work in gdb.
 
To see a list of all functions, including those built into GDB, use help function. To see the help of any given function use help function function_name. Function invocation must include a preceding $ sign and must include brackets. For instance, invoke the environ function like so: 
pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffe6da \"LANG=en_US.UTF-8\"\n
 If the result of the function is being passed to a Pwndbg command, make sure to either escape the function argument's quotes, or put the whole function call in quotes. 
pwndbg> tele $environ(\"LANG\")\nusage: telescope [-h] [-r] [-f] [-i] [address] [count]\ntelescope: error: argument address: debugger couldn't resolve argument '$environ(LANG)':\n    No symbol \"LANG\" in current context.\npwndbg> tele $environ(\\\"LANG\\\")\n00:0000\u2502  0x7fffffffe6cf \u25c2\u2014 'LANG=en_US.UTF-8'\n01:0008\u2502  0x7fffffffe6d7 \u25c2\u2014 'US.UTF-8'\n02:0010\u2502  0x7fffffffe6df \u25c2\u2014 0x4e49475542454400\n[...]\npwndbg> tele '$environ(\"LANG\")'\n00:0000\u2502  0x7fffffffe6cf \u25c2\u2014 'LANG=en_US.UTF-8'\n01:0008\u2502  0x7fffffffe6d7 \u25c2\u2014 'US.UTF-8'\n02:0010\u2502  0x7fffffffe6df \u25c2\u2014 0x4e49475542454400\n[...]\n
"},{"location":"functions/#pwndbg-functions","title":"Pwndbg functions","text":""},{"location":"functions/#argc","title":"argc","text":"
argc() -> int\n
 
Get the number of program arguments. Evaluates to argc.
"},{"location":"functions/#example","title":"Example","text":"
pwndbg> p $argc()\n$1 = 2\npwndbg> argv\n00:0000\u2502  0x7fffffffe288 \u2014\u25b8 0x7fffffffe659 \u25c2\u2014 '/usr/bin/cat'\n01:0008\u2502  0x7fffffffe290 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 'gdbinit.py'\n02:0010\u2502  0x7fffffffe298 \u25c2\u2014 0\n
"},{"location":"functions/#argv","title":"argv","text":"
argv(index: gdb.Value) -> gdb.Value\n
 
Get the n-th program argument. Evaluate argv on the supplied value.
"},{"location":"functions/#example_1","title":"Example","text":"
pwndbg> p $argv(0)\n$11 = (signed char *) 0x7fffffffe666 \"/usr/bin/sh\"\npwndbg> argv\n00:0000\u2502  0x7fffffffe2a8 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 '/usr/bin/sh'\n01:0008\u2502  0x7fffffffe2b0 \u25c2\u2014 0\n
"},{"location":"functions/#base","title":"base","text":"
base(name_pattern: gdb.Value | str)\n
 
Return the base address of the first memory mapping containing the given name.
"},{"location":"functions/#example_2","title":"Example","text":"
pwndbg> p/x $base(\"libc\")\n$4 = 0x7ffff7d4b000\npwndbg> vmmap libc\n    0x7ffff7d4a000     0x7ffff7d4b000 rw-p     1000  6e000 /usr/lib/libncursesw.so.6.5\n\u25ba   0x7ffff7d4b000     0x7ffff7d6f000 r--p    24000      0 /usr/lib/libc.so.6\n\u25ba   0x7ffff7d6f000     0x7ffff7ed6000 r-xp   167000  24000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7ed6000     0x7ffff7f2b000 r--p    55000 18b000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7f2b000     0x7ffff7f2f000 r--p     4000 1e0000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7f2f000     0x7ffff7f31000 rw-p     2000 1e4000 /usr/lib/libc.so.6\n    0x7ffff7f31000     0x7ffff7f39000 rw-p     8000      0 [anon_7ffff7f31]\npwndbg> tele $base(\\\"libc\\\")+0x1337\n00:0000\u2502  0x7ffff7d4c337 \u25c2\u2014 0x80480a04214000f0\n01:0008\u2502  0x7ffff7d4c33f \u25c2\u2014 0x8040c02204452040\n02:0010\u2502  0x7ffff7d4c347 \u25c2\u2014 0x20042400000200\n03:0018\u2502  0x7ffff7d4c34f \u25c2\u2014 0x20 /* ' ' */\n[...]\n
 
Beware of accidentally matching the wrong mapping. For instance, if the loaded executable contained the string \"libc\" anywhere in it's path, it would've been returned.
"},{"location":"functions/#bn_eval","title":"bn_eval","text":"
bn_eval(expr: gdb.Value) -> int\n
 
Parse and evaluate a Binary Ninja expression.
 
Read more about binary ninja expressions here: https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView.parse_expression
 
All registers in the current register set are available as magic variables (e.g. $rip). The $piebase magic variable is also included, with the computed executable base.
 
This function cannot see stack local variables.
"},{"location":"functions/#example_3","title":"Example","text":"
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p/x $bn_eval(\"10+20\")\n$6 = 0x30\npwndbg> p/x $bn_eval(\"main\")\n$7 = 0x1645\npwndbg> p/x $rebase($bn_eval(\"main\"))\n$8 = 0x555555555645\npwndbg> p some_global_var\nNo symbol \"some_global_var\" in current context.\npwndbg> p/x $rebase($bn_eval(\"some_global_var+$rax\"))\n$9 = 0x5555555586b8\npwndbg> p $rebase($bn_eval(\"some_global_var+$rax\")) == $bn_sym(\"some_global_var\") + $rax\n$10 = 1\npwndbg> p $bn_eval(\"$piebase+some_global_var+$rax\") == $bn_sym(\"some_global_var\") + $rax\n$11 = 1\n
"},{"location":"functions/#bn_sym","title":"bn_sym","text":"
bn_sym(name_val: gdb.Value) -> int\n
 
Lookup a symbol's address by name from Binary Ninja.
 
This function sees symbols like functions and global variables, but not stack local variables, use bn_var for that.
"},{"location":"functions/#example_4","title":"Example","text":"
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $bn_sym(\"main\")\n$2 = 0x555555555645\npwndbg> b *($bn_sym(\"main\"))\nBreakpoint 1 at 0x555555555645\n
"},{"location":"functions/#bn_var","title":"bn_var","text":"
bn_var(name_val: gdb.Value) -> int\n
 
Lookup a stack variable's address by name from Binary Ninja.
 
This function doesn't see functions or global variables, use bn_sym for that.
"},{"location":"functions/#example_5","title":"Example","text":"
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p user_choice\nNo symbol \"user_choice\" in current context.\npwndbg> p/x $bn_var(\"user_choice\")\n$4 = 0x7fffffffe118\npwndbg> vmmap $4\n    0x7ffff7ffe000     0x7ffff7fff000 rw-p     1000      0 [anon_7ffff7ffe]\n\u25ba   0x7ffffffde000     0x7ffffffff000 rw-p    21000      0 [stack] +0x20118\npwndbg> p/x $bn_var(\"main\")\nTypeError: Could not convert Python object: None.\nError while executing Python code.\n
"},{"location":"functions/#environ","title":"environ","text":"
environ(env_name: gdb.Value) -> gdb.Value\n
 
Get an environment variable by name. Evaluate getenv() on the supplied value.
"},{"location":"functions/#example_6","title":"Example","text":"
pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffebfb \"LANG=en_US.UTF-8\"\n
"},{"location":"functions/#envp","title":"envp","text":"
envp(index: gdb.Value) -> gdb.Value\n
 
Get the n-th environment variable. Evaluate envp on the supplied value.
"},{"location":"functions/#example_7","title":"Example","text":"
pwndbg> p $envp(0x3F)\n$13 = (signed char *) 0x7fffffffef7d \"LANG=en_US.UTF-8\"\npwndbg> p $envp(0x3F) == $environ(\"LANG\")\n$14 = 1\n
"},{"location":"functions/#fsbase","title":"fsbase","text":"
fsbase(offset: gdb.Value = gdb.Value(0)) -> int\n
 
Get the value of the FS segment register. Only valid on x86(-64).
"},{"location":"functions/#example_8","title":"Example","text":"
pwndbg> p/x $fsbase()\n$3 = 0x7ffff7cdab80\npwndbg> p $fs_base == $fsbase()\n$4 = 1\npwndbg> x/gx $fsbase(0x28)\n0x7ffff7cdaba8:     0x4da926e1668e5a00\npwndbg> x/gx $fsbase(0x30)\n0x7ffff7cdabb0:     0x190a86d93bccf0ad\npwndbg> tls\nThread Local Storage (TLS) base: 0x7ffff7cdab80\nTLS is located at:\n    0x7ffff7cda000     0x7ffff7cdc000 rw-p     2000      0 [anon_7ffff7cda]\nDumping the address:\ntcbhead_t @ 0x7ffff7cdab80\n    0x00007ffff7cdab80 +0x0000 tcb                  : 0x7ffff7cdab80\n    0x00007ffff7cdab88 +0x0008 dtv                  : 0x7ffff7cdb4f0\n    0x00007ffff7cdab90 +0x0010 self                 : 0x7ffff7cdab80\n    0x00007ffff7cdab98 +0x0018 multiple_threads     : 0x0\n    0x00007ffff7cdab9c +0x001c gscope_flag          : 0x0\n    0x00007ffff7cdaba0 +0x0020 sysinfo              : 0x0\n    0x00007ffff7cdaba8 +0x0028 stack_guard          : 0x4da926e1668e5a00\n    0x00007ffff7cdabb0 +0x0030 pointer_guard        : 0x190a86d93bccf0ad\n    [...]\npwndbg> canary\n[...]\nCanary    = 0x4da926e1668e5a00 (may be incorrect on != glibc)\n[...]\n
 FS will usually point to the start of the TLS. If you're not providing an offset, it is usually easier to use GDB's builtin $fs_base variable.
"},{"location":"functions/#gsbase","title":"gsbase","text":"
gsbase(offset: gdb.Value = gdb.Value(0)) -> int\n
 
Get the value of the GS segment register. Only valid on x86(-64).
"},{"location":"functions/#example_9","title":"Example","text":"
pwndbg> p/x $gsbase()\n$1 = 0x0\n
 The value of the GS register is more interesting when doing kernel debugging: 
pwndbg> p/x $gsbase()\n$1 = 0xffff999287a00000\npwndbg> tele $gsbase()\n00:0000\u2502  0xffff999287a00000 \u25c2\u2014 0\n... \u2193     4 skipped\n05:0028\u2502  0xffff999287a00028 \u25c2\u2014 0xd6aa9b336d52a400\n06:0030\u2502  0xffff999287a00030 \u25c2\u2014 0\n07:0038\u2502  0xffff999287a00038 \u25c2\u2014 0\npwndbg> p $gsbase() == $gs_base\n$2 = 1\n
 If you're not providing an offset, it is usually easier to use GDB's builtin $gs_base variable.
"},{"location":"functions/#hex2ptr","title":"hex2ptr","text":"
hex2ptr(hex_string: gdb.Value | str) -> int\n
 
Converts a hex string to a little-endian address and returns the address.
"},{"location":"functions/#example_10","title":"Example","text":"
pwndbg> p/x $hex2ptr(\"20 74 ed f7 ff 7f\")\n$1 = 0x7ffff7ed7420\npwndbg> p/x $hex2ptr(\"2074edf7ff7f\")\n$2 = 0x7ffff7ed7420\npwndbg> distance '$base(\"libc\")' '$hex2ptr(\"20 74 ed f7 ff 7f\")'\n0x7ffff7d4b000->0x7ffff7ed7420 is 0x18c420 bytes (0x31884 words)\n
 
Especially useful for quickly converting pwntools output.
"},{"location":"functions/#ida","title":"ida","text":"
ida(name: gdb.Value) -> int\n
 
Lookup a symbol's address by name from IDA. Evaluate ida.LocByName() on the supplied value.
 
This functions doesn't see stack local variables.
"},{"location":"functions/#example_11","title":"Example","text":"
pwndbg> set integration-provider ida\nPwndbg successfully connected to Ida Pro xmlrpc: http://127.0.0.1:43718\nSet which provider to use for integration features to 'ida'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $ida(\"main\")\n$1 = 0x555555555645\npwndbg> b *$ida(\"main\")\nBreakpoint 2 at 0x555555555645\n
"},{"location":"functions/#rebase","title":"rebase","text":"
rebase(addr: gdb.Value | int) -> int\n
 
Return address rebased onto the executable's mappings.
"},{"location":"functions/#example_12","title":"Example","text":"
pwndbg> p/x $rebase(0xd9020)\n$1 = 0x55555562d020\npwndbg> vmmap\n0x555555554000     0x55555556f000 r--p    1b000      0 /usr/bin/bash\n0x55555556f000     0x55555562d000 r-xp    be000  1b000 /usr/bin/bash\n0x55555562d000     0x55555565e000 r--p    31000  d9000 /usr/bin/bash\n[...]\npwndbg> p $rebase(0xd9020) == 0x555555554000 + 0xd9020\n$2 = 1\npwndbg> tele $rebase(0xd9020)\n00:0000\u2502  0x55555562d020 \u25c2\u2014 0x204900636f6c6c61 /* 'alloc' */\n01:0008\u2502  0x55555562d028 \u25c2\u2014 'have no name!'\n02:0010\u2502  0x55555562d030 \u25c2\u2014 0x65720021656d616e /* 'name!' */\n03:0018\u2502  0x55555562d038 \u25c2\u2014 'adline stdin'\n[...]\n
"},{"location":"tutorials/env-vars/","title":"Env vars","text":""},{"location":"tutorials/env-vars/#environment-variables","title":"Environment Variables","text":"
Pwndbg relies on several environment variables to customize its behavior. Below is a list of these variables and their purposes:
 
     
  • PATH: Standard system PATH variable used to locate executables.
    •  
  • EDITOR, VISUAL: Used by the cymbol command to open an editor.
    •  
  • HOME, XDG_CACHE_HOME: Used by lib.tempfile to determine temporary file locations.
    •  
  • PWNDBG_VENV_PATH: Specifies the virtual environment path for Pwndbg.
    •  
  • NO_COLOR: Disables colored output in Pwndbg.
    •  
  • PWNDBG_LOGLEVEL: Initial log level to use for log messages.
    •  
  • OPENAI_API_KEY, ANTHROPIC_API_KEY: Used by the ai command for accessing respective AI APIs.
    •  
  • GITHUB_ACTIONS, RUN_FLAKY: Used by tests_commands.py to determine the test environment.
    •  
  • PWNDBG_PROFILE: Enables profiling for benchmarking.
    •  
  • USE_PDB: Enables Python debugger in tests.
    •  
  • PWNDBG_LAUNCH_TEST: Used by tests to configure test launching.
    •  
  • PWNDBG_ARCH, PWNDBG_KERNEL_TYPE, PWNDBG_KERNEL_VERSION: Used by gdblib kernel tests to specify kernel parameters.
    •  
  • SPHINX: Used by docs/source/conf.py, likely to be removed.
    •  
  • PWNLIB_NOTERM=1: Set by Pwndbg to avoid terminal issues with Pwntools.
    •  
"},{"location":"tutorials/gdb-lldb-commands/","title":"GDB vs LLDB","text":"
For users who are migrating from one debugger to another, here is a table comparison of some of the most common actions and how to do them in GDB and LLDB. Note that both debuggers offer shorthands for typing these commands.
 Functionality GDB Command LLDB Command Start Debugging Program gdb ./your-program lldb ./your-program Set a Breakpoint break <function-name> breakpoint set --name <function-name> Set Breakpoint on Address break *<address> breakpoint set --address <address> Set Breakpoint at Line break <filename>:<line-number> breakpoint set --file <filename> --line <line-number> Set Hardware Breakpoint hbreak <function-name> breakpoint set --hardware --name <function-name> Set Hardware Breakpoint at Memory hbreak *<memory-address> breakpoint set --hardware --address <memory-address> List All Breakpoints info breakpoints breakpoint list Delete Breakpoints delete <breakpoint-number> breakpoint delete <breakpoint-number> Set Watchpoint watch <variable> watchpoint set variable <variable> Set Conditional Breakpoint break <function-name> if <condition> breakpoint set --condition \"<condition>\" Continue Execution continue process continue Next Instruction next thread step-over Step into a Function step thread step-in Step out of a Function finish thread step-out Print Threads info threads thread list Select Thread thread <thread-id> thread select <thread-id> Print Register Values info registers register read -a Print a Variable print <variable> print <variable> Display Variable on Every Stop display <variable> expression --watch <variable> Examine Memory (Hex) x/<num>x <memory-address> memory read --format x --count <num> <memory-address> Examine Memory (Integer) x/<num>d <memory-address> memory read --format d --count <num> <memory-address> Inspect Stack Trace backtrace thread backtrace Change Register Value set $<register-name> = <value> register write <register-name> <value> Check Program Status info locals frame variable Check Program Info info functions image lookup --functions Show Disassembly of Function disas <function-name> disassemble <function-name> Memory Dump (Hex) x/<num>xh <memory-address> memory read --format x --count <num> <memory-address> Memory Dump (Bytes) x/<num>bx <memory-address> memory read --format b --count <num> <memory-address> Show Process Information info process process status Quit Debugging quit quit Run Program with Arguments run <arg1> <arg2> ... process launch -- <arg1> <arg2> ... Show Current Function info frame frame info Set Sysroot set sysroot <path-to-sysroot> settings set target.sysroot <path-to-sysroot> Set Source Directory directory <path-to-source-directory> settings set target.source-map <remote-path> <local-path> Set Architecture set architecture <arch> target create --arch <arch> <executable-file> Show Settings show <setting-name> settings show <setting-name> Set File for Debugging file <executable-file> target create <executable-file> Start the Program at the First Instruction starti process launch --stop-at-entry Enable ASLR set disable-randomization off settings set target.disable-aslr false"},{"location":"tutorials/gdb-tui/","title":"GDB TUI","text":"
The context sections are available as native GDB TUI windows named pwndbg_[sectionname]. There are some predefined layouts coming with Pwndbg which you can select using layout pwndbg or layout pwndbg_code.
 
Use focus cmd to focus the command window and have the arrow keys scroll through the command history again. tui disable to disable TUI mode and go back to CLI mode when running commands with longer output. ctrl-x + a toggles between TUI and CLI mode quickly. Hold shift to ignore the TUI mouse integration and use the mouse normally to select text or copy data.
 
To create your own layout and selecting it use normal tui new-layout syntax like: 
tui new-layout pwndbg_custom {-horizontal { { -horizontal { pwndbg_code 1 pwndbg_disasm 1 } 2 { {-horizontal pwndbg_legend 8 pwndbg_control 2 } 0 pwndbg_regs 1 pwndbg_stack 1 } 3 } 7 cmd 3 } 3 { pwndbg_backtrace 2 pwndbg_expressions 2 pwndbg_threads 1 } 1 } 1 status 1\nlayout pwndbg_custom\n
"},{"location":"tutorials/go-debugging/","title":"Debugging Go with Pwndbg","text":""},{"location":"tutorials/go-debugging/#basics","title":"Basics","text":"
The go-dump command can be used to dump Go values during debugging. It takes the form go-dump type address_expression, and supports many different types with the same syntax as Go:
 
     
  • Integer types: int, int8, int16, int32, int64, int128, and their uint counterparts
    •  
  • Misc types: bool, rune, uintptr, string
    •  
  • Floating point types: float32, float64
    •  
  • Complex numbers: complex64, complex128
    •  
  • Interface types: any for interface{} (the empty interface), and interface for all non-empty interfaces
    •  
  • Function types: funcptr for all function types
    •  
  • Pointers: *ELEM
    •  
  • Slices: []ELEM
    •  
  • Arrays: [LEN]ELEM
    •  
  • Maps: map[KEY][VAL] (note that maps in Go are actually pointers to the map, whereas this map is the inner map, so you may need to use *map[KEY]VAL to dump a map)
    •  
 
Struct types are also supported, but the syntax is slightly different from Go in order to avoid having to compute offsets (and also to support only having partial field information on structs). Struct types are notated as OFFSET:FIELD_NAME:TYPE triples separated by semicolons then enclosed with struct(SIZE){}, e.g. struct(24){0:foo:string;16:bar:int64} to represent the 24-byte Go struct struct { foo string; bar int64 }.
 
Example: 
pwndbg> go-dump map[string]int 0xc0000b20f0\n{\"a\": 1, \"b\": 2, \"c\": 3}\n\npwndbg> go-dump any 0xc0000ace40\n([]struct { a int; b string }) [struct {a: 1, b: \"first\"}, struct {a: 2, b: \"second\"}]\n\npwndbg> go-dump struct(24){0:a:int;8:b:string} 0xc000108120\nstruct {a: 1, b: \"first\"}\n
 
Some notable flags include -p to enable pretty printing, -x to display integers in hex, -f DECIMALS to set the number of decimals used to display floats, -d to enable debug printing, which displays memory addresses of everything shown in the dump.
"},{"location":"tutorials/go-debugging/#runtime-type-parsing","title":"Runtime Type Parsing","text":"
Go's compiler emits type objects for every single type used by the program. This is what enables dumping interface values with go-dump without having to specify any additional type information, and can also be leveraged to dump non-interface values if the type can be located. A good way to locate types is by finding the type pointer passed into heap allocation functions like runtime.newobject or runtime.makeslice.
 
After finding the type pointer, the go-type command can be used to inspect a type: 
pwndbg> go-type 0x49fbc0\n Name: struct { a int; b string }\n Kind: STRUCT\n Size: 24 (0x18)\nAlign: 8\nParse: struct(24){0:a:int;8:b:string}\nField a:\n    Offset: 0 (0x0)\n    Type name: int\n    Type addr: 0x498ce0\nField b:\n    Offset: 8 (0x8)\n    Type name: string\n    Type addr: 0x498aa0\n
 
The go-dump command can also take an address to a type instead of the name of a type: 
pwndbg> go-dump 0x49fbc0 0xc000108120\nstruct {a: 1, b: \"first\"}\n
"},{"location":"tutorials/packaging/","title":"Packaging Pwndbg","text":"
Previously, packagers were required to create a .skip-venv file if they wanted to make sure Pwndbg used system installed python packages. Also, they had to deal with the fact that Pwndbg was invoked from the ~/.gdbinit file.
 
As of version 2025.10.10, you don't need to worry about those problems anymore. The entrypoints to Pwndbg are the pwndbg and pwndbg-lldb commands as defined in the [project.scripts] section of the pyproject.toml file. The .skip-venv file is also not necessary as Pwndbg will detect that a virtual environment is not being used at runtime. The method you use to package any python package will just work with Pwndbg without any workarounds.
 
Info
 
If you're curious, the PR that introduced these changes is #3199. There is a general packaging thread in #3124. For reference, the Pwndbg package for Gentoo has been updated in this PR: gentoo/gentoo!44181 (discussed in #3348).
"},{"location":"tutorials/pwndbg-users/","title":"Pwndbg in the wild","text":"
Here is a non-exhaustive list of Pwndbg mentions found in the wild. Feel free to open a PR to add more if you find them!
"},{"location":"tutorials/pwndbg-users/#talks","title":"Talks","text":"
     
  • EuroPython 2025 - Pwndbg: Low level debugging and exploit development with Python (slides, video)
    •  
  • OffensiveCon24 - How to Fuzz Your Way to Android Universal Root: Attacking Android Binder - by Eugene Rodionov, Zi Fan Tan and Gulshan Singh
    •  
"},{"location":"tutorials/pwndbg-users/#blog-posts","title":"Blog posts","text":"
     
  • Oops Safari, I think You Spilled Something! @ Exodus Intelligence
    •  
  • \u201cUnstripping\u201d binaries: Restoring debugging information in GDB with Pwndbg by Jason An @ Trail of Bits
    •  
  • A Winter\u2019s Tale: Improving messages and types in GDB\u2019s Python API by Matheus Branco Borella @ Trail of Bits
    •  
  • Patch-gapping Google Chrome @ Exodus Intelligence
    •  
  • Inspecting rdtsc with pwndbg by John Shaughnessy
    •  
"},{"location":"tutorials/pwndbg-users/#videos","title":"Videos","text":"
     
  • Intro to pwndbg - CTF Cookbook by SloppyJoePirates CTF Writeups
    •  
  • Intro to Binary Exploitation (Pwn) by CryptoCat
    •  
  • Bug A Day #8 - pwndbg #2 by Bug-A-Day
    •  
"},{"location":"tutorials/pwndbg-users/#scripts","title":"Scripts","text":"
     
  • CVE-2022-24834 exploit by ptr-yudai
    •  
"},{"location":"tutorials/pwndbg-users/#magazine-articles","title":"Magazine articles","text":"
     
  • \"Programista\" polish programming magazine - Low level debugging with Pwndbg (in polish)
    •  
"},{"location":"tutorials/pycharm-debugging/","title":"Debugging with PyCharm","text":"
In order to debug code with PyCharm you need to configure remote debugging.
 
PyCharm will start a remote debugging server which will listen for connections and Pwndbg will then connect to that server, on startup.
"},{"location":"tutorials/pycharm-debugging/#configuring-the-debugging-server","title":"Configuring the debugging server","text":"
Select Run -> Edit Configurations and follow the instructions there :)
 
     
  • Create a new server with the + button.
    •  
  • Put your IP in IDE host name and select a port number.
    •  
  • Optionally, add a path mapping: pycharm/pwndbg/dir=machine/pwndbg/dir
    •  
  • Uncheck suspend after connect
    •  
"},{"location":"tutorials/pycharm-debugging/#configuring-pwndbg","title":"Configuring Pwndbg","text":"
     
  • Select Run -> Edit Configurations and install the packages described in that window.
    •  
  • pip install pydevd-pycharm~=<your_pycharm_version>
    •  
  • Add the following code somewhere where it will execute on GDB startup: 
    import pydevd_pycharm\npydevd_pycharm.settrace('<your_IP>', port=<port>, stdoutToServer=True, stderrToServer=True)\n
    •  
"},{"location":"tutorials/pycharm-debugging/#debugging","title":"Debugging","text":"
     
  1. Start the debugging server in PyCharm
    2.  
  2. Run Pwndbg
    3.  
"},{"location":"tutorials/pycharm-debugging/#wsl2","title":"WSL2","text":"
In order to debug using WSL2, you need to obtain your Windows IP. The easiest way to do that is to run: 
cat /etc/resolv.conf\n
 and then to pick the value in the nameserver line. Then use that IP in the IDE host name field, when configuring the server. Afterwards, use the same IP in pydevd_pycharm.settrace(...)
"},{"location":"tutorials/splitting-the-context/","title":"Splitting / Layouting Context","text":"
i.e. doing this: 
 
In Pwndbg, the context sections can be distributed among different tty by using the contextoutput command. Example: 
contextoutput stack /path/to/tty true\n
 
If you use a terminal or multiplexer that supports scripted pane splitting, you can write a Python script that will create the panes and distribute them to your liking whenever you start Pwndbg.
 
For instance, for tmux, you could write something like this: 
python\nimport atexit\nimport os\nfrom pwndbg.commands.context import contextoutput, output, clear_screen\nbt = os.popen('tmux split-window -P -F \"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\nst = os.popen(F'tmux split-window -h -t {bt[0]} -P -F '+'\"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\nre = os.popen(F'tmux split-window -h -t {st[0]} -P -F '+'\"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\ndi = os.popen('tmux split-window -h -P -F \"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\npanes = dict(backtrace=bt, stack=st, regs=re, disasm=di)\nfor sec, p in panes.items():\n  contextoutput(sec, p[1], True)\ncontextoutput(\"legend\", di[1], True)\natexit.register(lambda: [os.popen(F\"tmux kill-pane -t {p[0]}\").read() for p in panes.values()])\nend\n
 If you're using tmux specifically, you can use pwnmux as a prebuilt layout or splitmind to easily configure the layout you want.
 
Example
 
The above example uses splitmind and following configuration: 
python\nimport splitmind\n(splitmind.Mind()\n  .tell_splitter(show_titles=True)\n  .tell_splitter(set_title=\"Main\")\n  .right(display=\"backtrace\", size=\"25%\")\n  .above(of=\"main\", display=\"disasm\", size=\"80%\", banner=\"top\")\n  .show(\"code\", on=\"disasm\", banner=\"none\")\n  .right(cmd='tty; tail -f /dev/null', size=\"65%\", clearing=False)\n  .tell_splitter(set_title='Input / Output')\n  .above(display=\"stack\", size=\"75%\")\n  .above(display=\"legend\", size=\"25\")\n  .show(\"regs\", on=\"legend\")\n  .below(of=\"backtrace\", cmd=\"ipython\", size=\"30%\")\n).build(nobanner=True)\nend\n
 
If you're using kitty, you may check out kittydbg for a prebuilt layout.
"},{"location":"tutorials/decompiler-integration/binja-integration/","title":"Binary Ninja","text":""},{"location":"tutorials/decompiler-integration/binja-integration/#requirements","title":"Requirements","text":"
You need at least the personal edition of Binary Ninja (only tested on version 4.0+) that runs at least Python 3.10 for plugins.
"},{"location":"tutorials/decompiler-integration/binja-integration/#setup","title":"Setup","text":"
Copy (or symlink) binja_script.py to your plugins directory.
"},{"location":"tutorials/decompiler-integration/binja-integration/#usage","title":"Usage","text":"
To start the Binary Ninja integration, open the binary you want to debug in Binary Ninja, then go to Plugins > pwndbg > Start integration on current view. This will start the XMLRPC server that Pwndbg queries for information.
 
Then, inside GDB, run set integration-provider binja, which will start the integration. You can run set integration-provider none to disable it again.
"},{"location":"tutorials/decompiler-integration/binja-integration/#features","title":"Features","text":"
The integration currently syncs symbol names, comments, decompilation, function type signatures, and stack variables.
"},{"location":"tutorials/decompiler-integration/binja-integration/#commands","title":"Commands","text":"
     
  • bn-sync: Navigate the Binary Ninja view to the current instruction
    •  
  • decomp ADDR NLINES: Displays the decompilation for NLINES lines at address ADDR.
    •  
"},{"location":"tutorials/decompiler-integration/binja-integration/#config-options","title":"Config Options","text":"
     
  • bn-autosync: If set to yes, every step will automatically run bn-sync
    •  
  • bn-il-level: Sets the IL level to use for decompilation. Valid values are: disasm, llil, mlil, hlil
    •  
  • bn-rpc-host/bn-rpc-port: The host and port to connect to for the XMLRPC server
    •  
  • bn-timeout: The amount, in seconds, to wait for the XMLRPC server to connect
    •  
"},{"location":"tutorials/decompiler-integration/ghidra-integration/","title":"Ghidra","text":"
Unlike with IDA and Binary Ninja, Ghidra is not considered an \"integration provider\". You cannot synchronise your Ghidra reverse engineering progress to Pwndbg. You can however integrate Ghidra's decompiler into Pwndbg such that the decompiled version of any function you're in is shown in the Pwndbg context.
 Example Screenshot 
 
To do this, we will need the help of radare2 or rizin.
"},{"location":"tutorials/decompiler-integration/ghidra-integration/#setup","title":"Setup","text":"rizinradare2 
     
  1. Install rizin. It must be found by the debugger (within path).
    2.  
  2. Install the Ghidra plugin for rizin: rz-ghidra.
    3.  
  3. Install rzpipe and make sure the python used by the debugger can access it.
    4.  
  4. Add set r2decompiler rizin to your ~/.gdbinit after Pwndbg is sourced.
    5.  
 
Regarding the third step, if you don't install to your user or system-wide python (but rather a virtual environment), you may add something like this to the beginning of your ~/.gdbinit: 
python\nimport sys\nimport os\nfrom glob import glob\n\nvenv = os.path.expanduser('~/tools/rizin/venv')\nsite_dir_pattern = os.path.join(venv, 'lib', 'python*/site-packages')\nsite_dirs = glob(site_dir_pattern)\nsys.path.insert(0, site_dirs[0])\nimport rzpipe\nend\n
 
     
  1. Install radare2. It must be found by the debugger (within path).
    2.  
  2. Install the Ghidra plugin for radare2: r2ghidra.
    3.  
  3. Install r2pipe and make sure the python used by the debugger can access it.
    4.  
  4. Add set r2decompiler radare2 to your ~/.gdbinit after Pwndbg is sourced.
    5.  
 
Regarding the third step, if you don't install to your user or system-wide python (but rather a virtual environment), you may add something like this to the beginning of your ~/.gdbinit: 
python\nimport sys\nimport os\nfrom glob import glob\n\nvenv = os.path.expanduser('~/tools/radare2/venv')\nsite_dir_pattern = os.path.join(venv, 'lib', 'python*/site-packages')\nsite_dirs = glob(site_dir_pattern)\nsys.path.insert(0, site_dirs[0])\nimport r2pipe\nend\n
"},{"location":"tutorials/decompiler-integration/ghidra-integration/#usage","title":"Usage","text":"
Append set context-ghidra if-no-source to your ~/.gdbinit. You should be able to see the [ GHIDRA DECOMPILE ] context now right below your disassembly. If you want to temporarily enable/disable it or move around the context sections, see context-ghidra and contextoutput.
 
Be warned, the first call to both radare2/r2ghidra and rizin/rz-ghidra are rather slow! Subsequent requests for decompiled source will be faster. And it does take up some resources as the radare2/rizin instance is kept by r2pipe/rzpipe to enable faster subsequent analysis.
 
Remark: the plugin tries to guess the correct current line and mark it with \"\u2192\", but it might get it wrong.
"},{"location":"tutorials/decompiler-integration/ida-integration/","title":"IDA","text":""},{"location":"tutorials/decompiler-integration/ida-integration/#usage","title":"Usage","text":"
Open the same binary with Pwndbg and IDA. Then inside IDA go to File > Script file and select the ida_script.py file from the Pwndbg root folder. This will start the XMLRPC server that Pwndbg queries for information.
 
Inside the debugger, run set integration-provider ida. This will start the integration, you can run set integration-provider none to disable it.
"},{"location":"tutorials/decompiler-integration/ida-integration/#features","title":"Features","text":"
The integration will sync IDA's decompilation and show it in the context. You can query for symbols and stack variables using the ida function.
"},{"location":"tutorials/decompiler-integration/ida-integration/#debugger-control","title":"Debugger Control","text":"
To see an up-to-date list of things you can do regarding IDA integration, you may grep for ida like so: 
pwndbg> pwndbg ida\nfind-fake-fast                             Find candidate fake fast or tcache chunks overlapping the specified address.\nsave-ida                           Save the ida database.\npwndbg> config ida\nattachp-resolution-method          how to determine the process to attach when multiple candidates exists   'ask'\nida-rpc-host                       ida xmlrpc server address                                                '127.0.0.1'\nida-rpc-port                       ida xmlrpc server port                                                   43718\nida-timeout                        time to wait for ida xmlrpc in seconds                                   2\npwndbg> | help function | grep ida\nfunction ida -- Lookup a symbol's address by name from IDA.\n
 Note that you will see some false positives.
 
You can use the decomp command to use IDA to decompile at an arbitrary address.
"},{"location":"reference/pwndbg/","title":"pwndbg","text":""},{"location":"reference/pwndbg/#pwndbg","title":"pwndbg","text":"
Modules:
 
     
  •  aglib           \u2013            
    Debugger-agnostic library that provides various functionality.
     
    •  
  •  arguments           \u2013            
    Function and syscall argument formatting.
     
    •  
  •  auxv           \u2013            
    Performs handling of the linux auxiliary vector.
     
    •  
  •  chain           \u2013            
    Dereference and format pointer chains.
     
    •  
  •  color           \u2013            
    Text colorizing and theme configuration logic.
     
    •  
  •  commands           \u2013            
    Pwndbg command implementations.
     
    •  
  •  dbg           \u2013            
    The abstracted debugger interface.
     
    •  
  •  decorators           \u2013            
    Project-wide function decorators.
     
    •  
  •  emu           \u2013            
    Emulation assistance from Unicorn.
     
    •  
  •  enhance           \u2013            
    Attempt to describe the data at a memory address as best as possible.
     
    •  
  •  exception           \u2013            
    Common exception handling.
     
    •  
  •  gdblib           \u2013            
    Library for handling GDB logic. Being removed in favour of aglib.
     
    •  
  •  ghidra           \u2013            
    Ghidra integration.
     
    •  
  •  glibc           \u2013            
    Get information about the GLibc
     
    •  
  •  hexdump           \u2013            
    Hexdump implementation, ~= stolen from pwntools.
     
    •  
  •  integration           \u2013            
    Decompiler integration.
     
    •  
  •  lib           \u2013            
    Library for non-debugger-dependant functionality.
     
    •  
  •  log           \u2013            
    Logging.
     
    •  
  •  profiling           \u2013            
    Pwndbg profiling.
     
    •  
  •  radare2           \u2013            
    Radare2 integration with r2pipe.
     
    •  
  •  rizin           \u2013            
    Rizin integration with rzpipe.
     
    •  
  •  search           \u2013            
    Search the address space for byte patterns.
     
    •  
  •  ui           \u2013            
    A few helpers for making things print pretty-like.
     
    •  
  •  wrappers           \u2013            
    Specific command output wrappers.
     
    •  
 
Attributes:
 
     
  •  config               (Config)           \u2013            
    The global configuration object.
     
    •  
  •  __version__           \u2013            
    Pwndbg version.
     
    •  
  •  version           \u2013            
    Pwndbg version.
     
    •  
"},{"location":"reference/pwndbg/#pwndbg.config","title":"config  module-attribute","text":"
config: Config = Config()\n
 
The global configuration object.
"},{"location":"reference/pwndbg/#pwndbg.__version__","title":"__version__  module-attribute","text":"
__version__ = __version__\n
 
Pwndbg version.
"},{"location":"reference/pwndbg/#pwndbg.version","title":"version  module-attribute","text":"
version = __version__\n
 
Pwndbg version.
"},{"location":"reference/pwndbg/aglib/","title":"aglib","text":""},{"location":"reference/pwndbg/aglib/#pwndbg.aglib","title":"aglib","text":"
Debugger-agnostic library that provides various functionality.
 
Takes the debugging primitives provided by the Debugger API and builds the more complex and interesting bits of functionality found in Pwndbg on top of them.
 
See https://pwndbg.re/dev/contributing/dev-notes/#aglib for more information.
 
Modules:
 
     
  •  arch           \u2013            
    •  
  •  argv           \u2013            
    •  
  •  asm           \u2013            
    •  
  •  commpage           \u2013            
    •  
  •  ctypes           \u2013            
    On-the-fly endianness switching for ctypes structures.
     
    •  
  •  disasm           \u2013            
    •  
  •  dt           \u2013            
    Prints structures in a manner similar to WinDbg's \"dt\" command.
     
    •  
  •  dynamic           \u2013            
    Dynamic linking interface.
     
    •  
  •  elf           \u2013            
    This file declares types and methods useful for enumerating
     
    •  
  •  file           \u2013            
    Retrieve files from the debuggee's filesystem.  Useful when
     
    •  
  •  godbg           \u2013            
    •  
  •  heap           \u2013            
    •  
  •  kernel           \u2013            
    •  
  •  macho           \u2013            
    •  
  •  memory           \u2013            
    •  
  •  nearpc           \u2013            
    •  
  •  next           \u2013            
    Commands for setting temporary breakpoints on the next
     
    •  
  •  objc           \u2013            
    Apple Objective-C Runtime Support
     
    •  
  •  onegadget           \u2013            
    •  
  •  proc           \u2013            
    Provides values which would be available from /proc which
     
    •  
  •  qemu           \u2013            
    Determine whether the target is being run under QEMU.
     
    •  
  •  regs           \u2013            
    Reading register value from the inferior, and provides a
     
    •  
  •  remote           \u2013            
    Information about whether the debuggee is local (under GDB) or remote
     
    •  
  •  saved_register_frames           \u2013            
    •  
  •  shellcode           \u2013            
    Shellcode
     
    •  
  •  stack           \u2013            
    Helpers for finding address mappings which are used as a stack.
     
    •  
  •  strings           \u2013            
    Functionality for resolving ASCII printable strings within
     
    •  
  •  symbol           \u2013            
    Looking up addresses for function names / symbols, and
     
    •  
  •  tls           \u2013            
    Getting Thread Local Storage (TLS) information.
     
    •  
  •  typeinfo           \u2013            
    Common types.
     
    •  
  •  vmmap           \u2013            
    •  
  •  vmmap_custom           \u2013            
    •  
 
Functions:
 
     
  •  load_aglib             \u2013              
    •  
  •  set_arch             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/#pwndbg.aglib.load_aglib","title":"load_aglib","text":"
load_aglib()\n
"},{"location":"reference/pwndbg/aglib/#pwndbg.aglib.set_arch","title":"set_arch","text":"
set_arch(pwndbg_arch: PwndbgArchitecture)\n
"},{"location":"reference/pwndbg/aglib/arch/","title":"arch","text":""},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch","title":"arch","text":"
Classes:
 
     
  •  PwndbgArchitecture           \u2013            
    This class defines the context of the currently debugged architecture as well as other related information of the platform.
     
    •  
  •  AMD64Arch           \u2013            
    •  
  •  i386Arch           \u2013            
    32-bit mode x86
     
    •  
  •  i8086Arch           \u2013            
    16-bit mode x86
     
    •  
  •  ArmArch           \u2013            
    •  
  •  ArmCortexArch           \u2013            
    Cortex-M processors run the M-profile Arm architecture.
     
    •  
  •  AArch64Arch           \u2013            
    •  
  •  PowerPCArch           \u2013            
    •  
  •  SparcArch           \u2013            
    •  
  •  RISCV32Arch           \u2013            
    •  
  •  RISCV64Arch           \u2013            
    •  
  •  MipsArch           \u2013            
    •  
  •  Loongarch64Arch           \u2013            
    •  
  •  S390xArch           \u2013            
    •  
 
Functions:
 
     
  •  register_arch             \u2013              
    •  
  •  get_pwndbg_architecture             \u2013              
    •  
  •  get_thumb_mode_string             \u2013              
    •  
  •  update             \u2013              
    •  
 
Attributes:
 
     
  •  EndianType           \u2013            
    •  
  •  FMT_LITTLE_ENDIAN           \u2013            
    •  
  •  FMT_BIG_ENDIAN           \u2013            
    •  
  •  registered_architectures               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, PwndbgArchitecture])           \u2013            
    •  
  •  CAPSTONE_ENDIAN_MAPPING               (dict[EndianType, int])           \u2013            
    •  
  •  all_arches           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.EndianType","title":"EndianType  module-attribute","text":"
EndianType = Literal['little', 'big']\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.FMT_LITTLE_ENDIAN","title":"FMT_LITTLE_ENDIAN  module-attribute","text":"
FMT_LITTLE_ENDIAN = {1: 'B', 2: '<H', 4: '<I', 8: '<Q'}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.FMT_BIG_ENDIAN","title":"FMT_BIG_ENDIAN  module-attribute","text":"
FMT_BIG_ENDIAN = {1: 'B', 2: '>H', 4: '>I', 8: '>Q'}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.registered_architectures","title":"registered_architectures  module-attribute","text":"
registered_architectures: dict[\n    PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, PwndbgArchitecture\n] = {}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.CAPSTONE_ENDIAN_MAPPING","title":"CAPSTONE_ENDIAN_MAPPING  module-attribute","text":"
CAPSTONE_ENDIAN_MAPPING: dict[EndianType, int] = {\n    \"little\": CS_MODE_LITTLE_ENDIAN,\n    \"big\": CS_MODE_BIG_ENDIAN,\n}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.all_arches","title":"all_arches  module-attribute","text":"
all_arches = [\n    AMD64Arch(),\n    i386Arch(),\n    i8086Arch(),\n    ArmArch(),\n    ArmCortexArch(),\n    AArch64Arch(),\n    PowerPCArch(),\n    SparcArch(),\n    RISCV32Arch(),\n    RISCV64Arch(),\n    MipsArch(),\n    Loongarch64Arch(),\n    S390xArch(),\n]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture","title":"PwndbgArchitecture","text":"
PwndbgArchitecture(name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)\n
 
               Bases: ArchDefinition
 
This class defines the context of the currently debugged architecture as well as other related information of the platform.
 
This includes the following information: - Capstone/Unicorn constants - ABI information
 
Methods:
 
     
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_constants             \u2013              
    Return tuple of (CAPSTONE ARCH, CAPSTONE MODE) used to instantiate the Capstone disassembler for this architecture.
     
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size               (int)           \u2013            
    •  
  •  instruction_alignment               (int)           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.max_instruction_size","title":"max_instruction_size  instance-attribute","text":"
max_instruction_size: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.instruction_alignment","title":"instruction_alignment  instance-attribute","text":"
instruction_alignment: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int] | None\n
 
Return tuple of (CAPSTONE ARCH, CAPSTONE MODE) used to instantiate the Capstone disassembler for this architecture.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch","title":"AMD64Arch","text":"
AMD64Arch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 1\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch","title":"i386Arch","text":"
i386Arch()\n
 
               Bases: PwndbgArchitecture
 
32-bit mode x86
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 1\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch","title":"i8086Arch","text":"
i8086Arch()\n
 
               Bases: PwndbgArchitecture
 
16-bit mode x86
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 1\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch","title":"ArmArch","text":"
ArmArch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch","title":"ArmCortexArch","text":"
ArmCortexArch()\n
 
               Bases: PwndbgArchitecture
 
Cortex-M processors run the M-profile Arm architecture. This architecture is prevalent in bare-metal/embedded systems that lack operating systems. Only Thumb-2 instructions are supported, and the Thumb bit is always 1.
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    On Cortex-M processors, the Thumb bit is architecturally defined to be 1.
     
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1]\n
 
On Cortex-M processors, the Thumb bit is architecturally defined to be 1.
 
This is the (xpsr >> 24) & 1, which is always 1.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch","title":"AArch64Arch","text":"
AArch64Arch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  constant_instruction_size           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size = True\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch","title":"PowerPCArch","text":"
PowerPCArch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch","title":"SparcArch","text":"
SparcArch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch","title":"RISCV32Arch","text":"
RISCV32Arch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 22\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch","title":"RISCV64Arch","text":"
RISCV64Arch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 22\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch","title":"MipsArch","text":"
MipsArch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 8\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch","title":"Loongarch64Arch","text":"
Loongarch64Arch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  constant_instruction_size           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size = True\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch","title":"S390xArch","text":"
S390xArch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 6\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 2\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.register_arch","title":"register_arch","text":"
register_arch(arch: PwndbgArchitecture)\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.get_pwndbg_architecture","title":"get_pwndbg_architecture","text":"
get_pwndbg_architecture(\n    name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n) -> PwndbgArchitecture | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.get_thumb_mode_string","title":"get_thumb_mode_string","text":"
get_thumb_mode_string() -> Literal['arm', 'thumb'] | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/","title":"argv","text":""},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv","title":"argv","text":"
Functions:
 
     
  •  update             \u2013              
    •  
  •  update_state             \u2013              
    •  
  •  argc             \u2013              
    •  
  •  argv             \u2013              
    •  
  •  envc             \u2013              
    •  
  •  envp             \u2013              
    •  
  •  environ             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.update_state","title":"update_state","text":"
update_state() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argc","title":"argc","text":"
argc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argv","title":"argv","text":"
argv(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envc","title":"envc","text":"
envc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envp","title":"envp","text":"
envp(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.environ","title":"environ","text":"
environ(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/asm/","title":"asm","text":""},{"location":"reference/pwndbg/aglib/asm/#pwndbg.aglib.asm","title":"asm","text":"
Functions:
 
     
  •  asm             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/asm/#pwndbg.aglib.asm.asm","title":"asm","text":"
asm(data: str) -> bytes\n
"},{"location":"reference/pwndbg/aglib/commpage/","title":"commpage","text":""},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage","title":"commpage","text":"
Classes:
 
     
  •  CommPageField           \u2013            
    •  
 
Functions:
 
     
  •  get_commpage_fields             \u2013              
    •  
  •  get_commpage_mappings             \u2013              
    •  
 
Attributes:
 
     
  •  rw_flags           \u2013            
    •  
  •  ro_flags           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.rw_flags","title":"rw_flags  module-attribute","text":"
rw_flags = R_OK | W_OK\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.ro_flags","title":"ro_flags  module-attribute","text":"
ro_flags = R_OK\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField","title":"CommPageField","text":"
               Bases: NamedTuple
 
Methods:
 
     
  •  is_undocumented             \u2013              
    •  
  •  is_unused             \u2013              
    •  
  •  is_readonly             \u2013              
    •  
  •  real_addr             \u2013              
    •  
  •  real_size             \u2013              
    •  
  •  unpack             \u2013              
    •  
 
Attributes:
 
     
  •  flags               (int)           \u2013            
    •  
  •  ctype               (str)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  offset               (int)           \u2013            
    •  
  •  desc               (str)           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.flags","title":"flags  instance-attribute","text":"
flags: int\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.ctype","title":"ctype  instance-attribute","text":"
ctype: str\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.offset","title":"offset  instance-attribute","text":"
offset: int\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.desc","title":"desc  instance-attribute","text":"
desc: str\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.is_undocumented","title":"is_undocumented","text":"
is_undocumented()\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.is_unused","title":"is_unused","text":"
is_unused()\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.is_readonly","title":"is_readonly","text":"
is_readonly()\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.real_addr","title":"real_addr","text":"
real_addr() -> int\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.real_size","title":"real_size","text":"
real_size() -> int\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.unpack","title":"unpack","text":"
unpack() -> Any\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.get_commpage_fields","title":"get_commpage_fields","text":"
get_commpage_fields() -> tuple[CommPageField, ...]\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.get_commpage_mappings","title":"get_commpage_mappings","text":"
get_commpage_mappings() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/ctypes/","title":"ctypes","text":""},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes","title":"ctypes","text":"
On-the-fly endianness switching for ctypes structures.
 
We cannot make use of ctypes.LittleEndianStructure and ctypes.BigEndianStructure, since these use metaclass hooks to catch fields being set when the class is declared.
 
We need to catch on the fly.  We do this by swapping out the base classes of the Structure type, and incurring a performance penalty for foreign-endianness targets.
 
Functions:
 
     
  •  update             \u2013              
    •  
 
Attributes:
 
     
  •  module           \u2013            
    •  
  •  Structure           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.module","title":"module  module-attribute","text":"
module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.Structure","title":"Structure  module-attribute","text":"
Structure = LittleEndianStructure\n
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/","title":"disasm","text":""},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm","title":"disasm","text":"
Modules:
 
     
  •  aarch64           \u2013            
    •  
  •  arch           \u2013            
    •  
  •  arm           \u2013            
    •  
  •  disassembly           \u2013            
    Functionality for disassmebling code at an address, or at an
     
    •  
  •  instruction           \u2013            
    •  
  •  loongarch64           \u2013            
    •  
  •  mips           \u2013            
    •  
  •  ppc           \u2013            
    •  
  •  riscv           \u2013            
    •  
  •  sparc           \u2013            
    •  
  •  x86           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/","title":"aarch64","text":""},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64","title":"aarch64","text":"
Classes:
 
     
  •  AArch64DisassemblyAssistant           \u2013            
    •  
 
Functions:
 
     
  •  resolve_condition             \u2013              
    Given a condition and the NZCV flag bits, determine when the condition is satisfied
     
    •  
 
Attributes:
 
     
  •  AARCH64_SINGLE_LOAD_INSTRUCTIONS               (dict[int, int | None])           \u2013            
    •  
  •  AARCH64_SINGLE_STORE_INSTRUCTIONS               (dict[int, int | None])           \u2013            
    •  
  •  AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS           \u2013            
    •  
  •  CONDITIONAL_SELECT_INSTRUCTIONS           \u2013            
    •  
  •  AARCH64_EMULATED_ANNOTATIONS           \u2013            
    •  
  •  AARCH64_CONSTANT_SHIFTS           \u2013            
    •  
  •  AARCH64_BIT_SHIFT_MAP               (dict[int, Callable[[int, int, int], int]])           \u2013            
    •  
  •  AARCH64_EXTEND_MAP               (dict[int, Callable[[int], int]])           \u2013            
    •  
  •  AARCH64_MATH_INSTRUCTIONS           \u2013            
    •  
  •  AARCH64_SHIFT_INSTRUCTIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SINGLE_LOAD_INSTRUCTIONS","title":"AARCH64_SINGLE_LOAD_INSTRUCTIONS  module-attribute","text":"
AARCH64_SINGLE_LOAD_INSTRUCTIONS: dict[int, int | None] = {\n    AARCH64_INS_LDRB: 1,\n    AARCH64_INS_ALIAS_LDRB: 1,\n    AARCH64_INS_LDURB: 1,\n    AARCH64_INS_ALIAS_LDURB: 1,\n    AARCH64_INS_LDRSB: -1,\n    AARCH64_INS_ALIAS_LDRSB: -1,\n    AARCH64_INS_LDURSB: -1,\n    AARCH64_INS_ALIAS_LDURSB: -1,\n    AARCH64_INS_LDRH: 2,\n    AARCH64_INS_ALIAS_LDRH: 2,\n    AARCH64_INS_LDURH: 2,\n    AARCH64_INS_ALIAS_LDURH: 2,\n    AARCH64_INS_LDRSH: -2,\n    AARCH64_INS_ALIAS_LDRSH: -2,\n    AARCH64_INS_LDURSH: -2,\n    AARCH64_INS_ALIAS_LDURSH: -2,\n    AARCH64_INS_LDURSW: -4,\n    AARCH64_INS_ALIAS_LDURSW: -4,\n    AARCH64_INS_LDRSW: -4,\n    AARCH64_INS_ALIAS_LDRSW: -4,\n    AARCH64_INS_LDUR: None,\n    AARCH64_INS_ALIAS_LDUR: None,\n    AARCH64_INS_LDR: None,\n    AARCH64_INS_ALIAS_LDR: None,\n    AARCH64_INS_LDTRB: 1,\n    AARCH64_INS_LDTRSB: -1,\n    AARCH64_INS_LDTRH: 2,\n    AARCH64_INS_LDTRSH: -2,\n    AARCH64_INS_LDTRSW: -4,\n    AARCH64_INS_LDTR: None,\n    AARCH64_INS_ALIAS_LDTR: None,\n    AARCH64_INS_LDXRB: 1,\n    AARCH64_INS_LDXRH: 2,\n    AARCH64_INS_LDXR: None,\n    AARCH64_INS_LDARB: 1,\n    AARCH64_INS_LDARH: 2,\n    AARCH64_INS_LDAR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SINGLE_STORE_INSTRUCTIONS","title":"AARCH64_SINGLE_STORE_INSTRUCTIONS  module-attribute","text":"
AARCH64_SINGLE_STORE_INSTRUCTIONS: dict[int, int | None] = {\n    AARCH64_INS_STRB: 1,\n    AARCH64_INS_ALIAS_STRB: 1,\n    AARCH64_INS_STURB: 1,\n    AARCH64_INS_ALIAS_STURB: 1,\n    AARCH64_INS_STRH: 2,\n    AARCH64_INS_ALIAS_STRH: 2,\n    AARCH64_INS_STURH: 2,\n    AARCH64_INS_ALIAS_STURH: 2,\n    AARCH64_INS_STUR: None,\n    AARCH64_INS_ALIAS_STUR: None,\n    AARCH64_INS_STR: None,\n    AARCH64_INS_ALIAS_STR: None,\n    AARCH64_INS_STTRB: 1,\n    AARCH64_INS_STTRH: 2,\n    AARCH64_INS_STTR: None,\n    AARCH64_INS_STLRB: 1,\n    AARCH64_INS_STLRH: 2,\n    AARCH64_INS_STLR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS","title":"AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS  module-attribute","text":"
AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS = {\n    AARCH64_INS_STXRB: 1,\n    AARCH64_INS_STXRH: 2,\n    AARCH64_INS_STXR: None,\n    AARCH64_INS_STLXRB: 1,\n    AARCH64_INS_STLXRH: 2,\n    AARCH64_INS_STLXR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.CONDITIONAL_SELECT_INSTRUCTIONS","title":"CONDITIONAL_SELECT_INSTRUCTIONS  module-attribute","text":"
CONDITIONAL_SELECT_INSTRUCTIONS = {\n    AARCH64_INS_CSEL,\n    AARCH64_INS_CSINC,\n    AARCH64_INS_CSINV,\n    AARCH64_INS_CSNEG,\n    AARCH64_INS_ALIAS_CSET,\n    AARCH64_INS_ALIAS_CSETM,\n    AARCH64_INS_ALIAS_CINC,\n    AARCH64_INS_ALIAS_CINV,\n    AARCH64_INS_ALIAS_CNEG,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EMULATED_ANNOTATIONS","title":"AARCH64_EMULATED_ANNOTATIONS  module-attribute","text":"
AARCH64_EMULATED_ANNOTATIONS = CONDITIONAL_SELECT_INSTRUCTIONS | {\n    AARCH64_INS_SXTB,\n    AARCH64_INS_SXTH,\n    AARCH64_INS_SXTW,\n    AARCH64_INS_UXTB,\n    AARCH64_INS_UXTH,\n    AARCH64_INS_UXTW,\n    AARCH64_INS_RBIT,\n    AARCH64_INS_CLS,\n    AARCH64_INS_CLZ,\n    AARCH64_INS_ALIAS_BFXIL,\n    AARCH64_INS_ALIAS_UBFIZ,\n    AARCH64_INS_UBFM,\n    AARCH64_INS_ALIAS_UBFX,\n    AARCH64_INS_ALIAS_SBFIZ,\n    AARCH64_INS_SBFM,\n    AARCH64_INS_ALIAS_SBFX,\n    AARCH64_INS_ALIAS_BFI,\n    AARCH64_INS_NEG,\n    AARCH64_INS_ALIAS_NEGS,\n    AARCH64_INS_REV,\n    AARCH64_INS_BIC,\n    AARCH64_INS_BICS,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_CONSTANT_SHIFTS","title":"AARCH64_CONSTANT_SHIFTS  module-attribute","text":"
AARCH64_CONSTANT_SHIFTS = {\n    AARCH64_SFT_LSL,\n    AARCH64_SFT_LSR,\n    AARCH64_SFT_ASR,\n    AARCH64_SFT_ROR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_BIT_SHIFT_MAP","title":"AARCH64_BIT_SHIFT_MAP  module-attribute","text":"
AARCH64_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n    AARCH64_SFT_LSL: logical_shift_left,\n    AARCH64_SFT_LSR: logical_shift_right,\n    AARCH64_SFT_ASR: arithmetic_shift_right,\n    AARCH64_SFT_ROR: rotate_right,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXTEND_MAP","title":"AARCH64_EXTEND_MAP  module-attribute","text":"
AARCH64_EXTEND_MAP: dict[int, Callable[[int], int]] = {\n    AARCH64_EXT_UXTB: lambda x: x & (1 << 8) - 1,\n    AARCH64_EXT_UXTH: lambda x: x & (1 << 16) - 1,\n    AARCH64_EXT_UXTW: lambda x: x & (1 << 32) - 1,\n    AARCH64_EXT_UXTX: lambda x: x,\n    AARCH64_EXT_SXTB: lambda x: to_signed(x, 8),\n    AARCH64_EXT_SXTH: lambda x: to_signed(x, 16),\n    AARCH64_EXT_SXTW: lambda x: to_signed(x, 32),\n    AARCH64_EXT_SXTX: lambda x: to_signed(x, 64),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_MATH_INSTRUCTIONS","title":"AARCH64_MATH_INSTRUCTIONS  module-attribute","text":"
AARCH64_MATH_INSTRUCTIONS = {\n    AARCH64_INS_ADD: \"+\",\n    AARCH64_INS_ALIAS_ADD: \"+\",\n    AARCH64_INS_ADDS: \"+\",\n    AARCH64_INS_ALIAS_ADDS: \"+\",\n    AARCH64_INS_SUB: \"-\",\n    AARCH64_INS_ALIAS_SUB: \"-\",\n    AARCH64_INS_SUBS: \"-\",\n    AARCH64_INS_ALIAS_SUBS: \"-\",\n    AARCH64_INS_AND: \"&\",\n    AARCH64_INS_ALIAS_AND: \"&\",\n    AARCH64_INS_ANDS: \"&\",\n    AARCH64_INS_ALIAS_ANDS: \"&\",\n    AARCH64_INS_ORR: \"|\",\n    AARCH64_INS_ALIAS_ORR: \"|\",\n    AARCH64_INS_EOR: \"^\",\n    AARCH64_INS_ALIAS_EOR: \"^\",\n    AARCH64_INS_UDIV: \"/\",\n    AARCH64_INS_SDIV: \"/\",\n    AARCH64_INS_SMULH: \"*\",\n    AARCH64_INS_SMULL: \"*\",\n    AARCH64_INS_ALIAS_SMULL: \"*\",\n    AARCH64_INS_UMULH: \"*\",\n    AARCH64_INS_UMULL: \"*\",\n    AARCH64_INS_ALIAS_UMULL: \"*\",\n    AARCH64_INS_MUL: \"*\",\n    AARCH64_INS_ALIAS_MUL: \"*\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SHIFT_INSTRUCTIONS","title":"AARCH64_SHIFT_INSTRUCTIONS  module-attribute","text":"
AARCH64_SHIFT_INSTRUCTIONS = {\n    AARCH64_INS_LSL: \"<<\",\n    AARCH64_INS_ALIAS_LSL: \"<<\",\n    AARCH64_INS_LSR: \">>\",\n    AARCH64_INS_ALIAS_LSR: \">>\",\n    AARCH64_INS_ASR: \">>s\",\n    AARCH64_INS_ALIAS_ASR: \">>s\",\n    AARCH64_INS_ROR: \">>r\",\n    AARCH64_INS_ALIAS_ROR: \">>r\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant","title":"AArch64DisassemblyAssistant","text":"
AArch64DisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n    AARCH64_INS_MOV: _common_move_annotator,\n    AARCH64_INS_ALIAS_MOV: _common_move_annotator,\n    AARCH64_INS_MOVZ: _common_move_annotator,\n    AARCH64_INS_MOVK: _common_generic_register_destination,\n    AARCH64_INS_ADR: _common_generic_register_destination,\n    AARCH64_INS_ADRP: _handle_adrp,\n    AARCH64_INS_ALIAS_CMP: _common_cmp_annotator_builder(\"cpsr\", \"-\"),\n    AARCH64_INS_ALIAS_CMN: _common_cmp_annotator_builder(\"cpsr\", \"+\"),\n    AARCH64_INS_ALIAS_TST: _common_cmp_annotator_builder(\"cpsr\", \"&\"),\n    AARCH64_INS_CCMP: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n    AARCH64_INS_CCMN: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.resolve_condition","title":"resolve_condition","text":"
resolve_condition(condition: int, cpsr: int) -> InstructionCondition\n
 
Given a condition and the NZCV flag bits, determine when the condition is satisfied
 
The condition is a Capstone constant
"},{"location":"reference/pwndbg/aglib/disasm/arch/","title":"arch","text":""},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch","title":"arch","text":"
Classes:
 
     
  •  DisassemblyAssistant           \u2013            
    •  
 
Functions:
 
     
  •  syntax_highlight             \u2013              
    •  
  •  register_assign             \u2013              
    •  
  •  memory_assign             \u2013              
    •  
  •  memory_or_register_assign             \u2013              
    Used when we don't know until runtime whether a codepath will annotate a register or memory location.
     
    •  
  •  basic_enhance             \u2013              
    •  
 
Attributes:
 
     
  •  DEBUG_ENHANCEMENT           \u2013            
    •  
  •  groups           \u2013            
    •  
  •  ops           \u2013            
    •  
  •  access           \u2013            
    •  
  •  DO_NOT_EMULATE           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DEBUG_ENHANCEMENT","title":"DEBUG_ENHANCEMENT  module-attribute","text":"
DEBUG_ENHANCEMENT = False\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.groups","title":"groups  module-attribute","text":"
groups = {v: _wfor (k, v) in (items()) if startswith('CS_GRP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.ops","title":"ops  module-attribute","text":"
ops = {v: _Bfor (k, v) in (items()) if startswith('CS_OP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.access","title":"access  module-attribute","text":"
access = {v: _4for (k, v) in (items()) if startswith('CS_AC_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DO_NOT_EMULATE","title":"DO_NOT_EMULATE  module-attribute","text":"
DO_NOT_EMULATE = {CS_GRP_INT, CS_GRP_INVALID, CS_GRP_IRET}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant","title":"DisassemblyAssistant","text":"
DisassemblyAssistant(architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)\n
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.syntax_highlight","title":"syntax_highlight","text":"
syntax_highlight(ins)\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.register_assign","title":"register_assign","text":"
register_assign(left: str, right: str) -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_assign","title":"memory_assign","text":"
memory_assign(left: str, right: str) -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_or_register_assign","title":"memory_or_register_assign","text":"
memory_or_register_assign(left: str, right: str, mem_assign: bool) -> str\n
 
Used when we don't know until runtime whether a codepath will annotate a register or memory location.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.basic_enhance","title":"basic_enhance","text":"
basic_enhance(ins: PwndbgInstruction) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/","title":"arm","text":""},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm","title":"arm","text":"
Classes:
 
     
  •  ArmDisassemblyAssistant           \u2013            
    •  
 
Functions:
 
     
  •  itstate_from_cpsr             \u2013              
    ITSTATE == If-Then execution state bits for the Thumb IT instruction
     
    •  
 
Attributes:
 
     
  •  ARM_BIT_SHIFT_MAP               (dict[int, Callable[[int, int, int], int]])           \u2013            
    •  
  •  ARM_SINGLE_LOAD_INSTRUCTIONS           \u2013            
    •  
  •  ARM_SINGLE_STORE_INSTRUCTIONS           \u2013            
    •  
  •  ARM_EXCLUSIVE_STORE_INSTRUCTIONS           \u2013            
    •  
  •  ARM_MATH_INSTRUCTIONS           \u2013            
    •  
  •  ARM_SHIFT_INSTRUCTIONS           \u2013            
    •  
  •  ARM_CAN_WRITE_TO_PC_INSTRUCTIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_BIT_SHIFT_MAP","title":"ARM_BIT_SHIFT_MAP  module-attribute","text":"
ARM_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n    ARM_SFT_ASR: arithmetic_shift_right,\n    ARM_SFT_LSL: logical_shift_left,\n    ARM_SFT_LSR: logical_shift_right,\n    ARM_SFT_ROR: rotate_right,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_LOAD_INSTRUCTIONS","title":"ARM_SINGLE_LOAD_INSTRUCTIONS  module-attribute","text":"
ARM_SINGLE_LOAD_INSTRUCTIONS = {\n    ARM_INS_LDRB: 1,\n    ARM_INS_LDRSB: -1,\n    ARM_INS_LDRH: 2,\n    ARM_INS_LDRSH: -2,\n    ARM_INS_LDR: 4,\n    ARM_INS_LDRBT: 1,\n    ARM_INS_LDRSBT: -1,\n    ARM_INS_LDRHT: 2,\n    ARM_INS_LDRSHT: -2,\n    ARM_INS_LDRT: 4,\n    ARM_INS_LDREXB: 1,\n    ARM_INS_LDREXH: 2,\n    ARM_INS_LDREX: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_STORE_INSTRUCTIONS","title":"ARM_SINGLE_STORE_INSTRUCTIONS  module-attribute","text":"
ARM_SINGLE_STORE_INSTRUCTIONS = {\n    ARM_INS_STRB: 1,\n    ARM_INS_STRH: 2,\n    ARM_INS_STR: 4,\n    ARM_INS_STRBT: 1,\n    ARM_INS_STRHT: 2,\n    ARM_INS_STRT: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_EXCLUSIVE_STORE_INSTRUCTIONS","title":"ARM_EXCLUSIVE_STORE_INSTRUCTIONS  module-attribute","text":"
ARM_EXCLUSIVE_STORE_INSTRUCTIONS = {\n    ARM_INS_STREXB: 1,\n    ARM_INS_STREXH: 2,\n    ARM_INS_STREX: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_MATH_INSTRUCTIONS","title":"ARM_MATH_INSTRUCTIONS  module-attribute","text":"
ARM_MATH_INSTRUCTIONS = {\n    ARM_INS_ADD: \"+\",\n    ARM_INS_ADDW: \"+\",\n    ARM_INS_SUB: \"-\",\n    ARM_INS_ORR: \"|\",\n    ARM_INS_AND: \"&\",\n    ARM_INS_EOR: \"^\",\n    ARM_INS_UDIV: \"/\",\n    ARM_INS_SDIV: \"/\",\n    ARM_INS_MUL: \"*\",\n    ARM_INS_UMULL: \"*\",\n    ARM_INS_SMULL: \"*\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SHIFT_INSTRUCTIONS","title":"ARM_SHIFT_INSTRUCTIONS  module-attribute","text":"
ARM_SHIFT_INSTRUCTIONS = {\n    ARM_INS_ASR: \">>s\",\n    ARM_INS_ALIAS_ASR: \">>s\",\n    ARM_INS_LSR: \">>\",\n    ARM_INS_ALIAS_LSR: \">>\",\n    ARM_INS_LSL: \"<<\",\n    ARM_INS_ALIAS_LSL: \"<<\",\n    ARM_INS_ROR: \">>r\",\n    ARM_INS_ALIAS_ROR: \">>r\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_CAN_WRITE_TO_PC_INSTRUCTIONS","title":"ARM_CAN_WRITE_TO_PC_INSTRUCTIONS  module-attribute","text":"
ARM_CAN_WRITE_TO_PC_INSTRUCTIONS = {\n    ARM_INS_LDM,\n    ARM_INS_ALIAS_LDM,\n    ARM_INS_POP,\n    ARM_INS_ALIAS_POP,\n    ARM_INS_LDR,\n    ARM_INS_ADC,\n    ARM_INS_ADD,\n    ARM_INS_ADR,\n    ARM_INS_AND,\n    ARM_INS_ASR,\n    ARM_INS_ALIAS_ASR,\n    ARM_INS_BIC,\n    ARM_INS_EOR,\n    ARM_INS_LSL,\n    ARM_INS_ALIAS_LSL,\n    ARM_INS_LSR,\n    ARM_INS_ALIAS_LSR,\n    ARM_INS_MOV,\n    ARM_INS_MVN,\n    ARM_INS_ORR,\n    ARM_INS_ROR,\n    ARM_INS_ALIAS_ROR,\n    ARM_INS_RRX,\n    ARM_INS_ALIAS_RRX,\n    ARM_INS_RSB,\n    ARM_INS_RSC,\n    ARM_INS_SBC,\n    ARM_INS_SUB,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant","title":"ArmDisassemblyAssistant","text":"
ArmDisassemblyAssistant(architecture, flags_reg: Literal['cpsr', 'xpsr'])\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  read_thumb_bit             \u2013              
    •  
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  flags_reg           \u2013            
    •  
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.flags_reg","title":"flags_reg  instance-attribute","text":"
flags_reg = flags_reg\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n    ARM_INS_MOV: _common_move_annotator,\n    ARM_INS_MOVW: _common_move_annotator,\n    ARM_INS_MOVT: _common_generic_register_destination,\n    ARM_INS_MVN: _common_generic_register_destination,\n    ARM_INS_CMP: _common_cmp_annotator_builder(flags_reg, \"-\"),\n    ARM_INS_CMN: _common_cmp_annotator_builder(flags_reg, \"+\"),\n    ARM_INS_TST: _common_cmp_annotator_builder(flags_reg, \"&\"),\n    ARM_INS_TEQ: _common_cmp_annotator_builder(flags_reg, \"^\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit(instruction: PwndbgInstruction, emu: Emulator) -> int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.itstate_from_cpsr","title":"itstate_from_cpsr","text":"
itstate_from_cpsr(cpsr_value: int) -> int\n
 
ITSTATE == If-Then execution state bits for the Thumb IT instruction The ITSTATE bits are spread across 3 sections of Arm flags register to a total of 8 bits. This function extracts them and reorders the bits into their logical order - https://developer.arm.com/documentation/ddi0403/d/System-Level-Architecture/System-Level-Programmers--Model/Registers/The-special-purpose-program-status-registers--xPSR#:~:text=shows%20the%20assignment%20of%20the%20ICI/IT%20bits.
 
Bits of the flags register: EPSR[26:25]    EPSR[15:12]    EPSR[11:10] Bits of ITSTATE:            IT[1:0]        IT[7:4]        IT[3:2]
 
The lower 5 bits has information that indicates the number of instructions in the IT Block. The top 3 bits indicate the base condition of the block. - https://developer.arm.com/documentation/ddi0406/cb/Application-Level-Architecture/Application-Level-Programmers--Model/Execution-state-registers/IT-block-state-register--ITSTATE?lang=en
 
If the value is zero, it means we are not in an IT block.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/","title":"disassembly","text":""},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly","title":"disassembly","text":"
Functionality for disassmebling code at an address, or at an address \u00b1 a few instructions.
 
Functions:
 
     
  •  enhance_cache_listener             \u2013              
    •  
  •  clear_on_reg_mem_change             \u2013              
    •  
  •  get_previous_instruction             \u2013              
    •  
  •  get_disassembler             \u2013              
    •  
  •  get_one_instruction             \u2013              
    If passed an emulator, this will pass it to the DisassemblyAssistant which will
     
    •  
  •  one             \u2013              
    •  
  •  one_raw             \u2013              
    •  
  •  get             \u2013              
    •  
  •  can_run_first_emulate             \u2013              
    Disable the emulate config variable if we don't have enough memory to use it
     
    •  
  •  no_emulate_one             \u2013              
    •  
  •  emulate_one             \u2013              
    •  
  •  one_with_config             \u2013              
    Returns a single Pwndbg Instruction at the current PC.
     
    •  
  •  near             \u2013              
    Disassembles instructions near given address. Passing emulate makes use of
     
    •  
  •  get_disassembly_assistant_for_current_arch             \u2013              
    •  
  •  arch_has_disassembly_assistant             \u2013              
    •  
 
Attributes:
 
     
  •  CapstoneSyntax           \u2013            
    •  
  •  force_register_alias           \u2013            
    •  
  •  next_addresses_cache               (set[int])           \u2013            
    •  
  •  backward_cache               (DefaultDict[int, int])           \u2013            
    •  
  •  linear_backward_cache               (DefaultDict[int, int])           \u2013            
    •  
  •  computed_instruction_cache               (DefaultDict[int, PwndbgInstruction])           \u2013            
    •  
  •  emulated_arm_mode_cache               (DefaultDict[int, int | None])           \u2013            
    •  
  •  first_time_emulate           \u2013            
    •  
  •  ALL_DISASSEMBLY_ASSISTANTS               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, Callable[[], DisassemblyAssistant]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.CapstoneSyntax","title":"CapstoneSyntax  module-attribute","text":"
CapstoneSyntax = {'intel': CS_OPT_SYNTAX_INTEL, 'att': CS_OPT_SYNTAX_ATT}\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.force_register_alias","title":"force_register_alias  module-attribute","text":"
force_register_alias = add_param(\n    \"disasm-reg-alias\",\n    False,\n    \"force the disassembly to use register aliases (e.g. aarch64 x29 -> fp)\",\n    param_class=PARAM_BOOLEAN,\n    help_docstring=\"The register aliasing is done by capstone, see:\\nhttps://github.com/capstone-engine/capstone/blob/next/docs/cs_v6_release_guide.md#:~:text=None.-,Register%20alias,-Register%20alias%20\\n\\nEnabling this may make disassembly slower.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.next_addresses_cache","title":"next_addresses_cache  module-attribute","text":"
next_addresses_cache: set[int] = set()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.backward_cache","title":"backward_cache  module-attribute","text":"
backward_cache: DefaultDict[int, int] = defaultdict(lambda: None)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.linear_backward_cache","title":"linear_backward_cache  module-attribute","text":"
linear_backward_cache: DefaultDict[int, int] = defaultdict(lambda: None)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.computed_instruction_cache","title":"computed_instruction_cache  module-attribute","text":"
computed_instruction_cache: DefaultDict[int, PwndbgInstruction] = defaultdict(\n    lambda: None\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.emulated_arm_mode_cache","title":"emulated_arm_mode_cache  module-attribute","text":"
emulated_arm_mode_cache: DefaultDict[int, int | None] = defaultdict(\n    lambda: None\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.first_time_emulate","title":"first_time_emulate  module-attribute","text":"
first_time_emulate = True\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.ALL_DISASSEMBLY_ASSISTANTS","title":"ALL_DISASSEMBLY_ASSISTANTS  module-attribute","text":"
ALL_DISASSEMBLY_ASSISTANTS: dict[\n    PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, Callable[[], DisassemblyAssistant]\n] = {\n    \"aarch64\": lambda: AArch64DisassemblyAssistant(\"aarch64\"),\n    \"i386\": lambda: X86DisassemblyAssistant(\"i386\"),\n    \"x86-64\": lambda: X86DisassemblyAssistant(\"x86-64\"),\n    \"arm\": lambda: ArmDisassemblyAssistant(\"arm\", \"cpsr\"),\n    \"armcm\": lambda: ArmDisassemblyAssistant(\"armcm\", \"xpsr\"),\n    \"mips\": lambda: MipsDisassemblyAssistant(\"mips\"),\n    \"rv32\": lambda: RISCVDisassemblyAssistant(\"rv32\"),\n    \"rv64\": lambda: RISCVDisassemblyAssistant(\"rv64\"),\n    \"loongarch64\": lambda: Loong64DisassemblyAssistant(\"loongarch64\"),\n    \"powerpc\": lambda: PowerPCDisassemblyAssistant(\"powerpc\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.enhance_cache_listener","title":"enhance_cache_listener","text":"
enhance_cache_listener() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.clear_on_reg_mem_change","title":"clear_on_reg_mem_change","text":"
clear_on_reg_mem_change() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_previous_instruction","title":"get_previous_instruction","text":"
get_previous_instruction(\n    address: int, use_cache: bool, linear: bool\n) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_disassembler","title":"get_disassembler","text":"
get_disassembler(cs_info: tuple[int, int])\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_one_instruction","title":"get_one_instruction","text":"
get_one_instruction(\n    address,\n    emu: Emulator = None,\n    enhance=True,\n    from_cache=False,\n    put_cache=False,\n    assistant: DisassemblyAssistant = None,\n) -> PwndbgInstruction\n
 
If passed an emulator, this will pass it to the DisassemblyAssistant which will single_step the emulator to determine the operand values before and after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one","title":"one","text":"
one(\n    address=None,\n    emu: Emulator = None,\n    enhance=True,\n    from_cache=False,\n    put_cache=False,\n    put_backward_cache=True,\n    linear=False,\n    assistant: DisassemblyAssistant = None,\n) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one_raw","title":"one_raw","text":"
one_raw(address=None) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get","title":"get","text":"
get(\n    address,\n    instructions=1,\n    emu: Emulator = None,\n    enhance=True,\n    from_cache=False,\n    put_cache=False,\n    assistant: DisassemblyAssistant = None,\n) -> list[PwndbgInstruction]\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.can_run_first_emulate","title":"can_run_first_emulate","text":"
can_run_first_emulate() -> bool\n
 
Disable the emulate config variable if we don't have enough memory to use it See #1534 And unicorn-engine/unicorn!1743
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.no_emulate_one","title":"no_emulate_one","text":"
no_emulate_one()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.emulate_one","title":"emulate_one","text":"
emulate_one()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one_with_config","title":"one_with_config","text":"
one_with_config()\n
 
Returns a single Pwndbg Instruction at the current PC.
 
Emulation determined by the pwndbg.config.emulate setting.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.near","title":"near","text":"
near(\n    address,\n    forward_count: int = 1,\n    backward_count: int = 0,\n    total_count: int = None,\n    emulate=False,\n    show_prev_insns=True,\n    use_cache=False,\n    linear=False,\n) -> tuple[list[PwndbgInstruction], int]\n
 
Disassembles instructions near given address. Passing emulate makes use of unicorn engine to emulate instructions to predict branches that will be taken. show_prev_insns makes this show previously cached instructions
 
This allows us to maintain a context of surrounding instructions while single-stepping instructions.
 
Parameters:
 
     
  •  forward_count               (int, default:                   1 )           \u2013            
    number of instructions forward from this instruction
     
    •  
  •  backward_count               (int, default:                   0 )           \u2013            
    maximum number of previously executed instructions
     
    •  
  •  total_count               (int, default:                   None )           \u2013            
    if set, returns a list with this many instructions in total. The number of backward instructions is limited by backward_count. If this is set, forward_count is ignored.
     
    •  
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_disassembly_assistant_for_current_arch","title":"get_disassembly_assistant_for_current_arch","text":"
get_disassembly_assistant_for_current_arch() -> DisassemblyAssistant\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.arch_has_disassembly_assistant","title":"arch_has_disassembly_assistant","text":"
arch_has_disassembly_assistant(\n    arch: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE | None = None,\n) -> bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/","title":"instruction","text":""},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction","title":"instruction","text":"
Classes:
 
     
  •  InstructionCondition           \u2013            
    •  
  •  SplitType           \u2013            
    •  
  •  PwndbgInstruction           \u2013            
    •  
  •  PwndbgInstructionImpl           \u2013            
    •  
  •  EnhancedOperand           \u2013            
    •  
  •  ManualPwndbgInstruction           \u2013            
    •  
 
Functions:
 
     
  •  boolean_to_instruction_condition             \u2013              
    •  
 
Attributes:
 
     
  •  UNCONDITIONAL_JUMP_INSTRUCTIONS               (dict[int, set[int]])           \u2013            
    •  
  •  BRANCH_AND_LINK_INSTRUCTIONS               (dict[int, set[int]])           \u2013            
    •  
  •  GENERIC_JUMP_GROUPS           \u2013            
    •  
  •  ALL_JUMP_GROUPS           \u2013            
    •  
  •  FORWARD_JUMP_GROUP           \u2013            
    •  
  •  CAPSTONE_ARCH_MAPPING_STRING           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.UNCONDITIONAL_JUMP_INSTRUCTIONS","title":"UNCONDITIONAL_JUMP_INSTRUCTIONS  module-attribute","text":"
UNCONDITIONAL_JUMP_INSTRUCTIONS: dict[int, set[int]] = {\n    CS_ARCH_X86: {X86_INS_CALL, X86_INS_RET, X86_INS_JMP},\n    CS_ARCH_MIPS: {\n        MIPS_INS_J,\n        MIPS_INS_JR,\n        MIPS_INS_JAL,\n        MIPS_INS_JALR,\n        MIPS_INS_JALR_HB,\n        MIPS_INS_BAL,\n        MIPS_INS_ALIAS_BAL,\n        MIPS_INS_B,\n        MIPS_INS_ALIAS_B,\n    },\n    CS_ARCH_SPARC: {SPARC_INS_CALL, SPARC_INS_ALIAS_CALL, SPARC_INS_JMPL},\n    CS_ARCH_ARM: {ARM_INS_TBB, ARM_INS_TBH},\n    CS_ARCH_AARCH64: {AARCH64_INS_BL, AARCH64_INS_BLR, AARCH64_INS_BR},\n    CS_ARCH_RISCV: {\n        RISCV_INS_JAL,\n        RISCV_INS_JALR,\n        RISCV_INS_C_JAL,\n        RISCV_INS_C_JALR,\n        RISCV_INS_C_J,\n        RISCV_INS_C_JR,\n    },\n    CS_ARCH_PPC: {PPC_INS_B, PPC_INS_BA, PPC_INS_BL, PPC_INS_BLA},\n    CS_ARCH_SYSTEMZ: {\n        SYSTEMZ_INS_J,\n        SYSTEMZ_INS_JL,\n        SYSTEMZ_INS_B,\n        SYSTEMZ_INS_BR,\n        SYSTEMZ_INS_BAL,\n        SYSTEMZ_INS_BALR,\n        SYSTEMZ_INS_BRAS,\n        SYSTEMZ_INS_BRASL,\n    },\n    CS_ARCH_LOONGARCH: {\n        LOONGARCH_INS_B,\n        LOONGARCH_INS_BL,\n        LOONGARCH_INS_JIRL,\n        LOONGARCH_INS_ALIAS_JR,\n        LOONGARCH_INS_CALL36,\n    },\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.BRANCH_AND_LINK_INSTRUCTIONS","title":"BRANCH_AND_LINK_INSTRUCTIONS  module-attribute","text":"
BRANCH_AND_LINK_INSTRUCTIONS: dict[int, set[int]] = defaultdict(set)\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.GENERIC_JUMP_GROUPS","title":"GENERIC_JUMP_GROUPS  module-attribute","text":"
GENERIC_JUMP_GROUPS = {CS_GRP_JUMP, CS_GRP_BRANCH_RELATIVE}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ALL_JUMP_GROUPS","title":"ALL_JUMP_GROUPS  module-attribute","text":"
ALL_JUMP_GROUPS = GENERIC_JUMP_GROUPS | {CS_GRP_CALL, CS_GRP_RET, CS_GRP_IRET}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.FORWARD_JUMP_GROUP","title":"FORWARD_JUMP_GROUP  module-attribute","text":"
FORWARD_JUMP_GROUP = {CS_GRP_CALL} | GENERIC_JUMP_GROUPS\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.CAPSTONE_ARCH_MAPPING_STRING","title":"CAPSTONE_ARCH_MAPPING_STRING  module-attribute","text":"
CAPSTONE_ARCH_MAPPING_STRING = {\n    CS_ARCH_ARM: \"arm\",\n    CS_ARCH_AARCH64: \"aarch64\",\n    CS_ARCH_X86: \"x86\",\n    CS_ARCH_PPC: \"powerpc\",\n    CS_ARCH_MIPS: \"mips\",\n    CS_ARCH_SPARC: \"sparc\",\n    CS_ARCH_RISCV: \"RISCV\",\n    CS_ARCH_SYSTEMZ: \"s390x\",\n    CS_ARCH_LOONGARCH: \"loongarch\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition","title":"InstructionCondition","text":"
               Bases: Enum
 
Attributes:
 
     
  •  TRUE           \u2013            
    •  
  •  FALSE           \u2013            
    •  
  •  UNDETERMINED           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.TRUE","title":"TRUE  class-attribute instance-attribute","text":"
TRUE = 1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.FALSE","title":"FALSE  class-attribute instance-attribute","text":"
FALSE = 2\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.UNDETERMINED","title":"UNDETERMINED  class-attribute instance-attribute","text":"
UNDETERMINED = 3\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType","title":"SplitType","text":"
               Bases: Enum
 
Attributes:
 
     
  •  NO_SPLIT           \u2013            
    •  
  •  BRANCH_TAKEN           \u2013            
    •  
  •  BRANCH_NOT_TAKEN           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.NO_SPLIT","title":"NO_SPLIT  class-attribute instance-attribute","text":"
NO_SPLIT = 1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_TAKEN","title":"BRANCH_TAKEN  class-attribute instance-attribute","text":"
BRANCH_TAKEN = 2\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_NOT_TAKEN","title":"BRANCH_NOT_TAKEN  class-attribute instance-attribute","text":"
BRANCH_NOT_TAKEN = 3\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction","title":"PwndbgInstruction","text":"
               Bases: Protocol
 
Methods:
 
     
  •  op_find             \u2013              
    •  
  •  op_count             \u2013              
    •  
 
Attributes:
 
     
  •  cs_insn               (CsInsn)           \u2013            
    •  
  •  address               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    •  
  •  mnemonic               (str)           \u2013            
    •  
  •  op_str               (str)           \u2013            
    •  
  •  groups               (set[int])           \u2013            
    •  
  •  id               (int)           \u2013            
    •  
  •  operands               (list[EnhancedOperand])           \u2013            
    •  
  •  asm_string               (str)           \u2013            
    •  
  •  next               (int)           \u2013            
    •  
  •  target               (int)           \u2013            
    •  
  •  target_string               (str | None)           \u2013            
    •  
  •  target_const               (bool | None)           \u2013            
    •  
  •  condition               (InstructionCondition)           \u2013            
    •  
  •  declare_is_unconditional_jump               (bool)           \u2013            
    •  
  •  force_unconditional_jump_target               (bool)           \u2013            
    •  
  •  annotation               (str | None)           \u2013            
    •  
  •  annotation_padding               (int | None)           \u2013            
    •  
  •  syscall               (int | None)           \u2013            
    •  
  •  syscall_name               (str | None)           \u2013            
    •  
  •  causes_branch_delay               (bool)           \u2013            
    •  
  •  split               (SplitType)           \u2013            
    •  
  •  emulated               (bool)           \u2013            
    •  
  •  register_writes               (dict[int, int])           \u2013            
    •  
  •  call_like               (bool)           \u2013            
    •  
  •  jump_like               (bool)           \u2013            
    •  
  •  has_jump_target               (bool)           \u2013            
    •  
  •  is_conditional_jump               (bool)           \u2013            
    •  
  •  is_unconditional_jump               (bool)           \u2013            
    •  
  •  is_conditional_jump_taken               (bool)           \u2013            
    •  
  •  jump_result_is_known               (bool)           \u2013            
    •  
  •  bytes               (bytearray)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.cs_insn","title":"cs_insn  instance-attribute","text":"
cs_insn: CsInsn\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.address","title":"address  instance-attribute","text":"
address: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.size","title":"size  instance-attribute","text":"
size: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.mnemonic","title":"mnemonic  instance-attribute","text":"
mnemonic: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_str","title":"op_str  instance-attribute","text":"
op_str: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.groups","title":"groups  instance-attribute","text":"
groups: set[int]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.id","title":"id  instance-attribute","text":"
id: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.operands","title":"operands  instance-attribute","text":"
operands: list[EnhancedOperand]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.asm_string","title":"asm_string  instance-attribute","text":"
asm_string: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.next","title":"next  instance-attribute","text":"
next: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target","title":"target  instance-attribute","text":"
target: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_string","title":"target_string  instance-attribute","text":"
target_string: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_const","title":"target_const  instance-attribute","text":"
target_const: bool | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.condition","title":"condition  instance-attribute","text":"
condition: InstructionCondition\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jump  instance-attribute","text":"
declare_is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_target  instance-attribute","text":"
force_unconditional_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation","title":"annotation  instance-attribute","text":"
annotation: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation_padding","title":"annotation_padding  instance-attribute","text":"
annotation_padding: int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall","title":"syscall  instance-attribute","text":"
syscall: int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall_name","title":"syscall_name  instance-attribute","text":"
syscall_name: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.causes_branch_delay","title":"causes_branch_delay  instance-attribute","text":"
causes_branch_delay: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.split","title":"split  instance-attribute","text":"
split: SplitType\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.emulated","title":"emulated  instance-attribute","text":"
emulated: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.register_writes","title":"register_writes  instance-attribute","text":"
register_writes: dict[int, int]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.call_like","title":"call_like  property","text":"
call_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.jump_like","title":"jump_like  property","text":"
jump_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.has_jump_target","title":"has_jump_target  property","text":"
has_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump","title":"is_conditional_jump  property","text":"
is_conditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jump  property","text":"
is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_taken  property","text":"
is_conditional_jump_taken: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.jump_result_is_known","title":"jump_result_is_known  property","text":"
jump_result_is_known: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.bytes","title":"bytes  property","text":"
bytes: bytearray\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_find","title":"op_find","text":"
op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_count","title":"op_count","text":"
op_count(op_type: int) -> int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl","title":"PwndbgInstructionImpl","text":"
PwndbgInstructionImpl(cs_insn: CsInsn)\n
 
               Bases: PwndbgInstruction
 
Methods:
 
     
  •  op_find             \u2013              
    Get the operand at position @position of all operands having the same type @op_type
     
    •  
  •  op_count             \u2013              
    Return number of operands having same operand Capstone type 'op_type'
     
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  cs_insn               (CsInsn)           \u2013            
    The underlying Capstone instruction object.
     
    •  
  •  address               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    Length of the instruction
     
    •  
  •  mnemonic               (str)           \u2013            
    Ex: 'MOV'
     
    •  
  •  op_str               (str)           \u2013            
    Ex: 'RAX, RDX'
     
    •  
  •  groups               (set[int])           \u2013            
    Capstone instruction groups that we belong to.
     
    •  
  •  id               (int)           \u2013            
    The underlying Capstone ID for the instruction
     
    •  
  •  operands               (list[EnhancedOperand])           \u2013            
    •  
  •  asm_string               (str)           \u2013            
    The full string representing the instruction - mov    rdi, rsp with appropriate padding.
     
    •  
  •  next               (int)           \u2013            
    This is the address that the instruction pointer will be set to after using the \"nexti\" GDB command.
     
    •  
  •  target               (int)           \u2013            
    This is target of instructions that change the PC, regardless of if it's conditional or not,
     
    •  
  •  target_string               (str | None)           \u2013            
    String representation of the target address.
     
    •  
  •  target_const               (bool | None)           \u2013            
    Whether the target is a constant expression
     
    •  
  •  condition               (InstructionCondition)           \u2013            
    Does the condition that the instruction checks for pass?
     
    •  
  •  declare_is_unconditional_jump               (bool)           \u2013            
    This field is used to declare that this instruction is an unconditional jump.
     
    •  
  •  force_unconditional_jump_target               (bool)           \u2013            
    This asserts that the .target attribute is the real target of the instruction.
     
    •  
  •  annotation               (str | None)           \u2013            
    The string is set in the \"DisassemblyAssistant.enhance\" function.
     
    •  
  •  annotation_padding               (int | None)           \u2013            
    The left adjustment padding that was used to previously print this.
     
    •  
  •  syscall               (int | None)           \u2013            
    The syscall number for this instruction, if it is a syscall. Otherwise None.
     
    •  
  •  syscall_name               (str | None)           \u2013            
    The syscall name as a string
     
    •  
  •  causes_branch_delay               (bool)           \u2013            
    Whether or not this instruction has a single branch delay slot
     
    •  
  •  split               (SplitType)           \u2013            
    The type of split in the disasm display this instruction causes:
     
    •  
  •  emulated               (bool)           \u2013            
    If the enhancement successfully used emulation for this instruction
     
    •  
  •  register_writes           \u2013            
    Mapping of Capstone register id to integer value. During enhancement, we might manually determine
     
    •  
  •  call_like               (bool)           \u2013            
    True if this is a call-like instruction, meaning either it's a CALL or a branch and link.
     
    •  
  •  jump_like               (bool)           \u2013            
    True if this instruction is \"jump-like\", such as a JUMP, CALL, or RET.
     
    •  
  •  has_jump_target               (bool)           \u2013            
    True if we have determined that this instruction can explicitly change the program counter, and
     
    •  
  •  is_conditional_jump               (bool)           \u2013            
    True if this instruction can change the program counter conditionally.
     
    •  
  •  is_unconditional_jump               (bool)           \u2013            
    True if we know the instruction can change the program counter, and does so unconditionally.
     
    •  
  •  is_conditional_jump_taken               (bool)           \u2013            
    True if this is a conditional jump, and we predicted that we will take the jump
     
    •  
  •  jump_result_is_known               (bool)           \u2013            
    True under the following conditions:
     
    •  
  •  bytes               (bytearray)           \u2013            
    Raw machine instruction bytes
     
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.cs_insn","title":"cs_insn  instance-attribute","text":"
cs_insn: CsInsn = cs_insn\n
 
The underlying Capstone instruction object. Only the enhancement code should access the 'cs_insn' property
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.address","title":"address  instance-attribute","text":"
address: int = address\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.size","title":"size  instance-attribute","text":"
size: int = size\n
 
Length of the instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.mnemonic","title":"mnemonic  instance-attribute","text":"
mnemonic: str = mnemonic\n
 
Ex: 'MOV'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_str","title":"op_str  instance-attribute","text":"
op_str: str = op_str\n
 
Ex: 'RAX, RDX'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.groups","title":"groups  instance-attribute","text":"
groups: set[int] = set(groups)\n
 
Capstone instruction groups that we belong to. Groups that apply to all architectures: CS_GRP_INVALID | CS_GRP_JUMP | CS_GRP_CALL | CS_GRP_RET | CS_GRP_INT | CS_GRP_IRET | CS_GRP_PRIVILEGE | CS_GRP_BRANCH_RELATIVE
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.id","title":"id  instance-attribute","text":"
id: int = alias_id if is_alias else id\n
 
The underlying Capstone ID for the instruction If it's an alias, use the id of the alias
 
Examples: X86_INS_JMP, X86_INS_CALL, RISCV_INS_C_JAL
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.operands","title":"operands  instance-attribute","text":"
operands: list[EnhancedOperand] = [(EnhancedOperand(op)) for op in (operands)]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.asm_string","title":"asm_string  instance-attribute","text":"
asm_string: str = f'{mnemonic} {op_str}'\n
 
The full string representing the instruction - mov    rdi, rsp with appropriate padding.
 
This is syntax highlighted during enhancement.
 
This is additionally modified during enhancement for the purposes of replacing immediate values with their corresponding symbols
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.next","title":"next  instance-attribute","text":"
next: int = address + size\n
 
This is the address that the instruction pointer will be set to after using the \"nexti\" GDB command. This means it is the address of the next instruction to be executed in all cases except \"call\" instructions.
 
Typically, it is self.address + self.size (the next instruction in memory)
 
If it is a jump and we know it is taken, then it is the value of the jump target.
 
Not set to \"call\" instruction targets, to indicate we will eventually (probably) return to this address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target","title":"target  instance-attribute","text":"
target: int = None\n
 
This is target of instructions that change the PC, regardless of if it's conditional or not, and whether or not we take the jump. This includes \"call\" and all other instructions that set the PC
 
If the instruction is not one that changes the PC, target is set to \"next\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_string","title":"target_string  instance-attribute","text":"
target_string: str | None = None\n
 
String representation of the target address.
 
Colorized symbol if a symbol exists at address, else colorized address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_const","title":"target_const  instance-attribute","text":"
target_const: bool | None = None\n
 
Whether the target is a constant expression
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.condition","title":"condition  instance-attribute","text":"
condition: InstructionCondition = UNDETERMINED\n
 
Does the condition that the instruction checks for pass?
 
For example, \"JNE\" jumps if Zero Flag is 0, else it does nothing. \"CMOVA\" conditionally performs a move depending on a flag. See 'condition' function in pwndbg.aglib.disasm.x86 for example on setting this.
 
UNDETERMINED if we cannot reason about the condition, or if the instruction always executes unconditionally (most instructions).
 
TRUE if the instruction has a conditional action, and we determine it is taken.
 
FALSE if the instruction has a conditional action, and we know it is not taken.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.declare_is_unconditional_jump","title":"declare_is_unconditional_jump  instance-attribute","text":"
declare_is_unconditional_jump: bool = False\n
 
This field is used to declare that this instruction is an unconditional jump. Most of the time, we depend on Capstone groups to check for jump instructions. However, some instructions become branches depending on the operands, such as Arm add, sub, ldr, pop, where PC is the destination register
 
In these cases, we want to forcefully state that this instruction mutates the PC, so we set this attribute to True.
 
This helps in two cases: 1. Disassembly splits 2. Instructions like stepuntilasm work better, as they detect these as branches to stop at.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.force_unconditional_jump_target","title":"force_unconditional_jump_target  instance-attribute","text":"
force_unconditional_jump_target: bool = False\n
 
This asserts that the .target attribute is the real target of the instruction. This is only relevent in the edge case that the target is the next instruction in memory (address + size). The normal check for \"target\" checks that the target is NOT the next address in memory, and here we can assert that even if that is the case, we know that the jump really does just go to where self.target is.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation","title":"annotation  instance-attribute","text":"
annotation: str | None = None\n
 
The string is set in the \"DisassemblyAssistant.enhance\" function. It is used in the disasm print view to add context to the instruction, mostly operand value. This string is not used for all cases - if the instruction is a call or a jump, the 'target'. variables is used instead. See 'pwndbg.color.disasm.instruction()' for specific usage.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation_padding","title":"annotation_padding  instance-attribute","text":"
annotation_padding: int | None = None\n
 
The left adjustment padding that was used to previously print this. We retain it so the output is consistent between prints
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall","title":"syscall  instance-attribute","text":"
syscall: int | None = None\n
 
The syscall number for this instruction, if it is a syscall. Otherwise None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall_name","title":"syscall_name  instance-attribute","text":"
syscall_name: str | None = None\n
 
The syscall name as a string
 
Ex: \"openat\", \"read\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.causes_branch_delay","title":"causes_branch_delay  instance-attribute","text":"
causes_branch_delay: bool = False\n
 
Whether or not this instruction has a single branch delay slot
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.split","title":"split  instance-attribute","text":"
split: SplitType = NO_SPLIT\n
 
The type of split in the disasm display this instruction causes:
 
NO_SPLIT            - no extra spacing between this and the next instruction\nBRANCH_TAKEN        - a newline with an arrow pointing down\nBRANCH_NOT_TAKEN    - an empty newline\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.emulated","title":"emulated  instance-attribute","text":"
emulated: bool = False\n
 
If the enhancement successfully used emulation for this instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.register_writes","title":"register_writes  instance-attribute","text":"
register_writes = {}\n
 
Mapping of Capstone register id to integer value. During enhancement, we might manually determine that an instruction writes some value to a register, and this is stored here.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.call_like","title":"call_like  property","text":"
call_like: bool\n
 
True if this is a call-like instruction, meaning either it's a CALL or a branch and link.
 
Checking for the CS_GRP_CALL is insufficient, as there are many \"branch and link\" instructions that are not labeled as a call
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.jump_like","title":"jump_like  property","text":"
jump_like: bool\n
 
True if this instruction is \"jump-like\", such as a JUMP, CALL, or RET. Basically, the PC is set to some target by means of this instruction.
 
It may still be a conditional jump - this property does not indicate whether the jump is taken or not.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.has_jump_target","title":"has_jump_target  property","text":"
has_jump_target: bool\n
 
True if we have determined that this instruction can explicitly change the program counter, and we have determined the jump target.
 
Edge case - the jump target MAY be the next address in memory - so we check force_unconditional_jump_target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump","title":"is_conditional_jump  property","text":"
is_conditional_jump: bool\n
 
True if this instruction can change the program counter conditionally.
 
This is used, in part, to determine if the instruction deserves a \"checkmark\" in the disasm view.
 
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_unconditional_jump","title":"is_unconditional_jump  property","text":"
is_unconditional_jump: bool\n
 
True if we know the instruction can change the program counter, and does so unconditionally.
 
This includes things like RET, CALL, and JMP (in x86).
 
This property is used in enhancement to determine certain codepaths when resolving .next for this instruction.
 
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump_taken","title":"is_conditional_jump_taken  property","text":"
is_conditional_jump_taken: bool\n
 
True if this is a conditional jump, and we predicted that we will take the jump
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.jump_result_is_known","title":"jump_result_is_known  property","text":"
jump_result_is_known: bool\n
 
True under the following conditions: - If it's an unconditional jump, we know the target of the jump - If it's a conditional jump, we know the target of the branch and know whether or not we take it Otherwise, false
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.bytes","title":"bytes  property","text":"
bytes: bytearray\n
 
Raw machine instruction bytes
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_find","title":"op_find","text":"
op_find(op_type: int, position: int) -> EnhancedOperand\n
 
Get the operand at position @position of all operands having the same type @op_type
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_count","title":"op_count","text":"
op_count(op_type: int) -> int\n
 
Return number of operands having same operand Capstone type 'op_type'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand","title":"EnhancedOperand","text":"
EnhancedOperand(cs_op)\n
 
Methods:
 
     
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  cs_op               (Any)           \u2013            
    Underlying Capstone operand. Takes on a different value depending on the architecture.
     
    •  
  •  before_value               (int | None)           \u2013            
    The value of the operand before the instruction executes.
     
    •  
  •  after_value               (int | None)           \u2013            
    The value of the operand after the instruction executes.
     
    •  
  •  before_value_resolved               (int | None)           \u2013            
    The 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes.
     
    •  
  •  before_value_no_modifiers               (int | None)           \u2013            
    This is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm.
     
    •  
  •  after_value_resolved               (int | None)           \u2013            
    The 'resolved' value of the operand after the instruction executes.
     
    •  
  •  str               (str | None)           \u2013            
    String representing the operand
     
    •  
  •  symbol               (str | None)           \u2013            
    Colorized symbol name for this operand, if .before_value is set and symbol exists, else None.
     
    •  
  •  type               (int)           \u2013            
    CS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
     
    •  
  •  reg               (int)           \u2013            
    The underlying Capstone ID for the register
     
    •  
  •  imm               (int)           \u2013            
    The immediate value of the operand (if applicable)
     
    •  
  •  mem               (Any)           \u2013            
    Return the underlying Capstone mem object (if applicable)
     
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.cs_op","title":"cs_op  instance-attribute","text":"
cs_op: Any = cs_op\n
 
Underlying Capstone operand. Takes on a different value depending on the architecture.
 
x86 = capstone.x86.X86Op, arm = capstone.arm.ArmOp, mips = capstone.mips.MipsOp
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value","title":"before_value  instance-attribute","text":"
before_value: int | None = None\n
 
The value of the operand before the instruction executes. This is set only if the operand value can be reasoned about.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value","title":"after_value  instance-attribute","text":"
after_value: int | None = None\n
 
The value of the operand after the instruction executes. Only set when using emulation.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_resolved","title":"before_value_resolved  instance-attribute","text":"
before_value_resolved: int | None = None\n
 
The 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes. This is the same as before_value if it's not a memory operand, in which cases it's the dereferenced value.
 
Helpful for cases like  cmp    byte ptr [rip + 0x166669], 0, where first operand could be a register or a memory value to dereference, and we want the actual value used.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_no_modifiers","title":"before_value_no_modifiers  instance-attribute","text":"
before_value_no_modifiers: int | None = None\n
 
This is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm. Capstone bundles the modifier with the operand, and when we are resolving concrete operand values, we apply the modifier. However, in some annotations we need to un-modified raw register value, which is what this field is for.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value_resolved","title":"after_value_resolved  instance-attribute","text":"
after_value_resolved: int | None = None\n
 
The 'resolved' value of the operand after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.str","title":"str  instance-attribute","text":"
str: str | None = ''\n
 
String representing the operand
 
Ex: \"RAX\", or \"[0x7fffffffd9e8]\". None if value cannot be determined.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.symbol","title":"symbol  instance-attribute","text":"
symbol: str | None = None\n
 
Colorized symbol name for this operand, if .before_value is set and symbol exists, else None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.type","title":"type  property","text":"
type: int\n
 
CS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.reg","title":"reg  property","text":"
reg: int\n
 
The underlying Capstone ID for the register
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.imm","title":"imm  property","text":"
imm: int\n
 
The immediate value of the operand (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.mem","title":"mem  property","text":"
mem: Any\n
 
Return the underlying Capstone mem object (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction","title":"ManualPwndbgInstruction","text":"
ManualPwndbgInstruction(address: int)\n
 
               Bases: PwndbgInstruction
 
GDB/LLDB's built-in disassemblers.
 
Instances of this class do not go through the 'enhancement' process due to lacking important information provided by Capstone. As a result of this, some of the methods raise NotImplementedError, because if they are called it indicates a bug elsewhere in the codebase.
 
Methods:
 
     
  •  op_find             \u2013              
    •  
  •  op_count             \u2013              
    •  
 
Attributes:
 
     
  •  cs_insn               (CsInsn)           \u2013            
    •  
  •  address           \u2013            
    •  
  •  size           \u2013            
    •  
  •  mnemonic           \u2013            
    •  
  •  op_str           \u2013            
    •  
  •  groups           \u2013            
    •  
  •  id           \u2013            
    •  
  •  operands           \u2013            
    •  
  •  asm_string           \u2013            
    •  
  •  next           \u2013            
    •  
  •  target           \u2013            
    •  
  •  target_string           \u2013            
    •  
  •  target_const           \u2013            
    •  
  •  condition           \u2013            
    •  
  •  declare_is_unconditional_jump           \u2013            
    •  
  •  force_unconditional_jump_target           \u2013            
    •  
  •  annotation           \u2013            
    •  
  •  annotation_padding           \u2013            
    •  
  •  syscall           \u2013            
    •  
  •  syscall_name           \u2013            
    •  
  •  causes_branch_delay           \u2013            
    •  
  •  split           \u2013            
    •  
  •  emulated           \u2013            
    •  
  •  register_writes           \u2013            
    •  
  •  bytes               (bytearray)           \u2013            
    •  
  •  call_like               (bool)           \u2013            
    •  
  •  jump_like               (bool)           \u2013            
    •  
  •  has_jump_target               (bool)           \u2013            
    •  
  •  is_conditional_jump               (bool)           \u2013            
    •  
  •  is_unconditional_jump               (bool)           \u2013            
    •  
  •  is_conditional_jump_taken               (bool)           \u2013            
    •  
  •  jump_result_is_known               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.cs_insn","title":"cs_insn  instance-attribute","text":"
cs_insn: CsInsn = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.size","title":"size  instance-attribute","text":"
size = ins['length']\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.mnemonic","title":"mnemonic  instance-attribute","text":"
mnemonic = strip()\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_str","title":"op_str  instance-attribute","text":"
op_str = strip() if len(asm) > 1 else ''\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.groups","title":"groups  instance-attribute","text":"
groups = set()\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.id","title":"id  instance-attribute","text":"
id = -1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.operands","title":"operands  instance-attribute","text":"
operands = []\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.asm_string","title":"asm_string  instance-attribute","text":"
asm_string = f'{mnemonic} {op_str}'\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.next","title":"next  instance-attribute","text":"
next = address + size\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target","title":"target  instance-attribute","text":"
target = next\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_string","title":"target_string  instance-attribute","text":"
target_string = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_const","title":"target_const  instance-attribute","text":"
target_const = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.condition","title":"condition  instance-attribute","text":"
condition = UNDETERMINED\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jump  instance-attribute","text":"
declare_is_unconditional_jump = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_target  instance-attribute","text":"
force_unconditional_jump_target = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation","title":"annotation  instance-attribute","text":"
annotation = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation_padding","title":"annotation_padding  instance-attribute","text":"
annotation_padding = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall","title":"syscall  instance-attribute","text":"
syscall = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall_name","title":"syscall_name  instance-attribute","text":"
syscall_name = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.causes_branch_delay","title":"causes_branch_delay  instance-attribute","text":"
causes_branch_delay = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.split","title":"split  instance-attribute","text":"
split = NO_SPLIT\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.emulated","title":"emulated  instance-attribute","text":"
emulated = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.register_writes","title":"register_writes  instance-attribute","text":"
register_writes = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.bytes","title":"bytes  property","text":"
bytes: bytearray\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.call_like","title":"call_like  property","text":"
call_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.jump_like","title":"jump_like  property","text":"
jump_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.has_jump_target","title":"has_jump_target  property","text":"
has_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump","title":"is_conditional_jump  property","text":"
is_conditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jump  property","text":"
is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_taken  property","text":"
is_conditional_jump_taken: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.jump_result_is_known","title":"jump_result_is_known  property","text":"
jump_result_is_known: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_find","title":"op_find","text":"
op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_count","title":"op_count","text":"
op_count(op_type: int) -> int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.boolean_to_instruction_condition","title":"boolean_to_instruction_condition","text":"
boolean_to_instruction_condition(condition: bool) -> InstructionCondition\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/","title":"loongarch64","text":""},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64","title":"loongarch64","text":"
Classes:
 
     
  •  Loong64DisassemblyAssistant           \u2013            
    •  
 
Attributes:
 
     
  •  CONDITION_RESOLVERS               (dict[int, Callable[[list[int]], bool]])           \u2013            
    •  
  •  LOONGARCH_LOAD_INSTRUCTIONS               (dict[int, int])           \u2013            
    •  
  •  LOONGARCH_STORE_INSTRUCTIONS               (dict[int, int])           \u2013            
    •  
  •  LOONGARCH_BINARY_OPERATIONS               (dict[int, str])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.CONDITION_RESOLVERS","title":"CONDITION_RESOLVERS  module-attribute","text":"
CONDITION_RESOLVERS: dict[int, Callable[[list[int]], bool]] = {\n    LOONGARCH_INS_BEQZ: lambda ops: ops[0] == 0,\n    LOONGARCH_INS_BNEZ: lambda ops: ops[0] != 0,\n    LOONGARCH_INS_BEQ: lambda ops: ops[0] == ops[1],\n    LOONGARCH_INS_BNE: lambda ops: ops[0] != ops[1],\n    LOONGARCH_INS_BGE: lambda ops: to_signed(ops[0], ptrsize * 8)\n    >= to_signed(ops[1], ptrsize * 8),\n    LOONGARCH_INS_BLT: lambda ops: to_signed(ops[0], ptrsize * 8)\n    < to_signed(ops[1], ptrsize * 8),\n    LOONGARCH_INS_BLTU: lambda ops: ops[0] < ops[1],\n    LOONGARCH_INS_BGEU: lambda ops: ops[0] >= ops[1],\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_LOAD_INSTRUCTIONS","title":"LOONGARCH_LOAD_INSTRUCTIONS  module-attribute","text":"
LOONGARCH_LOAD_INSTRUCTIONS: dict[int, int] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_STORE_INSTRUCTIONS","title":"LOONGARCH_STORE_INSTRUCTIONS  module-attribute","text":"
LOONGARCH_STORE_INSTRUCTIONS: dict[int, int] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_BINARY_OPERATIONS","title":"LOONGARCH_BINARY_OPERATIONS  module-attribute","text":"
LOONGARCH_BINARY_OPERATIONS: dict[int, str] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant","title":"Loong64DisassemblyAssistant","text":"
Loong64DisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/mips/","title":"mips","text":""},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips","title":"mips","text":"
Classes:
 
     
  •  MipsDisassemblyAssistant           \u2013            
    •  
 
Attributes:
 
     
  •  BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS           \u2013            
    •  
  •  BRANCH_LIKELY_INSTRUCTIONS           \u2013            
    •  
  •  CONDITION_RESOLVERS               (dict[int, Callable[[list[int]], bool]])           \u2013            
    •  
  •  MIPS_SIMPLE_DESTINATION_INSTRUCTIONS           \u2013            
    •  
  •  MIPS_LOAD_INSTRUCTIONS           \u2013            
    •  
  •  MIPS_STORE_INSTRUCTIONS           \u2013            
    •  
  •  MIPS_BINARY_OPERATIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS","title":"BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS  module-attribute","text":"
BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS = {\n    MIPS_INS_BC,\n    MIPS_INS_BALC,\n    MIPS_INS_JIALC,\n    MIPS_INS_JIC,\n    MIPS_INS_BLEZALC,\n    MIPS_INS_BGEZALC,\n    MIPS_INS_BGTZALC,\n    MIPS_INS_BLTZALC,\n    MIPS_INS_BEQZALC,\n    MIPS_INS_BNEZALC,\n    MIPS_INS_BLEZC,\n    MIPS_INS_BGEZC,\n    MIPS_INS_BGEUC,\n    MIPS_INS_BGEIC,\n    MIPS_INS_BGEUC,\n    MIPS_INS_BGEIUC,\n    MIPS_INS_BGTZC,\n    MIPS_INS_BLTZC,\n    MIPS_INS_BEQZC,\n    MIPS_INS_ALIAS_BEQZC,\n    MIPS_INS_BNEZC,\n    MIPS_INS_ALIAS_BNEZC,\n    MIPS_INS_BEQC,\n    MIPS_INS_ALIAS_BEQC,\n    MIPS_INS_BEQIC,\n    MIPS_INS_BNEC,\n    MIPS_INS_ALIAS_BNEC,\n    MIPS_INS_BNEIC,\n    MIPS_INS_BLTC,\n    MIPS_INS_BLTIC,\n    MIPS_INS_BLTUC,\n    MIPS_INS_BLTIUC,\n    MIPS_INS_BGEC,\n    MIPS_INS_BLTUC,\n    MIPS_INS_BNVC,\n    MIPS_INS_BOVC,\n    MIPS_INS_BRSC,\n    MIPS_INS_BALRSC,\n    MIPS_INS_BBEQZC,\n    MIPS_INS_BBNEZC,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.BRANCH_LIKELY_INSTRUCTIONS","title":"BRANCH_LIKELY_INSTRUCTIONS  module-attribute","text":"
BRANCH_LIKELY_INSTRUCTIONS = {\n    MIPS_INS_BC1FL,\n    MIPS_INS_ALIAS_BC1FL,\n    MIPS_INS_BC1TL,\n    MIPS_INS_ALIAS_BC1TL,\n    MIPS_INS_BEQL,\n    MIPS_INS_BGEZALL,\n    MIPS_INS_BGEZL,\n    MIPS_INS_BGTZL,\n    MIPS_INS_BLEZL,\n    MIPS_INS_BLTZALL,\n    MIPS_INS_BLTZL,\n    MIPS_INS_BNEL,\n    MIPS_INS_ALIAS_BNEZL,\n    MIPS_INS_ALIAS_BEQZL,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.CONDITION_RESOLVERS","title":"CONDITION_RESOLVERS  module-attribute","text":"
CONDITION_RESOLVERS: dict[int, Callable[[list[int]], bool]] = {\n    MIPS_INS_BEQZ: lambda ops: ops[0] == 0,\n    MIPS_INS_BNEZ: lambda ops: ops[0] != 0,\n    MIPS_INS_BEQ: lambda ops: ops[0] == ops[1],\n    MIPS_INS_BNE: lambda ops: ops[0] != ops[1],\n    MIPS_INS_BGEZ: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n    MIPS_INS_BGEZAL: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n    MIPS_INS_BGTZ: lambda ops: to_signed(ops[0], ptrsize * 8) > 0,\n    MIPS_INS_BLEZ: lambda ops: to_signed(ops[0], ptrsize * 8) <= 0,\n    MIPS_INS_BLTZAL: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n    MIPS_INS_BLTZ: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_SIMPLE_DESTINATION_INSTRUCTIONS","title":"MIPS_SIMPLE_DESTINATION_INSTRUCTIONS  module-attribute","text":"
MIPS_SIMPLE_DESTINATION_INSTRUCTIONS = {\n    MIPS_INS_CLO,\n    MIPS_INS_CLZ,\n    MIPS_INS_DCLO,\n    MIPS_INS_DCLZ,\n    MIPS_INS_LSA,\n    MIPS_INS_DLSA,\n    MIPS_INS_MFHI,\n    MIPS_INS_MFLO,\n    MIPS_INS_SEB,\n    MIPS_INS_SEH,\n    MIPS_INS_WSBH,\n    MIPS_INS_SLT,\n    MIPS_INS_SLTI,\n    MIPS_INS_SLTIU,\n    MIPS_INS_SLTU,\n    MIPS_INS_MOVN,\n    MIPS_INS_LDL,\n    MIPS_INS_LDR,\n    MIPS_INS_LWL,\n    MIPS_INS_LWR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_LOAD_INSTRUCTIONS","title":"MIPS_LOAD_INSTRUCTIONS  module-attribute","text":"
MIPS_LOAD_INSTRUCTIONS = {\n    MIPS_INS_LB: -1,\n    MIPS_INS_LBU: 1,\n    MIPS_INS_LH: -2,\n    MIPS_INS_LHU: 2,\n    MIPS_INS_LW: -4,\n    MIPS_INS_LWU: 4,\n    MIPS_INS_LWPC: -4,\n    MIPS_INS_LWUPC: 4,\n    MIPS_INS_LD: -8,\n    MIPS_INS_LDPC: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_STORE_INSTRUCTIONS","title":"MIPS_STORE_INSTRUCTIONS  module-attribute","text":"
MIPS_STORE_INSTRUCTIONS = {\n    MIPS_INS_SB: 1,\n    MIPS_INS_SH: 2,\n    MIPS_INS_SW: 4,\n    MIPS_INS_SD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_BINARY_OPERATIONS","title":"MIPS_BINARY_OPERATIONS  module-attribute","text":"
MIPS_BINARY_OPERATIONS = {\n    MIPS_INS_ADD: \"+\",\n    MIPS_INS_ADDI: \"+\",\n    MIPS_INS_ADDIU: \"+\",\n    MIPS_INS_ADDU: \"+\",\n    MIPS_INS_DADD: \"+\",\n    MIPS_INS_DADDI: \"+\",\n    MIPS_INS_DADDIU: \"+\",\n    MIPS_INS_DADDU: \"+\",\n    MIPS_INS_SUB: \"-\",\n    MIPS_INS_SUBU: \"-\",\n    MIPS_INS_DSUB: \"-\",\n    MIPS_INS_DSUBU: \"-\",\n    MIPS_INS_ANDI: \"&\",\n    MIPS_INS_AND: \"&\",\n    MIPS_INS_ORI: \"|\",\n    MIPS_INS_OR: \"|\",\n    MIPS_INS_XOR: \"^\",\n    MIPS_INS_XORI: \"^\",\n    MIPS_INS_SLL: \"<<\",\n    MIPS_INS_SLLV: \"<<\",\n    MIPS_INS_DSLL: \"<<\",\n    MIPS_INS_DSLLV: \"<<\",\n    MIPS_INS_SRL: \">>\",\n    MIPS_INS_SRLV: \">>\",\n    MIPS_INS_DSRL: \">>\",\n    MIPS_INS_DSRLV: \">>\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant","title":"MipsDisassemblyAssistant","text":"
MipsDisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n    MIPS_INS_MOVE: _common_move_annotator,\n    MIPS_INS_ALIAS_MOVE: _common_move_annotator,\n    MIPS_INS_LI: _common_move_annotator,\n    MIPS_INS_LUI: _lui_annotator,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/ppc/","title":"ppc","text":""},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc","title":"ppc","text":"
Classes:
 
     
  •  PowerPCDisassemblyAssistant           \u2013            
    •  
 
Functions:
 
     
  •  is_branch_taken             \u2013              
    •  
 
Attributes:
 
     
  •  POWERPC_CONDITIONAL_BRANCHES           \u2013            
    •  
  •  POWERPC_RETURN_INSTRUCTION           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.POWERPC_CONDITIONAL_BRANCHES","title":"POWERPC_CONDITIONAL_BRANCHES  module-attribute","text":"
POWERPC_CONDITIONAL_BRANCHES = {\n    PPC_INS_BC,\n    PPC_INS_ALIAS_BT,\n    PPC_INS_ALIAS_BF,\n    PPC_INS_ALIAS_BTLR,\n    PPC_INS_ALIAS_BFLR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.POWERPC_RETURN_INSTRUCTION","title":"POWERPC_RETURN_INSTRUCTION  module-attribute","text":"
POWERPC_RETURN_INSTRUCTION = {\n    PPC_INS_ALIAS_BLR,\n    PPC_INS_ALIAS_BTLR,\n    PPC_INS_ALIAS_BFLR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant","title":"PowerPCDisassemblyAssistant","text":"
PowerPCDisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  saved_ctr               (int | None)           \u2013            
    •  
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.saved_ctr","title":"saved_ctr  class-attribute instance-attribute","text":"
saved_ctr: int | None = None\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.is_branch_taken","title":"is_branch_taken","text":"
is_branch_taken(cr: int, ctr: int, bi: int, bo: int) -> bool | None\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/","title":"riscv","text":""},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv","title":"riscv","text":"
Classes:
 
     
  •  RISCVDisassemblyAssistant           \u2013            
    •  
 
Attributes:
 
     
  •  RISCV_LOAD_INSTRUCTIONS           \u2013            
    •  
  •  RISCV_STORE_INSTRUCTIONS           \u2013            
    •  
  •  RISCV_MATH_INSTRUCTIONS           \u2013            
    •  
  •  RISCV_EMULATED_ANNOTATIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_LOAD_INSTRUCTIONS","title":"RISCV_LOAD_INSTRUCTIONS  module-attribute","text":"
RISCV_LOAD_INSTRUCTIONS = {\n    RISCV_INS_LB: -1,\n    RISCV_INS_LH: -2,\n    RISCV_INS_LW: -4,\n    RISCV_INS_LBU: 1,\n    RISCV_INS_LHU: 2,\n    RISCV_INS_LWU: 4,\n    RISCV_INS_LD: 8,\n    RISCV_INS_C_LW: -4,\n    RISCV_INS_C_LWSP: -4,\n    RISCV_INS_C_LD: 8,\n    RISCV_INS_C_LDSP: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_STORE_INSTRUCTIONS","title":"RISCV_STORE_INSTRUCTIONS  module-attribute","text":"
RISCV_STORE_INSTRUCTIONS = {\n    RISCV_INS_SB: 1,\n    RISCV_INS_SH: 2,\n    RISCV_INS_SW: 4,\n    RISCV_INS_SD: 8,\n    RISCV_INS_C_SW: 4,\n    RISCV_INS_C_SWSP: 4,\n    RISCV_INS_C_SD: 8,\n    RISCV_INS_C_SDSP: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_MATH_INSTRUCTIONS","title":"RISCV_MATH_INSTRUCTIONS  module-attribute","text":"
RISCV_MATH_INSTRUCTIONS = {\n    RISCV_INS_ADDI: \"+\",\n    RISCV_INS_ADD: \"+\",\n    RISCV_INS_C_ADDI: \"+\",\n    RISCV_INS_C_ADD: \"+\",\n    RISCV_INS_SUB: \"-\",\n    RISCV_INS_C_SUB: \"-\",\n    RISCV_INS_XORI: \"^\",\n    RISCV_INS_XOR: \"^\",\n    RISCV_INS_C_XOR: \"^\",\n    RISCV_INS_ORI: \"|\",\n    RISCV_INS_OR: \"|\",\n    RISCV_INS_C_OR: \"|\",\n    RISCV_INS_ANDI: \"&\",\n    RISCV_INS_C_ANDI: \"&\",\n    RISCV_INS_AND: \"&\",\n    RISCV_INS_C_AND: \"&\",\n    RISCV_INS_SLLI: \"<<\",\n    RISCV_INS_C_SLLI: \"<<\",\n    RISCV_INS_SLL: \"<<\",\n    RISCV_INS_SRLI: \">>\",\n    RISCV_INS_C_SRLI: \">>\",\n    RISCV_INS_SRL: \">>\",\n    RISCV_INS_SRAI: \">>s\",\n    RISCV_INS_C_SRAI: \">>s\",\n    RISCV_INS_SRA: \">>s\",\n    RISCV_INS_MUL: \"*\",\n    RISCV_INS_MULH: \"*\",\n    RISCV_INS_MULHSU: \"*\",\n    RISCV_INS_MULHU: \"*\",\n    RISCV_INS_DIV: \"/\",\n    RISCV_INS_DIVU: \"/\",\n    RISCV_INS_REM: \"%\",\n    RISCV_INS_REMU: \"%\",\n    RISCV_INS_C_ADDI4SPN: \"+\",\n    RISCV_INS_C_ADDI16SP: \"+\",\n    RISCV_INS_ADDIW: \"+\",\n    RISCV_INS_ADDW: \"+\",\n    RISCV_INS_SUBW: \"-\",\n    RISCV_INS_SLLIW: \"<<\",\n    RISCV_INS_SLLW: \"<<\",\n    RISCV_INS_SRLIW: \">>\",\n    RISCV_INS_SRLW: \">>\",\n    RISCV_INS_SRAIW: \">>s\",\n    RISCV_INS_SRAW: \">>s\",\n    RISCV_INS_MULW: \"*\",\n    RISCV_INS_DIVW: \"/\",\n    RISCV_INS_DIVUW: \"/\",\n    RISCV_INS_REMW: \"%\",\n    RISCV_INS_REMUW: \"%\",\n    RISCV_INS_C_ADDIW: \"+\",\n    RISCV_INS_C_ADDW: \"+\",\n    RISCV_INS_C_SUBW: \"-\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_EMULATED_ANNOTATIONS","title":"RISCV_EMULATED_ANNOTATIONS  module-attribute","text":"
RISCV_EMULATED_ANNOTATIONS = {\n    RISCV_INS_SLT,\n    RISCV_INS_SLTU,\n    RISCV_INS_SLTI,\n    RISCV_INS_SLTIU,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant","title":"RISCVDisassemblyAssistant","text":"
RISCVDisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  architecture           \u2013            
    •  
  •  annotation_handlers               (Dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: Dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n    RISCV_INS_AUIPC: _auipc_annotator,\n    RISCV_INS_C_MV: _common_move_annotator,\n    RISCV_INS_C_LI: _common_move_annotator,\n    RISCV_INS_LUI: _lui_annotator,\n    RISCV_INS_C_LUI: _lui_annotator,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/sparc/","title":"sparc","text":""},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc","title":"sparc","text":"
Attributes:
 
     
  •  SPARC_LOAD_INSTRUCTIONS           \u2013            
    •  
  •  SPARC_STORE_INSTRUCTIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc.SPARC_LOAD_INSTRUCTIONS","title":"SPARC_LOAD_INSTRUCTIONS  module-attribute","text":"
SPARC_LOAD_INSTRUCTIONS = {\n    SPARC_INS_LDUB: 1,\n    SPARC_INS_LDSB: 1,\n    SPARC_INS_LDUH: 2,\n    SPARC_INS_LDSH: 2,\n    SPARC_INS_LD: 4,\n    SPARC_INS_LDD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc.SPARC_STORE_INSTRUCTIONS","title":"SPARC_STORE_INSTRUCTIONS  module-attribute","text":"
SPARC_STORE_INSTRUCTIONS = {\n    SPARC_INS_STB: 1,\n    SPARC_INS_STH: 2,\n    SPARC_INS_ST: 4,\n    SPARC_INS_STD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/","title":"x86","text":""},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86","title":"x86","text":"
Classes:
 
     
  •  X86DisassemblyAssistant           \u2013            
    •  
 
Attributes:
 
     
  •  groups           \u2013            
    •  
  •  ops           \u2013            
    •  
  •  regs           \u2013            
    •  
  •  access           \u2013            
    •  
  •  X86_MATH_INSTRUCTIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.groups","title":"groups  module-attribute","text":"
groups = {v: _Afor (k, v) in (items()) if startswith('X86_GRP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.ops","title":"ops  module-attribute","text":"
ops = {v: _2for (k, v) in (items()) if startswith('X86_OP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.regs","title":"regs  module-attribute","text":"
regs = {v: _qfor (k, v) in (items()) if startswith('X86_REG_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.access","title":"access  module-attribute","text":"
access = {v: _Cfor (k, v) in (items()) if startswith('CS_AC_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86_MATH_INSTRUCTIONS","title":"X86_MATH_INSTRUCTIONS  module-attribute","text":"
X86_MATH_INSTRUCTIONS = {\n    X86_INS_ADD: \"+\",\n    X86_INS_SUB: \"-\",\n    X86_INS_AND: \"&\",\n    X86_INS_OR: \"|\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant","title":"X86DisassemblyAssistant","text":"
X86DisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  handle_mov             \u2013              
    •  
  •  handle_vmovaps             \u2013              
    •  
  •  handle_lea             \u2013              
    •  
  •  handle_xchg             \u2013              
    •  
  •  handle_pop             \u2013              
    •  
  •  handle_xor             \u2013              
    •  
  •  handle_inc             \u2013              
    •  
  •  handle_dec             \u2013              
    •  
  •  memory_string_with_components_resolved             \u2013              
    •  
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  supports_manual_emulation           \u2013            
    •  
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = True\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n    X86_INS_MOV: handle_mov,\n    X86_INS_MOVABS: handle_mov,\n    X86_INS_MOVZX: handle_mov,\n    X86_INS_MOVD: handle_mov,\n    X86_INS_MOVQ: handle_mov,\n    X86_INS_MOVSXD: handle_mov,\n    X86_INS_MOVSX: handle_mov,\n    X86_INS_MOVAPS: handle_vmovaps,\n    X86_INS_VMOVAPS: handle_vmovaps,\n    X86_INS_LEA: handle_lea,\n    X86_INS_XCHG: handle_xchg,\n    X86_INS_POP: handle_pop,\n    X86_INS_CMP: _common_cmp_annotator_builder(\"eflags\", \"-\"),\n    X86_INS_TEST: _common_cmp_annotator_builder(\"eflags\", \"&\"),\n    X86_INS_XOR: handle_xor,\n    X86_INS_INC: handle_inc,\n    X86_INS_DEC: handle_dec,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_mov","title":"handle_mov","text":"
handle_mov(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_vmovaps","title":"handle_vmovaps","text":"
handle_vmovaps(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_lea","title":"handle_lea","text":"
handle_lea(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_xchg","title":"handle_xchg","text":"
handle_xchg(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_pop","title":"handle_pop","text":"
handle_pop(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_xor","title":"handle_xor","text":"
handle_xor(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_inc","title":"handle_inc","text":"
handle_inc(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_dec","title":"handle_dec","text":"
handle_dec(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.memory_string_with_components_resolved","title":"memory_string_with_components_resolved","text":"
memory_string_with_components_resolved(\n    instruction: PwndbgInstruction, op: EnhancedOperand\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/dt/","title":"dt","text":""},{"location":"reference/pwndbg/aglib/dt/#pwndbg.aglib.dt","title":"dt","text":"
Prints structures in a manner similar to WinDbg's \"dt\" command.
 
Functions:
 
     
  •  dt             \u2013              
    Dump out a structure type WinDbg style.
     
    •  
"},{"location":"reference/pwndbg/aglib/dt/#pwndbg.aglib.dt.dt","title":"dt","text":"
dt(\n    name: str = \"\", addr: int | Value | None = None, obj: Value | None = None\n) -> str\n
 
Dump out a structure type WinDbg style.
"},{"location":"reference/pwndbg/aglib/dynamic/","title":"dynamic","text":""},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic","title":"dynamic","text":"
Dynamic linking interface.
 
This module provides an interface to analyze various aspects of dynamically linked programs.
 
It also defines a hook that watches for changes to the link map communicated by ld.so, and exposes an event that other parts of pwndbg can tap into, but one that may have a somewhat obtuse beahvior, due to limitations in GDB. See r_debug_install_link_map_changed_hook for more information.
 
Classes:
 
     
  •  LinkMapEntry           \u2013            
    An entry in the link map.
     
    •  
  •  DynamicSegment           \u2013            
    Parser for the DYNAMIC segment present in a binary image.
     
    •  
  •  CStruct           \u2013            
    Utility class for reading fields off of C structs.
     
    •  
 
Functions:
 
     
  •  is_dynamic             \u2013              
    Returns whether the current inferior is dynamic.
     
    •  
  •  r_debug_link_map_changed_hook             \u2013              
    Hook that gets activated whenever the link map changes.
     
    •  
  •  r_debug_install_link_map_changed_hook             \u2013              
    Installs the r_debug-based hook to the change event of the link map.
     
    •  
  •  r_debug_link_map_changed_add_listener             \u2013              
    Install a callback to be called whenever r_debug signal of there being a
     
    •  
  •  r_debug_link_map_changed_remove_listener             \u2013              
    Removes a listener previously installed with
     
    •  
  •  link_map_head             \u2013              
    Acquires a reference to the head entry of the link map.
     
    •  
  •  link_map             \u2013              
    Iterator over all the entries in the link map.
     
    •  
  •  elf32_r_sym             \u2013              
    Returns the r_sym portion of the r_info relocation field for ELF32.
     
    •  
  •  elf32_r_type             \u2013              
    Returns the r_type portion of the r_info relocation field for ELF32.
     
    •  
  •  elf64_r_sym             \u2013              
    Returns the r_sym portion of the r_info relocation field for ELF64.
     
    •  
  •  elf64_r_type             \u2013              
    Returns the r_type portion of the r_info relocation field for ELF64.
     
    •  
 
Attributes:
 
     
  •  R_DEBUG_LINK_MAP_CHANGED_HOOK           \u2013            
    •  
  •  R_DEBUG_LINK_MAP_CHANGED_LISTENERS               (set[Callable[..., Any]])           \u2013            
    •  
  •  DYNAMIC_SECTION_ALLOW_MULTIPLE           \u2013            
    •  
  •  DYNAMIC_SECTION_REQUIRED_TAGS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.R_DEBUG_LINK_MAP_CHANGED_HOOK","title":"R_DEBUG_LINK_MAP_CHANGED_HOOK  module-attribute","text":"
R_DEBUG_LINK_MAP_CHANGED_HOOK = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.R_DEBUG_LINK_MAP_CHANGED_LISTENERS","title":"R_DEBUG_LINK_MAP_CHANGED_LISTENERS  module-attribute","text":"
R_DEBUG_LINK_MAP_CHANGED_LISTENERS: set[Callable[..., Any]] = set()\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_ALLOW_MULTIPLE","title":"DYNAMIC_SECTION_ALLOW_MULTIPLE  module-attribute","text":"
DYNAMIC_SECTION_ALLOW_MULTIPLE = {DT_NEEDED}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_REQUIRED_TAGS","title":"DYNAMIC_SECTION_REQUIRED_TAGS  module-attribute","text":"
DYNAMIC_SECTION_REQUIRED_TAGS = {DT_STRTAB, DT_STRSZ, DT_SYMTAB, DT_SYMENT}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry","title":"LinkMapEntry","text":"
LinkMapEntry(address)\n
 
An entry in the link map.
 
Methods:
 
     
  •  name             \u2013              
    The name of the binary image this entry describes.
     
    •  
  •  dynamic             \u2013              
    The pointer to the memory mapped dynamic segment of the binary image.
     
    •  
  •  load_bias             \u2013              
    The difference between the addresses in the data structures of the
     
    •  
  •  next             \u2013              
    The next entry in the chain, if any.
     
    •  
  •  prev             \u2013              
    The previous entry in the chain, if any.
     
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  link_map           \u2013            
    •  
  •  link_map_address           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.link_map","title":"link_map  instance-attribute","text":"
link_map = link_map()\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.link_map_address","title":"link_map_address  instance-attribute","text":"
link_map_address = address\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.name","title":"name","text":"
name()\n
 
The name of the binary image this entry describes.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.dynamic","title":"dynamic","text":"
dynamic()\n
 
The pointer to the memory mapped dynamic segment of the binary image.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.load_bias","title":"load_bias","text":"
load_bias()\n
 
The difference between the addresses in the data structures of the binary image and the actual location of the data being pointed to by them in the address space of the inferior. This number will never be negative.
 
Aditionally, for DYN images, such as PIE executables and shared libraries, this value is the same as the base load address of the image.
 
The term \"load bias\" comes from the ELF binary format loading procedure in the Linux Kernel.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.next","title":"next","text":"
next()\n
 
The next entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.prev","title":"prev","text":"
prev()\n
 
The previous entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment","title":"DynamicSegment","text":"
DynamicSegment(address, load_bias)\n
 
Parser for the DYNAMIC segment present in a binary image.
 
Methods:
 
     
  •  jmprel_has_addend             \u2013              
    Returns whether the r_addend field is available in entries of JMPREL.
     
    •  
  •  rela_read             \u2013              
    Reads the requested field from the entry of the given index in RELA.
     
    •  
  •  rel_read             \u2013              
    Reads the requested field from the entry of the given index in REL.
     
    •  
  •  jmprel_read             \u2013              
    Reads the requested field from the entry of the given index in JMPREL.
     
    •  
  •  rela_entry_count             \u2013              
    Returns the number of RELA entries.
     
    •  
  •  rel_entry_count             \u2013              
    Returns the number of REL entries.
     
    •  
  •  jmprel_entry_count             \u2013              
    Returns the number of JMPREL entries.
     
    •  
  •  string             \u2013              
    Reads the string at index i from the string table.
     
    •  
  •  symtab_read             \u2013              
    Reads the requested field from the entry of given index in the symbol
     
    •  
  •  dyn_array_read             \u2013              
    Reads the requested field from the entry of given index in the dynamic
     
    •  
  •  dyn_array_read_tag_val             \u2013              
    Reads the d_un field from the entry of given tag in the dynamic
     
    •  
 
Attributes:
 
     
  •  symtab_elem           \u2013            
    •  
  •  jmprel_addr           \u2013            
    •  
  •  rela_addr           \u2013            
    •  
  •  rel_addr           \u2013            
    •  
  •  jmprel_elem           \u2013            
    •  
  •  rela_elem           \u2013            
    •  
  •  rel_elem           \u2013            
    •  
  •  jmprel_r_sym_fn           \u2013            
    •  
  •  jmprel_r_info_fn           \u2013            
    •  
  •  rela_r_sym_fn           \u2013            
    •  
  •  rela_r_info_fn           \u2013            
    •  
  •  rel_r_sym_fn           \u2013            
    •  
  •  rel_r_info_fn           \u2013            
    •  
  •  entries           \u2013            
    •  
  •  address           \u2013            
    •  
  •  load_bias           \u2013            
    •  
  •  elf_dyn           \u2013            
    •  
  •  entries_by_tag               (dict[Any, Any])           \u2013            
    •  
  •  strtab_addr           \u2013            
    •  
  •  strtab_size           \u2013            
    •  
  •  symtab_addr           \u2013            
    •  
  •  has_jmprel           \u2013            
    •  
  •  has_rela           \u2013            
    •  
  •  has_rel           \u2013            
    •  
  •  rela_r_sym           \u2013            
    •  
  •  rela_r_type           \u2013            
    •  
  •  rel_r_sym           \u2013            
    •  
  •  rel_r_type           \u2013            
    •  
  •  jmprel_r_sym           \u2013            
    •  
  •  jmprel_r_type           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_elem","title":"symtab_elem  class-attribute instance-attribute","text":"
symtab_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_addr","title":"jmprel_addr  class-attribute instance-attribute","text":"
jmprel_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_addr","title":"rela_addr  class-attribute instance-attribute","text":"
rela_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_addr","title":"rel_addr  class-attribute instance-attribute","text":"
rel_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_elem","title":"jmprel_elem  class-attribute instance-attribute","text":"
jmprel_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_elem","title":"rela_elem  class-attribute instance-attribute","text":"
rela_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_elem","title":"rel_elem  class-attribute instance-attribute","text":"
rel_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym_fn","title":"jmprel_r_sym_fn  class-attribute instance-attribute","text":"
jmprel_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_info_fn","title":"jmprel_r_info_fn  class-attribute instance-attribute","text":"
jmprel_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym_fn","title":"rela_r_sym_fn  class-attribute instance-attribute","text":"
rela_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_info_fn","title":"rela_r_info_fn  class-attribute instance-attribute","text":"
rela_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym_fn","title":"rel_r_sym_fn  class-attribute instance-attribute","text":"
rel_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_info_fn","title":"rel_r_info_fn  class-attribute instance-attribute","text":"
rel_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries","title":"entries  instance-attribute","text":"
entries = count\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.load_bias","title":"load_bias  instance-attribute","text":"
load_bias = load_bias\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.elf_dyn","title":"elf_dyn  instance-attribute","text":"
elf_dyn = elf_dyn\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries_by_tag","title":"entries_by_tag  class-attribute instance-attribute","text":"
entries_by_tag: dict[Any, Any] = sections\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_addr","title":"strtab_addr  class-attribute instance-attribute","text":"
strtab_addr = dyn_array_read_tag_val(DT_STRTAB)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_size","title":"strtab_size  class-attribute instance-attribute","text":"
strtab_size = dyn_array_read_tag_val(DT_STRSZ)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_addr","title":"symtab_addr  class-attribute instance-attribute","text":"
symtab_addr = dyn_array_read_tag_val(DT_SYMTAB)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_jmprel","title":"has_jmprel  class-attribute instance-attribute","text":"
has_jmprel = (\n    DT_JMPREL in sections and DT_PLTREL in sections and DT_PLTRELSZ in sections\n)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rela","title":"has_rela  class-attribute instance-attribute","text":"
has_rela = (\n    DT_RELA in sections and DT_RELASZ in sections and DT_RELAENT in sections\n)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rel","title":"has_rel  class-attribute instance-attribute","text":"
has_rel = DT_REL in sections and DT_RELSZ in sections and DT_RELENT in sections\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym","title":"rela_r_sym  instance-attribute","text":"
rela_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_type","title":"rela_r_type  instance-attribute","text":"
rela_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym","title":"rel_r_sym  instance-attribute","text":"
rel_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_type","title":"rel_r_type  instance-attribute","text":"
rel_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym","title":"jmprel_r_sym  instance-attribute","text":"
jmprel_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_type","title":"jmprel_r_type  instance-attribute","text":"
jmprel_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_has_addend","title":"jmprel_has_addend","text":"
jmprel_has_addend()\n
 
Returns whether the r_addend field is available in entries of JMPREL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_read","title":"rela_read","text":"
rela_read(i, field)\n
 
Reads the requested field from the entry of the given index in RELA.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_read","title":"rel_read","text":"
rel_read(i, field)\n
 
Reads the requested field from the entry of the given index in REL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_read","title":"jmprel_read","text":"
jmprel_read(i, field)\n
 
Reads the requested field from the entry of the given index in JMPREL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_entry_count","title":"rela_entry_count","text":"
rela_entry_count()\n
 
Returns the number of RELA entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_entry_count","title":"rel_entry_count","text":"
rel_entry_count()\n
 
Returns the number of REL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_entry_count","title":"jmprel_entry_count","text":"
jmprel_entry_count()\n
 
Returns the number of JMPREL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.string","title":"string","text":"
string(i)\n
 
Reads the string at index i from the string table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_read","title":"symtab_read","text":"
symtab_read(i, field)\n
 
Reads the requested field from the entry of given index in the symbol table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read","title":"dyn_array_read","text":"
dyn_array_read(i, field)\n
 
Reads the requested field from the entry of given index in the dynamic array.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read_tag_val","title":"dyn_array_read_tag_val","text":"
dyn_array_read_tag_val(tag)\n
 
Reads the d_un field from the entry of given tag in the dynamic array. Must not be a tag that allows multiple entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct","title":"CStruct","text":"
CStruct(fields: list[tuple[str, Type, type]])\n
 
Utility class for reading fields off of C structs.
 
Without proper debug information it cannot be guaranteed that the calculated field offsets are correct, therefore, reasonable caution should be exercised when using this class. The assumptions made are:  - Padding is added between fields so that all internal members are    correctly aligned, as long as the struct itself is correctly aligned.  - The alignment of the struct is the same as the alignment of its most    strictly aligned member.  - Padding is added to the end of the struct so that sequentially laid out    instances are always correctly aligned.  - Stuct sizes must be greater than or equal to 1 byte.
 
While these assumptions do not apply in all cases, they should be good enough for the structs in ld.so and in the ELF program images.
 
Methods:
 
     
  •  link_map             \u2013              
    Creates a new instance describing the ABI-stable part of the link_map
     
    •  
  •  r_debug             \u2013              
    Creates a new instance describing the ABI-stable part of the r_debug
     
    •  
  •  elfNN_dyn             \u2013              
    Creates a new instance describing the ElfNN_Dyn structure, suitable for
     
    •  
  •  elfNN_rel             \u2013              
    Creates a new instance describing the ElfNN_Rel structure, suitable for
     
    •  
  •  elfNN_rela             \u2013              
    Creates a new instance describing the ElfNN_Rela structure, suitable for
     
    •  
  •  elf32_sym             \u2013              
    Creates a new instance describing the Elf32_Sym srtucture.
     
    •  
  •  elf64_sym             \u2013              
    Creates a new instance describing the Elf64_Sym structure.
     
    •  
  •  read             \u2013              
    Reads the field with the given name from the struct instance located at
     
    •  
  •  has_field             \u2013              
    Returns whether a field with the given name exists in this struct.
     
    •  
 
Attributes:
 
     
  •  types               (dict[str, Type])           \u2013            
    •  
  •  offsets               (dict[str, int])           \u2013            
    •  
  •  converters               (dict[str, type])           \u2013            
    •  
  •  size           \u2013            
    •  
  •  align           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.types","title":"types  class-attribute instance-attribute","text":"
types: dict[str, Type] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.offsets","title":"offsets  class-attribute instance-attribute","text":"
offsets: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.converters","title":"converters  class-attribute instance-attribute","text":"
converters: dict[str, type] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.size","title":"size  class-attribute instance-attribute","text":"
size = current_offset\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.align","title":"align  class-attribute instance-attribute","text":"
align = alignment\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.link_map","title":"link_map  staticmethod","text":"
link_map()\n
 
Creates a new instance describing the ABI-stable part of the link_map struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.r_debug","title":"r_debug  staticmethod","text":"
r_debug()\n
 
Creates a new instance describing the ABI-stable part of the r_debug struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_dyn","title":"elfNN_dyn  staticmethod","text":"
elfNN_dyn()\n
 
Creates a new instance describing the ElfNN_Dyn structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rel","title":"elfNN_rel  staticmethod","text":"
elfNN_rel()\n
 
Creates a new instance describing the ElfNN_Rel structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rela","title":"elfNN_rela  staticmethod","text":"
elfNN_rela()\n
 
Creates a new instance describing the ElfNN_Rela structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf32_sym","title":"elf32_sym  staticmethod","text":"
elf32_sym()\n
 
Creates a new instance describing the Elf32_Sym srtucture.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf64_sym","title":"elf64_sym  staticmethod","text":"
elf64_sym()\n
 
Creates a new instance describing the Elf64_Sym structure.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.read","title":"read","text":"
read(address, name)\n
 
Reads the field with the given name from the struct instance located at the given address.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.has_field","title":"has_field","text":"
has_field(name) -> bool\n
 
Returns whether a field with the given name exists in this struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.is_dynamic","title":"is_dynamic","text":"
is_dynamic() -> bool\n
 
Returns whether the current inferior is dynamic.
 
Not all programs are dynamically linked, or even need the dynamic loader at all. Since this module is entirely reliant on at least the presence of the dynamic loader, and really only makes sense for dynamic programs, it should not be used at all with programs that don't participate in dynamic linkage, or when there is a dynamic linker, but we have no way to talk to it.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_hook","title":"r_debug_link_map_changed_hook","text":"
r_debug_link_map_changed_hook() -> Callable[[StopPoint], bool]\n
 
Hook that gets activated whenever the link map changes.
 
The r_debug structure, in addition to having a refence to the head of the link map, also has, in its ABI-stable part, a reference to an address that can have a breakpoint attached to it, such that whenever the contents of the link map change, that breakpoint will be triggered1.
 
We take advantage of that here, by installing our own breakpoint in that location, and watching for trigger events, so that we can notify other bits of pwndbg that the contents of the link_map() function will be different.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_install_link_map_changed_hook","title":"r_debug_install_link_map_changed_hook","text":"
r_debug_install_link_map_changed_hook() -> None\n
 
Installs the r_debug-based hook to the change event of the link map.
 
This function is a bit tricky, because ideally we want it to be run as soon as possible, before even the dynamic linker runs, but after both it and the main binary have been mapped into the address space of the inferior. While doing this manually would be trivial - seeing as there is a command in GDB that gives the user control at the exact place we would like -, there does not seem to be a way of easily doing this from inside Python.
 
Because of this, parts of the code that rely on the hook should try calling this function and firing their own listeners manually at least once.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_add_listener","title":"r_debug_link_map_changed_add_listener","text":"
r_debug_link_map_changed_add_listener(handler: Callable[..., Any]) -> None\n
 
Install a callback to be called whenever r_debug signal of there being a change in the link map link map is triggered.
 
Keep in mind this function may be called before the hook that calls the listeners is installed, and, until it is installed, no listener callbacks will actually be triggered. See r_debug_install_link_map_changed_hook.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_remove_listener","title":"r_debug_link_map_changed_remove_listener","text":"
r_debug_link_map_changed_remove_listener(handler: Callable[..., Any]) -> None\n
 
Removes a listener previously installed with r_debug_link_map_changed_add_listener().
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map_head","title":"link_map_head","text":"
link_map_head()\n
 
Acquires a reference to the head entry of the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map","title":"link_map","text":"
link_map()\n
 
Iterator over all the entries in the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_sym","title":"elf32_r_sym","text":"
elf32_r_sym(r_info)\n
 
Returns the r_sym portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_type","title":"elf32_r_type","text":"
elf32_r_type(r_info)\n
 
Returns the r_type portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_sym","title":"elf64_r_sym","text":"
elf64_r_sym(r_info)\n
 
Returns the r_sym portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_type","title":"elf64_r_type","text":"
elf64_r_type(r_info)\n
 
Returns the r_type portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/elf/","title":"elf","text":""},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf","title":"elf","text":"
This file declares types and methods useful for enumerating all of the address spaces and permissions of an ELF file in memory.
 
This is necessary for when access to /proc is restricted, or when working on a BSD system which simply does not have /proc.
 
Classes:
 
     
  •  ELFInfo           \u2013            
    ELF metadata and structures.
     
    •  
 
Functions:
 
     
  •  update             \u2013              
    •  
  •  read             \u2013              
    •  
  •  get_elf_info             \u2013              
    Parse and return ELFInfo.
     
    •  
  •  get_elf_info_rebased             \u2013              
    Parse and return ELFInfo with all virtual addresses rebased to vaddr
     
    •  
  •  get_containing_segments             \u2013              
    •  
  •  get_containing_sections             \u2013              
    •  
  •  get_vmlinux_unrand_base             \u2013              
    •  
  •  dump_section_by_name             \u2013              
    Dump the content of a section from an ELF file, return the start address, size and content.
     
    •  
  •  dump_relocations_by_section_name             \u2013              
    Dump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
     
    •  
  •  exe             \u2013              
    Return a loaded ELF header object pointing to the Ehdr of the
     
    •  
  •  entry             \u2013              
    Return the address of the entry point for the main executable.
     
    •  
  •  load             \u2013              
    •  
  •  reset_ehdr_type_loaded             \u2013              
    •  
  •  get_ehdr             \u2013              
    Returns an ehdr object for the ELF pointer points into.
     
    •  
  •  get_phdrs             \u2013              
    Returns a tuple containing (phnum, phentsize, gdb.Value),
     
    •  
  •  iter_phdrs             \u2013              
    •  
  •  map             \u2013              
    Given a pointer into an ELF module, return a list of all loaded
     
    •  
  •  map_inner             \u2013              
    •  
 
Attributes:
 
     
  •  module           \u2013            
    •  
  •  Ehdr           \u2013            
    •  
  •  Phdr           \u2013            
    •  
  •  T           \u2013            
    •  
  •  ehdr_type_loaded           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.module","title":"module  module-attribute","text":"
module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Ehdr","title":"Ehdr  module-attribute","text":"
Ehdr = Union[Elf32_Ehdr, Elf64_Ehdr]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Phdr","title":"Phdr  module-attribute","text":"
Phdr = Union[Elf32_Phdr, Elf64_Phdr]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.T","title":"T  module-attribute","text":"
T = TypeVar('T', Union[Elf32_Ehdr, Elf64_Ehdr], Union[Elf32_Phdr, Elf64_Phdr])\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ehdr_type_loaded","title":"ehdr_type_loaded  module-attribute","text":"
ehdr_type_loaded = 0\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo","title":"ELFInfo","text":"
               Bases: NamedTuple
 
ELF metadata and structures.
 
Attributes:
 
     
  •  header               (dict[str, int | str])           \u2013            
    •  
  •  sections               (list[dict[str, int | str]])           \u2013            
    •  
  •  segments               (list[dict[str, int | str]])           \u2013            
    •  
  •  is_pic               (bool)           \u2013            
    •  
  •  is_pie               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.header","title":"header  instance-attribute","text":"
header: dict[str, int | str]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.sections","title":"sections  instance-attribute","text":"
sections: list[dict[str, int | str]]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.segments","title":"segments  instance-attribute","text":"
segments: list[dict[str, int | str]]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pic","title":"is_pic  property","text":"
is_pic: bool\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pie","title":"is_pie  property","text":"
is_pie: bool\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.read","title":"read","text":"
read(typ: T, address: int, blob: bytearray | None = None) -> T\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info","title":"get_elf_info","text":"
get_elf_info(filepath: str) -> ELFInfo\n
 
Parse and return ELFInfo.
 
Adds various calculated properties to the ELF header, segments and sections. Such added properties are those with prefix 'x_' in the returned dicts.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info_rebased","title":"get_elf_info_rebased","text":"
get_elf_info_rebased(filepath: str, vaddr: int) -> ELFInfo\n
 
Parse and return ELFInfo with all virtual addresses rebased to vaddr
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_segments","title":"get_containing_segments","text":"
get_containing_segments(elf_filepath: str, elf_loadaddr: int, vaddr: int)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_sections","title":"get_containing_sections","text":"
get_containing_sections(elf_filepath: str, elf_loadaddr: int, vaddr: int)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_vmlinux_unrand_base","title":"get_vmlinux_unrand_base","text":"
get_vmlinux_unrand_base(elf_filepath: str)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_section_by_name","title":"dump_section_by_name","text":"
dump_section_by_name(\n    filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[int, int, bytes] | None\n
 
Dump the content of a section from an ELF file, return the start address, size and content.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"
dump_relocations_by_section_name(\n    filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[Relocation, ...] | None\n
 
Dump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.exe","title":"exe","text":"
exe() -> Ehdr | None\n
 
Return a loaded ELF header object pointing to the Ehdr of the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.entry","title":"entry","text":"
entry() -> int\n
 
Return the address of the entry point for the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.load","title":"load","text":"
load(pointer: int) -> Ehdr | None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.reset_ehdr_type_loaded","title":"reset_ehdr_type_loaded","text":"
reset_ehdr_type_loaded() -> None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_ehdr","title":"get_ehdr","text":"
get_ehdr(pointer: int) -> tuple[int | None, Ehdr | None]\n
 
Returns an ehdr object for the ELF pointer points into.
 
We expect the pointer to be an address from the binary.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_phdrs","title":"get_phdrs","text":"
get_phdrs(pointer: int)\n
 
Returns a tuple containing (phnum, phentsize, gdb.Value), where the gdb.Value object is an ELF Program Header with the architecture-appropriate structure type.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.iter_phdrs","title":"iter_phdrs","text":"
iter_phdrs(ehdr: Ehdr)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map","title":"map","text":"
map(pointer: int, objfile: str = '') -> tuple[Page, ...]\n
 
Given a pointer into an ELF module, return a list of all loaded sections in the ELF.
 
Returns:
 
     
  •  tuple[Page, ...]           \u2013            
    A sorted list of pwndbg.lib.memory.Page objects
     
    •  
 
Example:
 
>>> pwndbg.aglib.elf.load(pwndbg.aglib.regs.pc)\n[Page('400000-4ef000 r-xp 0'),\n Page('6ef000-6f0000 r--p ef000'),\n Page('6f0000-6ff000 rw-p f0000')]\n>>> pwndbg.aglib.elf.load(0x7ffff77a2000)\n[Page('7ffff75e7000-7ffff77a2000 r-xp 0x1bb000 0'),\n Page('7ffff77a2000-7ffff79a2000 ---p 0x200000 1bb000'),\n Page('7ffff79a2000-7ffff79a6000 r--p 0x4000 1bb000'),\n Page('7ffff79a6000-7ffff79ad000 rw-p 0x7000 1bf000')]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map_inner","title":"map_inner","text":"
map_inner(ei_class: int, ehdr: Ehdr, objfile: str) -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/file/","title":"file","text":""},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file","title":"file","text":"
Retrieve files from the debuggee's filesystem.  Useful when debugging a remote process over SSH or similar, where e.g. /proc/FOO/maps is needed from the remote system.
 
Functions:
 
     
  •  reset_remote_files             \u2013              
    •  
  •  remote_files_dir             \u2013              
    •  
  •  get_proc_exe_file             \u2013              
    Returns the local path to the debugged file name.
     
    •  
  •  can_download_remote_file             \u2013              
    •  
  •  get_file             \u2013              
    Downloads the specified file from the system where the current process is
     
    •  
  •  get             \u2013              
    Retrieves the contents of the specified file on the system
     
    •  
  •  readlink             \u2013              
    readlink(path) -> str
     
    •  
  •  is_vfile_qemu_user_bug             \u2013              
    •  
  •  vfile_readlink             \u2013              
    Reads the target of a symbolic link on the remote system.
     
    •  
  •  vfile_readfile             \u2013              
    Reads the entire content of a file on the remote system.
     
    •  
  •  vfile_open             \u2013              
    Opens a file on the remote system and returns the file descriptor.
     
    •  
  •  gdb_memtox_inverse             \u2013              
    •  
  •  vfile_pread             \u2013              
    Reads data from a file descriptor.
     
    •  
  •  vfile_close             \u2013              
    Closes a previously opened file descriptor.
     
    •  
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.reset_remote_files","title":"reset_remote_files","text":"
reset_remote_files() -> None\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.remote_files_dir","title":"remote_files_dir","text":"
remote_files_dir()\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_proc_exe_file","title":"get_proc_exe_file","text":"
get_proc_exe_file() -> str\n
 
Returns the local path to the debugged file name.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.can_download_remote_file","title":"can_download_remote_file","text":"
can_download_remote_file() -> bool\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_file","title":"get_file","text":"
get_file(path: str, try_local_path: bool = False) -> str\n
 
Downloads the specified file from the system where the current process is being debugged.
 
If the path is prefixed with \"target:\" the prefix is stripped (to support remote target paths properly).
 
If the try_local_path is set to True and the path exists locally and \"target:\" prefix is not present, it will return the local path instead of downloading the file.
 
Returns:
 
     
  •  str           \u2013            
    The local path to the file
     
    •  
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get","title":"get","text":"
get(path: str) -> bytes\n
 
Retrieves the contents of the specified file on the system where the current process is being debugged.
 
Returns:
 
     
  •  bytes           \u2013            
    A byte array, or None.
     
    •  
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.readlink","title":"readlink","text":"
readlink(path: str) -> str\n
 
readlink(path) -> str
 
Read the link specified by 'path' on the system being debugged.
 
Handles local, qemu-usermode, and remote debugging cases.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.is_vfile_qemu_user_bug","title":"is_vfile_qemu_user_bug","text":"
is_vfile_qemu_user_bug() -> bool\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readlink","title":"vfile_readlink","text":"
vfile_readlink(pathname: str | bytes) -> bytes\n
 
Reads the target of a symbolic link on the remote system.
 
:param pathname: The path to the symbolic link (string). :param buffer_size: The size of the buffer to read into (integer). :return: The target of the symbolic link as a string.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readfile","title":"vfile_readfile","text":"
vfile_readfile(filename: str, chunk_size=1000) -> Iterator[bytes]\n
 
Reads the entire content of a file on the remote system.
 
:param filename: The path to the file (string). :param chunk_size: The number of bytes to read in each iteration (integer). :return: The complete content of the file as bytes.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_open","title":"vfile_open","text":"
vfile_open(filename: str, flags: int, mode: int) -> int\n
 
Opens a file on the remote system and returns the file descriptor.
 
:param filename: The path to the file (string). :param flags: Flags passed to the open call (integer, base 16).     These correspond to the constant values in the enum OpenOptions from LLDB\u2019s File.h,     not the traditional open(2) flags. :param mode: Mode bits for the file (integer, base 16). :return: File descriptor (integer), or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.gdb_memtox_inverse","title":"gdb_memtox_inverse","text":"
gdb_memtox_inverse(data: bytes) -> bytes\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_pread","title":"vfile_pread","text":"
vfile_pread(fd: int, size: int, offset: int) -> tuple[int, bytes]\n
 
Reads data from a file descriptor.
 
:param fd: File descriptor (integer). :param size: Number of bytes to read (integer, base 16). :param offset: Offset in the file to start reading from (integer, base 16). :return: Tuple of (bytes_read, data) where bytes_read is an integer and data is the binary data.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_close","title":"vfile_close","text":"
vfile_close(fd)\n
 
Closes a previously opened file descriptor.
 
:param fd: File descriptor (integer). :return: None, or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/godbg/","title":"godbg","text":""},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg","title":"godbg","text":"
Classes:
 
     
  •  FormatOpts           \u2013            
    •  
  •  Type           \u2013            
    •  
  •  GoTypeKind           \u2013            
    •  
  •  GoTypeMeta           \u2013            
    •  
  •  BackrefType           \u2013            
    A temporary placeholder type used when dumping recursive types, e.g. type a []a
     
    •  
  •  BasicType           \u2013            
    A primitive Go type.
     
    •  
  •  SliceType           \u2013            
    A slice type in Go, notated as []inner.
     
    •  
  •  PointerType           \u2013            
    A pointer type in Go, notated as *inner.
     
    •  
  •  ArrayType           \u2013            
    An array type in Go, notated as [count]inner.
     
    •  
  •  MapType           \u2013            
    A map type in Go, notated as map[key]val.
     
    •  
  •  StructType           \u2013            
    A struct type in Go, notated as struct(SIZE){FIELDS},
     
    •  
  •  RuntimeType           \u2013            
    A value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS,
     
    •  
 
Functions:
 
     
  •  word_size             \u2013              
    Gets the Go word size for the current architecture.
     
    •  
  •  max_align             \u2013              
    Gets the Go maximum alignment for the current architecture.
     
    •  
  •  compute_offsets             \u2013              
    Given a list of (size, alignment) for struct field types,
     
    •  
  •  compute_named_offsets             \u2013              
    Like compute_offsets, but takes in field names and returns a dictionary
     
    •  
  •  load_uint             \u2013              
    •  
  •  load_int             \u2013              
    •  
  •  load_float             \u2013              
    •  
  •  emit_warning             \u2013              
    •  
  •  get_elf             \u2013              
    •  
  •  read_buildversion             \u2013              
    Reads a Go runtime.buildVersion string to extract the version.
     
    •  
  •  get_go_version             \u2013              
    Try to determine the Go version used to compile the binary.
     
    •  
  •  get_type_start             \u2013              
    Given the address to a type, try to find the moduledata types section containing it.
     
    •  
  •  read_varint_str             \u2013              
    Read a length-prefix string encoded with Go's variable length encoding.
     
    •  
  •  read_type_name             \u2013              
    Reads a Go type name given the address to the name.
     
    •  
  •  decode_runtime_type             \u2013              
    Decodes a runtime reflection type from memory, returning a (meta, type) tuplee.
     
    •  
  •  parse_type             \u2013              
    •  
 
Attributes:
 
     
  •  line_width           \u2013            
    •  
  •  indent_amount           \u2013            
    •  
  •  debug_color           \u2013            
    •  
  •  hex_digits           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.line_width","title":"line_width  module-attribute","text":"
line_width = add_param(\n    \"go-dump-line-width\", 80, \"the soft line width for go-dump pretty printing\"\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.indent_amount","title":"indent_amount  module-attribute","text":"
indent_amount = add_param(\n    \"go-dump-indent-amount\", 4, \"the indent amount for go-dump pretty printing\"\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.debug_color","title":"debug_color  module-attribute","text":"
debug_color = add_color_param(\n    \"go-dump-debug\",\n    \"blue\",\n    \"color for 'go-dump' command's debug info when --debug is specified\",\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.hex_digits","title":"hex_digits  module-attribute","text":"
hex_digits = set('0123456789abcdefABCDEFxX')\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts","title":"FormatOpts  dataclass","text":"
FormatOpts(\n    int_hex: bool = False,\n    debug: bool = False,\n    pretty: bool = False,\n    float_decimals: int | None = None,\n)\n
 
Methods:
 
     
  •  fmt_int             \u2013              
    •  
  •  fmt_float             \u2013              
    •  
  •  fmt_str             \u2013              
    •  
  •  fmt_bytes             \u2013              
    •  
  •  fmt_debug             \u2013              
    •  
  •  fmt_elems             \u2013              
    •  
  •  fmt_ptr             \u2013              
    •  
 
Attributes:
 
     
  •  int_hex               (bool)           \u2013            
    •  
  •  debug               (bool)           \u2013            
    •  
  •  pretty               (bool)           \u2013            
    •  
  •  float_decimals               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.int_hex","title":"int_hex  class-attribute instance-attribute","text":"
int_hex: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.debug","title":"debug  class-attribute instance-attribute","text":"
debug: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.pretty","title":"pretty  class-attribute instance-attribute","text":"
pretty: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.float_decimals","title":"float_decimals  class-attribute instance-attribute","text":"
float_decimals: int | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_int","title":"fmt_int","text":"
fmt_int(val: int) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_float","title":"fmt_float","text":"
fmt_float(val: float) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_str","title":"fmt_str","text":"
fmt_str(val: str) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_bytes","title":"fmt_bytes","text":"
fmt_bytes(val: bytes) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_debug","title":"fmt_debug","text":"
fmt_debug(val: str, default: str = '') -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_elems","title":"fmt_elems","text":"
fmt_elems(elems: Iterable[str]) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_ptr","title":"fmt_ptr","text":"
fmt_ptr(val: int) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type","title":"Type  dataclass","text":"
Type(meta: GoTypeMeta | None)\n
 
               Bases: ABC
 
Methods:
 
     
  •  dump             \u2013              
    Dump a type from memory given an address and format.
     
    •  
  •  size             \u2013              
    Returns the size of a type in bytes.
     
    •  
  •  align             \u2013              
    Returns the alignment of a type in bytes.
     
    •  
  •  get_typename             \u2013              
    Returns the typename of a type. Should be reparsable via _parse_ty.
     
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  additional_metadata             \u2013              
    Returns a list of lines of additional metadata to dump from the go-type command.
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.dump","title":"dump  abstractmethod","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
 
Dump a type from memory given an address and format.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.size","title":"size  abstractmethod","text":"
size() -> int\n
 
Returns the size of a type in bytes.
 
Used for computing array and struct layouts.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.align","title":"align  abstractmethod","text":"
align() -> int\n
 
Returns the alignment of a type in bytes.
 
Used for computing array and struct layouts.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.get_typename","title":"get_typename  abstractmethod","text":"
get_typename() -> str\n
 
Returns the typename of a type. Should be reparsable via _parse_ty.
 
Also used to get the string representation.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
 
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind","title":"GoTypeKind","text":"
               Bases: IntEnum
 
Methods:
 
     
  •  get_simple_name             \u2013              
    •  
 
Attributes:
 
     
  •  INVALID           \u2013            
    •  
  •  BOOL           \u2013            
    •  
  •  INT           \u2013            
    •  
  •  INT8           \u2013            
    •  
  •  INT16           \u2013            
    •  
  •  INT32           \u2013            
    •  
  •  INT64           \u2013            
    •  
  •  UINT           \u2013            
    •  
  •  UINT8           \u2013            
    •  
  •  UINT16           \u2013            
    •  
  •  UINT32           \u2013            
    •  
  •  UINT64           \u2013            
    •  
  •  UINTPTR           \u2013            
    •  
  •  FLOAT32           \u2013            
    •  
  •  FLOAT64           \u2013            
    •  
  •  COMPLEX64           \u2013            
    •  
  •  COMPLEX128           \u2013            
    •  
  •  ARRAY           \u2013            
    •  
  •  CHAN           \u2013            
    •  
  •  FUNC           \u2013            
    •  
  •  INTERFACE           \u2013            
    •  
  •  MAP           \u2013            
    •  
  •  POINTER           \u2013            
    •  
  •  SLICE           \u2013            
    •  
  •  STRING           \u2013            
    •  
  •  STRUCT           \u2013            
    •  
  •  UNSAFEPOINTER           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INVALID","title":"INVALID  class-attribute instance-attribute","text":"
INVALID = 0\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.BOOL","title":"BOOL  class-attribute instance-attribute","text":"
BOOL = 1\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT","title":"INT  class-attribute instance-attribute","text":"
INT = 2\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT8","title":"INT8  class-attribute instance-attribute","text":"
INT8 = 3\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT16","title":"INT16  class-attribute instance-attribute","text":"
INT16 = 4\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT32","title":"INT32  class-attribute instance-attribute","text":"
INT32 = 5\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT64","title":"INT64  class-attribute instance-attribute","text":"
INT64 = 6\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT","title":"UINT  class-attribute instance-attribute","text":"
UINT = 7\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT8","title":"UINT8  class-attribute instance-attribute","text":"
UINT8 = 8\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT16","title":"UINT16  class-attribute instance-attribute","text":"
UINT16 = 9\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT32","title":"UINT32  class-attribute instance-attribute","text":"
UINT32 = 10\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT64","title":"UINT64  class-attribute instance-attribute","text":"
UINT64 = 11\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINTPTR","title":"UINTPTR  class-attribute instance-attribute","text":"
UINTPTR = 12\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT32","title":"FLOAT32  class-attribute instance-attribute","text":"
FLOAT32 = 13\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT64","title":"FLOAT64  class-attribute instance-attribute","text":"
FLOAT64 = 14\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX64","title":"COMPLEX64  class-attribute instance-attribute","text":"
COMPLEX64 = 15\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX128","title":"COMPLEX128  class-attribute instance-attribute","text":"
COMPLEX128 = 16\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.ARRAY","title":"ARRAY  class-attribute instance-attribute","text":"
ARRAY = 17\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.CHAN","title":"CHAN  class-attribute instance-attribute","text":"
CHAN = 18\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FUNC","title":"FUNC  class-attribute instance-attribute","text":"
FUNC = 19\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INTERFACE","title":"INTERFACE  class-attribute instance-attribute","text":"
INTERFACE = 20\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.MAP","title":"MAP  class-attribute instance-attribute","text":"
MAP = 21\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.POINTER","title":"POINTER  class-attribute instance-attribute","text":"
POINTER = 22\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.SLICE","title":"SLICE  class-attribute instance-attribute","text":"
SLICE = 23\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRING","title":"STRING  class-attribute instance-attribute","text":"
STRING = 24\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRUCT","title":"STRUCT  class-attribute instance-attribute","text":"
STRUCT = 25\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UNSAFEPOINTER","title":"UNSAFEPOINTER  class-attribute instance-attribute","text":"
UNSAFEPOINTER = 26\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.get_simple_name","title":"get_simple_name","text":"
get_simple_name() -> str | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta","title":"GoTypeMeta  dataclass","text":"
GoTypeMeta(\n    name: str,\n    kind: GoTypeKind,\n    addr: int,\n    size: int = 0,\n    align: int = 1,\n    direct_iface: bool = False,\n)\n
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  kind               (GoTypeKind)           \u2013            
    •  
  •  addr               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    •  
  •  align               (int)           \u2013            
    •  
  •  direct_iface               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.kind","title":"kind  instance-attribute","text":"
kind: GoTypeKind\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.addr","title":"addr  instance-attribute","text":"
addr: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.size","title":"size  class-attribute instance-attribute","text":"
size: int = 0\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.align","title":"align  class-attribute instance-attribute","text":"
align: int = 1\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.direct_iface","title":"direct_iface  class-attribute instance-attribute","text":"
direct_iface: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType","title":"BackrefType  dataclass","text":"
BackrefType(meta: GoTypeMeta | None, key: int)\n
 
               Bases: Type
 
A temporary placeholder type used when dumping recursive types, e.g. type a []a
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  additional_metadata             \u2013              
    Returns a list of lines of additional metadata to dump from the go-type command.
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  key               (int)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.key","title":"key  instance-attribute","text":"
key: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts())\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
 
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType","title":"BasicType  dataclass","text":"
BasicType(meta: GoTypeMeta | None, name: str, extra_meta: list[str] = list())\n
 
               Bases: Type
 
A primitive Go type.
 
Complex numbers are laid out as a real and imaginary part (both floats). Strings are laid out as a pointer and a length.
 
Methodless interfaces (the interface{} type) are denoted as any, and interfaces with methods are denoted as interface.
 
Function pointers are denoted as funcptr.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  __post_init__             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  sz               (int)           \u2013            
    •  
  •  algn               (int)           \u2013            
    •  
  •  extra_meta               (list[str])           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.sz","title":"sz  class-attribute instance-attribute","text":"
sz: int = field(init=False)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.algn","title":"algn  class-attribute instance-attribute","text":"
algn: int = field(init=False)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.extra_meta","title":"extra_meta  class-attribute instance-attribute","text":"
extra_meta: list[str] = field(default_factory=list)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__post_init__","title":"__post_init__","text":"
__post_init__() -> None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType","title":"SliceType  dataclass","text":"
SliceType(meta: GoTypeMeta | None, inner: Type)\n
 
               Bases: Type
 
A slice type in Go, notated as []inner.
 
Slices are laid out as a pointer, length, and capacity.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (Type)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.inner","title":"inner  instance-attribute","text":"
inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType","title":"PointerType  dataclass","text":"
PointerType(meta: GoTypeMeta | None, inner: Type)\n
 
               Bases: Type
 
A pointer type in Go, notated as *inner.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (Type)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.inner","title":"inner  instance-attribute","text":"
inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType","title":"ArrayType  dataclass","text":"
ArrayType(meta: GoTypeMeta | None, inner: Type, count: int)\n
 
               Bases: Type
 
An array type in Go, notated as [count]inner.
 
Arrays are laid out as contiguous data.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (Type)           \u2013            
    •  
  •  count               (int)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.inner","title":"inner  instance-attribute","text":"
inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.count","title":"count  instance-attribute","text":"
count: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType","title":"MapType  dataclass","text":"
MapType(meta: GoTypeMeta | None, key: Type, val: Type)\n
 
               Bases: Type
 
A map type in Go, notated as map[key]val.
 
Note that maps in Go are actually pointers to the inner map, but the map type printer here directly prints the inner map.
 
Maps don't have a simple layout, and may reasonably change.
 
Methods:
 
     
  •  is_swiss             \u2013              
    •  
  •  field_offsets_noswiss             \u2013              
    The layout for pre-1.24 maps is as follows (taken from src/runtime/map.go commit 1b4f1dc):
     
    •  
  •  field_offsets_swiss             \u2013              
    The layout for post-1.24 maps is as follows (taken from src/internal/runtime/map.go commit 4e63ae4):
     
    •  
  •  field_offsets_swiss_inner             \u2013              
    The layout for the inner swissmap is as follows (taken from src/internal/runtime/maps/table.go commit 4e63ae4):
     
    •  
  •  field_offsets             \u2013              
    •  
  •  format_entries             \u2013              
    •  
  •  dump_noswiss             \u2013              
    •  
  •  dump_swiss             \u2013              
    •  
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  key               (Type)           \u2013            
    •  
  •  val               (Type)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.key","title":"key  instance-attribute","text":"
key: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.val","title":"val  instance-attribute","text":"
val: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.is_swiss","title":"is_swiss  staticmethod","text":"
is_swiss() -> bool\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets_noswiss","title":"field_offsets_noswiss  staticmethod","text":"
field_offsets_noswiss() -> dict[str, int]\n
 
The layout for pre-1.24 maps is as follows (taken from src/runtime/map.go commit 1b4f1dc):
 
type hmap struct {     count      int     flags      uint8     B          uint8     noverflow  uint16     hash0      uint32     buckets    unsafe.Pointer     oldbuckets unsafe.Pointer     nevacuate  uintptr     extra      *mapextra }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets_swiss","title":"field_offsets_swiss  staticmethod","text":"
field_offsets_swiss() -> dict[str, int]\n
 
The layout for post-1.24 maps is as follows (taken from src/internal/runtime/map.go commit 4e63ae4):
 
type Map struct {     used              uint64     seed              uintptr     dirPtr            unsafe.Pointer     dirLen            int     globalDepth       uint8     globalShift       uint8     writing           uint8     tombstonePossible bool     clearSeq          uint64 }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets_swiss_inner","title":"field_offsets_swiss_inner  staticmethod","text":"
field_offsets_swiss_inner() -> dict[str, int]\n
 
The layout for the inner swissmap is as follows (taken from src/internal/runtime/maps/table.go commit 4e63ae4):
 
type table struct {     used       uint16     capacity   uint16     growthLeft uint16     localDepth uint8     index      int     groups     groupsReference }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets","title":"field_offsets  classmethod","text":"
field_offsets() -> dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.format_entries","title":"format_entries  staticmethod","text":"
format_entries(\n    entries: list[tuple[int, int, str, str]], fmt: FormatOpts = FormatOpts()\n) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.dump_noswiss","title":"dump_noswiss","text":"
dump_noswiss(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.dump_swiss","title":"dump_swiss","text":"
dump_swiss(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType","title":"StructType  dataclass","text":"
StructType(\n    meta: GoTypeMeta | None,\n    fields: list[tuple[str, str | Type, int]],\n    sz: int,\n    algn: int | None = None,\n    name: str | None = None,\n)\n
 
               Bases: Type
 
A struct type in Go, notated as struct(SIZE){FIELDS}, where SIZE is the size of the struct in bytes, and FIELDS is a semicolon-separated list of OFFSET:NAME:TYPE fields.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  fields               (list[tuple[str, str | Type, int]])           \u2013            
    •  
  •  sz               (int)           \u2013            
    •  
  •  algn               (int | None)           \u2013            
    •  
  •  name               (str | None)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.fields","title":"fields  instance-attribute","text":"
fields: list[tuple[str, str | Type, int]]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.sz","title":"sz  instance-attribute","text":"
sz: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.algn","title":"algn  class-attribute instance-attribute","text":"
algn: int | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.name","title":"name  class-attribute instance-attribute","text":"
name: str | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType","title":"RuntimeType  dataclass","text":"
RuntimeType(meta: GoTypeMeta | None, sz: int, addr: int)\n
 
               Bases: Type
 
A value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS, where SIZE is the size of the type's value in bytes, and ADDRESS is the address of the type.
 
This type is useful for serializing cyclic types.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  additional_metadata             \u2013              
    Returns a list of lines of additional metadata to dump from the go-type command.
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  sz               (int)           \u2013            
    •  
  •  addr               (int)           \u2013            
    •  
  •  algn               (int | None)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.sz","title":"sz  instance-attribute","text":"
sz: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.addr","title":"addr  instance-attribute","text":"
addr: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.algn","title":"algn  class-attribute instance-attribute","text":"
algn: int | None = field(init=False, default=None)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
 
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.word_size","title":"word_size","text":"
word_size() -> int\n
 
Gets the Go word size for the current architecture.
 
Values taken from https://github.com/golang/go/blob/49cdf0c42e320dfed044baa551610f081eafb781/src/cmd/compile/internal/types2/sizes.go#L230-L249
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.max_align","title":"max_align","text":"
max_align() -> int\n
 
Gets the Go maximum alignment for the current architecture.
 
Values taken from https://github.com/golang/go/blob/49cdf0c42e320dfed044baa551610f081eafb781/src/cmd/compile/internal/types2/sizes.go#L230-L249
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_offsets","title":"compute_offsets","text":"
compute_offsets(fields: Iterable[tuple[int, int]]) -> list[int]\n
 
Given a list of (size, alignment) for struct field types, returns a list of field offsets for the struct. The last element will be the offset of the struct's end (the struct size).
 
Layout computation taken from src/go/types/sizes.go commit 1b4f1dc
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_named_offsets","title":"compute_named_offsets","text":"
compute_named_offsets(fields: Iterable[tuple[str, int, int]]) -> dict[str, int]\n
 
Like compute_offsets, but takes in field names and returns a dictionary mapping field name to offset instead.
 
Also maps in a special $size field with the size of the struct.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_uint","title":"load_uint","text":"
load_uint(data: bytes, endian: Literal['little', 'big'] | None = None) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_int","title":"load_int","text":"
load_int(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_float","title":"load_float","text":"
load_float(data: bytes) -> float\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.emit_warning","title":"emit_warning","text":"
emit_warning(msg: str)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_elf","title":"get_elf","text":"
get_elf() -> ELFInfo | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_buildversion","title":"read_buildversion","text":"
read_buildversion(addr: int) -> str\n
 
Reads a Go runtime.buildVersion string to extract the version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_go_version","title":"get_go_version","text":"
get_go_version() -> tuple[int, ...] | None\n
 
Try to determine the Go version used to compile the binary.
 
None can be returned if the version couldn't be inferred, at which point it's probably best to assume latest version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_type_start","title":"get_type_start","text":"
get_type_start(addr: int | None = None) -> int | None\n
 
Given the address to a type, try to find the moduledata types section containing it.
 
Necessary to determine the base address that the type name is offset by.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_varint_str","title":"read_varint_str","text":"
read_varint_str(addr: int) -> bytes\n
 
Read a length-prefix string encoded with Go's variable length encoding.
 
Implementation taken from https://github.com/golang/go/blob/9d33956503c0d96c0c5666d374173f7ac9756d98/src/internal/abi/type.go#L640-L649
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_type_name","title":"read_type_name","text":"
read_type_name(addr: int) -> bytes\n
 
Reads a Go type name given the address to the name.
 
Go type names are stored as a 1 byte bitfield followed by a varint length prefixed string after 1.17.
 
Prior to 1.17, they were stored as a 1 byte bitfield followed by a 2 byte length prefixed string.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.decode_runtime_type","title":"decode_runtime_type","text":"
decode_runtime_type(\n    addr: int, keep_backrefs: bool = False\n) -> tuple[GoTypeMeta, Type | None]\n
 
Decodes a runtime reflection type from memory, returning a (meta, type) tuplee.
 
The layout assumed is as follows (taken from src/internal/abi/type.go commit 1b4f1dc):
 
type Type struct {     Size_       uintptr     PtrBytes    uintptr     Hash        uint32     TFlag       TFlag     Align_      uint8     FieldAlign_ uint8     Kind_       Kind     Equal       func(unsafe.Pointer, unsafe.Pointer) bool     GCData      *byte     Str         NameOff     PtrToThis   TypeOff }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.parse_type","title":"parse_type","text":"
parse_type(ty: str) -> Type\n
"},{"location":"reference/pwndbg/aglib/heap/","title":"heap","text":""},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap","title":"heap","text":"
Modules:
 
     
  •  heap           \u2013            
    •  
  •  jemalloc           \u2013            
    •  
  •  mallocng           \u2013            
    Implements handling of musl's allocator mallocng.
     
    •  
  •  ptmalloc           \u2013            
    •  
  •  structs           \u2013            
    •  
 
Functions:
 
     
  •  add_heap_param             \u2013              
    •  
  •  update             \u2013              
    •  
  •  reset             \u2013              
    •  
  •  resolve_heap             \u2013              
    •  
 
Attributes:
 
     
  •  current               (MemoryAllocator | None)           \u2013            
    •  
  •  main_arena           \u2013            
    •  
  •  thread_arena           \u2013            
    •  
  •  mp_           \u2013            
    •  
  •  tcache           \u2013            
    •  
  •  global_max_fast           \u2013            
    •  
  •  symbol_list           \u2013            
    •  
  •  heap_chain_limit           \u2013            
    •  
  •  heap_corruption_check_limit           \u2013            
    •  
  •  extra_hint_for_gdb           \u2013            
    •  
  •  resolve_heap_via_heuristic           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.current","title":"current  module-attribute","text":"
current: MemoryAllocator | None = None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.main_arena","title":"main_arena  module-attribute","text":"
main_arena = add_heap_param('main-arena', '0', 'the address of main_arena')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.thread_arena","title":"thread_arena  module-attribute","text":"
thread_arena = add_heap_param(\n    \"thread-arena\", \"0\", \"the address pointed by thread_arena\"\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.mp_","title":"mp_  module-attribute","text":"
mp_ = add_heap_param('mp', '0', 'the address of mp_')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.tcache","title":"tcache  module-attribute","text":"
tcache = add_heap_param('tcache', '0', 'the address pointed by tcache')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.global_max_fast","title":"global_max_fast  module-attribute","text":"
global_max_fast = add_heap_param(\n    \"global-max-fast\", \"0\", \"the address of global_max_fast\"\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.symbol_list","title":"symbol_list  module-attribute","text":"
symbol_list = [main_arena, thread_arena, mp_, tcache, global_max_fast]\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_chain_limit","title":"heap_chain_limit  module-attribute","text":"
heap_chain_limit = add_heap_param(\n    \"heap-dereference-limit\",\n    8,\n    \"number of chunks to dereference in each bin\",\n    param_class=PARAM_UINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_corruption_check_limit","title":"heap_corruption_check_limit  module-attribute","text":"
heap_corruption_check_limit = add_heap_param(\n    \"heap-corruption-check-limit\",\n    64,\n    \"amount of chunks to traverse for the bin corruption check\",\n    param_class=PARAM_UINTEGER,\n    help_docstring=\"\\nThe bins are traversed both forwards and backwards.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.extra_hint_for_gdb","title":"extra_hint_for_gdb  module-attribute","text":"
extra_hint_for_gdb = \"\\nIn addition, even you have the debug symbols of libc, you might still see the\\nfollowing warning when debugging a multi-threaded program:\\n```\\nwarning: Unable to find libthread_db matching inferior's thread library, thread\\ndebugging will not be available.\\n```\\n\\nYou'll need to ensure that the correct `libthread_db.so` is loaded. To do this,\\nset the search path using:\\n```\\nset libthread-db-search-path <path having correct libthread_db.so>\\n```\\nThen, restart your program to enable proper thread debugging.\\n\"\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap_via_heuristic","title":"resolve_heap_via_heuristic  module-attribute","text":"
resolve_heap_via_heuristic = add_heap_param(\n    \"resolve-heap-via-heuristic\",\n    \"auto\",\n    \"the strategy to resolve heap via heuristic\",\n    help_docstring=\"Values explained:\\n\\n+ `auto` - Pwndbg will try to use heuristics if debug symbols are missing\\n+ `force` - Pwndbg will always try to use heuristics, even if debug symbols are available\\n+ `never` - Pwndbg will never use heuristics to resolve the heap\\n\\nIf the output of the heap related command produces errors with heuristics, you\\ncan try manually setting the libc symbol addresses.\\nFor this, see the `heap_config` command output and set the `main_arena`, `mp_`,\\n`global_max_fast`, `tcache` and `thread_arena` addresses.\\n\\nNote: Pwndbg will generate more reliable results with proper debug symbols.\\nTherefore, when debug symbols are missing, you should try to install them first\\nif you haven't already.\\n\\nThey can probably be installed via the package manager of your choice.\\nSee also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .\\n\\nE.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and\\n32-bit binaries):\\n```bash\\nsudo apt-get install libc6-dbg\\nsudo dpkg --add-architecture i386\\nsudo apt-get install libc-dbg:i386\\n```\\nIf you used setup.sh on Arch based distro you'll need to do a power cycle or set\\nenvironment variable manually like this:\\n```bash\\nexport DEBUGINFOD_URLS=https://debuginfod.archlinux.org\\n```\\n\"\n    + extra_hint_for_gdb,\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"auto\", \"force\", \"never\"],\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.add_heap_param","title":"add_heap_param","text":"
add_heap_param(\n    name: str,\n    default: Any,\n    set_show_doc: str,\n    *,\n    help_docstring: str = \"\",\n    param_class: int | None = None,\n    enum_sequence: Sequence[str] | None = None,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.reset","title":"reset","text":"
reset() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap","title":"resolve_heap","text":"
resolve_heap(is_first_run: bool = False) -> None\n
"},{"location":"reference/pwndbg/aglib/heap/heap/","title":"heap","text":""},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap","title":"heap","text":"
Classes:
 
     
  •  MemoryAllocator           \u2013            
    Heap abstraction layer.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator","title":"MemoryAllocator","text":"
Heap abstraction layer.
 
Methods:
 
     
  •  containing             \u2013              
    Returns the address of the allocation which contains 'address'.
     
    •  
  •  is_initialized             \u2013              
    Returns whether the allocator is initialized or not.
     
    •  
  •  libc_has_debug_syms             \u2013              
    Returns whether the libc has debug symbols or not.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.containing","title":"containing","text":"
containing(address: int) -> int\n
 
Returns the address of the allocation which contains 'address'.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to look up.
     
    •  
 
Returns:
 
     
  •  int           \u2013            
    An integer.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.is_initialized","title":"is_initialized","text":"
is_initialized() -> bool\n
 
Returns whether the allocator is initialized or not.
 
Returns:
 
     
  •  bool           \u2013            
    A boolean.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.libc_has_debug_syms","title":"libc_has_debug_syms","text":"
libc_has_debug_syms() -> bool\n
 
Returns whether the libc has debug symbols or not.
 
Returns:
 
     
  •  bool           \u2013            
    A boolean.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/","title":"jemalloc","text":""},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc","title":"jemalloc","text":"
Classes:
 
     
  •  RTree           \u2013            
    RTree is used by jemalloc to keep track of extents that are allocated by jemalloc.
     
    •  
  •  Extent           \u2013            
    Concept of extent (edata) is similar to chunk in glibc malloc but allocation algorithm differs a lot.
     
    •  
 
Functions:
 
     
  •  mask             \u2013              
    •  
  •  lg_floor_1             \u2013              
    •  
  •  lg_floor_2             \u2013              
    •  
  •  lg_floor_4             \u2013              
    •  
  •  lg_floor_8             \u2013              
    •  
  •  lg_floor_16             \u2013              
    •  
  •  lg_floor_32             \u2013              
    •  
  •  lg_floor_64             \u2013              
    •  
  •  lg_floor             \u2013              
    •  
  •  lg_ceil             \u2013              
    •  
 
Attributes:
 
     
  •  LG_VADDR           \u2013            
    •  
  •  LG_PAGE           \u2013            
    •  
  •  MALLOCX_ARENA_BITS           \u2013            
    •  
  •  LG_SIZEOF_PTR           \u2013            
    •  
  •  RTREE_NHIB           \u2013            
    •  
  •  RTREE_NLIB           \u2013            
    •  
  •  RTREE_NSB           \u2013            
    •  
  •  RTREE_HEIGHT           \u2013            
    •  
  •  LG_QUANTUM           \u2013            
    •  
  •  SC_LG_TINY_MIN           \u2013            
    •  
  •  SC_NTINY           \u2013            
    •  
  •  SC_LG_NGROUP           \u2013            
    •  
  •  SC_NGROUP           \u2013            
    •  
  •  SC_NPSEUDO           \u2013            
    •  
  •  SC_PTR_BITS           \u2013            
    •  
  •  SC_LG_BASE_MAX           \u2013            
    •  
  •  SC_LG_FIRST_REGULAR_BASE           \u2013            
    •  
  •  SC_NREGULAR           \u2013            
    •  
  •  SC_NSIZES           \u2013            
    •  
  •  SC_LG_SLAB_MAXREGS           \u2013            
    •  
  •  EDATA_BITS_ARENA_WIDTH           \u2013            
    •  
  •  EDATA_BITS_ARENA_SHIFT           \u2013            
    •  
  •  EDATA_BITS_ARENA_MASK           \u2013            
    •  
  •  EDATA_BITS_SLAB_WIDTH           \u2013            
    •  
  •  EDATA_BITS_SLAB_SHIFT           \u2013            
    •  
  •  EDATA_BITS_SLAB_MASK           \u2013            
    •  
  •  EDATA_BITS_COMMITTED_WIDTH           \u2013            
    •  
  •  EDATA_BITS_COMMITTED_SHIFT           \u2013            
    •  
  •  EDATA_BITS_COMMITTED_MASK           \u2013            
    •  
  •  EDATA_BITS_PAI_WIDTH           \u2013            
    •  
  •  EDATA_BITS_PAI_SHIFT           \u2013            
    •  
  •  EDATA_BITS_PAI_MASK           \u2013            
    •  
  •  EDATA_BITS_ZEROED_WIDTH           \u2013            
    •  
  •  EDATA_BITS_ZEROED_SHIFT           \u2013            
    •  
  •  EDATA_BITS_ZEROED_MASK           \u2013            
    •  
  •  EDATA_BITS_GUARDED_WIDTH           \u2013            
    •  
  •  EDATA_BITS_GUARDED_SHIFT           \u2013            
    •  
  •  EDATA_BITS_GUARDED_MASK           \u2013            
    •  
  •  EDATA_BITS_STATE_WIDTH           \u2013            
    •  
  •  EDATA_BITS_STATE_SHIFT           \u2013            
    •  
  •  EDATA_BITS_STATE_MASK           \u2013            
    •  
  •  EDATA_BITS_SZIND_WIDTH           \u2013            
    •  
  •  EDATA_BITS_SZIND_SHIFT           \u2013            
    •  
  •  EDATA_BITS_SZIND_MASK           \u2013            
    •  
  •  EDATA_BITS_NFREE_WIDTH           \u2013            
    •  
  •  EDATA_BITS_NFREE_SHIFT           \u2013            
    •  
  •  EDATA_BITS_NFREE_MASK           \u2013            
    •  
  •  EDATA_BITS_BINSHARD_WIDTH           \u2013            
    •  
  •  EDATA_BITS_BINSHARD_SHIFT           \u2013            
    •  
  •  EDATA_BITS_BINSHARD_MASK           \u2013            
    •  
  •  EDATA_BITS_IS_HEAD_WIDTH           \u2013            
    •  
  •  EDATA_BITS_IS_HEAD_SHIFT           \u2013            
    •  
  •  EDATA_BITS_IS_HEAD_MASK           \u2013            
    •  
  •  rtree_levels           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_VADDR","title":"LG_VADDR  module-attribute","text":"
LG_VADDR = 48\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_PAGE","title":"LG_PAGE  module-attribute","text":"
LG_PAGE = 12\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.MALLOCX_ARENA_BITS","title":"MALLOCX_ARENA_BITS  module-attribute","text":"
MALLOCX_ARENA_BITS = 12\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_SIZEOF_PTR","title":"LG_SIZEOF_PTR  module-attribute","text":"
LG_SIZEOF_PTR = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NHIB","title":"RTREE_NHIB  module-attribute","text":"
RTREE_NHIB = (1 << LG_SIZEOF_PTR + 3) - LG_VADDR\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NLIB","title":"RTREE_NLIB  module-attribute","text":"
RTREE_NLIB = LG_PAGE\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NSB","title":"RTREE_NSB  module-attribute","text":"
RTREE_NSB = LG_VADDR - RTREE_NLIB\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_HEIGHT","title":"RTREE_HEIGHT  module-attribute","text":"
RTREE_HEIGHT = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_QUANTUM","title":"LG_QUANTUM  module-attribute","text":"
LG_QUANTUM = 4\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_TINY_MIN","title":"SC_LG_TINY_MIN  module-attribute","text":"
SC_LG_TINY_MIN = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NTINY","title":"SC_NTINY  module-attribute","text":"
SC_NTINY = LG_QUANTUM - SC_LG_TINY_MIN\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_NGROUP","title":"SC_LG_NGROUP  module-attribute","text":"
SC_LG_NGROUP = 2\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NGROUP","title":"SC_NGROUP  module-attribute","text":"
SC_NGROUP = 1 << SC_LG_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NPSEUDO","title":"SC_NPSEUDO  module-attribute","text":"
SC_NPSEUDO = SC_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_PTR_BITS","title":"SC_PTR_BITS  module-attribute","text":"
SC_PTR_BITS = (1 << LG_SIZEOF_PTR) * 8\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_BASE_MAX","title":"SC_LG_BASE_MAX  module-attribute","text":"
SC_LG_BASE_MAX = SC_PTR_BITS - 2\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_FIRST_REGULAR_BASE","title":"SC_LG_FIRST_REGULAR_BASE  module-attribute","text":"
SC_LG_FIRST_REGULAR_BASE = LG_QUANTUM + SC_LG_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NREGULAR","title":"SC_NREGULAR  module-attribute","text":"
SC_NREGULAR = SC_NGROUP * (SC_LG_BASE_MAX - SC_LG_FIRST_REGULAR_BASE + 1) - 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NSIZES","title":"SC_NSIZES  module-attribute","text":"
SC_NSIZES = SC_NTINY + SC_NPSEUDO + SC_NREGULAR\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_SLAB_MAXREGS","title":"SC_LG_SLAB_MAXREGS  module-attribute","text":"
SC_LG_SLAB_MAXREGS = LG_PAGE - SC_LG_TINY_MIN\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_WIDTH","title":"EDATA_BITS_ARENA_WIDTH  module-attribute","text":"
EDATA_BITS_ARENA_WIDTH = MALLOCX_ARENA_BITS\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_SHIFT","title":"EDATA_BITS_ARENA_SHIFT  module-attribute","text":"
EDATA_BITS_ARENA_SHIFT = 0\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_MASK","title":"EDATA_BITS_ARENA_MASK  module-attribute","text":"
EDATA_BITS_ARENA_MASK = mask(EDATA_BITS_ARENA_WIDTH, EDATA_BITS_ARENA_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_WIDTH","title":"EDATA_BITS_SLAB_WIDTH  module-attribute","text":"
EDATA_BITS_SLAB_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_SHIFT","title":"EDATA_BITS_SLAB_SHIFT  module-attribute","text":"
EDATA_BITS_SLAB_SHIFT = EDATA_BITS_ARENA_WIDTH + EDATA_BITS_ARENA_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_MASK","title":"EDATA_BITS_SLAB_MASK  module-attribute","text":"
EDATA_BITS_SLAB_MASK = mask(EDATA_BITS_SLAB_WIDTH, EDATA_BITS_SLAB_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_WIDTH","title":"EDATA_BITS_COMMITTED_WIDTH  module-attribute","text":"
EDATA_BITS_COMMITTED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_SHIFT","title":"EDATA_BITS_COMMITTED_SHIFT  module-attribute","text":"
EDATA_BITS_COMMITTED_SHIFT = EDATA_BITS_SLAB_WIDTH + EDATA_BITS_SLAB_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_MASK","title":"EDATA_BITS_COMMITTED_MASK  module-attribute","text":"
EDATA_BITS_COMMITTED_MASK = mask(\n    EDATA_BITS_COMMITTED_WIDTH, EDATA_BITS_COMMITTED_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_WIDTH","title":"EDATA_BITS_PAI_WIDTH  module-attribute","text":"
EDATA_BITS_PAI_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_SHIFT","title":"EDATA_BITS_PAI_SHIFT  module-attribute","text":"
EDATA_BITS_PAI_SHIFT = EDATA_BITS_COMMITTED_WIDTH + EDATA_BITS_COMMITTED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_MASK","title":"EDATA_BITS_PAI_MASK  module-attribute","text":"
EDATA_BITS_PAI_MASK = mask(EDATA_BITS_PAI_WIDTH, EDATA_BITS_PAI_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_WIDTH","title":"EDATA_BITS_ZEROED_WIDTH  module-attribute","text":"
EDATA_BITS_ZEROED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_SHIFT","title":"EDATA_BITS_ZEROED_SHIFT  module-attribute","text":"
EDATA_BITS_ZEROED_SHIFT = EDATA_BITS_PAI_WIDTH + EDATA_BITS_PAI_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_MASK","title":"EDATA_BITS_ZEROED_MASK  module-attribute","text":"
EDATA_BITS_ZEROED_MASK = mask(EDATA_BITS_ZEROED_WIDTH, EDATA_BITS_ZEROED_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_WIDTH","title":"EDATA_BITS_GUARDED_WIDTH  module-attribute","text":"
EDATA_BITS_GUARDED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_SHIFT","title":"EDATA_BITS_GUARDED_SHIFT  module-attribute","text":"
EDATA_BITS_GUARDED_SHIFT = EDATA_BITS_ZEROED_WIDTH + EDATA_BITS_ZEROED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_MASK","title":"EDATA_BITS_GUARDED_MASK  module-attribute","text":"
EDATA_BITS_GUARDED_MASK = mask(\n    EDATA_BITS_GUARDED_WIDTH, EDATA_BITS_GUARDED_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_WIDTH","title":"EDATA_BITS_STATE_WIDTH  module-attribute","text":"
EDATA_BITS_STATE_WIDTH = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_SHIFT","title":"EDATA_BITS_STATE_SHIFT  module-attribute","text":"
EDATA_BITS_STATE_SHIFT = EDATA_BITS_GUARDED_WIDTH + EDATA_BITS_GUARDED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_MASK","title":"EDATA_BITS_STATE_MASK  module-attribute","text":"
EDATA_BITS_STATE_MASK = mask(EDATA_BITS_STATE_WIDTH, EDATA_BITS_STATE_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_WIDTH","title":"EDATA_BITS_SZIND_WIDTH  module-attribute","text":"
EDATA_BITS_SZIND_WIDTH = lg_ceil(SC_NSIZES)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_SHIFT","title":"EDATA_BITS_SZIND_SHIFT  module-attribute","text":"
EDATA_BITS_SZIND_SHIFT = EDATA_BITS_STATE_WIDTH + EDATA_BITS_STATE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_MASK","title":"EDATA_BITS_SZIND_MASK  module-attribute","text":"
EDATA_BITS_SZIND_MASK = mask(EDATA_BITS_SZIND_WIDTH, EDATA_BITS_SZIND_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_WIDTH","title":"EDATA_BITS_NFREE_WIDTH  module-attribute","text":"
EDATA_BITS_NFREE_WIDTH = SC_LG_SLAB_MAXREGS + 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_SHIFT","title":"EDATA_BITS_NFREE_SHIFT  module-attribute","text":"
EDATA_BITS_NFREE_SHIFT = EDATA_BITS_SZIND_WIDTH + EDATA_BITS_SZIND_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_MASK","title":"EDATA_BITS_NFREE_MASK  module-attribute","text":"
EDATA_BITS_NFREE_MASK = mask(EDATA_BITS_NFREE_WIDTH, EDATA_BITS_NFREE_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_WIDTH","title":"EDATA_BITS_BINSHARD_WIDTH  module-attribute","text":"
EDATA_BITS_BINSHARD_WIDTH = 6\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_SHIFT","title":"EDATA_BITS_BINSHARD_SHIFT  module-attribute","text":"
EDATA_BITS_BINSHARD_SHIFT = EDATA_BITS_NFREE_WIDTH + EDATA_BITS_NFREE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_MASK","title":"EDATA_BITS_BINSHARD_MASK  module-attribute","text":"
EDATA_BITS_BINSHARD_MASK = mask(\n    EDATA_BITS_BINSHARD_WIDTH, EDATA_BITS_BINSHARD_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_WIDTH","title":"EDATA_BITS_IS_HEAD_WIDTH  module-attribute","text":"
EDATA_BITS_IS_HEAD_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_SHIFT","title":"EDATA_BITS_IS_HEAD_SHIFT  module-attribute","text":"
EDATA_BITS_IS_HEAD_SHIFT = EDATA_BITS_BINSHARD_WIDTH + EDATA_BITS_BINSHARD_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_MASK","title":"EDATA_BITS_IS_HEAD_MASK  module-attribute","text":"
EDATA_BITS_IS_HEAD_MASK = mask(\n    EDATA_BITS_IS_HEAD_WIDTH, EDATA_BITS_IS_HEAD_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.rtree_levels","title":"rtree_levels  module-attribute","text":"
rtree_levels = [\n    [{\"bits\": RTREE_NSB, \"cumbits\": RTREE_NHIB + RTREE_NSB}],\n    [\n        {\"bits\": RTREE_NSB // 2, \"cumbits\": RTREE_NHIB + RTREE_NSB // 2},\n        {\n            \"bits\": RTREE_NSB // 2 + RTREE_NSB % 2,\n            \"cumbits\": RTREE_NHIB + RTREE_NSB,\n        },\n    ],\n    [\n        {\"bits\": RTREE_NSB // 3, \"cumbits\": RTREE_NHIB + RTREE_NSB // 3},\n        {\n            \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 // 2,\n            \"cumbits\": RTREE_NHIB + RTREE_NSB // 3 * 2 + RTREE_NSB % 3 // 2,\n        },\n        {\n            \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 - RTREE_NSB % 3 // 2,\n            \"cumbits\": RTREE_NHIB + RTREE_NSB,\n        },\n    ],\n]\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree","title":"RTree","text":"
RTree(addr: int)\n
 
RTree is used by jemalloc to keep track of extents that are allocated by jemalloc. Since extent data is not stored in a doubly linked list, rtree is used to find the extent belonging to a pointer that is being freed. Implementation of rtree is similar to Linux Radix tree: https://lwn.net/Articles/175432/
 
Methods:
 
     
  •  get_rtree             \u2013              
    •  
  •  lookup_hard             \u2013              
    Lookup the key in the rtree and return the value.
     
    •  
 
Attributes:
 
     
  •  root           \u2013            
    •  
  •  extents           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.root","title":"root  property","text":"
root\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.extents","title":"extents  property","text":"
extents\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.get_rtree","title":"get_rtree  staticmethod","text":"
get_rtree() -> RTree\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leaf_maskbits","title":"__rtree_leaf_maskbits","text":"
__rtree_leaf_maskbits(level)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leafkey","title":"__rtree_leafkey","text":"
__rtree_leafkey(key: int, level: int) -> int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__subkey","title":"__subkey","text":"
__subkey(key: int, level: int) -> int\n
 
Return a portion of the key that is used to find the node/leaf in the rtree at a specific level. Source: https://github.com/jemalloc/jemalloc/blob/5b72ac098abce464add567869d082f2097bd59a2/include/jemalloc/internal/rtree.h#L161
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__alignment_addr2base","title":"__alignment_addr2base  staticmethod","text":"
__alignment_addr2base(addr, alignment=64)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.lookup_hard","title":"lookup_hard","text":"
lookup_hard(key: int)\n
 
Lookup the key in the rtree and return the value.
 
How it works: - Jemalloc stores the extent address in the rtree as a node and to find a specific node we need a address key.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent","title":"Extent","text":"
Extent(addr: int)\n
 
Concept of extent (edata) is similar to chunk in glibc malloc but allocation algorithm differs a lot. - Extents are used to manage memory blocks (including jemalloc metadata) where extents sizes can vary but each block is always a multiple of the page size. - jemalloc will either allocate one large class request or multiple small class request (called slab) depending on request size. - Unlike chunks in glibc malloc, extents are not doubly linked list but are managed using rtree. - This tree is mostly used during deallocation to find the extent belonging to a pointer that is being freed. - Extents are also not stored as a header structure but externally (therefore extent metadata and actually mapped data may be very far apart).
 
Attributes:
 
     
  •  size           \u2013            
    May be larger in case of large size class allocation when cache_oblivious is enabled.
     
    •  
  •  extent_address               (int)           \u2013            
    Address of the extent data structure (not the actual memory).
     
    •  
  •  allocated_address               (int)           \u2013            
    Starting address of allocated memory
     
    •  
  •  bsize               (int)           \u2013            
    •  
  •  bits               (int)           \u2013            
    •  
  •  bitfields               (dict[str, int])           \u2013            
    Extract bitfields
     
    •  
  •  state_name               (str)           \u2013            
    •  
  •  has_slab               (bool)           \u2013            
    Returns True if the extent is used for small size classes.
     
    •  
  •  is_free               (bool)           \u2013            
    Returns True if the extent is free.
     
    •  
  •  pai               (str)           \u2013            
    Page Allocator Interface
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.size","title":"size  property","text":"
size\n
 
May be larger in case of large size class allocation when cache_oblivious is enabled.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.extent_address","title":"extent_address  property","text":"
extent_address: int\n
 
Address of the extent data structure (not the actual memory).
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.allocated_address","title":"allocated_address  property","text":"
allocated_address: int\n
 
Starting address of allocated memory cache-oblivious large allocation alignment:     When a large class allocation is made, jemalloc selects the closest size class that can fit the request and allocates that size + 4 KiB (0x1000).     However, the pointer returned to user is randomized between the 'base' and 'base + 4 KiB' (0x1000) range.     Source code: https://github.com/jemalloc/jemalloc/blob/a25b9b8ba91881964be3083db349991bbbbf1661/include/jemalloc/internal/arena_inlines_b.h#L505
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bsize","title":"bsize  property","text":"
bsize: int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bits","title":"bits  property","text":"
bits: int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bitfields","title":"bitfields  property","text":"
bitfields: dict[str, int]\n
 
Extract bitfields
 
arena_ind: Arena from which this extent came, or all 1 bits if unassociated. slab: The slab flag indicates whether the extent is used for a slab of small regions. This helps differentiate small size classes, and it indicates whether interior pointers can be looked up via iealloc(). committed: The committed flag indicates whether physical memory is committed to the extent, whether explicitly or implicitly as on a system that overcommits and satisfies physical memory needs on demand via soft page faults. pai: The pai flag is an extent_pai_t. zeroed: The zeroed flag is used by extent recycling code to track whether memory is zero-filled. guarded: The guarded flag is used by the sanitizer to track whether the extent has page guards around it. state: The state flag is an extent_state_t. szind: The szind flag indicates usable size class index for allocations residing in this extent, regardless of whether the extent is a slab. Extent size and usable size often differ even for non-slabs, either due to sz_large_pad or promotion of sampled small regions. nfree: Number of free regions in slab. bin_shard: The shard of the bin from which this extent came.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.state_name","title":"state_name  property","text":"
state_name: str\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.has_slab","title":"has_slab  property","text":"
has_slab: bool\n
 
Returns True if the extent is used for small size classes. Reference for size in Table 1 at https://jemalloc.net/jemalloc.3.html At time of writing, allocations <= 0x3800 are considered as small allocations and has slabs.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.is_free","title":"is_free  property","text":"
is_free: bool\n
 
Returns True if the extent is free.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.pai","title":"pai  property","text":"
pai: str\n
 
Page Allocator Interface
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.mask","title":"mask","text":"
mask(current_field_width, current_field_shift)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_1","title":"lg_floor_1","text":"
lg_floor_1(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_2","title":"lg_floor_2","text":"
lg_floor_2(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_4","title":"lg_floor_4","text":"
lg_floor_4(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_8","title":"lg_floor_8","text":"
lg_floor_8(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_16","title":"lg_floor_16","text":"
lg_floor_16(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_32","title":"lg_floor_32","text":"
lg_floor_32(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_64","title":"lg_floor_64","text":"
lg_floor_64(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor","title":"lg_floor","text":"
lg_floor(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_ceil","title":"lg_ceil","text":"
lg_ceil(x)\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/","title":"mallocng","text":""},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng","title":"mallocng","text":"
Implements handling of musl's allocator mallocng. https://elixir.bootlin.com/musl/v1.2.5/source/src/malloc/mallocng
 
Classes:
 
     
  •  SlotState           \u2013            
    •  
  •  Group           \u2013            
    A group is an array of slots.
     
    •  
  •  Slot           \u2013            
    The \"unit of allocation\" (analogous to glibc's \"chunk\").
     
    •  
  •  GroupedSlot           \u2013            
    This is not a mallocng concept, this is a pwndbg abstraction.
     
    •  
  •  Meta           \u2013            
    The metadata of a group.
     
    •  
  •  MetaArea           \u2013            
    Slabs that contain metas, linked in a singly-linked list.
     
    •  
  •  MallocContext           \u2013            
    The global object that holds all allocator state.
     
    •  
  •  Mallocng           \u2013            
    Tracks the allocator state.
     
    •  
 
Functions:
 
     
  •  int_size             \u2013              
    •  
 
Attributes:
 
     
  •  UNIT               (int)           \u2013            
    •  
  •  IB               (int)           \u2013            
    •  
  •  size_classes               (list[int])           \u2013            
    •  
  •  mallocng           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.UNIT","title":"UNIT  module-attribute","text":"
UNIT: int = 16\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.IB","title":"IB  module-attribute","text":"
IB: int = 4\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.size_classes","title":"size_classes  module-attribute","text":"
size_classes: list[int] = [\n    1,\n    2,\n    3,\n    4,\n    5,\n    6,\n    7,\n    8,\n    9,\n    10,\n    12,\n    15,\n    18,\n    20,\n    25,\n    31,\n    36,\n    42,\n    50,\n    63,\n    72,\n    84,\n    102,\n    127,\n    146,\n    170,\n    204,\n    255,\n    292,\n    340,\n    409,\n    511,\n    584,\n    682,\n    818,\n    1023,\n    1169,\n    1364,\n    1637,\n    2047,\n    2340,\n    2730,\n    3276,\n    4095,\n    4680,\n    5460,\n    6552,\n    8191,\n]\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.mallocng","title":"mallocng  module-attribute","text":"
mallocng = Mallocng()\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.SlotState","title":"SlotState","text":"
               Bases: Enum
 
Attributes:
 
     
  •  ALLOCATED           \u2013            
    •  
  •  FREED           \u2013            
    •  
  •  AVAIL           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.SlotState.ALLOCATED","title":"ALLOCATED  class-attribute instance-attribute","text":"
ALLOCATED = 'allocated'\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.SlotState.FREED","title":"FREED  class-attribute instance-attribute","text":"
FREED = 'freed'\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.SlotState.AVAIL","title":"AVAIL  class-attribute instance-attribute","text":"
AVAIL = 'available'\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group","title":"Group","text":"
Group(addr: int)\n
 
A group is an array of slots.
 
https://elixir.bootlin.com/musl/v1.2.5/source/src/malloc/mallocng/meta.h#L17 struct group {   struct meta *meta;   unsigned char active_idx:5;   char pad[UNIT - sizeof(struct meta *) - 1];   unsigned char storage[]; };
 
Methods:
 
     
  •  preload             \u2013              
    Read all the necessary process memory to populate the group's
     
    •  
  •  set_meta             \u2013              
    Sets the meta object for this group.
     
    •  
  •  at_index             \u2013              
    Get the address of the slot at index idx.
     
    •  
 
Attributes:
 
     
  •  addr           \u2013            
    •  
  •  meta               (Meta)           \u2013            
    Raises:
     
    •  
  •  active_idx               (int)           \u2013            
    Raises:
     
    •  
  •  storage               (int)           \u2013            
    •  
  •  group_size               (int)           \u2013            
    The size of this group, in bytes.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.addr","title":"addr  instance-attribute","text":"
addr = addr\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.meta","title":"meta  property","text":"
meta: Meta\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.active_idx","title":"active_idx  property","text":"
active_idx: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.storage","title":"storage  property","text":"
storage: int\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.group_size","title":"group_size  property","text":"
group_size: int\n
 
The size of this group, in bytes.
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.preload","title":"preload","text":"
preload() -> None\n
 
Read all the necessary process memory to populate the group's fields.
 
Do this if you know you will be using most of the fields of the group. It will be faster, since we can do one reads instead of two small ones. You may also catch inaccessible memory exceptions here and not worry about it later.
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.set_meta","title":"set_meta","text":"
set_meta(meta: Meta) -> None\n
 
Sets the meta object for this group.
 
If the meta for this group is already calculated by the callee, use this to prevent it from being wastefully recalculated.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.at_index","title":"at_index","text":"
at_index(idx: int) -> int\n
 
Get the address of the slot at index idx.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot","title":"Slot","text":"
Slot(p: int)\n
 
The \"unit of allocation\" (analogous to glibc's \"chunk\"). There is no struct in the source code that describes it.
 
Methods:
 
     
  •  preload             \u2013              
    Read all the necessary process memory to populate the slot's
     
    •  
  •  preload_meta_dependants             \u2013              
    Preloads all fields that depend on a sane meta.
     
    •  
  •  is_cyclic             \u2013              
    Returns whether mallocng reports that p != start.
     
    •  
  •  contains_group             \u2013              
    Does this slot nest a group?
     
    •  
  •  set_group             \u2013              
    If the slot is FREED or AVAIL, it is impossible for it to
     
    •  
  •  from_p             \u2013              
    •  
  •  from_start             \u2013              
    •  
 
Attributes:
 
     
  •  p               (int)           \u2013            
    •  
  •  offset               (int)           \u2013            
    Raises:
     
    •  
  •  pn3               (int)           \u2013            
    Raises:
     
    •  
  •  idx               (int)           \u2013            
    Raises:
     
    •  
  •  reserved_in_header               (int)           \u2013            
    •  
  •  big_offset_check               (int)           \u2013            
    Raises:
     
    •  
  •  start               (int)           \u2013            
    Raises:
     
    •  
  •  cyclic_offset               (int)           \u2013            
    Returns zero if is_cyclic() is False.
     
    •  
  •  startn3               (int)           \u2013            
    Raises:
     
    •  
  •  reserved_in_footer               (int)           \u2013            
    Returns -1 if the value is invalid, i.e.
     
    •  
  •  end               (int)           \u2013            
    Raises:
     
    •  
  •  reserved               (int)           \u2013            
    Returns 0 if reserved_in_header() == 6.
     
    •  
  •  nominal_size               (int)           \u2013            
    Raises:
     
    •  
  •  user_size               (int)           \u2013            
    Raises:
     
    •  
  •  slack               (int)           \u2013            
    Raises:
     
    •  
  •  group               (Group)           \u2013            
    •  
  •  meta               (Meta)           \u2013            
    Raises:
     
    •  
  •  slot_state               (SlotState)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.p","title":"p  instance-attribute","text":"
p: int = p\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.offset","title":"offset  property","text":"
offset: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.pn3","title":"pn3  property","text":"
pn3: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.idx","title":"idx  property","text":"
idx: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.reserved_in_header","title":"reserved_in_header  property","text":"
reserved_in_header: int\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.big_offset_check","title":"big_offset_check  property","text":"
big_offset_check: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.start","title":"start  property","text":"
start: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.cyclic_offset","title":"cyclic_offset  property","text":"
cyclic_offset: int\n
 
Returns zero if is_cyclic() is False.
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.startn3","title":"startn3  property","text":"
startn3: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.reserved_in_footer","title":"reserved_in_footer  property","text":"
reserved_in_footer: int\n
 
Returns -1 if the value is invalid, i.e. reserved_in_header() != 5.
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.end","title":"end  property","text":"
end: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.reserved","title":"reserved  property","text":"
reserved: int\n
 
Returns 0 if reserved_in_header() == 6. Returns -1 if reserved_in_header() == 7.
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.nominal_size","title":"nominal_size  property","text":"
nominal_size: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.user_size","title":"user_size  property","text":"
user_size: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.slack","title":"slack  property","text":"
slack: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.group","title":"group  property","text":"
group: Group\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.meta","title":"meta  property","text":"
meta: Meta\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.slot_state","title":"slot_state  property","text":"
slot_state: SlotState\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.preload","title":"preload","text":"
preload() -> None\n
 
Read all the necessary process memory to populate the slot's p header fields.
 
Do this if you know you will be using most of the fields of the slot. It will be faster, since we can do a few big reads instead of many small ones. You may also catch inaccessible memory exceptions here and not worry about it later.
 
Fields dependant on the meta are not loaded - you will still need to worry about exceptions coming from them.
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.preload_meta_dependants","title":"preload_meta_dependants","text":"
preload_meta_dependants() -> None\n
 
Preloads all fields that depend on a sane meta.
 
It generally only makes sense to run this after preload(). Calling this reduces the amount of process writes and centralizes field exceptions to this function.
 
If both preload() and preload_meta_dependants() return without exceptions, all the fields in this class are guaranteed to not cause any more memory reads nor raise any more exceptions.
 
Raises:
 
     
  •  Error             \u2013            
    When the meta is corrupt and/or reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> int\n
 
Returns whether mallocng reports that p != start.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.contains_group","title":"contains_group","text":"
contains_group() -> bool\n
 
Does this slot nest a group?
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.set_group","title":"set_group","text":"
set_group(group: Group) -> None\n
 
If the slot is FREED or AVAIL, it is impossible for it to recover the start of its group, and ergo its meta.
 
You can thus use this to set it externally.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.from_p","title":"from_p  classmethod","text":"
from_p(p: int) -> 'Slot'\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.from_start","title":"from_start  classmethod","text":"
from_start(start: int) -> 'Slot'\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot","title":"GroupedSlot","text":"
GroupedSlot(group: Group, idx: int)\n
 
This is not a mallocng concept, this is a pwndbg abstraction.
 
A Slot object uses its inband metadata to recover all its fields and uncover more information about itself by locating its group and meta. It works essentially the same way mallocng's free() works.
 
However, if a slot is freed or available, most of its in-band metadata will be invalid and it will not be able to recover group and meta. But, given the start of the slot, we can infer which group it belongs to and what its index is by walking allocator state i.e. ctx i.e. by using Mallocng.find_slot().
 
A GroupedSlot then describes all information we can glean about a slot which is described by a (group, idx) pair. Many of its fields can be completely different from a Slot at the same location. They are guaranteed to be the same only if the slot is ALLOCATED and hasn't been corrupted.
 
Not all fields that are available in Slot are available in GroupedSlot.
 
Make sure the group you are passing to the constructor points to a valid meta object.
 
Attributes:
 
     
  •  group           \u2013            
    •  
  •  meta           \u2013            
    •  
  •  idx           \u2013            
    •  
  •  stride           \u2013            
    •  
  •  slot_state           \u2013            
    •  
  •  start           \u2013            
    •  
  •  end           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.group","title":"group  instance-attribute","text":"
group = group\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.meta","title":"meta  instance-attribute","text":"
meta = meta\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.idx","title":"idx  instance-attribute","text":"
idx = idx\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.stride","title":"stride  instance-attribute","text":"
stride = stride\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.slot_state","title":"slot_state  instance-attribute","text":"
slot_state = slotstate_at_index(idx)\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.start","title":"start  instance-attribute","text":"
start = storage + stride * idx\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.end","title":"end  instance-attribute","text":"
end = start + stride - IB\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta","title":"Meta","text":"
Meta(addr: int)\n
 
The metadata of a group.
 
https://elixir.bootlin.com/musl/v1.2.5/source/src/malloc/mallocng/meta.h#L24 struct meta {   struct meta *prev, *next;   struct group *mem;   volatile int avail_mask, freed_mask;   uintptr_t last_idx:5;   uintptr_t freeable:1;   uintptr_t sizeclass:6;   uintptr_t maplen:8*sizeof(uintptr_t)-12; };
 
Methods:
 
     
  •  preload             \u2013              
    Read all the necessary process memory to populate the meta's
     
    •  
  •  parent_group             \u2013              
    If this group is nested, returns the address of the group which
     
    •  
  •  root_group             \u2013              
    Returns the topmost/biggest parent group. It will never be a nested
     
    •  
  •  slotstate_at_index             \u2013              
    •  
  •  sizeof             \u2013              
    •  
 
Attributes:
 
     
  •  addr               (int)           \u2013            
    •  
  •  prev               (int)           \u2013            
    Raises:
     
    •  
  •  next               (int)           \u2013            
    Raises:
     
    •  
  •  mem               (int)           \u2013            
    Raises:
     
    •  
  •  avail_mask               (int)           \u2013            
    Raises:
     
    •  
  •  freed_mask               (int)           \u2013            
    Raises:
     
    •  
  •  last_idx               (int)           \u2013            
    Raises:
     
    •  
  •  freeable               (int)           \u2013            
    Raises:
     
    •  
  •  sizeclass               (int)           \u2013            
    Raises:
     
    •  
  •  maplen               (int)           \u2013            
    Raises:
     
    •  
  •  stride               (int)           \u2013            
    Returns -1 if sizeclass >= len(size_classes).
     
    •  
  •  cnt               (int)           \u2013            
    Number of slots in the group.
     
    •  
  •  is_donated               (bool)           \u2013            
    Returns whether the group object referred to by this meta has been
     
    •  
  •  is_mmaped               (bool)           \u2013            
    Returns whether the group object referred to by this meta has been
     
    •  
  •  is_nested               (bool)           \u2013            
    Returns whether the group object referred to by this meta has been
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.addr","title":"addr  instance-attribute","text":"
addr: int = addr\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.prev","title":"prev  property","text":"
prev: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.next","title":"next  property","text":"
next: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.mem","title":"mem  property","text":"
mem: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.avail_mask","title":"avail_mask  property","text":"
avail_mask: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.freed_mask","title":"freed_mask  property","text":"
freed_mask: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.last_idx","title":"last_idx  property","text":"
last_idx: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.freeable","title":"freeable  property","text":"
freeable: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.sizeclass","title":"sizeclass  property","text":"
sizeclass: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.maplen","title":"maplen  property","text":"
maplen: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.stride","title":"stride  property","text":"
stride: int\n
 
Returns -1 if sizeclass >= len(size_classes).
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.cnt","title":"cnt  property","text":"
cnt: int\n
 
Number of slots in the group.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.is_donated","title":"is_donated  property","text":"
is_donated: bool\n
 
Returns whether the group object referred to by this meta has been created by being donated by ld.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.is_mmaped","title":"is_mmaped  property","text":"
is_mmaped: bool\n
 
Returns whether the group object referred to by this meta has been created by being mmaped.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.is_nested","title":"is_nested  property","text":"
is_nested: bool\n
 
Returns whether the group object referred to by this meta has been created by being nested into a slot.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.preload","title":"preload","text":"
preload() -> None\n
 
Read all the necessary process memory to populate the meta's fields.
 
Do this if you know you will be using most of the fields of the meta. It will be faster, since we can do a one big read instead of many small ones. You may also catch inaccessible memory exceptions here and not worry about it later.
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.parent_group","title":"parent_group","text":"
parent_group() -> int\n
 
If this group is nested, returns the address of the group which contains the slot in which this group is in. Otherwise, returns -1.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.root_group","title":"root_group","text":"
root_group() -> Group\n
 
Returns the topmost/biggest parent group. It will never be a nested group. If this group isn't nested, this group is returned.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.slotstate_at_index","title":"slotstate_at_index","text":"
slotstate_at_index(idx: int) -> SlotState\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.sizeof","title":"sizeof  staticmethod","text":"
sizeof() -> int\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea","title":"MetaArea","text":"
MetaArea(addr: int)\n
 
Slabs that contain metas, linked in a singly-linked list.
 
https://elixir.bootlin.com/musl/v1.2.5/source/src/malloc/mallocng/meta.h#L34 struct meta_area {   uint64_t check;   struct meta_area *next;   int nslots;   struct meta slots[]; };
 
Methods:
 
     
  •  load             \u2013              
    •  
  •  at_index             \u2013              
    Returns the address of the meta object located
     
    •  
 
Attributes:
 
     
  •  addr               (int)           \u2013            
    •  
  •  check               (int)           \u2013            
    •  
  •  meta_area               (int)           \u2013            
    •  
  •  nslots               (int)           \u2013            
    •  
  •  slots               (int)           \u2013            
    •  
  •  area_size               (int)           \u2013            
    Returns not the size of struct meta_area but rather
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.addr","title":"addr  instance-attribute","text":"
addr: int = addr\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.check","title":"check  instance-attribute","text":"
check: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.meta_area","title":"meta_area  instance-attribute","text":"
meta_area: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.nslots","title":"nslots  instance-attribute","text":"
nslots: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.slots","title":"slots  instance-attribute","text":"
slots: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.area_size","title":"area_size  property","text":"
area_size: int\n
 
Returns not the size of struct meta_area but rather the size of the memory this object represents.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.load","title":"load","text":"
load() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.at_index","title":"at_index","text":"
at_index(idx: int) -> int\n
 
Returns the address of the meta object located at index idx.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext","title":"MallocContext","text":"
MallocContext(addr: int)\n
 
The global object that holds all allocator state.
 
https://elixir.bootlin.com/musl/v1.2.5/source/src/malloc/mallocng/meta.h#L41 struct malloc_context {   uint64_t secret;
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext--ifndef-pagesize","title":"ifndef PAGESIZE","text":"
size_t pagesize;
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext--endif","title":"endif","text":"
int init_done;   unsigned mmap_counter;   struct meta *free_meta_head;   struct meta *avail_meta;   size_t avail_meta_count, avail_meta_area_count, meta_alloc_shift;   struct meta_area *meta_area_head, *meta_area_tail;   unsigned char *avail_meta_areas;   struct meta *active[48];   size_t usage_by_class[48];   uint8_t unmap_seq[32], bounces[32];   uint8_t seq;   uintptr_t brk; };
 
Methods:
 
     
  •  load             \u2013              
    •  
  •  looks_valid             \u2013              
    Returns true if this object looks like a valid struct malloc_context object
     
    •  
 
Attributes:
 
     
  •  addr               (int)           \u2013            
    •  
  •  secret               (int)           \u2013            
    •  
  •  pagesize               (int)           \u2013            
    •  
  •  init_done               (int)           \u2013            
    •  
  •  mmap_counter               (int)           \u2013            
    •  
  •  free_meta_head               (int)           \u2013            
    •  
  •  avail_meta               (int)           \u2013            
    •  
  •  avail_meta_count               (int)           \u2013            
    •  
  •  avail_meta_area_count               (int)           \u2013            
    •  
  •  meta_alloc_shift               (int)           \u2013            
    •  
  •  meta_area_head               (int)           \u2013            
    •  
  •  meta_area_tail               (int)           \u2013            
    •  
  •  avail_meta_areas               (int)           \u2013            
    •  
  •  active               (list[int])           \u2013            
    •  
  •  usage_by_class               (list[int])           \u2013            
    •  
  •  unmap_seq               (list[int])           \u2013            
    •  
  •  bounces               (list[int])           \u2013            
    •  
  •  seq               (int)           \u2013            
    •  
  •  brk               (int)           \u2013            
    •  
  •  sizeof               (int)           \u2013            
    •  
  •  has_pagesize_field               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.addr","title":"addr  instance-attribute","text":"
addr: int = addr\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.secret","title":"secret  instance-attribute","text":"
secret: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.pagesize","title":"pagesize  instance-attribute","text":"
pagesize: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.init_done","title":"init_done  instance-attribute","text":"
init_done: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.mmap_counter","title":"mmap_counter  instance-attribute","text":"
mmap_counter: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.free_meta_head","title":"free_meta_head  instance-attribute","text":"
free_meta_head: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.avail_meta","title":"avail_meta  instance-attribute","text":"
avail_meta: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.avail_meta_count","title":"avail_meta_count  instance-attribute","text":"
avail_meta_count: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.avail_meta_area_count","title":"avail_meta_area_count  instance-attribute","text":"
avail_meta_area_count: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.meta_alloc_shift","title":"meta_alloc_shift  instance-attribute","text":"
meta_alloc_shift: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.meta_area_head","title":"meta_area_head  instance-attribute","text":"
meta_area_head: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.meta_area_tail","title":"meta_area_tail  instance-attribute","text":"
meta_area_tail: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.avail_meta_areas","title":"avail_meta_areas  instance-attribute","text":"
avail_meta_areas: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.active","title":"active  instance-attribute","text":"
active: list[int] = []\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.usage_by_class","title":"usage_by_class  instance-attribute","text":"
usage_by_class: list[int] = []\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.unmap_seq","title":"unmap_seq  instance-attribute","text":"
unmap_seq: list[int] = []\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.bounces","title":"bounces  instance-attribute","text":"
bounces: list[int] = []\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.seq","title":"seq  instance-attribute","text":"
seq: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.brk","title":"brk  instance-attribute","text":"
brk: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.sizeof","title":"sizeof  instance-attribute","text":"
sizeof: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.has_pagesize_field","title":"has_pagesize_field  instance-attribute","text":"
has_pagesize_field: bool = False\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.load","title":"load","text":"
load() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.looks_valid","title":"looks_valid","text":"
looks_valid() -> bool\n
 
Returns true if this object looks like a valid struct malloc_context object describing an initialized heap. False otherwise.
 
This is used by class Mallocng to find the correct ctx object.
 
We consider it invalid if the heap reads as uninitialized because: 1. Performing this check filters out invalid ctx objects very well. 2. When musl is dynmically linked, due to the ld donation logic,    the heap will usually be initialized before the start of main().
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng","title":"Mallocng","text":"
Mallocng()\n
 
               Bases: MemoryAllocator
 
Tracks the allocator state. By leveraging the __malloc_context symbol.
 
Import this singleton class like: from pwndbg.aglib.heap.mallocng import mallocng as ng
 
and make sure that you have run ng.init_if_needed() before you used the object.
 
Methods:
 
     
  •  init_if_needed             \u2013              
    We want this class to be a singleton, but also we can't
     
    •  
  •  set_ctx_addr             \u2013              
    Find where the __malloc_context global symbol is. Try using debug information,
     
    •  
  •  libc_has_debug_syms             \u2013              
    •  
  •  find_slot             \u2013              
    Get the slot which contains this address.
     
    •  
  •  containing             \u2013              
    Same as find_slot() but returns only the start address of the slot, or zero
     
    •  
  •  get_free_metas             \u2013              
    Get all free metas by traversing the ctx.free_meta_head doubly
     
    •  
  •  meta_is_avail             \u2013              
    Checks whether a meta is available.
     
    •  
  •  is_initialized             \u2013              
    Returns whether the allocator is initialized or not.
     
    •  
 
Attributes:
 
     
  •  finished_init               (bool)           \u2013            
    •  
  •  ctx_addr               (int)           \u2013            
    •  
  •  ctx               (MallocContext | None)           \u2013            
    •  
  •  has_debug_syms               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.finished_init","title":"finished_init  instance-attribute","text":"
finished_init: bool = False\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.ctx_addr","title":"ctx_addr  instance-attribute","text":"
ctx_addr: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.ctx","title":"ctx  instance-attribute","text":"
ctx: MallocContext | None = None\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.has_debug_syms","title":"has_debug_syms  instance-attribute","text":"
has_debug_syms: bool = False\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.init_if_needed","title":"init_if_needed","text":"
init_if_needed() -> bool\n
 
We want this class to be a singleton, but also we can't initialize it as soon as pwndbg is loaded.
 
Users of the object are responsible for calling this to make sure the object is initialized. This also ensures our view of the heap is up-to-date.
 
Returns:
 
     
  •  bool           \u2013            
    True if this object is successfully initialized (whether
     
    •  
  •  bool           \u2013            
    now or before). False otherswise. If this returns False
     
    •  
  •  bool           \u2013            
    you may not use this object for heap operations.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.set_ctx_addr","title":"set_ctx_addr","text":"
set_ctx_addr() -> None\n
 
Find where the __malloc_context global symbol is. Try using debug information, but if it isn't available try using a heuristic.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.libc_has_debug_syms","title":"libc_has_debug_syms","text":"
libc_has_debug_syms() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.find_slot","title":"find_slot","text":"
find_slot(\n    address: int, metadata: bool = False, shallow: bool = False\n) -> tuple[GroupedSlot | None, Slot | None]\n
 
Get the slot which contains this address.
 
We say a slot \"contains\" an address, if the address is in [start, start + stride). Thus, this will match the previous slot if you provide the address of the header inband metadata of a slot.
 
If metadata is True, then we check [start - IB, end) for containment.
 
If shallow is True, return the biggest slot which contains this address. The group that owns this slot will not be a nested group.
 
Returns (None, None) if nothing is found.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.containing","title":"containing","text":"
containing(address: int, metadata: bool = False, shallow: bool = False) -> int\n
 
Same as find_slot() but returns only the start address of the slot, or zero if no slot is found.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.get_free_metas","title":"get_free_metas","text":"
get_free_metas() -> dict[int, tuple[int, Meta]]\n
 
Get all free metas by traversing the ctx.free_meta_head doubly linked list. Map them to their index in the list.
 
Raises:
 
     
  •  Error             \u2013            
    If some meta cannot be read or is corrupted.
     
    •  
 
Returns:
 
     
  •  dict[int, tuple[int, Meta]]           \u2013            
    A dictionary that maps: meta address -> (meta index in list, Meta object).
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.meta_is_avail","title":"meta_is_avail","text":"
meta_is_avail(addr: int) -> bool\n
 
Checks whether a meta is available.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.is_initialized","title":"is_initialized","text":"
is_initialized() -> bool\n
 
Returns whether the allocator is initialized or not.
 
Returns:
 
     
  •  bool           \u2013            
    A boolean.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.int_size","title":"int_size","text":"
int_size() -> int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/","title":"ptmalloc","text":""},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc","title":"ptmalloc","text":"
Classes:
 
     
  •  BinType           \u2013            
    •  
  •  Bin           \u2013            
    •  
  •  Bins           \u2013            
    •  
  •  ChunkField           \u2013            
    •  
  •  Chunk           \u2013            
    •  
  •  Heap           \u2013            
    •  
  •  Arena           \u2013            
    •  
  •  GlibcMemoryAllocator           \u2013            
    •  
  •  DebugSymsHeap           \u2013            
    •  
  •  SymbolUnresolvableError           \u2013            
    •  
  •  HeuristicHeap           \u2013            
    •  
 
Functions:
 
     
  •  heap_for_ptr             \u2013              
    Round a pointer to a chunk down to find its corresponding heap_info
     
    •  
  •  fetch_chunk_metadata             \u2013              
    •  
 
Attributes:
 
     
  •  PREV_INUSE           \u2013            
    •  
  •  IS_MMAPPED           \u2013            
    •  
  •  NON_MAIN_ARENA           \u2013            
    •  
  •  SIZE_BITS           \u2013            
    •  
  •  NONCONTIGUOUS_BIT           \u2013            
    •  
  •  TheType           \u2013            
    •  
  •  TheValue           \u2013            
    •  
  •  HEAP_MAX_SIZE               (int)           \u2013            
    •  
  •  NBINS           \u2013            
    •  
  •  BINMAPSIZE           \u2013            
    •  
  •  NFASTBINS           \u2013            
    •  
  •  NSMALLBINS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.PREV_INUSE","title":"PREV_INUSE  module-attribute","text":"
PREV_INUSE = 1\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.IS_MMAPPED","title":"IS_MMAPPED  module-attribute","text":"
IS_MMAPPED = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NON_MAIN_ARENA","title":"NON_MAIN_ARENA  module-attribute","text":"
NON_MAIN_ARENA = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SIZE_BITS","title":"SIZE_BITS  module-attribute","text":"
SIZE_BITS = PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NONCONTIGUOUS_BIT","title":"NONCONTIGUOUS_BIT  module-attribute","text":"
NONCONTIGUOUS_BIT = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheType","title":"TheType  module-attribute","text":"
TheType = TypeVar('TheType', Type, Type[CStruct2GDB])\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheValue","title":"TheValue  module-attribute","text":"
TheValue = TypeVar('TheValue', Value, CStruct2GDB)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HEAP_MAX_SIZE","title":"HEAP_MAX_SIZE  module-attribute","text":"
HEAP_MAX_SIZE: int = None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NBINS","title":"NBINS  module-attribute","text":"
NBINS = 128\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BINMAPSIZE","title":"BINMAPSIZE  module-attribute","text":"
BINMAPSIZE = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NFASTBINS","title":"NFASTBINS  module-attribute","text":"
NFASTBINS = 10\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NSMALLBINS","title":"NSMALLBINS  module-attribute","text":"
NSMALLBINS = 64\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType","title":"BinType","text":"
               Bases: str, Enum
 
Methods:
 
     
  •  valid_fields             \u2013              
    •  
 
Attributes:
 
     
  •  TCACHE           \u2013            
    •  
  •  FAST           \u2013            
    •  
  •  SMALL           \u2013            
    •  
  •  LARGE           \u2013            
    •  
  •  UNSORTED           \u2013            
    •  
  •  NOT_IN_BIN           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.TCACHE","title":"TCACHE  class-attribute instance-attribute","text":"
TCACHE = 'tcachebins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.FAST","title":"FAST  class-attribute instance-attribute","text":"
FAST = 'fastbins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.SMALL","title":"SMALL  class-attribute instance-attribute","text":"
SMALL = 'smallbins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.LARGE","title":"LARGE  class-attribute instance-attribute","text":"
LARGE = 'largebins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.UNSORTED","title":"UNSORTED  class-attribute instance-attribute","text":"
UNSORTED = 'unsortedbin'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.NOT_IN_BIN","title":"NOT_IN_BIN  class-attribute instance-attribute","text":"
NOT_IN_BIN = 'not_in_bin'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.valid_fields","title":"valid_fields","text":"
valid_fields() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin","title":"Bin","text":"
Bin(\n    fd_chain: list[int],\n    bk_chain: list[int] | None = None,\n    count: int | None = None,\n    is_corrupted: bool = False,\n)\n
 
Methods:
 
     
  •  contains_chunk             \u2013              
    •  
  •  size_to_display_name             \u2013              
    •  
 
Attributes:
 
     
  •  fd_chain           \u2013            
    •  
  •  bk_chain           \u2013            
    •  
  •  count           \u2013            
    •  
  •  is_corrupted           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.fd_chain","title":"fd_chain  instance-attribute","text":"
fd_chain = fd_chain\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.bk_chain","title":"bk_chain  instance-attribute","text":"
bk_chain = bk_chain\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.count","title":"count  instance-attribute","text":"
count = count\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.is_corrupted","title":"is_corrupted  instance-attribute","text":"
is_corrupted = is_corrupted\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.contains_chunk","title":"contains_chunk","text":"
contains_chunk(chunk: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.size_to_display_name","title":"size_to_display_name  staticmethod","text":"
size_to_display_name(size: int | str) -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins","title":"Bins","text":"
Bins(bin_type: BinType)\n
 
Methods:
 
     
  •  contains_chunk             \u2013              
    •  
 
Attributes:
 
     
  •  bins               (OrderedDict[int | str, Bin])           \u2013            
    •  
  •  bin_type           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.bins","title":"bins  instance-attribute","text":"
bins: OrderedDict[int | str, Bin] = OrderedDict()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.bin_type","title":"bin_type  instance-attribute","text":"
bin_type = bin_type\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.contains_chunk","title":"contains_chunk","text":"
contains_chunk(size: int, chunk: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField","title":"ChunkField","text":"
               Bases: int, Enum
 
Attributes:
 
     
  •  PREV_SIZE           \u2013            
    •  
  •  SIZE           \u2013            
    •  
  •  FD           \u2013            
    •  
  •  BK           \u2013            
    •  
  •  FD_NEXTSIZE           \u2013            
    •  
  •  BK_NEXTSIZE           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.PREV_SIZE","title":"PREV_SIZE  class-attribute instance-attribute","text":"
PREV_SIZE = 1\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.SIZE","title":"SIZE  class-attribute instance-attribute","text":"
SIZE = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD","title":"FD  class-attribute instance-attribute","text":"
FD = 3\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK","title":"BK  class-attribute instance-attribute","text":"
BK = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD_NEXTSIZE","title":"FD_NEXTSIZE  class-attribute instance-attribute","text":"
FD_NEXTSIZE = 5\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK_NEXTSIZE","title":"BK_NEXTSIZE  class-attribute instance-attribute","text":"
BK_NEXTSIZE = 6\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk","title":"Chunk","text":"
Chunk(addr: int, heap: Heap | None = None, arena: Arena | None = None)\n
 
Methods:
 
     
  •  next_chunk             \u2013              
    •  
  •  __contains__             \u2013              
    This allow us to avoid extra constructions like 'if start_addr <= ptr < end_addr', etc.
     
    •  
 
Attributes:
 
     
  •  __slots__           \u2013            
    •  
  •  address           \u2013            
    •  
  •  prev_size               (int | None)           \u2013            
    •  
  •  size               (int | None)           \u2013            
    •  
  •  real_size               (int | None)           \u2013            
    •  
  •  flags               (dict[str, bool] | None)           \u2013            
    •  
  •  non_main_arena               (bool | None)           \u2013            
    •  
  •  is_mmapped               (bool | None)           \u2013            
    •  
  •  prev_inuse               (bool | None)           \u2013            
    •  
  •  fd           \u2013            
    •  
  •  bk           \u2013            
    •  
  •  fd_nextsize           \u2013            
    •  
  •  bk_nextsize           \u2013            
    •  
  •  heap               (Heap)           \u2013            
    •  
  •  arena               (Arena | None)           \u2013            
    •  
  •  is_top_chunk           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__slots__","title":"__slots__  class-attribute instance-attribute","text":"
__slots__ = (\n    \"_gdbValue\",\n    \"address\",\n    \"_prev_size\",\n    \"_size\",\n    \"_real_size\",\n    \"_flags\",\n    \"_non_main_arena\",\n    \"_is_mmapped\",\n    \"_prev_inuse\",\n    \"_fd\",\n    \"_bk\",\n    \"_fd_nextsize\",\n    \"_bk_nextsize\",\n    \"_heap\",\n    \"_arena\",\n    \"_is_top_chunk\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.address","title":"address  instance-attribute","text":"
address = int(address)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_size","title":"prev_size  property","text":"
prev_size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.size","title":"size  property","text":"
size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.real_size","title":"real_size  property","text":"
real_size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.flags","title":"flags  property","text":"
flags: dict[str, bool] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.non_main_arena","title":"non_main_arena  property","text":"
non_main_arena: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_mmapped","title":"is_mmapped  property","text":"
is_mmapped: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_inuse","title":"prev_inuse  property","text":"
prev_inuse: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd","title":"fd  property","text":"
fd\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk","title":"bk  property","text":"
bk\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd_nextsize","title":"fd_nextsize  property","text":"
fd_nextsize\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk_nextsize","title":"bk_nextsize  property","text":"
bk_nextsize\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.heap","title":"heap  property","text":"
heap: Heap\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.arena","title":"arena  property","text":"
arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_top_chunk","title":"is_top_chunk  property","text":"
is_top_chunk\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__match_renamed_field","title":"__match_renamed_field","text":"
__match_renamed_field(field: str)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.next_chunk","title":"next_chunk","text":"
next_chunk()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__contains__","title":"__contains__","text":"
__contains__(addr: int) -> bool\n
 
This allow us to avoid extra constructions like 'if start_addr <= ptr < end_addr', etc.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap","title":"Heap","text":"
Heap(addr: int, arena: Arena | None = None)\n
 
1) main_arena - uses the sbrk heap 2) non-main arena - heap starts after its heap_info struct (and possibly an arena) 3) non-contiguous main_arena - just a memory region 4) no arena - for fake/mmapped chunks
 
Methods:
 
     
  •  __iter__             \u2013              
    •  
  •  __contains__             \u2013              
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  __slots__           \u2013            
    •  
  •  arena           \u2013            
    •  
  •  start               (int)           \u2013            
    •  
  •  end               (int)           \u2013            
    •  
  •  first_chunk           \u2013            
    •  
  •  prev           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__slots__","title":"__slots__  class-attribute instance-attribute","text":"
__slots__ = (\n    \"_gdbValue\",\n    \"arena\",\n    \"_memory_region\",\n    \"start\",\n    \"end\",\n    \"_prev\",\n    \"first_chunk\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.arena","title":"arena  instance-attribute","text":"
arena = main_arena if arena is None else arena\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.start","title":"start  instance-attribute","text":"
start: int = start\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.end","title":"end  instance-attribute","text":"
end: int = end\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.first_chunk","title":"first_chunk  instance-attribute","text":"
first_chunk = Chunk(start)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.prev","title":"prev  property","text":"
prev\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__iter__","title":"__iter__","text":"
__iter__()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__contains__","title":"__contains__","text":"
__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena","title":"Arena","text":"
Arena(addr: int)\n
 
Methods:
 
     
  •  fastbins             \u2013              
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  __slots__           \u2013            
    •  
  •  address           \u2013            
    •  
  •  is_main_arena               (bool)           \u2013            
    •  
  •  mutex               (int | None)           \u2013            
    •  
  •  flags               (int | None)           \u2013            
    •  
  •  non_contiguous               (bool | None)           \u2013            
    •  
  •  have_fastchunks               (int | None)           \u2013            
    •  
  •  top               (int | None)           \u2013            
    •  
  •  fastbinsY               (list[int])           \u2013            
    •  
  •  bins               (list[int])           \u2013            
    •  
  •  binmap               (list[int])           \u2013            
    •  
  •  next               (int | None)           \u2013            
    •  
  •  next_free               (int | None)           \u2013            
    •  
  •  system_mem               (int | None)           \u2013            
    •  
  •  active_heap               (Heap)           \u2013            
    •  
  •  heaps           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.__slots__","title":"__slots__  class-attribute instance-attribute","text":"
__slots__ = (\n    \"_gdbValue\",\n    \"address\",\n    \"_is_main_arena\",\n    \"_top\",\n    \"_active_heap\",\n    \"_heaps\",\n    \"_mutex\",\n    \"_flags\",\n    \"_non_contiguous\",\n    \"_have_fastchunks\",\n    \"_fastbinsY\",\n    \"_bins\",\n    \"_binmap\",\n    \"_next\",\n    \"_next_free\",\n    \"_system_mem\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.address","title":"address  instance-attribute","text":"
address = int(address)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.is_main_arena","title":"is_main_arena  property","text":"
is_main_arena: bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.mutex","title":"mutex  property","text":"
mutex: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.flags","title":"flags  property","text":"
flags: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.non_contiguous","title":"non_contiguous  property","text":"
non_contiguous: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.have_fastchunks","title":"have_fastchunks  property","text":"
have_fastchunks: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.top","title":"top  property","text":"
top: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbinsY","title":"fastbinsY  property","text":"
fastbinsY: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.bins","title":"bins  property","text":"
bins: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.binmap","title":"binmap  property","text":"
binmap: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next","title":"next  property","text":"
next: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next_free","title":"next_free  property","text":"
next_free: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.system_mem","title":"system_mem  property","text":"
system_mem: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.active_heap","title":"active_heap  property","text":"
active_heap: Heap\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.heaps","title":"heaps  property","text":"
heaps\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbins","title":"fastbins","text":"
fastbins() -> Bins\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator","title":"GlibcMemoryAllocator","text":"
GlibcMemoryAllocator()\n
 
               Bases: MemoryAllocator, Generic[TheType, TheValue]
 
Methods:
 
     
  •  largebin_reverse_lookup             \u2013              
    Pick the appropriate largebin_reverse_lookup_ function for this architecture.
     
    •  
  •  largebin_size_range_from_index             \u2013              
    •  
  •  can_be_resolved             \u2013              
    •  
  •  has_tcache             \u2013              
    •  
  •  chunk_flags             \u2013              
    •  
  •  chunk_key_offset             \u2013              
    Find the index of a field in the malloc_chunk struct.
     
    •  
  •  get_heap             \u2013              
    •  
  •  get_tcache             \u2013              
    •  
  •  get_sbrk_heap_region             \u2013              
    •  
  •  get_region             \u2013              
    Find the memory map containing 'addr'.
     
    •  
  •  get_bins             \u2013              
    •  
  •  fastbin_index             \u2013              
    •  
  •  fastbins             \u2013              
    Returns: chain or None
     
    •  
  •  tcachebins             \u2013              
    Returns: tuple(chain, count) or None
     
    •  
  •  check_chain_corrupted             \u2013              
    Checks if the doubly linked list (of a {unsorted, small, large} bin)
     
    •  
  •  bin_at             \u2013              
    Modeled after glibc's bin_at function - so starts indexing from 1
     
    •  
  •  unsortedbin             \u2013              
    •  
  •  smallbins             \u2013              
    •  
  •  largebins             \u2013              
    •  
  •  largebin_index_32             \u2013              
    Modeled on the GLIBC malloc largebin_index_32 macro.
     
    •  
  •  largebin_index_32_big             \u2013              
    Modeled on the GLIBC malloc largebin_index_32_big macro.
     
    •  
  •  largebin_index_64             \u2013              
    Modeled on the GLIBC malloc largebin_index_64 macro.
     
    •  
  •  largebin_index             \u2013              
    Pick the appropriate largebin_index_ function for this architecture.
     
    •  
  •  is_initialized             \u2013              
    •  
  •  is_statically_linked             \u2013              
    •  
  •  libc_has_debug_syms             \u2013              
    The struct malloc_chunk comes from debugging symbols and it will not be there
     
    •  
  •  containing             \u2013              
    Returns the address of the allocation which contains 'address'.
     
    •  
 
Attributes:
 
     
  •  largebin_reverse_lookup_32           \u2013            
    •  
  •  largebin_reverse_lookup_32_big           \u2013            
    •  
  •  largebin_reverse_lookup_64           \u2013            
    •  
  •  main_arena               (Arena | None)           \u2013            
    •  
  •  arenas               (tuple[Arena, ...])           \u2013            
    Return a tuple of all current arenas.
     
    •  
  •  thread_arena               (Arena | None)           \u2013            
    •  
  •  thread_cache               (TheValue | None)           \u2013            
    •  
  •  mp               (TheValue | None)           \u2013            
    •  
  •  global_max_fast               (int | None)           \u2013            
    •  
  •  heap_info               (TheType | None)           \u2013            
    •  
  •  malloc_chunk               (TheType | None)           \u2013            
    •  
  •  malloc_state               (TheType | None)           \u2013            
    •  
  •  tcache_perthread_struct               (TheType | None)           \u2013            
    •  
  •  tcache_entry               (TheType | None)           \u2013            
    •  
  •  tcache_small_bins               (int | None)           \u2013            
    •  
  •  mallinfo               (TheType | None)           \u2013            
    •  
  •  malloc_par               (TheType | None)           \u2013            
    •  
  •  malloc_alignment               (int)           \u2013            
    Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
     
    •  
  •  size_sz               (int)           \u2013            
    Corresponds to SIZE_SZ in glibc malloc.c
     
    •  
  •  malloc_align_mask               (int)           \u2013            
    Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
     
    •  
  •  minsize               (int)           \u2013            
    Corresponds to MINSIZE in glibc malloc.c
     
    •  
  •  min_chunk_size               (int)           \u2013            
    Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
     
    •  
  •  multithreaded               (bool)           \u2013            
    Is malloc operating within a multithreaded environment.
     
    •  
  •  tcache_next_offset               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32 = (\n    512,\n    576,\n    640,\n    704,\n    768,\n    832,\n    896,\n    960,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32_big = (\n    1008,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    2944,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64  class-attribute instance-attribute","text":"
largebin_reverse_lookup_64 = (\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    3008,\n    3072,\n    3136,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.main_arena","title":"main_arena  property","text":"
main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.arenas","title":"arenas  property","text":"
arenas: tuple[Arena, ...]\n
 
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_arena","title":"thread_arena  property","text":"
thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_cache","title":"thread_cache  property","text":"
thread_cache: TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mp","title":"mp  property","text":"
mp: TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.global_max_fast","title":"global_max_fast  property","text":"
global_max_fast: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.heap_info","title":"heap_info  property","text":"
heap_info: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_chunk","title":"malloc_chunk  property","text":"
malloc_chunk: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_state","title":"malloc_state  property","text":"
malloc_state: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_perthread_struct","title":"tcache_perthread_struct  property","text":"
tcache_perthread_struct: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_entry","title":"tcache_entry  property","text":"
tcache_entry: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_small_bins","title":"tcache_small_bins  property","text":"
tcache_small_bins: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mallinfo","title":"mallinfo  property","text":"
mallinfo: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_par","title":"malloc_par  property","text":"
malloc_par: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_alignment","title":"malloc_alignment  property","text":"
malloc_alignment: int\n
 
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.size_sz","title":"size_sz  property","text":"
size_sz: int\n
 
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_align_mask","title":"malloc_align_mask  property","text":"
malloc_align_mask: int\n
 
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.minsize","title":"minsize  property","text":"
minsize: int\n
 
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.min_chunk_size","title":"min_chunk_size  property","text":"
min_chunk_size: int\n
 
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.multithreaded","title":"multithreaded  property","text":"
multithreaded: bool\n
 
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_next_offset","title":"tcache_next_offset  property","text":"
tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"
largebin_reverse_lookup(index: int) -> int\n
 
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.can_be_resolved","title":"can_be_resolved","text":"
can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.has_tcache","title":"has_tcache","text":"
has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_flags","title":"chunk_flags","text":"
chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_key_offset","title":"chunk_key_offset","text":"
chunk_key_offset(key: str) -> int | None\n
 
Find the index of a field in the malloc_chunk struct.
 64bit example 
prev_size == 0 size      == 8 fd        == 16 bk        == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_heap","title":"get_heap","text":"
get_heap(addr: int) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_tcache","title":"get_tcache","text":"
get_tcache(tcache_addr: int | None = None) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"
get_sbrk_heap_region() -> Page | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_region","title":"get_region","text":"
get_region(addr: int | Value | None) -> Page | None\n
 
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_bins","title":"get_bins","text":"
get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbin_index","title":"fastbin_index","text":"
fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbins","title":"fastbins","text":"
fastbins(arena_addr: int | None = None) -> Bins | None\n
 
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcachebins","title":"tcachebins","text":"
tcachebins(tcache_addr: int | None = None) -> Bins | None\n
 
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.check_chain_corrupted","title":"check_chain_corrupted","text":"
check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
 
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
 
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
 
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.bin_at","title":"bin_at","text":"
bin_at(\n    index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
 
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
 
bin_at(1) returns the unsorted bin
 
Bin 1          - Unsorted BiN Bin 2 to 63    - Smallbins Bin 64 to 126  - Largebins
 
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.unsortedbin","title":"unsortedbin","text":"
unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.smallbins","title":"smallbins","text":"
smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebins","title":"largebins","text":"
largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32","title":"largebin_index_32","text":"
largebin_index_32(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32_big","title":"largebin_index_32_big","text":"
largebin_index_32_big(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32_big macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_64","title":"largebin_index_64","text":"
largebin_index_64(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_64 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index","title":"largebin_index","text":"
largebin_index(sz: int)\n
 
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_initialized","title":"is_initialized","text":"
is_initialized()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_statically_linked","title":"is_statically_linked","text":"
is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.libc_has_debug_syms","title":"libc_has_debug_syms","text":"
libc_has_debug_syms() -> bool\n
 
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.containing","title":"containing","text":"
containing(address: int) -> int\n
 
Returns the address of the allocation which contains 'address'.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to look up.
     
    •  
 
Returns:
 
     
  •  int           \u2013            
    An integer.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap","title":"DebugSymsHeap","text":"
DebugSymsHeap()\n
 
               Bases: GlibcMemoryAllocator[Type, Value]
 
Methods:
 
     
  •  can_be_resolved             \u2013              
    •  
  •  has_tcache             \u2013              
    •  
  •  get_heap             \u2013              
    Find & read the heap_info struct belonging to the chunk at 'addr'.
     
    •  
  •  get_tcache             \u2013              
    •  
  •  get_sbrk_heap_region             \u2013              
    Return a Page object representing the sbrk heap region.
     
    •  
  •  is_initialized             \u2013              
    •  
  •  containing             \u2013              
    Returns the address of the allocation which contains 'address'.
     
    •  
  •  libc_has_debug_syms             \u2013              
    The struct malloc_chunk comes from debugging symbols and it will not be there
     
    •  
  •  largebin_reverse_lookup             \u2013              
    Pick the appropriate largebin_reverse_lookup_ function for this architecture.
     
    •  
  •  largebin_size_range_from_index             \u2013              
    •  
  •  chunk_flags             \u2013              
    •  
  •  chunk_key_offset             \u2013              
    Find the index of a field in the malloc_chunk struct.
     
    •  
  •  get_region             \u2013              
    Find the memory map containing 'addr'.
     
    •  
  •  get_bins             \u2013              
    •  
  •  fastbin_index             \u2013              
    •  
  •  fastbins             \u2013              
    Returns: chain or None
     
    •  
  •  tcachebins             \u2013              
    Returns: tuple(chain, count) or None
     
    •  
  •  check_chain_corrupted             \u2013              
    Checks if the doubly linked list (of a {unsorted, small, large} bin)
     
    •  
  •  bin_at             \u2013              
    Modeled after glibc's bin_at function - so starts indexing from 1
     
    •  
  •  unsortedbin             \u2013              
    •  
  •  smallbins             \u2013              
    •  
  •  largebins             \u2013              
    •  
  •  largebin_index_32             \u2013              
    Modeled on the GLIBC malloc largebin_index_32 macro.
     
    •  
  •  largebin_index_32_big             \u2013              
    Modeled on the GLIBC malloc largebin_index_32_big macro.
     
    •  
  •  largebin_index_64             \u2013              
    Modeled on the GLIBC malloc largebin_index_64 macro.
     
    •  
  •  largebin_index             \u2013              
    Pick the appropriate largebin_index_ function for this architecture.
     
    •  
  •  is_statically_linked             \u2013              
    •  
 
Attributes:
 
     
  •  main_arena               (Arena | None)           \u2013            
    •  
  •  thread_arena               (Arena | None)           \u2013            
    •  
  •  thread_cache               (Value | None)           \u2013            
    Locate a thread's tcache struct. If it doesn't have one, use the main
     
    •  
  •  mp               (Value | None)           \u2013            
    •  
  •  global_max_fast               (int | None)           \u2013            
    •  
  •  heap_info               (Type | None)           \u2013            
    •  
  •  malloc_chunk               (Type | None)           \u2013            
    •  
  •  malloc_state               (Type | None)           \u2013            
    •  
  •  tcache_perthread_struct               (Type | None)           \u2013            
    •  
  •  tcache_entry               (Type | None)           \u2013            
    •  
  •  mallinfo               (Type | None)           \u2013            
    •  
  •  malloc_par               (Type | None)           \u2013            
    •  
  •  largebin_reverse_lookup_32           \u2013            
    •  
  •  largebin_reverse_lookup_32_big           \u2013            
    •  
  •  largebin_reverse_lookup_64           \u2013            
    •  
  •  arenas               (tuple[Arena, ...])           \u2013            
    Return a tuple of all current arenas.
     
    •  
  •  tcache_small_bins               (int | None)           \u2013            
    •  
  •  malloc_alignment               (int)           \u2013            
    Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
     
    •  
  •  size_sz               (int)           \u2013            
    Corresponds to SIZE_SZ in glibc malloc.c
     
    •  
  •  malloc_align_mask               (int)           \u2013            
    Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
     
    •  
  •  minsize               (int)           \u2013            
    Corresponds to MINSIZE in glibc malloc.c
     
    •  
  •  min_chunk_size               (int)           \u2013            
    Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
     
    •  
  •  multithreaded               (bool)           \u2013            
    Is malloc operating within a multithreaded environment.
     
    •  
  •  tcache_next_offset               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.main_arena","title":"main_arena  property","text":"
main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_arena","title":"thread_arena  property","text":"
thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_cache","title":"thread_cache  property","text":"
thread_cache: Value | None\n
 
Locate a thread's tcache struct. If it doesn't have one, use the main thread's tcache.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mp","title":"mp  property","text":"
mp: Value | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.global_max_fast","title":"global_max_fast  property","text":"
global_max_fast: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.heap_info","title":"heap_info  property","text":"
heap_info: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_chunk","title":"malloc_chunk  property","text":"
malloc_chunk: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_state","title":"malloc_state  property","text":"
malloc_state: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_perthread_struct","title":"tcache_perthread_struct  property","text":"
tcache_perthread_struct: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_entry","title":"tcache_entry  property","text":"
tcache_entry: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mallinfo","title":"mallinfo  property","text":"
mallinfo: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_par","title":"malloc_par  property","text":"
malloc_par: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32 = (\n    512,\n    576,\n    640,\n    704,\n    768,\n    832,\n    896,\n    960,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32_big = (\n    1008,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    2944,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64  class-attribute instance-attribute","text":"
largebin_reverse_lookup_64 = (\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    3008,\n    3072,\n    3136,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.arenas","title":"arenas  property","text":"
arenas: tuple[Arena, ...]\n
 
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_small_bins","title":"tcache_small_bins  property","text":"
tcache_small_bins: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_alignment","title":"malloc_alignment  property","text":"
malloc_alignment: int\n
 
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.size_sz","title":"size_sz  property","text":"
size_sz: int\n
 
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_align_mask","title":"malloc_align_mask  property","text":"
malloc_align_mask: int\n
 
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.minsize","title":"minsize  property","text":"
minsize: int\n
 
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.min_chunk_size","title":"min_chunk_size  property","text":"
min_chunk_size: int\n
 
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.multithreaded","title":"multithreaded  property","text":"
multithreaded: bool\n
 
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_next_offset","title":"tcache_next_offset  property","text":"
tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.can_be_resolved","title":"can_be_resolved","text":"
can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.has_tcache","title":"has_tcache","text":"
has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_heap","title":"get_heap","text":"
get_heap(addr: int) -> Value | None\n
 
Find & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_tcache","title":"get_tcache","text":"
get_tcache(tcache_addr: int | Value | None = None) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"
get_sbrk_heap_region() -> Page | None\n
 
Return a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_initialized","title":"is_initialized","text":"
is_initialized() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.containing","title":"containing","text":"
containing(address: int) -> int\n
 
Returns the address of the allocation which contains 'address'.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to look up.
     
    •  
 
Returns:
 
     
  •  int           \u2013            
    An integer.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.libc_has_debug_syms","title":"libc_has_debug_syms","text":"
libc_has_debug_syms() -> bool\n
 
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"
largebin_reverse_lookup(index: int) -> int\n
 
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_flags","title":"chunk_flags","text":"
chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_key_offset","title":"chunk_key_offset","text":"
chunk_key_offset(key: str) -> int | None\n
 
Find the index of a field in the malloc_chunk struct.
 64bit example 
prev_size == 0 size      == 8 fd        == 16 bk        == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_region","title":"get_region","text":"
get_region(addr: int | Value | None) -> Page | None\n
 
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_bins","title":"get_bins","text":"
get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbin_index","title":"fastbin_index","text":"
fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbins","title":"fastbins","text":"
fastbins(arena_addr: int | None = None) -> Bins | None\n
 
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcachebins","title":"tcachebins","text":"
tcachebins(tcache_addr: int | None = None) -> Bins | None\n
 
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"
check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
 
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
 
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
 
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.bin_at","title":"bin_at","text":"
bin_at(\n    index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
 
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
 
bin_at(1) returns the unsorted bin
 
Bin 1          - Unsorted BiN Bin 2 to 63    - Smallbins Bin 64 to 126  - Largebins
 
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.unsortedbin","title":"unsortedbin","text":"
unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.smallbins","title":"smallbins","text":"
smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebins","title":"largebins","text":"
largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32","title":"largebin_index_32","text":"
largebin_index_32(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"
largebin_index_32_big(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32_big macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_64","title":"largebin_index_64","text":"
largebin_index_64(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_64 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index","title":"largebin_index","text":"
largebin_index(sz: int)\n
 
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_statically_linked","title":"is_statically_linked","text":"
is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SymbolUnresolvableError","title":"SymbolUnresolvableError","text":"
SymbolUnresolvableError(symbol: str)\n
 
               Bases: Exception
 
Attributes:
 
     
  •  symbol           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SymbolUnresolvableError.symbol","title":"symbol  instance-attribute","text":"
symbol = symbol\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap","title":"HeuristicHeap","text":"
HeuristicHeap()\n
 
               Bases: GlibcMemoryAllocator[Type['pwndbg.aglib.heap.structs.CStruct2GDB'], 'pwndbg.aglib.heap.structs.CStruct2GDB']
 
Methods:
 
     
  •  can_be_resolved             \u2013              
    •  
  •  has_tcache             \u2013              
    •  
  •  prompt_for_brute_force_thread_arena_permission             \u2013              
    Check if the user wants to brute force the thread_arena's value.
     
    •  
  •  prompt_for_brute_force_thread_cache_permission             \u2013              
    Check if the user wants to brute force the tcache's value.
     
    •  
  •  prompt_for_tls_address             \u2013              
    Check if we can determine the TLS address and return it.
     
    •  
  •  brute_force_tls_reference_in_got_section             \u2013              
    Brute force the TLS-reference in the .got section to that can pass the validator.
     
    •  
  •  brute_force_thread_local_variable_near_tls_base             \u2013              
    Brute force the thread-local variable near the TLS base address that can pass the validator.
     
    •  
  •  get_heap             \u2013              
    Find & read the heap_info struct belonging to the chunk at 'addr'.
     
    •  
  •  get_tcache             \u2013              
    •  
  •  get_sbrk_heap_region             \u2013              
    Return a Page object representing the sbrk heap region.
     
    •  
  •  is_initialized             \u2013              
    •  
  •  containing             \u2013              
    Returns the address of the allocation which contains 'address'.
     
    •  
  •  libc_has_debug_syms             \u2013              
    The struct malloc_chunk comes from debugging symbols and it will not be there
     
    •  
  •  largebin_reverse_lookup             \u2013              
    Pick the appropriate largebin_reverse_lookup_ function for this architecture.
     
    •  
  •  largebin_size_range_from_index             \u2013              
    •  
  •  chunk_flags             \u2013              
    •  
  •  chunk_key_offset             \u2013              
    Find the index of a field in the malloc_chunk struct.
     
    •  
  •  get_region             \u2013              
    Find the memory map containing 'addr'.
     
    •  
  •  get_bins             \u2013              
    •  
  •  fastbin_index             \u2013              
    •  
  •  fastbins             \u2013              
    Returns: chain or None
     
    •  
  •  tcachebins             \u2013              
    Returns: tuple(chain, count) or None
     
    •  
  •  check_chain_corrupted             \u2013              
    Checks if the doubly linked list (of a {unsorted, small, large} bin)
     
    •  
  •  bin_at             \u2013              
    Modeled after glibc's bin_at function - so starts indexing from 1
     
    •  
  •  unsortedbin             \u2013              
    •  
  •  smallbins             \u2013              
    •  
  •  largebins             \u2013              
    •  
  •  largebin_index_32             \u2013              
    Modeled on the GLIBC malloc largebin_index_32 macro.
     
    •  
  •  largebin_index_32_big             \u2013              
    Modeled on the GLIBC malloc largebin_index_32_big macro.
     
    •  
  •  largebin_index_64             \u2013              
    Modeled on the GLIBC malloc largebin_index_64 macro.
     
    •  
  •  largebin_index             \u2013              
    Pick the appropriate largebin_index_ function for this architecture.
     
    •  
  •  is_statically_linked             \u2013              
    •  
 
Attributes:
 
     
  •  struct_module               (ModuleType | None)           \u2013            
    •  
  •  main_arena               (Arena | None)           \u2013            
    •  
  •  thread_arena               (Arena | None)           \u2013            
    •  
  •  thread_cache               ('pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None)           \u2013            
    Locate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first,
     
    •  
  •  mp               ('pwndbg.aglib.heap.structs.CStruct2GDB')           \u2013            
    •  
  •  global_max_fast               (int)           \u2013            
    •  
  •  heap_info               (type['pwndbg.aglib.heap.structs.HeapInfo'] | None)           \u2013            
    •  
  •  malloc_chunk               (type['pwndbg.aglib.heap.structs.MallocChunk'] | None)           \u2013            
    •  
  •  malloc_state               (type['pwndbg.aglib.heap.structs.MallocState'] | None)           \u2013            
    •  
  •  tcache_perthread_struct               (type['pwndbg.aglib.heap.structs.TcachePerthreadStruct'] | None)           \u2013            
    •  
  •  tcache_entry               (type['pwndbg.aglib.heap.structs.TcacheEntry'] | None)           \u2013            
    •  
  •  mallinfo               (type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None)           \u2013            
    •  
  •  malloc_par               (type['pwndbg.aglib.heap.structs.MallocPar'] | None)           \u2013            
    •  
  •  largebin_reverse_lookup_32           \u2013            
    •  
  •  largebin_reverse_lookup_32_big           \u2013            
    •  
  •  largebin_reverse_lookup_64           \u2013            
    •  
  •  arenas               (tuple[Arena, ...])           \u2013            
    Return a tuple of all current arenas.
     
    •  
  •  tcache_small_bins               (int | None)           \u2013            
    •  
  •  malloc_alignment               (int)           \u2013            
    Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
     
    •  
  •  size_sz               (int)           \u2013            
    Corresponds to SIZE_SZ in glibc malloc.c
     
    •  
  •  malloc_align_mask               (int)           \u2013            
    Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
     
    •  
  •  minsize               (int)           \u2013            
    Corresponds to MINSIZE in glibc malloc.c
     
    •  
  •  min_chunk_size               (int)           \u2013            
    Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
     
    •  
  •  multithreaded               (bool)           \u2013            
    Is malloc operating within a multithreaded environment.
     
    •  
  •  tcache_next_offset               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.struct_module","title":"struct_module  property","text":"
struct_module: ModuleType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.main_arena","title":"main_arena  property","text":"
main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_arena","title":"thread_arena  property","text":"
thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_cache","title":"thread_cache  property","text":"
thread_cache: 'pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None\n
 
Locate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first, and if that fails, we guess it's at the first chunk of the heap.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mp","title":"mp  property","text":"
mp: 'pwndbg.aglib.heap.structs.CStruct2GDB'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.global_max_fast","title":"global_max_fast  property","text":"
global_max_fast: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.heap_info","title":"heap_info  property","text":"
heap_info: type['pwndbg.aglib.heap.structs.HeapInfo'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_chunk","title":"malloc_chunk  property","text":"
malloc_chunk: type['pwndbg.aglib.heap.structs.MallocChunk'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_state","title":"malloc_state  property","text":"
malloc_state: type['pwndbg.aglib.heap.structs.MallocState'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_perthread_struct","title":"tcache_perthread_struct  property","text":"
tcache_perthread_struct: (\n    type[\"pwndbg.aglib.heap.structs.TcachePerthreadStruct\"] | None\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_entry","title":"tcache_entry  property","text":"
tcache_entry: type['pwndbg.aglib.heap.structs.TcacheEntry'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mallinfo","title":"mallinfo  property","text":"
mallinfo: type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_par","title":"malloc_par  property","text":"
malloc_par: type['pwndbg.aglib.heap.structs.MallocPar'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32 = (\n    512,\n    576,\n    640,\n    704,\n    768,\n    832,\n    896,\n    960,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32_big = (\n    1008,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    2944,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64  class-attribute instance-attribute","text":"
largebin_reverse_lookup_64 = (\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    3008,\n    3072,\n    3136,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.arenas","title":"arenas  property","text":"
arenas: tuple[Arena, ...]\n
 
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_small_bins","title":"tcache_small_bins  property","text":"
tcache_small_bins: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_alignment","title":"malloc_alignment  property","text":"
malloc_alignment: int\n
 
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.size_sz","title":"size_sz  property","text":"
size_sz: int\n
 
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_align_mask","title":"malloc_align_mask  property","text":"
malloc_align_mask: int\n
 
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.minsize","title":"minsize  property","text":"
minsize: int\n
 
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.min_chunk_size","title":"min_chunk_size  property","text":"
min_chunk_size: int\n
 
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.multithreaded","title":"multithreaded  property","text":"
multithreaded: bool\n
 
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_next_offset","title":"tcache_next_offset  property","text":"
tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.can_be_resolved","title":"can_be_resolved","text":"
can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.has_tcache","title":"has_tcache","text":"
has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_arena_permission","title":"prompt_for_brute_force_thread_arena_permission","text":"
prompt_for_brute_force_thread_arena_permission() -> bool\n
 
Check if the user wants to brute force the thread_arena's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_cache_permission","title":"prompt_for_brute_force_thread_cache_permission","text":"
prompt_for_brute_force_thread_cache_permission() -> bool\n
 
Check if the user wants to brute force the tcache's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_tls_address","title":"prompt_for_tls_address","text":"
prompt_for_tls_address() -> int\n
 
Check if we can determine the TLS address and return it.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_tls_reference_in_got_section","title":"brute_force_tls_reference_in_got_section","text":"
brute_force_tls_reference_in_got_section(\n    tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\n
 
Brute force the TLS-reference in the .got section to that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_thread_local_variable_near_tls_base","title":"brute_force_thread_local_variable_near_tls_base","text":"
brute_force_thread_local_variable_near_tls_base(\n    tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\n
 
Brute force the thread-local variable near the TLS base address that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_heap","title":"get_heap","text":"
get_heap(addr: int) -> 'pwndbg.aglib.heap.structs.HeapInfo' | None\n
 
Find & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_tcache","title":"get_tcache","text":"
get_tcache(\n    tcache_addr: int | None = None,\n) -> \"pwndbg.aglib.heap.structs.TcachePerthreadStruct\" | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"
get_sbrk_heap_region() -> Page\n
 
Return a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES. This heuristic version requires some sanity checks and may raise SymbolUnresolvableError if malloc's mp_ struct can't be resolved.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_initialized","title":"is_initialized","text":"
is_initialized() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.containing","title":"containing","text":"
containing(address: int) -> int\n
 
Returns the address of the allocation which contains 'address'.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to look up.
     
    •  
 
Returns:
 
     
  •  int           \u2013            
    An integer.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.libc_has_debug_syms","title":"libc_has_debug_syms","text":"
libc_has_debug_syms() -> bool\n
 
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"
largebin_reverse_lookup(index: int) -> int\n
 
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_flags","title":"chunk_flags","text":"
chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_key_offset","title":"chunk_key_offset","text":"
chunk_key_offset(key: str) -> int | None\n
 
Find the index of a field in the malloc_chunk struct.
 64bit example 
prev_size == 0 size      == 8 fd        == 16 bk        == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_region","title":"get_region","text":"
get_region(addr: int | Value | None) -> Page | None\n
 
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_bins","title":"get_bins","text":"
get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbin_index","title":"fastbin_index","text":"
fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbins","title":"fastbins","text":"
fastbins(arena_addr: int | None = None) -> Bins | None\n
 
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcachebins","title":"tcachebins","text":"
tcachebins(tcache_addr: int | None = None) -> Bins | None\n
 
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"
check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
 
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
 
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
 
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.bin_at","title":"bin_at","text":"
bin_at(\n    index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
 
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
 
bin_at(1) returns the unsorted bin
 
Bin 1          - Unsorted BiN Bin 2 to 63    - Smallbins Bin 64 to 126  - Largebins
 
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.unsortedbin","title":"unsortedbin","text":"
unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.smallbins","title":"smallbins","text":"
smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebins","title":"largebins","text":"
largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32","title":"largebin_index_32","text":"
largebin_index_32(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"
largebin_index_32_big(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32_big macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_64","title":"largebin_index_64","text":"
largebin_index_64(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_64 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index","title":"largebin_index","text":"
largebin_index(sz: int)\n
 
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_statically_linked","title":"is_statically_linked","text":"
is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.heap_for_ptr","title":"heap_for_ptr","text":"
heap_for_ptr(ptr: int) -> int\n
 
Round a pointer to a chunk down to find its corresponding heap_info struct, the pointer must point inside a heap which does not belong to the main arena.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.fetch_chunk_metadata","title":"fetch_chunk_metadata","text":"
fetch_chunk_metadata(\n    address: int, include_only_fields: set[ChunkField] | None = None\n)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/","title":"structs","text":""},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs","title":"structs","text":"
Classes:
 
     
  •  c_pvoid           \u2013            
    Represents a pointer.
     
    •  
  •  c_size_t           \u2013            
    Represents a size_t.
     
    •  
  •  FakeGDBField           \u2013            
    Fake gdb.Field for compatibility
     
    •  
  •  CStruct2GDB           \u2013            
    •  
  •  c_malloc_state_2_26           \u2013            
    This class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
     
    •  
  •  c_malloc_state_2_12           \u2013            
    This class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
     
    •  
  •  c_malloc_state_2_27           \u2013            
    This class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
     
    •  
  •  MallocState           \u2013            
    This class represents malloc_state struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
  •  c_heap_info           \u2013            
    This class represents heap_info struct as a ctypes struct.
     
    •  
  •  HeapInfo           \u2013            
    This class represents heap_info struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
  •  c_malloc_chunk           \u2013            
    This class represents malloc_chunk struct as a ctypes struct.
     
    •  
  •  MallocChunk           \u2013            
    This class represents malloc_chunk struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
  •  c_tcache_perthread_struct_2_29           \u2013            
    This class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
     
    •  
  •  c_tcache_perthread_struct_2_30           \u2013            
    This class represents the tcache_perthread_struct for 2.30 <= GLIBC < 2.42 as a ctypes struct.
     
    •  
  •  c_tcache_perthread_struct_2_42           \u2013            
    This class represents the tcache_perthread_struct for 2.42 <= GLIBC as a ctypes struct.
     
    •  
  •  TcachePerthreadStruct           \u2013            
    This class represents tcache_perthread_struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
  •  c_tcache_entry_2_28           \u2013            
    This class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
     
    •  
  •  c_tcache_entry_2_29           \u2013            
    This class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
     
    •  
  •  TcacheEntry           \u2013            
    This class represents the tcache_entry struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
  •  c_malloc_par_2_23           \u2013            
    This class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
     
    •  
  •  c_malloc_par_2_12           \u2013            
    This class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
     
    •  
  •  c_malloc_par_2_24           \u2013            
    This class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
     
    •  
  •  c_malloc_par_2_26           \u2013            
    This class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
     
    •  
  •  c_malloc_par_2_35           \u2013            
    This class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
     
    •  
  •  c_malloc_par_2_42           \u2013            
    This class represents the malloc_par struct for GLIBC >= 2.42 as a ctypes struct.
     
    •  
  •  MallocPar           \u2013            
    This class represents the malloc_par struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
 
Functions:
 
     
  •  request2size             \u2013              
    •  
  •  fastbin_index             \u2013              
    •  
 
Attributes:
 
     
  •  GLIBC_VERSION           \u2013            
    •  
  •  SIZE_SZ           \u2013            
    •  
  •  MINSIZE           \u2013            
    •  
  •  MALLOC_ALIGN           \u2013            
    •  
  •  long_double_alignment           \u2013            
    •  
  •  MALLOC_ALIGN_MASK           \u2013            
    •  
  •  MAX_FAST_SIZE           \u2013            
    •  
  •  NBINS           \u2013            
    •  
  •  BINMAPSIZE           \u2013            
    •  
  •  TCACHE_SMALL_BINS           \u2013            
    •  
  •  TCACHE_LARGE_BINS           \u2013            
    •  
  •  TCACHE_MAX_BINS           \u2013            
    •  
  •  NFASTBINS           \u2013            
    •  
  •  PTR           \u2013            
    •  
  •  SIZE_T           \u2013            
    •  
  •  DEFAULT_TOP_PAD           \u2013            
    •  
  •  DEFAULT_MMAP_MAX           \u2013            
    •  
  •  DEFAULT_MMAP_THRESHOLD           \u2013            
    •  
  •  DEFAULT_TRIM_THRESHOLD           \u2013            
    •  
  •  DEFAULT_PAGE_SIZE           \u2013            
    •  
  •  TCACHE_FILL_COUNT           \u2013            
    •  
  •  MAX_TCACHE_SMALL_SIZE           \u2013            
    •  
  •  C2GDB_MAPPING           \u2013            
    •  
  •  DEFAULT_MP_           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.GLIBC_VERSION","title":"GLIBC_VERSION  module-attribute","text":"
GLIBC_VERSION = get_version()\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_SZ","title":"SIZE_SZ  module-attribute","text":"
SIZE_SZ = ptrsize\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MINSIZE","title":"MINSIZE  module-attribute","text":"
MINSIZE = ptrsize * 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN","title":"MALLOC_ALIGN  module-attribute","text":"
MALLOC_ALIGN = 16\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.long_double_alignment","title":"long_double_alignment  module-attribute","text":"
long_double_alignment = alignof\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN_MASK","title":"MALLOC_ALIGN_MASK  module-attribute","text":"
MALLOC_ALIGN_MASK = MALLOC_ALIGN - 1\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MAX_FAST_SIZE","title":"MAX_FAST_SIZE  module-attribute","text":"
MAX_FAST_SIZE = 80 * SIZE_SZ // 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NBINS","title":"NBINS  module-attribute","text":"
NBINS = 128\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.BINMAPSIZE","title":"BINMAPSIZE  module-attribute","text":"
BINMAPSIZE = 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_SMALL_BINS","title":"TCACHE_SMALL_BINS  module-attribute","text":"
TCACHE_SMALL_BINS = 64\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_LARGE_BINS","title":"TCACHE_LARGE_BINS  module-attribute","text":"
TCACHE_LARGE_BINS = 12\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_MAX_BINS","title":"TCACHE_MAX_BINS  module-attribute","text":"
TCACHE_MAX_BINS = TCACHE_SMALL_BINS + TCACHE_LARGE_BINS\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NFASTBINS","title":"NFASTBINS  module-attribute","text":"
NFASTBINS = fastbin_index(request2size(MAX_FAST_SIZE)) + 1\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.PTR","title":"PTR  module-attribute","text":"
PTR = c_uint32\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_T","title":"SIZE_T  module-attribute","text":"
SIZE_T = c_uint32\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TOP_PAD","title":"DEFAULT_TOP_PAD  module-attribute","text":"
DEFAULT_TOP_PAD = 131072\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_MAX","title":"DEFAULT_MMAP_MAX  module-attribute","text":"
DEFAULT_MMAP_MAX = 65536\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_THRESHOLD","title":"DEFAULT_MMAP_THRESHOLD  module-attribute","text":"
DEFAULT_MMAP_THRESHOLD = 128 * 1024\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TRIM_THRESHOLD","title":"DEFAULT_TRIM_THRESHOLD  module-attribute","text":"
DEFAULT_TRIM_THRESHOLD = 128 * 1024\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_PAGE_SIZE","title":"DEFAULT_PAGE_SIZE  module-attribute","text":"
DEFAULT_PAGE_SIZE = 4096\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_FILL_COUNT","title":"TCACHE_FILL_COUNT  module-attribute","text":"
TCACHE_FILL_COUNT = 7\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MAX_TCACHE_SMALL_SIZE","title":"MAX_TCACHE_SMALL_SIZE  module-attribute","text":"
MAX_TCACHE_SMALL_SIZE = (\n    (TCACHE_SMALL_BINS - 1) * MALLOC_ALIGN + MINSIZE - SIZE_SZ\n)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.C2GDB_MAPPING","title":"C2GDB_MAPPING  module-attribute","text":"
C2GDB_MAPPING = {\n    c_char: char,\n    c_int8: int8,\n    c_int16: int16,\n    c_int32: int32,\n    c_int64: int64,\n    c_uint8: uint8,\n    c_uint16: uint16,\n    c_uint32: uint32,\n    c_uint64: uint64,\n    c_pvoid: pvoid,\n    c_size_t: size_t,\n}\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MP_","title":"DEFAULT_MP_  module-attribute","text":"
DEFAULT_MP_ = _c_struct()\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_pvoid","title":"c_pvoid","text":"
               Bases: PTR
 
Represents a pointer.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_size_t","title":"c_size_t","text":"
               Bases: SIZE_T
 
Represents a size_t.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField","title":"FakeGDBField","text":"
FakeGDBField(\n    bitpos: int,\n    name: str | None,\n    type,\n    parent_type,\n    enumval: int | None = None,\n    artificial: bool = False,\n    is_base_class: bool = False,\n    bitsize: int = 0,\n)\n
 
Fake gdb.Field for compatibility
 
Attributes:
 
     
  •  bitpos           \u2013            
    •  
  •  name           \u2013            
    •  
  •  type           \u2013            
    •  
  •  parent_type           \u2013            
    •  
  •  enumval           \u2013            
    •  
  •  artificial           \u2013            
    •  
  •  is_base_class           \u2013            
    •  
  •  bitsize           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.bitpos","title":"bitpos  instance-attribute","text":"
bitpos = bitpos\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.name","title":"name  instance-attribute","text":"
name = name\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.type","title":"type  instance-attribute","text":"
type = type\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.parent_type","title":"parent_type  instance-attribute","text":"
parent_type = parent_type\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.enumval","title":"enumval  instance-attribute","text":"
enumval = enumval\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.artificial","title":"artificial  instance-attribute","text":"
artificial = artificial\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.is_base_class","title":"is_base_class  instance-attribute","text":"
is_base_class = is_base_class\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.bitsize","title":"bitsize  instance-attribute","text":"
bitsize = bitsize\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB","title":"CStruct2GDB","text":"
CStruct2GDB(address: int)\n
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_26","title":"c_malloc_state_2_26","text":"
               Bases: Structure
 
This class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369/malloc/malloc.c#L1678-L1716
 
struct malloc_state {     /* Serialize access.  */     __libc_lock_define (, mutex);
 
/* Flags (formerly in max_fast).  */\nint flags;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas.  Access to this field is serialized\n    by free_list_lock in arena.c.  */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena.  0 if the arena is on\n    the free list.  Access to this field is serialized by\n    free_list_lock in arena.c.  */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena.  */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n
 
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12","title":"c_malloc_state_2_12","text":"
               Bases: Structure
 
This class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2362-L2400
 
struct malloc_state { /* Serialize access.  */ mutex_t mutex;
 
/* Flags (formerly in max_fast).  */ int flags;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--if-thread_stats","title":"if THREAD_STATS","text":"
/* Statistics for locking.  Only used if THREAD_STATS is defined.  */ long stat_lock_direct, stat_lock_loop, stat_lock_wait;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif","title":"endif","text":"
/* Fastbins */ mfastbinptr      fastbinsY[NFASTBINS];
 
/* Base of the topmost chunk -- not otherwise kept in a bin */ mchunkptr        top;
 
/* The remainder from the most recent split of a small request */ mchunkptr        last_remainder;
 
/* Normal bins packed as described above */ mchunkptr        bins[NBINS * 2 - 2];
 
/* Bitmap of bins */ unsigned int     binmap[BINMAPSIZE];
 
/* Linked list */ struct malloc_state *next;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"
/* Linked list for free arenas.  */ struct malloc_state *next_free;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif_1","title":"endif","text":"
/* Memory allocated from the system in this arena.  */ INTERNAL_SIZE_T system_mem; INTERNAL_SIZE_T max_system_mem; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_27","title":"c_malloc_state_2_27","text":"
               Bases: Structure
 
This class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1831
 
struct malloc_state {     /* Serialize access.  */     __libc_lock_define (, mutex);
 
/* Flags (formerly in max_fast).  */\nint flags;\n\n/* Set if the fastbin chunks contain recently inserted free blocks.  */\n/* Note this is a bool but not all targets support atomics on booleans.  */\nint have_fastchunks;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas.  Access to this field is serialized\n    by free_list_lock in arena.c.  */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena.  0 if the arena is on\n    the free list.  Access to this field is serialized by\n    free_list_lock in arena.c.  */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena.  */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n
 
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState","title":"MallocState","text":"
MallocState(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents malloc_state struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_heap_info","title":"c_heap_info","text":"
               Bases: Structure
 
This class represents heap_info struct as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/arena.c#L53
 
typedef struct _heap_info {     mstate ar_ptr; /* Arena for this heap. /     struct _heap_info *prev; / Previous heap. /     size_t size;   / Current size in bytes. /     size_t mprotect_size; / Size in bytes that has been mprotected                             PROT_READ|PROT_WRITE.  /     / Make sure the following data is properly aligned, particularly         that sizeof (heap_info) + 2 * SIZE_SZ is a multiple of         MALLOC_ALIGNMENT. */     char pad[-6 * SIZE_SZ & MALLOC_ALIGN_MASK]; } heap_info;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo","title":"HeapInfo","text":"
HeapInfo(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents heap_info struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_chunk","title":"c_malloc_chunk","text":"
               Bases: Structure
 
This class represents malloc_chunk struct as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1154
 
struct malloc_chunk {
 
INTERNAL_SIZE_T      mchunk_prev_size;  /* Size of previous chunk (if free).  */\nINTERNAL_SIZE_T      mchunk_size;       /* Size in bytes, including overhead. */\n\nstruct malloc_chunk* fd;         /* double links -- used only if free. */\nstruct malloc_chunk* bk;\n\n/* Only used for large blocks: pointer to next larger size.  */\nstruct malloc_chunk* fd_nextsize; /* double links -- used only if free. */\nstruct malloc_chunk* bk_nextsize;\n
 
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk","title":"MallocChunk","text":"
MallocChunk(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents malloc_chunk struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_29","title":"c_tcache_perthread_struct_2_29","text":"
               Bases: Structure
 
This class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.29/malloc/malloc.c#L2916
 
typedef struct tcache_perthread_struct {     char counts[TCACHE_MAX_BINS];     tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_30","title":"c_tcache_perthread_struct_2_30","text":"
               Bases: Structure
 
This class represents the tcache_perthread_struct for 2.30 <= GLIBC < 2.42 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3025
 
typedef struct tcache_perthread_struct {     uint16_t counts[TCACHE_MAX_BINS];     tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_42","title":"c_tcache_perthread_struct_2_42","text":"
               Bases: Structure
 
This class represents the tcache_perthread_struct for 2.42 <= GLIBC as a ctypes struct.
 
https://elixir.bootlin.com/glibc/glibc-2.42/source/malloc/malloc.c#L3127
 
typedef struct tcache_perthread_struct {     uint16_t num_slots[TCACHE_MAX_BINS];     tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct","title":"TcachePerthreadStruct","text":"
TcachePerthreadStruct(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents tcache_perthread_struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_28","title":"c_tcache_entry_2_28","text":"
               Bases: Structure
 
This class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.28/malloc/malloc.c#L2888
 
typedef struct tcache_entry {     struct tcache_entry *next; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_29","title":"c_tcache_entry_2_29","text":"
               Bases: Structure
 
This class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3013
 
typedef struct tcache_entry {     struct tcache_entry next;     / This field exists to detect double frees.  */     uintptr_t key; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry","title":"TcacheEntry","text":"
TcacheEntry(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents the tcache_entry struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_23","title":"c_malloc_par_2_23","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.23/malloc/malloc.c#L1726
 
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
 
/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets     it manually, at which point we need to disable any     dynamic behavior. */ int no_dyn_threshold;
 
/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T  sbrked_mem;/ /INTERNAL_SIZE_T  max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem;  /* only kept for NO_THREADS */
 
/* First address handed out by MORECORE/sbrk.  */ char *sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12","title":"c_malloc_par_2_12","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2402-L2433
 
struct malloc_par { /* Tunable parameters */ unsigned long    trim_threshold; INTERNAL_SIZE_T  top_pad; INTERNAL_SIZE_T  mmap_threshold;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"
INTERNAL_SIZE_T  arena_test; INTERNAL_SIZE_T  arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--endif","title":"endif","text":"
/* Memory map support / int              n_mmaps; int              n_mmaps_max; int              max_n_mmaps; / the mmap_threshold is dynamic, until the user sets     it manually, at which point we need to disable any     dynamic behavior. */ int              no_dyn_threshold;
 
/* Cache malloc_getpagesize */ unsigned int     pagesize;
 
/* Statistics / INTERNAL_SIZE_T  mmapped_mem; /*INTERNAL_SIZE_T  sbrked_mem;/ /INTERNAL_SIZE_T  max_sbrked_mem;/ INTERNAL_SIZE_T  max_mmapped_mem; INTERNAL_SIZE_T  max_total_mem; /* only kept for NO_THREADS */
 
/* First address handed out by MORECORE/sbrk.  / char            sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_24","title":"c_malloc_par_2_24","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.25/malloc/malloc.c#L1690 https://github.com/bminor/glibc/blob/glibc-2.24/malloc/malloc.c#L1719
 
struct malloc_par {     /* Tunable parameters */     unsigned long trim_threshold;     INTERNAL_SIZE_T top_pad;     INTERNAL_SIZE_T mmap_threshold;     INTERNAL_SIZE_T arena_test;     INTERNAL_SIZE_T arena_max;
 
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n    it manually, at which point we need to disable any\n    dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk.  */\nchar *sbrk_base;\n
 
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26","title":"c_malloc_par_2_26","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1875
 
struct malloc_par {     /* Tunable parameters */     unsigned long trim_threshold;     INTERNAL_SIZE_T top_pad;     INTERNAL_SIZE_T mmap_threshold;     INTERNAL_SIZE_T arena_test;     INTERNAL_SIZE_T arena_max;
 
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n    it manually, at which point we need to disable any\n    dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk.  */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--if-use_tcache","title":"if USE_TCACHE","text":"
/* Maximum number of buckets to use.  */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket.  */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n    aren't used to prefill the cache.  */\nsize_t tcache_unsorted_limit;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--endif","title":"endif","text":"
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35","title":"c_malloc_par_2_35","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.35/malloc/malloc.c#L1874
 
struct malloc_par {     /* Tunable parameters */     unsigned long trim_threshold;     INTERNAL_SIZE_T top_pad;     INTERNAL_SIZE_T mmap_threshold;     INTERNAL_SIZE_T arena_test;     INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-have_tunables","title":"if HAVE_TUNABLES","text":"
/* Transparent Large Page support.  */\nINTERNAL_SIZE_T thp_pagesize;\n/* A value different than 0 means to align mmap allocation to hp_pagesize\n    add hp_flags on flags.  */\nINTERNAL_SIZE_T hp_pagesize;\nint hp_flags;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif","title":"endif","text":"
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n    it manually, at which point we need to disable any\n    dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk.  */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-use_tcache","title":"if USE_TCACHE","text":"
/* Maximum number of buckets to use.  */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket.  */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n    aren't used to prefill the cache.  */\nsize_t tcache_unsorted_limit;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif_1","title":"endif","text":"
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_42","title":"c_malloc_par_2_42","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC >= 2.42 as a ctypes struct.
 
https://elixir.bootlin.com/glibc/glibc-2.42/source/malloc/malloc.c#L1864
 
struct malloc_par {   /* Tunable parameters */   unsigned long trim_threshold;   INTERNAL_SIZE_T top_pad;   INTERNAL_SIZE_T mmap_threshold;   INTERNAL_SIZE_T arena_test;   INTERNAL_SIZE_T arena_max;
 
/* Transparent Large Page support.  /   INTERNAL_SIZE_T thp_pagesize;   / A value different than 0 means to align mmap allocation to hp_pagesize     add hp_flags on flags.  */   INTERNAL_SIZE_T hp_pagesize;   int hp_flags;
 
/* Memory map support /   int n_mmaps;   int n_mmaps_max;   int max_n_mmaps;   / the mmap_threshold is dynamic, until the user sets     it manually, at which point we need to disable any     dynamic behavior. */   int no_dyn_threshold;
 
/* Statistics */   INTERNAL_SIZE_T mmapped_mem;   INTERNAL_SIZE_T max_mmapped_mem;
 
/* First address handed out by MORECORE/sbrk.  */   char *sbrk_base;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_42--if-use_tcache","title":"if USE_TCACHE","text":"
/* Maximum number of small buckets to use.  /   size_t tcache_small_bins;   size_t tcache_max_bytes;   / Maximum number of chunks in each bucket.  /   size_t tcache_count;   / Maximum number of chunks to remove from the unsorted list, which     aren't used to prefill the cache.  */   size_t tcache_unsorted_limit;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_42--endif","title":"endif","text":"
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar","title":"MallocPar","text":"
MallocPar(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents the malloc_par struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.request2size","title":"request2size","text":"
request2size(req: int) -> int\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.fastbin_index","title":"fastbin_index","text":"
fastbin_index(size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/","title":"kernel","text":""},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel","title":"kernel","text":"
Modules:
 
     
  •  bpf           \u2013            
    •  
  •  buddydump           \u2013            
    •  
  •  dmabuf           \u2013            
    •  
  •  kallsyms           \u2013            
    •  
  •  kmod           \u2013            
    •  
  •  macros           \u2013            
    •  
  •  nftables           \u2013            
    •  
  •  paging           \u2013            
    •  
  •  rbtree           \u2013            
    •  
  •  slab           \u2013            
    •  
  •  symbol           \u2013            
    •  
  •  vmmap           \u2013            
    •  
 
Classes:
 
     
  •  ArchOps           \u2013            
    •  
  •  x86Ops           \u2013            
    •  
  •  i386Ops           \u2013            
    •  
  •  x86_64Ops           \u2013            
    •  
  •  Aarch64Ops           \u2013            
    •  
 
Functions:
 
     
  •  BIT             \u2013              
    •  
  •  has_debug_symbols             \u2013              
    •  
  •  has_debug_info             \u2013              
    •  
  •  requires_debug_symbols             \u2013              
    •  
  •  requires_debug_info             \u2013              
    •  
  •  nproc             \u2013              
    Returns the number of processing units available, similar to nproc(1)
     
    •  
  •  first_kernel_ro_page             \u2013              
    Returns the first kernel mapping which contains the linux_banner
     
    •  
  •  kconfig             \u2013              
    •  
  •  kcmdline             \u2013              
    •  
  •  kversion             \u2013              
    •  
  •  krelease             \u2013              
    •  
  •  get_idt_entries             \u2013              
    Retrieves the IDT entries from memory.
     
    •  
  •  arch_paginginfo             \u2013              
    •  
  •  arch_ops             \u2013              
    •  
  •  arch_symbols             \u2013              
    •  
  •  ptr_size             \u2013              
    •  
  •  page_size             \u2013              
    •  
  •  per_cpu             \u2013              
    •  
  •  virt_to_phys             \u2013              
    •  
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  kbase             \u2013              
    •  
  •  pagewalk             \u2013              
    •  
  •  paging_enabled             \u2013              
    •  
  •  num_numa_nodes             \u2013              
    Returns the number of NUMA nodes that are online on the system
     
    •  
  •  node_data             \u2013              
    •  
  •  slab_caches             \u2013              
    •  
  •  per_cpu_offset             \u2013              
    •  
  •  modules             \u2013              
    •  
  •  db_list             \u2013              
    •  
  •  prog_idr             \u2013              
    •  
  •  map_idr             \u2013              
    •  
  •  current_task             \u2013              
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  D           \u2013            
    •  
  •  T           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.D","title":"D  module-attribute","text":"
D = TypeVar('D')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps","title":"ArchOps","text":"
               Bases: ABC
 
Methods:
 
     
  •  per_cpu             \u2013              
    •  
  •  virt_to_phys             \u2013              
    •  
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
 
Attributes:
 
     
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  page_offset               (int)           \u2013            
    •  
  •  phys_offset               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int | None)           \u2013            
    •  
  •  ptr_size               (int)           \u2013            
    •  
  •  page_size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_offset","title":"page_offset  property","text":"
page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_offset","title":"phys_offset  property","text":"
phys_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.kbase","title":"kbase  property","text":"
kbase: int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.ptr_size","title":"ptr_size  property","text":"
ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_size","title":"page_size  property","text":"
page_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.per_cpu","title":"per_cpu  abstractmethod","text":"
per_cpu(addr: int | Value, cpu=None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_phys","title":"virt_to_phys  abstractmethod","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_virt","title":"phys_to_virt  abstractmethod","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_pfn","title":"phys_to_pfn  abstractmethod","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_phys","title":"pfn_to_phys  abstractmethod","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_page","title":"pfn_to_page  abstractmethod","text":"
pfn_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_pfn","title":"page_to_pfn  abstractmethod","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops","title":"x86Ops","text":"
               Bases: ArchOps
 
Methods:
 
     
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  paging_enabled             \u2013              
    •  
  •  per_cpu             \u2013              
    •  
  •  virt_to_phys             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
 
Attributes:
 
     
  •  ptr_size               (int)           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  page_offset               (int)           \u2013            
    •  
  •  phys_offset               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int | None)           \u2013            
    •  
  •  page_size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.ptr_size","title":"ptr_size  abstractmethod property","text":"
ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_offset","title":"page_offset  property","text":"
page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_offset","title":"phys_offset  property","text":"
phys_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.kbase","title":"kbase  property","text":"
kbase: int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_size","title":"page_size  property","text":"
page_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_virt","title":"phys_to_virt","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_pfn","title":"phys_to_pfn","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_phys","title":"pfn_to_phys","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.paging_enabled","title":"paging_enabled  staticmethod","text":"
paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.per_cpu","title":"per_cpu  abstractmethod","text":"
per_cpu(addr: int | Value, cpu=None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_phys","title":"virt_to_phys  abstractmethod","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_page","title":"pfn_to_page  abstractmethod","text":"
pfn_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_pfn","title":"page_to_pfn  abstractmethod","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops","title":"i386Ops","text":"
               Bases: x86Ops
 
Methods:
 
     
  •  virt_to_phys             \u2013              
    •  
  •  per_cpu             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
  •  paging_enabled             \u2013              
    •  
 
Attributes:
 
     
  •  ptr_size               (int)           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  page_offset               (int)           \u2013            
    •  
  •  phys_offset               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int | None)           \u2013            
    •  
  •  page_size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.ptr_size","title":"ptr_size  property","text":"
ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_offset","title":"page_offset  property","text":"
page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_offset","title":"phys_offset  property","text":"
phys_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.kbase","title":"kbase  property","text":"
kbase: int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_size","title":"page_size  property","text":"
page_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_phys","title":"virt_to_phys","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.per_cpu","title":"per_cpu","text":"
per_cpu(addr: int | Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_page","title":"pfn_to_page","text":"
pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_pfn","title":"page_to_pfn","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_virt","title":"phys_to_virt","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_pfn","title":"phys_to_pfn","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_phys","title":"pfn_to_phys","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.paging_enabled","title":"paging_enabled  staticmethod","text":"
paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops","title":"x86_64Ops","text":"
x86_64Ops()\n
 
               Bases: x86Ops
 
Methods:
 
     
  •  per_cpu             \u2013              
    •  
  •  virt_to_phys             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
  •  paging_enabled             \u2013              
    •  
 
Attributes:
 
     
  •  phys_base           \u2013            
    •  
  •  ptr_size               (int)           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  page_offset               (int)           \u2013            
    •  
  •  phys_offset               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int | None)           \u2013            
    •  
  •  page_size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_base","title":"phys_base  instance-attribute","text":"
phys_base = 16777216\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.ptr_size","title":"ptr_size  property","text":"
ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_offset","title":"page_offset  property","text":"
page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_offset","title":"phys_offset  property","text":"
phys_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.kbase","title":"kbase  property","text":"
kbase: int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_size","title":"page_size  property","text":"
page_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.per_cpu","title":"per_cpu","text":"
per_cpu(addr: int | Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_phys","title":"virt_to_phys","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_page","title":"pfn_to_page","text":"
pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_pfn","title":"page_to_pfn","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_virt","title":"phys_to_virt","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_pfn","title":"phys_to_pfn","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_phys","title":"pfn_to_phys","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.paging_enabled","title":"paging_enabled  staticmethod","text":"
paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops","title":"Aarch64Ops","text":"
               Bases: ArchOps
 
Methods:
 
     
  •  per_cpu             \u2013              
    •  
  •  virt_to_phys             \u2013              
    •  
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  paging_enabled             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
 
Attributes:
 
     
  •  ptr_size           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  page_offset               (int)           \u2013            
    •  
  •  phys_offset               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int | None)           \u2013            
    •  
  •  page_size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.ptr_size","title":"ptr_size  property","text":"
ptr_size\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_offset","title":"page_offset  property","text":"
page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_offset","title":"phys_offset  property","text":"
phys_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.kbase","title":"kbase  property","text":"
kbase: int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_size","title":"page_size  property","text":"
page_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.per_cpu","title":"per_cpu","text":"
per_cpu(addr: int | Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_phys","title":"virt_to_phys","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_virt","title":"phys_to_virt","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_pfn","title":"phys_to_pfn","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_phys","title":"pfn_to_phys","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_page","title":"pfn_to_page","text":"
pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_pfn","title":"page_to_pfn","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.paging_enabled","title":"paging_enabled  staticmethod","text":"
paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.BIT","title":"BIT","text":"
BIT(shift: int)\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.has_debug_symbols","title":"has_debug_symbols","text":"
has_debug_symbols(*required: str, checkall: bool = True) -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.has_debug_info","title":"has_debug_info","text":"
has_debug_info() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_debug_symbols","title":"requires_debug_symbols","text":"
requires_debug_symbols(\n    *required: str, checkall=False, default: D = None\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_debug_info","title":"requires_debug_info","text":"
requires_debug_info(\n    default: D = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.nproc","title":"nproc","text":"
nproc() -> int\n
 
Returns the number of processing units available, similar to nproc(1)
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.first_kernel_ro_page","title":"first_kernel_ro_page","text":"
first_kernel_ro_page() -> Page | None\n
 
Returns the first kernel mapping which contains the linux_banner
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kconfig","title":"kconfig","text":"
kconfig() -> Kconfig | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kcmdline","title":"kcmdline","text":"
kcmdline() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kversion","title":"kversion","text":"
kversion() -> str | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.krelease","title":"krelease","text":"
krelease() -> tuple[int, ...] | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.get_idt_entries","title":"get_idt_entries","text":"
get_idt_entries() -> list[IDTEntry]\n
 
Retrieves the IDT entries from memory.
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.arch_paginginfo","title":"arch_paginginfo","text":"
arch_paginginfo() -> ArchPagingInfo | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.arch_ops","title":"arch_ops","text":"
arch_ops() -> ArchOps | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.arch_symbols","title":"arch_symbols","text":"
arch_symbols() -> ArchSymbols | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ptr_size","title":"ptr_size","text":"
ptr_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_size","title":"page_size","text":"
page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.per_cpu","title":"per_cpu","text":"
per_cpu(addr: int | Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_phys","title":"virt_to_phys","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_virt","title":"phys_to_virt","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_pfn","title":"phys_to_pfn","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_phys","title":"pfn_to_phys","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_page","title":"pfn_to_page","text":"
pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_pfn","title":"page_to_pfn","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kbase","title":"kbase","text":"
kbase() -> int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pagewalk","title":"pagewalk","text":"
pagewalk(addr, entry=None) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.paging_enabled","title":"paging_enabled","text":"
paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.num_numa_nodes","title":"num_numa_nodes","text":"
num_numa_nodes() -> int\n
 
Returns the number of NUMA nodes that are online on the system
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.node_data","title":"node_data","text":"
node_data() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.slab_caches","title":"slab_caches","text":"
slab_caches() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.per_cpu_offset","title":"per_cpu_offset","text":"
per_cpu_offset() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.modules","title":"modules","text":"
modules() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.db_list","title":"db_list","text":"
db_list() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.prog_idr","title":"prog_idr","text":"
prog_idr() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.map_idr","title":"map_idr","text":"
map_idr() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.current_task","title":"current_task","text":"
current_task() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/bpf/","title":"bpf","text":""},{"location":"reference/pwndbg/aglib/kernel/bpf/#pwndbg.aglib.kernel.bpf","title":"bpf","text":"
Functions:
 
     
  •  get_struct_bpf_prog             \u2013              
    •  
  •  get_struct_bpf_map             \u2013              
    •  
  •  get_bpf_struct_offsets             \u2013              
    •  
  •  load_bpf_typeinfo             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/bpf/#pwndbg.aglib.kernel.bpf.get_struct_bpf_prog","title":"get_struct_bpf_prog","text":"
get_struct_bpf_prog()\n
"},{"location":"reference/pwndbg/aglib/kernel/bpf/#pwndbg.aglib.kernel.bpf.get_struct_bpf_map","title":"get_struct_bpf_map","text":"
get_struct_bpf_map()\n
"},{"location":"reference/pwndbg/aglib/kernel/bpf/#pwndbg.aglib.kernel.bpf.get_bpf_struct_offsets","title":"get_bpf_struct_offsets","text":"
get_bpf_struct_offsets(prog_idr, map_idr) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/bpf/#pwndbg.aglib.kernel.bpf.load_bpf_typeinfo","title":"load_bpf_typeinfo","text":"
load_bpf_typeinfo()\n
"},{"location":"reference/pwndbg/aglib/kernel/buddydump/","title":"buddydump","text":""},{"location":"reference/pwndbg/aglib/kernel/buddydump/#pwndbg.aglib.kernel.buddydump","title":"buddydump","text":"
Functions:
 
     
  •  find_zone_offsets             \u2013              
    •  
  •  load_buddydump_typeinfo             \u2013              
    •  
 
Attributes:
 
     
  •  MAX_ORDER           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/buddydump/#pwndbg.aglib.kernel.buddydump.MAX_ORDER","title":"MAX_ORDER  module-attribute","text":"
MAX_ORDER = 11\n
"},{"location":"reference/pwndbg/aglib/kernel/buddydump/#pwndbg.aglib.kernel.buddydump.find_zone_offsets","title":"find_zone_offsets","text":"
find_zone_offsets() -> tuple[int, int, int, int, int]\n
"},{"location":"reference/pwndbg/aglib/kernel/buddydump/#pwndbg.aglib.kernel.buddydump.load_buddydump_typeinfo","title":"load_buddydump_typeinfo","text":"
load_buddydump_typeinfo()\n
"},{"location":"reference/pwndbg/aglib/kernel/dmabuf/","title":"dmabuf","text":""},{"location":"reference/pwndbg/aglib/kernel/dmabuf/#pwndbg.aglib.kernel.dmabuf","title":"dmabuf","text":"
Functions:
 
     
  •  find_dmabuf_offsets             \u2013              
    •  
  •  load_dmabuf_typeinfo             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/dmabuf/#pwndbg.aglib.kernel.dmabuf.find_dmabuf_offsets","title":"find_dmabuf_offsets","text":"
find_dmabuf_offsets(dmabuf) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/kernel/dmabuf/#pwndbg.aglib.kernel.dmabuf.load_dmabuf_typeinfo","title":"load_dmabuf_typeinfo","text":"
load_dmabuf_typeinfo(first_dmabuf: int)\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/","title":"kallsyms","text":""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms","title":"kallsyms","text":"
Classes:
 
     
  •  Kallsyms           \u2013            
       
    • linux_banner >= 6.4
      •  
     
    •  
 
Functions:
 
     
  •  get             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms","title":"Kallsyms","text":"
Kallsyms()\n
 
     
  • linux_banner >= 6.4
    •  
  • ... <= 6.4
    •  
  • kallsyms_offsets
    •  
  • kallsyms_relative_base
    •  
  • kallsyms_num_syms
    •  
  • kallsyms_names
    •  
  • kallsyms_markers
    •  
  • kallsyms_token_table
    •  
  • kallsyms_token_index
    •  
  • kallsyms_offsets >= 6.4
    •  
  • kallsyms_relative_base >= 6.4
    •  
 
Methods:
 
     
  •  find_token_table             \u2013              
    This function searches for the kallsyms_token_table structure in the kernel memory.
     
    •  
  •  find_token_index             \u2013              
    This function searches for the kallsyms_token_index structure in the kernel memory
     
    •  
  •  find_markers             \u2013              
    This function searches for the kallsyms_markers structure in the kernel memory
     
    •  
  •  find_num_syms             \u2013              
    This function searches for the kallsyms_num_syms variable in the kernel memory
     
    •  
  •  find_offsets             \u2013              
    This function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory
     
    •  
  •  find_relative_base             \u2013              
    This function searches for the kallsyms_relative_base variable in the kernel memory.
     
    •  
  •  find_names             \u2013              
    •  
  •  get_kernel_addresses             \u2013              
    •  
  •  parse_symbol_table             \u2013              
    •  
  •  get_token_table             \u2013              
    •  
  •  find_names_uncompressed             \u2013              
    •  
  •  find_markers_uncompressed             \u2013              
    This function searches for the kallsyms_markers structure in the kernel memory
     
    •  
 
Attributes:
 
     
  •  kallsyms               (list[tuple[str, str, int]])           \u2013            
    •  
  •  kbase           \u2013            
    •  
  •  r_base           \u2013            
    •  
  •  kernel_ro_mem           \u2013            
    •  
  •  kernel_version           \u2013            
    •  
  •  is_offsets           \u2013            
    •  
  •  rbase_offset           \u2013            
    •  
  •  is_big_endian           \u2013            
    •  
  •  token_table           \u2013            
    •  
  •  is_uncompressed           \u2013            
    •  
  •  markers           \u2013            
    •  
  •  token_index           \u2013            
    •  
  •  num_syms           \u2013            
    •  
  •  offsets           \u2013            
    •  
  •  names           \u2013            
    •  
  •  kernel_addresses           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kallsyms","title":"kallsyms  instance-attribute","text":"
kallsyms: list[tuple[str, str, int]] = []\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kbase","title":"kbase  instance-attribute","text":"
kbase = kbase()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.r_base","title":"r_base  instance-attribute","text":"
r_base = vaddr\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_ro_mem","title":"kernel_ro_mem  instance-attribute","text":"
kernel_ro_mem = read(vaddr, memsz)\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_version","title":"kernel_version  instance-attribute","text":"
kernel_version = krelease()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_offsets","title":"is_offsets  instance-attribute","text":"
is_offsets = False\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.rbase_offset","title":"rbase_offset  instance-attribute","text":"
rbase_offset = 0\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_big_endian","title":"is_big_endian  instance-attribute","text":"
is_big_endian = None\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_table","title":"token_table  instance-attribute","text":"
token_table = find_token_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_uncompressed","title":"is_uncompressed  instance-attribute","text":"
is_uncompressed = False\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.markers","title":"markers  instance-attribute","text":"
markers = find_markers_uncompressed()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_index","title":"token_index  instance-attribute","text":"
token_index = find_token_index()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.num_syms","title":"num_syms  instance-attribute","text":"
num_syms = find_num_syms()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.offsets","title":"offsets  instance-attribute","text":"
offsets = find_offsets()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.names","title":"names  instance-attribute","text":"
names = find_names()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_addresses","title":"kernel_addresses  instance-attribute","text":"
kernel_addresses = get_kernel_addresses()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_table","title":"find_token_table","text":"
find_token_table() -> int\n
 
This function searches for the kallsyms_token_table structure in the kernel memory. The kallsyms_token_table contains 256 zero-terminated tokens from which symbol names are built. Example structure: 0xffffffff827b2f00:     \"mm\" 0xffffffff827b2f03:     \"tim\" 0xffffffff827b2f07:     \"bu\" 0xffffffff827b2f0a:     \"ode_\" 0xffffffff827b2f0f:     \"robestub\"  0xffffffff827b2fdb:     \"0\" 0xffffffff827b2fdd:     \"1\" 0xffffffff827b2fdf:     \"2\" 0xffffffff827b2fe1:     \"3\" 0xffffffff827b2fe3:     \"4\" 0xffffffff827b2fe5:     \"5\" 0xffffffff827b2fe7:     \"6\" 0xffffffff827b2fe9:     \"7\" 0xffffffff827b2feb:     \"8\" 0xffffffff827b2fed:     \"9\""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_index","title":"find_token_index","text":"
find_token_index() -> int | None\n
 
This function searches for the kallsyms_token_index structure in the kernel memory starting at kallsyms_token_table. The token index table provides offsets into the kallsyms_token_table for each 256 byte-valued sub-table. The kallsyms_token_index is typically located immediately after the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b3288:     0x0000  0x0003  0x0007  0x000a  0x000f  0x0018  0x001f  0x0023 0xffffffff827b3298:     0x0027  0x0031  0x0035  0x0038  0x003b  0x0043  0x0047  0x004a 0xffffffff827b32a8:     0x004f  0x0053  0x0056  0x0059  0x005d  0x0061  0x0067  0x006b 0xffffffff827b32b8:     0x006e  0x0071  0x0076  0x007c  0x0080  0x0088  0x008b  0x008f 0xffffffff827b32c8:     0x0094  0x0098  0x009b  0x009f  0x00a3  0x00a8  0x00ab  0x00b0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers","title":"find_markers","text":"
find_markers() -> int | None\n
 
This function searches for the kallsyms_markers structure in the kernel memory starting at kallsyms_token_table and search backwards. The markers table contains offsets to the corresponding symbol name for each kernel symbol. The kallsyms_markers table is typically located immediately before the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b2430:     0x00000000      0x00000b2a      0x00001762      0x000023f6 0xffffffff827b2440:     0x00002fe4      0x00003c9d      0x0000487c      0x000056fd 0xffffffff827b2450:     0x00006597      0x000073b9      0x000081be      0x00008f21 0xffffffff827b2460:     0x00009c94      0x0000a958      0x0000b632      0x0000c193 0xffffffff827b2470:     0x0000ce0b      0x0000db98      0x0000ea3e      0x0000f80a 0xffffffff827b2480:     0x000105be      0x000112d3      0x00011f8c      0x00012d75 0xffffffff827b2490:     0x0001384d      0x0001446e      0x00015138      0x00015d8c
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_num_syms","title":"find_num_syms","text":"
find_num_syms()\n
 
This function searches for the kallsyms_num_syms variable in the kernel memory starting at kallsyms_markers. The kallsyms_num_syms holds the number of kernel symbols in the symbol table. The kallsyms_num_syms variable is typically located before the kallsyms_names table in the kernel's read-only data section. In newer kernel versions the kallsyms_num_syms is immediately behind the linux_banner and in older version its behind kallsyms_base_relative or kallsyms_addresses (it depends on CONFIG_KALLSYMS_BASE_RELATIVE y/n)
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_offsets","title":"find_offsets","text":"
find_offsets()\n
 
This function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory starting at kallsyms_token_index. The offsets/addresses table containts offsets / addresses of each symbol in the kernel. The kallsyms_addresses is typically located before the kallsyms_num_syms variable in the kernel's read-only data section. Example structure: 0xffffffff827b3488:     0x00000000      0x00000000      0x00001000      0x00002000 0xffffffff827b3498:     0x00006000      0x0000b000      0x0000c000      0x0000d000 0xffffffff827b34a8:     0x00015000      0x00015008      0x00015010      0x00015018 0xffffffff827b34b8:     0x00015020      0x00015022      0x00015030      0x00015050 0xffffffff827b34c8:     0x00015450      0x00015460      0x00015860      0x00015888 0xffffffff827b34d8:     0x00015890      0x00015898      0x000158a0      0x000159c0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_relative_base","title":"find_relative_base","text":"
find_relative_base()\n
 
This function searches for the kallsyms_relative_base variable in the kernel memory. The relative base is used to calculate the actual virtual addresses of symbols from their offsets in the kallsyms_offsets table. The kallsyms_relative_base variable is typically located after the kallsyms_offsets table in the kernel's read-only data section.
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names","title":"find_names","text":"
find_names()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_kernel_addresses","title":"get_kernel_addresses","text":"
get_kernel_addresses()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.parse_symbol_table","title":"parse_symbol_table","text":"
parse_symbol_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_token_table","title":"get_token_table","text":"
get_token_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names_uncompressed","title":"find_names_uncompressed","text":"
find_names_uncompressed()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers_uncompressed","title":"find_markers_uncompressed","text":"
find_markers_uncompressed()\n
 
This function searches for the kallsyms_markers structure in the kernel memory Original Source: https://github.com/marin-m/vmlinux-to-elf/blob/master/vmlinux_to_elf/kallsyms_finder.py
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.get","title":"get","text":"
get() -> tuple[tuple[str, str, int], ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/","title":"kmod","text":""},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod","title":"kmod","text":"
Classes:
 
     
  •  mod_mem_type           \u2013            
    •  
 
Functions:
 
     
  •  module_name_offset             \u2013              
    •  
  •  module_mem_offset             \u2013              
    •  
  •  module_layout_offset             \u2013              
    •  
  •  module_kallsyms_offset             \u2013              
    •  
  •  module_list_with_typeinfo             \u2013              
    •  
  •  module_list             \u2013              
    •  
  •  parse_module_kallsyms             \u2013              
    •  
  •  all_modules_kallsyms             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type","title":"mod_mem_type","text":"
               Bases: Enum
 
Attributes:
 
     
  •  MOD_TEXT           \u2013            
    •  
  •  MOD_DATA           \u2013            
    •  
  •  MOD_RODATA           \u2013            
    •  
  •  MOD_RO_AFTER_INIT           \u2013            
    •  
  •  MOD_MEM_NUM_TYPES           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type.MOD_TEXT","title":"MOD_TEXT  class-attribute instance-attribute","text":"
MOD_TEXT = 0\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type.MOD_DATA","title":"MOD_DATA  class-attribute instance-attribute","text":"
MOD_DATA = 1\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type.MOD_RODATA","title":"MOD_RODATA  class-attribute instance-attribute","text":"
MOD_RODATA = 2\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type.MOD_RO_AFTER_INIT","title":"MOD_RO_AFTER_INIT  class-attribute instance-attribute","text":"
MOD_RO_AFTER_INIT = 3\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type.MOD_MEM_NUM_TYPES","title":"MOD_MEM_NUM_TYPES  class-attribute instance-attribute","text":"
MOD_MEM_NUM_TYPES = 4\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_name_offset","title":"module_name_offset","text":"
module_name_offset()\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_mem_offset","title":"module_mem_offset","text":"
module_mem_offset() -> tuple[int | None, int | None, int | None]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_layout_offset","title":"module_layout_offset","text":"
module_layout_offset() -> tuple[int | None, int | None]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_kallsyms_offset","title":"module_kallsyms_offset","text":"
module_kallsyms_offset()\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_list_with_typeinfo","title":"module_list_with_typeinfo","text":"
module_list_with_typeinfo() -> tuple[Value, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_list","title":"module_list","text":"
module_list() -> tuple[int, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.parse_module_kallsyms","title":"parse_module_kallsyms","text":"
parse_module_kallsyms(kallsyms: int) -> list[tuple[str, int, str]]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.all_modules_kallsyms","title":"all_modules_kallsyms","text":"
all_modules_kallsyms() -> list[tuple[str, int, str]]\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/","title":"macros","text":""},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros","title":"macros","text":"
Functions:
 
     
  •  container_of             \u2013              
    •  
  •  for_each_entry             \u2013              
    •  
  •  swab             \u2013              
    •  
  •  compound_head             \u2013              
    returns the head page of compound pages
     
    •  
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.container_of","title":"container_of","text":"
container_of(ptr: int, typename: str, fieldname: str) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.for_each_entry","title":"for_each_entry","text":"
for_each_entry(head: Value, typename: str, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.swab","title":"swab","text":"
swab(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.compound_head","title":"compound_head","text":"
compound_head(page: Value) -> Value\n
 
returns the head page of compound pages
"},{"location":"reference/pwndbg/aglib/kernel/nftables/","title":"nftables","text":""},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables","title":"nftables","text":"
Classes:
 
     
  •  NftFields           \u2013            
    •  
  •  Expr           \u2013            
    •  
  •  Rule           \u2013            
    •  
  •  ChainHook           \u2013            
    •  
  •  Chain           \u2013            
    •  
  •  Set           \u2013            
    •  
  •  Object           \u2013            
    •  
  •  FlowtableHook           \u2013            
    •  
  •  Flowtable           \u2013            
    •  
  •  Table           \u2013            
    •  
  •  Nftables           \u2013            
    •  
 
Functions:
 
     
  •  catch_error             \u2013              
    •  
  •  get_init_net_namespace             \u2013              
    •  
 
Attributes:
 
     
  •  NFPROTO_INET           \u2013            
    •  
  •  NFPROTO_IPV4           \u2013            
    •  
  •  NFPROTO_ARP           \u2013            
    •  
  •  NFPROTO_NETDEV           \u2013            
    •  
  •  NFPROTO_BRIDGE           \u2013            
    •  
  •  NFPROTO_IPV6           \u2013            
    •  
  •  nftables_table_family           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_INET","title":"NFPROTO_INET  module-attribute","text":"
NFPROTO_INET = 1\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV4","title":"NFPROTO_IPV4  module-attribute","text":"
NFPROTO_IPV4 = 2\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_ARP","title":"NFPROTO_ARP  module-attribute","text":"
NFPROTO_ARP = 3\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_NETDEV","title":"NFPROTO_NETDEV  module-attribute","text":"
NFPROTO_NETDEV = 5\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_BRIDGE","title":"NFPROTO_BRIDGE  module-attribute","text":"
NFPROTO_BRIDGE = 7\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV6","title":"NFPROTO_IPV6  module-attribute","text":"
NFPROTO_IPV6 = 10\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.nftables_table_family","title":"nftables_table_family  module-attribute","text":"
nftables_table_family = {\n    \"inet\": NFPROTO_INET,\n    \"ip\": NFPROTO_IPV4,\n    \"arp\": NFPROTO_ARP,\n    \"netdev\": NFPROTO_NETDEV,\n    \"bridge\": NFPROTO_BRIDGE,\n    \"ip6\": NFPROTO_IPV6,\n}\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields","title":"NftFields","text":"
               Bases: object
 
Methods:
 
     
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr","title":"Expr","text":"
Expr(addr: Value)\n
 
Methods:
 
     
  •  print_expr_iptables             \u2013              
    •  
  •  print_expr_nftables             \u2013              
    •  
  •  print             \u2013              
    •  
 
Attributes:
 
     
  •  expr_name               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.expr_name","title":"expr_name  property","text":"
expr_name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_iptables","title":"print_expr_iptables","text":"
print_expr_iptables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_nftables","title":"print_expr_nftables","text":"
print_expr_nftables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule","title":"Rule","text":"
Rule(addr: Value, chain: 'Chain')\n
 
               Bases: NftFields
 
Methods:
 
     
  •  find             \u2013              
    •  
  •  iter_exprs             \u2013              
    •  
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  handle               (int)           \u2013            
    •  
  •  userdata               (bytearray)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.userdata","title":"userdata  property","text":"
userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.find","title":"find  classmethod","text":"
find(\n    table_name: str,\n    table_family: int,\n    chain_name: str,\n    rule_id: int,\n    nsid: int | None = None,\n) -> Iterator[\"Rule\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.iter_exprs","title":"iter_exprs","text":"
iter_exprs() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook","title":"ChainHook","text":"
ChainHook(parent: 'Chain')\n
 
               Bases: NftFields
 
Methods:
 
     
  •  is_netdev             \u2013              
    •  
  •  get_netdevs             \u2013              
    •  
  •  nested_print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  hooknum               (int)           \u2013            
    •  
  •  priority               (int)           \u2013            
    •  
  •  dev               (str)           \u2013            
    •  
  •  devs               (list[str])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.hooknum","title":"hooknum  instance-attribute","text":"
hooknum: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.priority","title":"priority  instance-attribute","text":"
priority: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.dev","title":"dev  property","text":"
dev: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.devs","title":"devs  property","text":"
devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.is_netdev","title":"is_netdev","text":"
is_netdev() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_netdevs","title":"get_netdevs","text":"
get_netdevs() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.nested_print","title":"nested_print","text":"
nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain","title":"Chain","text":"
Chain(addr: Value)\n
 
               Bases: NftFields
 
Methods:
 
     
  •  find             \u2013              
    •  
  •  iter_rules             \u2013              
    •  
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  bound               (int)           \u2013            
    •  
  •  genmask               (int)           \u2013            
    •  
  •  handle               (int)           \u2013            
    •  
  •  use               (int)           \u2013            
    •  
  •  flags               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  hook               (ChainHook)           \u2013            
    •  
  •  userdata               (bytearray)           \u2013            
    •  
  •  policy               (int)           \u2013            
    •  
  •  type               (str)           \u2013            
    •  
  •  table               ('Table')           \u2013            
    •  
  •  basechain               (Value | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.bound","title":"bound  instance-attribute","text":"
bound: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.genmask","title":"genmask  instance-attribute","text":"
genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.use","title":"use  instance-attribute","text":"
use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.flags","title":"flags  instance-attribute","text":"
flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.hook","title":"hook  instance-attribute","text":"
hook: ChainHook = ChainHook(self)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.userdata","title":"userdata  property","text":"
userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.policy","title":"policy  property","text":"
policy: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.type","title":"type  property","text":"
type: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.table","title":"table  property","text":"
table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.basechain","title":"basechain  property","text":"
basechain: Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.find","title":"find  classmethod","text":"
find(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    chain_name: str | None = None,\n    nsid: int | None = None,\n) -> Iterator[\"Chain\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.iter_rules","title":"iter_rules","text":"
iter_rules() -> Iterator[Rule]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set","title":"Set","text":"
Set(addr: Value)\n
 
               Bases: NftFields
 
Methods:
 
     
  •  iter_expr             \u2013              
    •  
  •  iter_elems             \u2013              
    •  
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  use               (int)           \u2013            
    •  
  •  dead               (int)           \u2013            
    •  
  •  genmask               (int)           \u2013            
    •  
  •  field_count               (int)           \u2013            
    •  
  •  num_exprs               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  flags               (int)           \u2013            
    •  
  •  ktype               (int)           \u2013            
    •  
  •  klen               (int)           \u2013            
    •  
  •  dtype               (int)           \u2013            
    •  
  •  dlen               (int)           \u2013            
    •  
  •  policy               (int)           \u2013            
    •  
  •  timeout               (int)           \u2013            
    •  
  •  gc_int               (int)           \u2013            
    •  
  •  objtype               (int)           \u2013            
    •  
  •  handle               (int)           \u2013            
    •  
  •  nelems               (int)           \u2013            
    •  
  •  desc_size               (int)           \u2013            
    •  
  •  desc_concat               (list[int])           \u2013            
    •  
  •  table               ('Table')           \u2013            
    •  
  •  userdata               (bytearray)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.use","title":"use  instance-attribute","text":"
use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dead","title":"dead  instance-attribute","text":"
dead: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.genmask","title":"genmask  instance-attribute","text":"
genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.field_count","title":"field_count  instance-attribute","text":"
field_count: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.num_exprs","title":"num_exprs  instance-attribute","text":"
num_exprs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.flags","title":"flags  instance-attribute","text":"
flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.ktype","title":"ktype  instance-attribute","text":"
ktype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.klen","title":"klen  instance-attribute","text":"
klen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dtype","title":"dtype  instance-attribute","text":"
dtype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dlen","title":"dlen  instance-attribute","text":"
dlen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.policy","title":"policy  instance-attribute","text":"
policy: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.timeout","title":"timeout  instance-attribute","text":"
timeout: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.gc_int","title":"gc_int  instance-attribute","text":"
gc_int: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.objtype","title":"objtype  instance-attribute","text":"
objtype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.nelems","title":"nelems  property","text":"
nelems: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_size","title":"desc_size  property","text":"
desc_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_concat","title":"desc_concat  property","text":"
desc_concat: list[int]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.table","title":"table  property","text":"
table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.userdata","title":"userdata  property","text":"
userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_expr","title":"iter_expr","text":"
iter_expr() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_elems","title":"iter_elems","text":"
iter_elems() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object","title":"Object","text":"
Object(addr: Value)\n
 
               Bases: NftFields
 
Methods:
 
     
  •  iter_data             \u2013              
    •  
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  genmask               (int)           \u2013            
    •  
  •  use               (int)           \u2013            
    •  
  •  handle               (int)           \u2013            
    •  
  •  type               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  table               ('Table')           \u2013            
    •  
  •  userdata               (bytearray)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.genmask","title":"genmask  instance-attribute","text":"
genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.use","title":"use  instance-attribute","text":"
use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.type","title":"type  property","text":"
type: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.name","title":"name  property","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.table","title":"table  property","text":"
table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.userdata","title":"userdata  property","text":"
userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.iter_data","title":"iter_data","text":"
iter_data() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook","title":"FlowtableHook","text":"
FlowtableHook(parent: 'Flowtable')\n
 
               Bases: NftFields
 
Methods:
 
     
  •  nested_print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  hooknum               (int)           \u2013            
    •  
  •  priority               (int)           \u2013            
    •  
  •  devs               (list[str])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.hooknum","title":"hooknum  property","text":"
hooknum: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.priority","title":"priority  property","text":"
priority: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.devs","title":"devs  property","text":"
devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.nested_print","title":"nested_print","text":"
nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable","title":"Flowtable","text":"
Flowtable(addr: Value)\n
 
               Bases: NftFields
 
Methods:
 
     
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  genmask               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  use               (int)           \u2013            
    •  
  •  handle               (int)           \u2013            
    •  
  •  hook               (FlowtableHook)           \u2013            
    •  
  •  table               ('Table')           \u2013            
    •  
  •  flags               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.genmask","title":"genmask  instance-attribute","text":"
genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.use","title":"use  instance-attribute","text":"
use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.hook","title":"hook  instance-attribute","text":"
hook: FlowtableHook = FlowtableHook(self)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.table","title":"table  property","text":"
table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.flags","title":"flags  property","text":"
flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table","title":"Table","text":"
Table(addr: Value)\n
 
               Bases: NftFields
 
Methods:
 
     
  •  find             \u2013              
    •  
  •  iter_chains             \u2013              
    •  
  •  iter_sets             \u2013              
    •  
  •  iter_flowtables             \u2013              
    •  
  •  iter_objects             \u2013              
    •  
  •  nested_print             \u2013              
    •  
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  family               (int)           \u2013            
    •  
  •  genmask               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  handle               (int)           \u2013            
    •  
  •  use               (int)           \u2013            
    •  
  •  flags               (int)           \u2013            
    •  
  •  nlpid               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.family","title":"family  instance-attribute","text":"
family: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.genmask","title":"genmask  instance-attribute","text":"
genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.use","title":"use  instance-attribute","text":"
use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.flags","title":"flags  instance-attribute","text":"
flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nlpid","title":"nlpid  instance-attribute","text":"
nlpid: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.find","title":"find  classmethod","text":"
find(\n    table_name: str | None = None,\n    table_family: int | None = None,\n    nsid: int | None = None,\n) -> Iterator[\"Table\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_chains","title":"iter_chains","text":"
iter_chains() -> Iterator[Chain]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_sets","title":"iter_sets","text":"
iter_sets() -> Iterator[Set]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_flowtables","title":"iter_flowtables","text":"
iter_flowtables() -> Iterator[Flowtable]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_objects","title":"iter_objects","text":"
iter_objects() -> Iterator[Object]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nested_print","title":"nested_print","text":"
nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables","title":"Nftables","text":"
Nftables(addr: Value)\n
 
Methods:
 
     
  •  find             \u2013              
    •  
  •  iter_tables             \u2013              
    •  
  •  print             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.find","title":"find  classmethod","text":"
find(nsid: int | None = None) -> 'Nftables' | None\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.iter_tables","title":"iter_tables","text":"
iter_tables() -> Iterator[Table]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.print","title":"print","text":"
print()\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.catch_error","title":"catch_error","text":"
catch_error(func)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.get_init_net_namespace","title":"get_init_net_namespace","text":"
get_init_net_namespace() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/","title":"paging","text":""},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging","title":"paging","text":"
Classes:
 
     
  •  PageTableLevel           \u2013            
    •  
  •  ArchPagingInfo           \u2013            
    •  
  •  x86_64PagingInfo           \u2013            
    •  
  •  Aarch64PagingInfo           \u2013            
    •  
 
Functions:
 
     
  •  first_kernel_page_start             \u2013              
    •  
 
Attributes:
 
     
  •  INVALID_ADDR           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.INVALID_ADDR","title":"INVALID_ADDR  module-attribute","text":"
INVALID_ADDR = 1 << 64\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.PageTableLevel","title":"PageTableLevel  dataclass","text":"
PageTableLevel(name: str, entry: int, virt: int, idx: int)\n
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  entry               (int)           \u2013            
    •  
  •  virt               (int)           \u2013            
    •  
  •  idx               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.PageTableLevel.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.PageTableLevel.entry","title":"entry  instance-attribute","text":"
entry: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.PageTableLevel.virt","title":"virt  instance-attribute","text":"
virt: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.PageTableLevel.idx","title":"idx  instance-attribute","text":"
idx: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo","title":"ArchPagingInfo","text":"
Methods:
 
     
  •  adjust             \u2013              
    •  
  •  markers             \u2013              
    •  
  •  handle_kernel_pages             \u2013              
    •  
  •  kbase_helper             \u2013              
    •  
  •  pagewalk             \u2013              
    •  
  •  pagewalk_helper             \u2013              
    •  
  •  pageentry_flags             \u2013              
    •  
  •  should_stop_pagewalk             \u2013              
    •  
 
Attributes:
 
     
  •  USERLAND           \u2013            
    •  
  •  KERNELLAND           \u2013            
    •  
  •  KERNELRO           \u2013            
    •  
  •  KERNELBSS           \u2013            
    •  
  •  KERNELDRIVER           \u2013            
    •  
  •  ESPSTACK           \u2013            
    •  
  •  PHYSMAP           \u2013            
    •  
  •  VMALLOC           \u2013            
    •  
  •  VMEMMAP           \u2013            
    •  
  •  addr_marker_sz               (int)           \u2013            
    •  
  •  va_bits               (int)           \u2013            
    •  
  •  pagetable_cache               (dict[Value, dict[int, int]])           \u2013            
    •  
  •  pagetableptr_cache               (dict[int, Value])           \u2013            
    •  
  •  pagetable_level_names               (tuple[str, ...])           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  physmap               (int)           \u2013            
    •  
  •  vmalloc               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  paging_level               (int)           \u2013            
    •  
  •  phys_offset           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.USERLAND","title":"USERLAND  class-attribute instance-attribute","text":"
USERLAND = 'userland'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.KERNELLAND","title":"KERNELLAND  class-attribute instance-attribute","text":"
KERNELLAND = 'kernel [.text]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.KERNELRO","title":"KERNELRO  class-attribute instance-attribute","text":"
KERNELRO = 'kernel [.rodata]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.KERNELBSS","title":"KERNELBSS  class-attribute instance-attribute","text":"
KERNELBSS = 'kernel [.bss]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.KERNELDRIVER","title":"KERNELDRIVER  class-attribute instance-attribute","text":"
KERNELDRIVER = 'kernel [.driver .bpf]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.ESPSTACK","title":"ESPSTACK  class-attribute instance-attribute","text":"
ESPSTACK = 'espfix'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.PHYSMAP","title":"PHYSMAP  class-attribute instance-attribute","text":"
PHYSMAP = 'physmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.VMALLOC","title":"VMALLOC  class-attribute instance-attribute","text":"
VMALLOC = 'vmalloc'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.VMEMMAP","title":"VMEMMAP  class-attribute instance-attribute","text":"
VMEMMAP = 'vmemmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.addr_marker_sz","title":"addr_marker_sz  instance-attribute","text":"
addr_marker_sz: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.va_bits","title":"va_bits  instance-attribute","text":"
va_bits: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pagetable_cache","title":"pagetable_cache  class-attribute instance-attribute","text":"
pagetable_cache: dict[Value, dict[int, int]] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pagetableptr_cache","title":"pagetableptr_cache  class-attribute instance-attribute","text":"
pagetableptr_cache: dict[int, Value] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pagetable_level_names","title":"pagetable_level_names  instance-attribute","text":"
pagetable_level_names: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.physmap","title":"physmap  property","text":"
physmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.vmalloc","title":"vmalloc  property","text":"
vmalloc: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.kbase","title":"kbase  property","text":"
kbase: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.paging_level","title":"paging_level  property","text":"
paging_level: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.phys_offset","title":"phys_offset  property","text":"
phys_offset\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.adjust","title":"adjust","text":"
adjust(name: str) -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.markers","title":"markers","text":"
markers() -> tuple[tuple[str, int], ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.handle_kernel_pages","title":"handle_kernel_pages","text":"
handle_kernel_pages(pages)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.kbase_helper","title":"kbase_helper","text":"
kbase_helper(address)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pagewalk","title":"pagewalk","text":"
pagewalk(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pagewalk_helper","title":"pagewalk_helper","text":"
pagewalk_helper(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pageentry_flags","title":"pageentry_flags","text":"
pageentry_flags(level) -> BitFlags\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.should_stop_pagewalk","title":"should_stop_pagewalk","text":"
should_stop_pagewalk(is_last)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo","title":"x86_64PagingInfo","text":"
x86_64PagingInfo()\n
 
               Bases: ArchPagingInfo
 
Methods:
 
     
  •  get_vmalloc_vmemmap_bases             \u2013              
    •  
  •  markers             \u2013              
    •  
  •  adjust             \u2013              
    •  
  •  handle_kernel_pages             \u2013              
    •  
  •  pagewalk             \u2013              
    •  
  •  pageentry_flags             \u2013              
    •  
  •  should_stop_pagewalk             \u2013              
    •  
  •  kbase_helper             \u2013              
    •  
  •  pagewalk_helper             \u2013              
    •  
 
Attributes:
 
     
  •  va_bits           \u2013            
    •  
  •  pagetable_level_names           \u2013            
    •  
  •  physmap           \u2013            
    •  
  •  kbase           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmalloc           \u2013            
    •  
  •  vmemmap           \u2013            
    •  
  •  paging_level               (int)           \u2013            
    •  
  •  USERLAND           \u2013            
    •  
  •  KERNELLAND           \u2013            
    •  
  •  KERNELRO           \u2013            
    •  
  •  KERNELBSS           \u2013            
    •  
  •  KERNELDRIVER           \u2013            
    •  
  •  ESPSTACK           \u2013            
    •  
  •  PHYSMAP           \u2013            
    •  
  •  VMALLOC           \u2013            
    •  
  •  VMEMMAP           \u2013            
    •  
  •  addr_marker_sz               (int)           \u2013            
    •  
  •  pagetable_cache               (dict[Value, dict[int, int]])           \u2013            
    •  
  •  pagetableptr_cache               (dict[int, Value])           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  phys_offset           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.va_bits","title":"va_bits  instance-attribute","text":"
va_bits = 48 if paging_level == 4 else 51\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pagetable_level_names","title":"pagetable_level_names  instance-attribute","text":"
pagetable_level_names = (\n    (\"Page\", \"PT\", \"PMD\", \"PUD\", \"PGD\")\n    if paging_level == 4\n    else (\"Page\", \"PT\", \"PMD\", \"P4D\", \"PUD\", \"PGD\")\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.physmap","title":"physmap  property","text":"
physmap\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.kbase","title":"kbase  property","text":"
kbase\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.vmalloc","title":"vmalloc  property","text":"
vmalloc\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.vmemmap","title":"vmemmap  property","text":"
vmemmap\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.paging_level","title":"paging_level  property","text":"
paging_level: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.USERLAND","title":"USERLAND  class-attribute instance-attribute","text":"
USERLAND = 'userland'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.KERNELLAND","title":"KERNELLAND  class-attribute instance-attribute","text":"
KERNELLAND = 'kernel [.text]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.KERNELRO","title":"KERNELRO  class-attribute instance-attribute","text":"
KERNELRO = 'kernel [.rodata]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.KERNELBSS","title":"KERNELBSS  class-attribute instance-attribute","text":"
KERNELBSS = 'kernel [.bss]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.KERNELDRIVER","title":"KERNELDRIVER  class-attribute instance-attribute","text":"
KERNELDRIVER = 'kernel [.driver .bpf]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.ESPSTACK","title":"ESPSTACK  class-attribute instance-attribute","text":"
ESPSTACK = 'espfix'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.PHYSMAP","title":"PHYSMAP  class-attribute instance-attribute","text":"
PHYSMAP = 'physmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.VMALLOC","title":"VMALLOC  class-attribute instance-attribute","text":"
VMALLOC = 'vmalloc'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.VMEMMAP","title":"VMEMMAP  class-attribute instance-attribute","text":"
VMEMMAP = 'vmemmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.addr_marker_sz","title":"addr_marker_sz  instance-attribute","text":"
addr_marker_sz: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pagetable_cache","title":"pagetable_cache  class-attribute instance-attribute","text":"
pagetable_cache: dict[Value, dict[int, int]] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pagetableptr_cache","title":"pagetableptr_cache  class-attribute instance-attribute","text":"
pagetableptr_cache: dict[int, Value] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.phys_offset","title":"phys_offset  property","text":"
phys_offset\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.get_vmalloc_vmemmap_bases","title":"get_vmalloc_vmemmap_bases","text":"
get_vmalloc_vmemmap_bases()\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.markers","title":"markers","text":"
markers() -> tuple[tuple[str, int], ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.adjust","title":"adjust","text":"
adjust(name)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.handle_kernel_pages","title":"handle_kernel_pages","text":"
handle_kernel_pages(pages)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pagewalk","title":"pagewalk","text":"
pagewalk(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pageentry_flags","title":"pageentry_flags","text":"
pageentry_flags(is_last) -> BitFlags\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.should_stop_pagewalk","title":"should_stop_pagewalk","text":"
should_stop_pagewalk(entry)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.kbase_helper","title":"kbase_helper","text":"
kbase_helper(address)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pagewalk_helper","title":"pagewalk_helper","text":"
pagewalk_helper(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo","title":"Aarch64PagingInfo","text":"
Aarch64PagingInfo()\n
 
               Bases: ArchPagingInfo
 
Methods:
 
     
  •  markers             \u2013              
    •  
  •  adjust             \u2013              
    •  
  •  handle_kernel_pages             \u2013              
    •  
  •  pagewalk             \u2013              
    •  
  •  pageentry_flags             \u2013              
    •  
  •  should_stop_pagewalk             \u2013              
    •  
  •  kbase_helper             \u2013              
    •  
  •  pagewalk_helper             \u2013              
    •  
 
Attributes:
 
     
  •  tcr_el1           \u2013            
    •  
  •  va_bits           \u2013            
    •  
  •  PAGE_OFFSET           \u2013            
    •  
  •  va_bits_min           \u2013            
    •  
  •  pagetable_level_names           \u2013            
    •  
  •  vmalloc               (int)           \u2013            
    •  
  •  physmap           \u2013            
    •  
  •  kbase           \u2013            
    •  
  •  kversion           \u2013            
    •  
  •  module_start           \u2013            
    •  
  •  vmemmap           \u2013            
    •  
  •  pci           \u2013            
    •  
  •  fixmap           \u2013            
    •  
  •  ksize           \u2013            
    •  
  •  page_shift_heuristic               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  page_shift_user               (int)           \u2013            
    •  
  •  paging_level           \u2013            
    •  
  •  phys_offset           \u2013            
    •  
  •  USERLAND           \u2013            
    •  
  •  KERNELLAND           \u2013            
    •  
  •  KERNELRO           \u2013            
    •  
  •  KERNELBSS           \u2013            
    •  
  •  KERNELDRIVER           \u2013            
    •  
  •  ESPSTACK           \u2013            
    •  
  •  PHYSMAP           \u2013            
    •  
  •  VMALLOC           \u2013            
    •  
  •  VMEMMAP           \u2013            
    •  
  •  addr_marker_sz               (int)           \u2013            
    •  
  •  pagetable_cache               (dict[Value, dict[int, int]])           \u2013            
    •  
  •  pagetableptr_cache               (dict[int, Value])           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.tcr_el1","title":"tcr_el1  instance-attribute","text":"
tcr_el1 = aarch64_tcr_flags\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.va_bits","title":"va_bits  instance-attribute","text":"
va_bits = 64 - tcr_el1['T1SZ']\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.PAGE_OFFSET","title":"PAGE_OFFSET  instance-attribute","text":"
PAGE_OFFSET = _PAGE_OFFSET(va_bits)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.va_bits_min","title":"va_bits_min  instance-attribute","text":"
va_bits_min = 48 if va_bits > 48 else va_bits\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pagetable_level_names","title":"pagetable_level_names  instance-attribute","text":"
pagetable_level_names = ('Page', 'L3', 'L2', 'L1', 'L0')\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.vmalloc","title":"vmalloc  property","text":"
vmalloc: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.physmap","title":"physmap  property","text":"
physmap\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.kbase","title":"kbase  property","text":"
kbase\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.kversion","title":"kversion  property","text":"
kversion\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.module_start","title":"module_start  property","text":"
module_start\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.vmemmap","title":"vmemmap  property","text":"
vmemmap\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pci","title":"pci  property","text":"
pci\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.fixmap","title":"fixmap  property","text":"
fixmap\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.ksize","title":"ksize  property","text":"
ksize\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.page_shift_heuristic","title":"page_shift_heuristic  property","text":"
page_shift_heuristic: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.page_shift_user","title":"page_shift_user  property","text":"
page_shift_user: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.paging_level","title":"paging_level  property","text":"
paging_level\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.phys_offset","title":"phys_offset  property","text":"
phys_offset\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.USERLAND","title":"USERLAND  class-attribute instance-attribute","text":"
USERLAND = 'userland'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.KERNELLAND","title":"KERNELLAND  class-attribute instance-attribute","text":"
KERNELLAND = 'kernel [.text]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.KERNELRO","title":"KERNELRO  class-attribute instance-attribute","text":"
KERNELRO = 'kernel [.rodata]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.KERNELBSS","title":"KERNELBSS  class-attribute instance-attribute","text":"
KERNELBSS = 'kernel [.bss]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.KERNELDRIVER","title":"KERNELDRIVER  class-attribute instance-attribute","text":"
KERNELDRIVER = 'kernel [.driver .bpf]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.ESPSTACK","title":"ESPSTACK  class-attribute instance-attribute","text":"
ESPSTACK = 'espfix'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.PHYSMAP","title":"PHYSMAP  class-attribute instance-attribute","text":"
PHYSMAP = 'physmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.VMALLOC","title":"VMALLOC  class-attribute instance-attribute","text":"
VMALLOC = 'vmalloc'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.VMEMMAP","title":"VMEMMAP  class-attribute instance-attribute","text":"
VMEMMAP = 'vmemmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.addr_marker_sz","title":"addr_marker_sz  instance-attribute","text":"
addr_marker_sz: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pagetable_cache","title":"pagetable_cache  class-attribute instance-attribute","text":"
pagetable_cache: dict[Value, dict[int, int]] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pagetableptr_cache","title":"pagetableptr_cache  class-attribute instance-attribute","text":"
pagetableptr_cache: dict[int, Value] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.markers","title":"markers","text":"
markers() -> tuple[tuple[str, int], ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.adjust","title":"adjust","text":"
adjust(name)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.handle_kernel_pages","title":"handle_kernel_pages","text":"
handle_kernel_pages(pages)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pagewalk","title":"pagewalk","text":"
pagewalk(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pageentry_flags","title":"pageentry_flags","text":"
pageentry_flags(is_last) -> BitFlags\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.should_stop_pagewalk","title":"should_stop_pagewalk","text":"
should_stop_pagewalk(entry)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.kbase_helper","title":"kbase_helper","text":"
kbase_helper(address)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pagewalk_helper","title":"pagewalk_helper","text":"
pagewalk_helper(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.first_kernel_page_start","title":"first_kernel_page_start","text":"
first_kernel_page_start()\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/","title":"rbtree","text":""},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree","title":"rbtree","text":"
Functions:
 
     
  •  init             \u2013              
    •  
  •  for_each_rb_entry             \u2013              
    •  
  •  rb_first             \u2013              
    •  
  •  rb_last             \u2013              
    •  
  •  rb_parent             \u2013              
    •  
  •  rb_empty_node             \u2013              
    •  
  •  rb_next             \u2013              
    •  
  •  rb_prev             \u2013              
    •  
 
Attributes:
 
     
  •  rb_root_type               (Type)           \u2013            
    •  
  •  rb_node_type               (Type)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_root_type","title":"rb_root_type  module-attribute","text":"
rb_root_type: Type = None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_node_type","title":"rb_node_type  module-attribute","text":"
rb_node_type: Type = None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.init","title":"init","text":"
init()\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.for_each_rb_entry","title":"for_each_rb_entry","text":"
for_each_rb_entry(\n    root: Value, typename: str, fieldname: str\n) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_first","title":"rb_first","text":"
rb_first(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_last","title":"rb_last","text":"
rb_last(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_parent","title":"rb_parent","text":"
rb_parent(node: Value) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_empty_node","title":"rb_empty_node","text":"
rb_empty_node(node: Value) -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_next","title":"rb_next","text":"
rb_next(node: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_prev","title":"rb_prev","text":"
rb_prev(node: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/","title":"slab","text":""},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab","title":"slab","text":"
Classes:
 
     
  •  Freelist           \u2013            
    •  
  •  SlabCache           \u2013            
    •  
  •  CpuCache           \u2013            
    •  
  •  NodeCache           \u2013            
    •  
  •  Slab           \u2013            
    •  
 
Functions:
 
     
  •  caches             \u2013              
    •  
  •  get_cache             \u2013              
    •  
  •  slab_struct_type             \u2013              
    •  
  •  oo_order             \u2013              
    •  
  •  oo_objects             \u2013              
    •  
  •  get_flags_list             \u2013              
    •  
  •  find_containing_slab_cache             \u2013              
    •  
  •  kmem_cache_node_pad_sz             \u2013              
    •  
  •  kmem_cache_pad_sz             \u2013              
    •  
  •  kmem_cache_structs             \u2013              
    •  
  •  load_slab_typeinfo             \u2013              
    •  
 
Attributes:
 
     
  •  OO_SHIFT           \u2013            
    •  
  •  OO_MASK           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.OO_SHIFT","title":"OO_SHIFT  module-attribute","text":"
OO_SHIFT = 16\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.OO_MASK","title":"OO_MASK  module-attribute","text":"
OO_MASK = (1 << OO_SHIFT) - 1\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist","title":"Freelist","text":"
Freelist(start_addr: int, slab: Slab)\n
 
Methods:
 
     
  •  __iter__             \u2013              
    •  
  •  __int__             \u2013              
    •  
  •  __len__             \u2013              
    •  
  •  find_next             \u2013              
    •  
  •  is_valid_obj             \u2013              
    •  
 
Attributes:
 
     
  •  start_addr           \u2013            
    •  
  •  slab           \u2013            
    •  
  •  offset           \u2013            
    •  
  •  random           \u2013            
    •  
  •  cyclic           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.start_addr","title":"start_addr  instance-attribute","text":"
start_addr = start_addr\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.slab","title":"slab  instance-attribute","text":"
slab = slab\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.offset","title":"offset  instance-attribute","text":"
offset = offset\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.random","title":"random  instance-attribute","text":"
random = random\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.cyclic","title":"cyclic  instance-attribute","text":"
cyclic = None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__iter__","title":"__iter__","text":"
__iter__() -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__int__","title":"__int__","text":"
__int__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__len__","title":"__len__","text":"
__len__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.find_next","title":"find_next","text":"
find_next(addr: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.is_valid_obj","title":"is_valid_obj","text":"
is_valid_obj(addr)\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache","title":"SlabCache","text":"
SlabCache(slab_cache: Value)\n
 
Methods:
 
     
  •  find_containing_slab             \u2013              
    •  
 
Attributes:
 
     
  •  address               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  offset               (int)           \u2013            
    •  
  •  random               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    •  
  •  slab_size               (int)           \u2013            
    •  
  •  object_size               (int)           \u2013            
    •  
  •  align               (int)           \u2013            
    •  
  •  flags               (list[str])           \u2013            
    •  
  •  cpu_cache               (CpuCache | None)           \u2013            
    returns cpu cache associated to current thread
     
    •  
  •  cpu_caches               (Generator[CpuCache, None, None])           \u2013            
    •  
  •  node_caches               (Generator[NodeCache, None, None])           \u2013            
    returns node caches for all NUMA nodes
     
    •  
  •  cpu_partial               (int)           \u2013            
    •  
  •  cpu_partial_slabs               (int)           \u2013            
    •  
  •  min_partial               (int)           \u2013            
    •  
  •  inuse               (int)           \u2013            
    •  
  •  useroffset               (int)           \u2013            
    •  
  •  usersize               (int)           \u2013            
    •  
  •  oo_order           \u2013            
    •  
  •  oo_objects           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.address","title":"address  property","text":"
address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.name","title":"name  property","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.offset","title":"offset  property","text":"
offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.random","title":"random  property","text":"
random: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.size","title":"size  property","text":"
size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.slab_size","title":"slab_size  property","text":"
slab_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.object_size","title":"object_size  property","text":"
object_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.align","title":"align  property","text":"
align: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.flags","title":"flags  property","text":"
flags: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_cache","title":"cpu_cache  property","text":"
cpu_cache: CpuCache | None\n
 
returns cpu cache associated to current thread
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_caches","title":"cpu_caches  property","text":"
cpu_caches: Generator[CpuCache, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.node_caches","title":"node_caches  property","text":"
node_caches: Generator[NodeCache, None, None]\n
 
returns node caches for all NUMA nodes
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_partial","title":"cpu_partial  property","text":"
cpu_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_partial_slabs","title":"cpu_partial_slabs  property","text":"
cpu_partial_slabs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.min_partial","title":"min_partial  property","text":"
min_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.inuse","title":"inuse  property","text":"
inuse: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.useroffset","title":"useroffset  property","text":"
useroffset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.usersize","title":"usersize  property","text":"
usersize: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.__oo_x","title":"__oo_x  property","text":"
__oo_x: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_order","title":"oo_order  property","text":"
oo_order\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_objects","title":"oo_objects  property","text":"
oo_objects\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.find_containing_slab","title":"find_containing_slab","text":"
find_containing_slab(address) -> Slab | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache","title":"CpuCache","text":"
CpuCache(cpu_cache: Value, slab_cache: SlabCache, cpu: int)\n
 
Attributes:
 
     
  •  slab_cache           \u2013            
    •  
  •  cpu           \u2013            
    •  
  •  address               (int)           \u2013            
    •  
  •  freelist               (Freelist)           \u2013            
    •  
  •  active_slab               (Slab | None)           \u2013            
    •  
  •  partial_slabs               (list[Slab])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.slab_cache","title":"slab_cache  instance-attribute","text":"
slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.cpu","title":"cpu  instance-attribute","text":"
cpu = cpu\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.address","title":"address  property","text":"
address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.freelist","title":"freelist  property","text":"
freelist: Freelist\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.active_slab","title":"active_slab  property","text":"
active_slab: Slab | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.partial_slabs","title":"partial_slabs  property","text":"
partial_slabs: list[Slab]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache","title":"NodeCache","text":"
NodeCache(node_cache: Value, slab_cache: SlabCache, node: int)\n
 
Attributes:
 
     
  •  slab_cache           \u2013            
    •  
  •  node           \u2013            
    •  
  •  address               (int)           \u2013            
    •  
  •  partial_slabs               (list[Slab])           \u2013            
    •  
  •  nr_partial               (int)           \u2013            
    •  
  •  min_partial               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.slab_cache","title":"slab_cache  instance-attribute","text":"
slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.node","title":"node  instance-attribute","text":"
node = node\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.address","title":"address  property","text":"
address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.partial_slabs","title":"partial_slabs  property","text":"
partial_slabs: list[Slab]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.nr_partial","title":"nr_partial  property","text":"
nr_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.min_partial","title":"min_partial  property","text":"
min_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab","title":"Slab","text":"
Slab(\n    slab: Value,\n    cpu_cache: CpuCache = None,\n    node_cache: NodeCache = None,\n    is_active: bool = False,\n)\n
 
Methods:
 
     
  •  __contains__             \u2013              
    •  
 
Attributes:
 
     
  •  is_active           \u2013            
    •  
  •  cpu_cache           \u2013            
    •  
  •  is_cpu           \u2013            
    •  
  •  slab_cache           \u2013            
    •  
  •  node_cache           \u2013            
    •  
  •  slab_address               (int)           \u2013            
    •  
  •  virt_address               (int)           \u2013            
    •  
  •  object_count               (int)           \u2013            
    •  
  •  objects               (Generator[int, None, None])           \u2013            
    •  
  •  frozen               (int)           \u2013            
    •  
  •  inuse               (int)           \u2013            
    •  
  •  slabs               (int)           \u2013            
    •  
  •  pobjects               (int)           \u2013            
    •  
  •  freelist               (Freelist)           \u2013            
    •  
  •  free_objects               (set[int])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.is_active","title":"is_active  instance-attribute","text":"
is_active = is_active\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.cpu_cache","title":"cpu_cache  instance-attribute","text":"
cpu_cache = cpu_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.is_cpu","title":"is_cpu  instance-attribute","text":"
is_cpu = True\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_cache","title":"slab_cache  instance-attribute","text":"
slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.node_cache","title":"node_cache  instance-attribute","text":"
node_cache = node_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_address","title":"slab_address  property","text":"
slab_address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.virt_address","title":"virt_address  property","text":"
virt_address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.object_count","title":"object_count  property","text":"
object_count: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.objects","title":"objects  property","text":"
objects: Generator[int, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.frozen","title":"frozen  property","text":"
frozen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.inuse","title":"inuse  property","text":"
inuse: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slabs","title":"slabs  property","text":"
slabs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.pobjects","title":"pobjects  property","text":"
pobjects: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.freelist","title":"freelist  property","text":"
freelist: Freelist\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.free_objects","title":"free_objects  property","text":"
free_objects: set[int]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.__contains__","title":"__contains__","text":"
__contains__(addr: int)\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.caches","title":"caches","text":"
caches() -> Generator[SlabCache, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_cache","title":"get_cache","text":"
get_cache(target_name: str) -> SlabCache | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.slab_struct_type","title":"slab_struct_type","text":"
slab_struct_type() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_order","title":"oo_order","text":"
oo_order(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_objects","title":"oo_objects","text":"
oo_objects(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_flags_list","title":"get_flags_list","text":"
get_flags_list(flags: int) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.find_containing_slab_cache","title":"find_containing_slab_cache","text":"
find_containing_slab_cache(addr: int) -> SlabCache | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.kmem_cache_node_pad_sz","title":"kmem_cache_node_pad_sz","text":"
kmem_cache_node_pad_sz(val)\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.kmem_cache_pad_sz","title":"kmem_cache_pad_sz","text":"
kmem_cache_pad_sz(kconfig) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.kmem_cache_structs","title":"kmem_cache_structs","text":"
kmem_cache_structs(node_cache_pad)\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.load_slab_typeinfo","title":"load_slab_typeinfo","text":"
load_slab_typeinfo()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/","title":"symbol","text":""},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol","title":"symbol","text":"
Classes:
 
     
  •  ArchSymbols           \u2013            
    •  
  •  x86_64Symbols           \u2013            
    •  
  •  Aarch64Symbols           \u2013            
    •  
 
Functions:
 
     
  •  migratetype_names             \u2013              
    •  
  •  try_usymbol             \u2013              
    •  
  •  nzones             \u2013              
    •  
  •  nmtypes             \u2013              
    •  
  •  npcplist             \u2013              
    returns NR_PCP_LISTS (https://elixir.bootlin.com/linux/v6.13/source/include/linux/mmzone.h#L671)
     
    •  
  •  kversion_cint             \u2013              
    •  
  •  load_common_structs             \u2013              
    •  
  •  load_common_structs_on_load             \u2013              
    •  
 
Attributes:
 
     
  •  POSSIBLE_ZONE_NAMES           \u2013            
    •  
  •  COMMON_TYPES           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.POSSIBLE_ZONE_NAMES","title":"POSSIBLE_ZONE_NAMES  module-attribute","text":"
POSSIBLE_ZONE_NAMES = (\"DMA\", \"DMA32\", \"Normal\", \"HighMem\", \"Movable\", \"Device\")\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.COMMON_TYPES","title":"COMMON_TYPES  module-attribute","text":"
COMMON_TYPES = '\\n#include <stdint.h>\\n#include <stddef.h>\\n#include <linux/version.h>\\ntypedef unsigned char u8;\\ntypedef char s8;\\ntypedef unsigned short u16;\\ntypedef unsigned int u32;\\ntypedef long long s64;\\n#define bool int\\n#if UINTPTR_MAX == 0xffffffff\\n    typedef int16_t arch_word_t;\\n#else\\n    typedef int32_t arch_word_t;\\n#endif\\ntypedef struct {\\n    int counter;\\n} atomic_t;\\n\\nstruct list_head {\\n    struct list_head *next, *prev;\\n};\\nstruct kmem_cache;\\nenum pageflags {\\n\\tPG_locked,\\t\\t/* Page is locked. Don\\'t touch. */\\n\\tPG_writeback,\\t\\t/* Page is under writeback */\\n\\tPG_referenced,\\n\\tPG_uptodate,\\n\\tPG_dirty,\\n\\tPG_lru,\\n\\tPG_head,\\t\\t/* Must be in bit 6 */\\n\\tPG_waiters,\\t\\t/* Page has waiters, check its waitqueue. Must be bit #7 and in the same byte as \"PG_locked\" */\\n\\tPG_active,\\n\\tPG_workingset,\\n\\tPG_owner_priv_1,\\t/* Owner use. If pagecache, fs may use */\\n\\tPG_owner_2,\\t\\t/* Owner use. If pagecache, fs may use */\\n\\tPG_arch_1,\\n\\tPG_reserved,\\n\\tPG_private,\\t\\t/* If pagecache, has fs-private data */\\n\\tPG_private_2,\\t\\t/* If pagecache, has fs aux data */\\n\\tPG_reclaim,\\t\\t/* To be reclaimed asap */\\n\\tPG_swapbacked,\\t\\t/* Page is backed by RAM/swap */\\n\\tPG_unevictable,\\t\\t/* Page is \"unevictable\"  */\\n\\tPG_dropbehind,\\t\\t/* drop pages on IO completion */\\n};\\n'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols","title":"ArchSymbols","text":"
ArchSymbols()\n
 
Methods:
 
     
  •  disass             \u2013              
    •  
  •  regex             \u2013              
    •  
  •  node_data             \u2013              
    •  
  •  slab_caches             \u2013              
    •  
  •  per_cpu_offset             \u2013              
    •  
  •  modules             \u2013              
    •  
  •  db_list             \u2013              
    •  
  •  map_idr             \u2013              
    •  
  •  prog_idr             \u2013              
    •  
  •  current_task             \u2013              
    •  
 
Attributes:
 
     
  •  node_data_heuristic_func           \u2013            
    •  
  •  slab_caches_heuristic_func           \u2013            
    •  
  •  per_cpu_offset_heuristic_func           \u2013            
    •  
  •  modules_heuristic_func           \u2013            
    •  
  •  db_list_heuristic_func           \u2013            
    •  
  •  bpf_prog_heuristic_func           \u2013            
    •  
  •  bpf_map_heuristic_func           \u2013            
    •  
  •  current_task_heuristic_func           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.node_data_heuristic_func","title":"node_data_heuristic_func  instance-attribute","text":"
node_data_heuristic_func = 'first_online_pgdat'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.slab_caches_heuristic_func","title":"slab_caches_heuristic_func  instance-attribute","text":"
slab_caches_heuristic_func = 'slab_next'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.per_cpu_offset_heuristic_func","title":"per_cpu_offset_heuristic_func  instance-attribute","text":"
per_cpu_offset_heuristic_func = 'nr_iowait_cpu'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.modules_heuristic_func","title":"modules_heuristic_func  instance-attribute","text":"
modules_heuristic_func = 'find_module_all'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.db_list_heuristic_func","title":"db_list_heuristic_func  instance-attribute","text":"
db_list_heuristic_func = (\n    \"dma_buf_file_release\" if krelease() >= (5, 10) else \"dma_buf_release\"\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.bpf_prog_heuristic_func","title":"bpf_prog_heuristic_func  instance-attribute","text":"
bpf_prog_heuristic_func = 'bpf_prog_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.bpf_map_heuristic_func","title":"bpf_map_heuristic_func  instance-attribute","text":"
bpf_map_heuristic_func = 'bpf_map_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.current_task_heuristic_func","title":"current_task_heuristic_func  instance-attribute","text":"
current_task_heuristic_func = 'common_cpu_up'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.disass","title":"disass","text":"
disass(name, lines=5)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.regex","title":"regex","text":"
regex(s, pattern, nth)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.node_data","title":"node_data","text":"
node_data()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.slab_caches","title":"slab_caches","text":"
slab_caches()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.per_cpu_offset","title":"per_cpu_offset","text":"
per_cpu_offset()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.modules","title":"modules","text":"
modules()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.db_list","title":"db_list","text":"
db_list()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.map_idr","title":"map_idr","text":"
map_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.prog_idr","title":"prog_idr","text":"
prog_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.current_task","title":"current_task","text":"
current_task()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols","title":"x86_64Symbols","text":"
x86_64Symbols()\n
 
               Bases: ArchSymbols
 
Methods:
 
     
  •  qword_op_reg_memoff             \u2013              
    •  
  •  qword_mov_reg_const             \u2013              
    •  
  •  dword_mov_reg_const             \u2013              
    •  
  •  qword_mov_reg_ripoff             \u2013              
    •  
  •  disass             \u2013              
    •  
  •  regex             \u2013              
    •  
  •  node_data             \u2013              
    •  
  •  slab_caches             \u2013              
    •  
  •  per_cpu_offset             \u2013              
    •  
  •  modules             \u2013              
    •  
  •  db_list             \u2013              
    •  
  •  map_idr             \u2013              
    •  
  •  prog_idr             \u2013              
    •  
  •  current_task             \u2013              
    •  
 
Attributes:
 
     
  •  node_data_heuristic_func           \u2013            
    •  
  •  slab_caches_heuristic_func           \u2013            
    •  
  •  per_cpu_offset_heuristic_func           \u2013            
    •  
  •  modules_heuristic_func           \u2013            
    •  
  •  db_list_heuristic_func           \u2013            
    •  
  •  bpf_prog_heuristic_func           \u2013            
    •  
  •  bpf_map_heuristic_func           \u2013            
    •  
  •  current_task_heuristic_func           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.node_data_heuristic_func","title":"node_data_heuristic_func  instance-attribute","text":"
node_data_heuristic_func = 'first_online_pgdat'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.slab_caches_heuristic_func","title":"slab_caches_heuristic_func  instance-attribute","text":"
slab_caches_heuristic_func = 'slab_next'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.per_cpu_offset_heuristic_func","title":"per_cpu_offset_heuristic_func  instance-attribute","text":"
per_cpu_offset_heuristic_func = 'nr_iowait_cpu'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.modules_heuristic_func","title":"modules_heuristic_func  instance-attribute","text":"
modules_heuristic_func = 'find_module_all'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.db_list_heuristic_func","title":"db_list_heuristic_func  instance-attribute","text":"
db_list_heuristic_func = (\n    \"dma_buf_file_release\" if krelease() >= (5, 10) else \"dma_buf_release\"\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.bpf_prog_heuristic_func","title":"bpf_prog_heuristic_func  instance-attribute","text":"
bpf_prog_heuristic_func = 'bpf_prog_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.bpf_map_heuristic_func","title":"bpf_map_heuristic_func  instance-attribute","text":"
bpf_map_heuristic_func = 'bpf_map_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.current_task_heuristic_func","title":"current_task_heuristic_func  instance-attribute","text":"
current_task_heuristic_func = 'common_cpu_up'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.qword_op_reg_memoff","title":"qword_op_reg_memoff","text":"
qword_op_reg_memoff(disass, op, sign='-', nth=0)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.qword_mov_reg_const","title":"qword_mov_reg_const","text":"
qword_mov_reg_const(disass, nth=0)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.dword_mov_reg_const","title":"dword_mov_reg_const","text":"
dword_mov_reg_const(disass, nth=0)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.qword_mov_reg_ripoff","title":"qword_mov_reg_ripoff","text":"
qword_mov_reg_ripoff(disass, nth=0)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.disass","title":"disass","text":"
disass(name, lines=5)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.regex","title":"regex","text":"
regex(s, pattern, nth)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.node_data","title":"node_data","text":"
node_data()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.slab_caches","title":"slab_caches","text":"
slab_caches()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.per_cpu_offset","title":"per_cpu_offset","text":"
per_cpu_offset()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.modules","title":"modules","text":"
modules()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.db_list","title":"db_list","text":"
db_list()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.map_idr","title":"map_idr","text":"
map_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.prog_idr","title":"prog_idr","text":"
prog_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.current_task","title":"current_task","text":"
current_task()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols","title":"Aarch64Symbols","text":"
Aarch64Symbols()\n
 
               Bases: ArchSymbols
 
Methods:
 
     
  •  qword_adrp_add_const             \u2013              
    •  
  •  disass             \u2013              
    •  
  •  regex             \u2013              
    •  
  •  node_data             \u2013              
    •  
  •  slab_caches             \u2013              
    •  
  •  per_cpu_offset             \u2013              
    •  
  •  modules             \u2013              
    •  
  •  db_list             \u2013              
    •  
  •  map_idr             \u2013              
    •  
  •  prog_idr             \u2013              
    •  
  •  current_task             \u2013              
    •  
 
Attributes:
 
     
  •  node_data_heuristic_func           \u2013            
    •  
  •  slab_caches_heuristic_func           \u2013            
    •  
  •  per_cpu_offset_heuristic_func           \u2013            
    •  
  •  modules_heuristic_func           \u2013            
    •  
  •  db_list_heuristic_func           \u2013            
    •  
  •  bpf_prog_heuristic_func           \u2013            
    •  
  •  bpf_map_heuristic_func           \u2013            
    •  
  •  current_task_heuristic_func           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.node_data_heuristic_func","title":"node_data_heuristic_func  instance-attribute","text":"
node_data_heuristic_func = 'first_online_pgdat'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.slab_caches_heuristic_func","title":"slab_caches_heuristic_func  instance-attribute","text":"
slab_caches_heuristic_func = 'slab_next'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.per_cpu_offset_heuristic_func","title":"per_cpu_offset_heuristic_func  instance-attribute","text":"
per_cpu_offset_heuristic_func = 'nr_iowait_cpu'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.modules_heuristic_func","title":"modules_heuristic_func  instance-attribute","text":"
modules_heuristic_func = 'find_module_all'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.db_list_heuristic_func","title":"db_list_heuristic_func  instance-attribute","text":"
db_list_heuristic_func = (\n    \"dma_buf_file_release\" if krelease() >= (5, 10) else \"dma_buf_release\"\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.bpf_prog_heuristic_func","title":"bpf_prog_heuristic_func  instance-attribute","text":"
bpf_prog_heuristic_func = 'bpf_prog_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.bpf_map_heuristic_func","title":"bpf_map_heuristic_func  instance-attribute","text":"
bpf_map_heuristic_func = 'bpf_map_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.current_task_heuristic_func","title":"current_task_heuristic_func  instance-attribute","text":"
current_task_heuristic_func = 'common_cpu_up'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.qword_adrp_add_const","title":"qword_adrp_add_const","text":"
qword_adrp_add_const(disass, nth=0)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.disass","title":"disass","text":"
disass(name, lines=5)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.regex","title":"regex","text":"
regex(s, pattern, nth)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.node_data","title":"node_data","text":"
node_data()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.slab_caches","title":"slab_caches","text":"
slab_caches()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.per_cpu_offset","title":"per_cpu_offset","text":"
per_cpu_offset()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.modules","title":"modules","text":"
modules()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.db_list","title":"db_list","text":"
db_list()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.map_idr","title":"map_idr","text":"
map_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.prog_idr","title":"prog_idr","text":"
prog_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.current_task","title":"current_task","text":"
current_task()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.migratetype_names","title":"migratetype_names","text":"
migratetype_names() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.try_usymbol","title":"try_usymbol","text":"
try_usymbol(name: str, size=None) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.nzones","title":"nzones","text":"
nzones() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.nmtypes","title":"nmtypes","text":"
nmtypes() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.npcplist","title":"npcplist","text":"
npcplist() -> int\n
 
returns NR_PCP_LISTS (https://elixir.bootlin.com/linux/v6.13/source/include/linux/mmzone.h#L671)
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.kversion_cint","title":"kversion_cint","text":"
kversion_cint(kversion: tuple[int, int, int] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.load_common_structs","title":"load_common_structs","text":"
load_common_structs()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.load_common_structs_on_load","title":"load_common_structs_on_load","text":"
load_common_structs_on_load()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/","title":"vmmap","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap","title":"vmmap","text":"
Classes:
 
     
  •  KernelVmmap           \u2013            
    •  
  •  QemuMachine           \u2013            
    •  
 
Functions:
 
     
  •  kernel_vmmap_via_page_tables             \u2013              
    •  
  •  kernel_vmmap_via_monitor_info_mem             \u2013              
    Returns Linux memory maps information by parsing monitor info mem output
     
    •  
  •  kernel_vmmap_pages             \u2013              
    •  
  •  kernel_vmmap             \u2013              
    •  
 
Attributes:
 
     
  •  monitor_info_mem_not_warned           \u2013            
    •  
  •  kernel_vmmap_mode           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.monitor_info_mem_not_warned","title":"monitor_info_mem_not_warned  module-attribute","text":"
monitor_info_mem_not_warned = True\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_mode","title":"kernel_vmmap_mode  module-attribute","text":"
kernel_vmmap_mode = add_param(\n    \"kernel-vmmap\",\n    \"page-tables\",\n    \"the method to get vmmap information when debugging via QEMU kernel\",\n    help_docstring=\"Values explained:\\n\\n+ `page-tables` - read /proc/$qemu-pid/mem to parse kernel page tables to render vmmap\\n+ `monitor` - use QEMU's `monitor info mem` to render vmmap\\n+ `none` - disable vmmap rendering; useful if rendering is particularly slow\\n\\nNote that the page-tables method will require the QEMU kernel process to be on the same machine and within the same PID namespace. Running QEMU kernel and GDB in different Docker containers will not work. Consider running both containers with --pid=host (meaning they will see and so be able to interact with all processes on the machine).\\n\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"page-tables\", \"monitor\", \"none\"],\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap","title":"KernelVmmap","text":"
KernelVmmap(pages: tuple[Page, ...])\n
 
Methods:
 
     
  •  get_name             \u2013              
    •  
  •  adjust             \u2013              
    •  
  •  handle_user_pages             \u2013              
    •  
  •  handle_offsets             \u2013              
    •  
 
Attributes:
 
     
  •  pages           \u2013            
    •  
  •  sections           \u2013            
    •  
  •  pi           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.pages","title":"pages  instance-attribute","text":"
pages = pages\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.sections","title":"sections  instance-attribute","text":"
sections = None\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.pi","title":"pi  instance-attribute","text":"
pi = arch_paginginfo()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.get_name","title":"get_name","text":"
get_name(addr: int) -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.adjust","title":"adjust","text":"
adjust()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.handle_user_pages","title":"handle_user_pages","text":"
handle_user_pages()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.handle_offsets","title":"handle_offsets","text":"
handle_offsets()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine","title":"QemuMachine","text":"
QemuMachine()\n
 
               Bases: Machine
 
Methods:
 
     
  •  __del__             \u2013              
    •  
  •  search_pids_for_file             \u2013              
    •  
  •  get_qemu_pid             \u2013              
    •  
  •  read_physical_memory             \u2013              
    •  
  •  read_register             \u2013              
    •  
 
Attributes:
 
     
  •  pid           \u2013            
    •  
  •  file           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.pid","title":"pid  instance-attribute","text":"
pid = get_qemu_pid()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.file","title":"file  instance-attribute","text":"
file = open(f'/proc/{pid}/mem', O_RDONLY)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.__del__","title":"__del__","text":"
__del__()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.search_pids_for_file","title":"search_pids_for_file  staticmethod","text":"
search_pids_for_file(pids: list[str], filename: str) -> str | None\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.get_qemu_pid","title":"get_qemu_pid  staticmethod","text":"
get_qemu_pid()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_physical_memory","title":"read_physical_memory","text":"
read_physical_memory(physical_address: int, length: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_register","title":"read_register","text":"
read_register(register_name: str) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_page_tables","title":"kernel_vmmap_via_page_tables","text":"
kernel_vmmap_via_page_tables() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem","title":"kernel_vmmap_via_monitor_info_mem","text":"
kernel_vmmap_via_monitor_info_mem() -> tuple[Page, ...]\n
 
Returns Linux memory maps information by parsing monitor info mem output from QEMU kernel GDB stub. Works only on X86/X64/RISC-V as this is what QEMU supports.
 
Consider using the kernel_vmmap_via_page_tables method as it is probably more reliable/better.
 
See also: !685 (TODO: revisit with future QEMU versions)
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_pages","title":"kernel_vmmap_pages","text":"
kernel_vmmap_pages() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap","title":"kernel_vmmap","text":"
kernel_vmmap() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/macho/","title":"macho","text":""},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho","title":"macho","text":"
Classes:
 
     
  •  Trie           \u2013            
    Prefix Tree
     
    •  
  •  DyldSharedCacheMapping           \u2013            
    •  
  •  DyldSharedCacheHashSet           \u2013            
    A hash set from the DyLD Shared Cache.
     
    •  
  •  DyldSharedCache           \u2013            
    Handle to the DyLD Shared Cache in the address space of the inferior.
     
    •  
 
Functions:
 
     
  •  shared_cache             \u2013              
    Base address of the Darwin shared cache.
     
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.Trie","title":"Trie","text":"
Trie(ptr: int, ty: Callable[[int, int], T])\n
 
               Bases: _RawTrie, Generic[T]
 
Prefix Tree
 
The Mach-O format makes extensive use of prefix trees for any operation that involves string-based loookup.
 
Methods:
 
     
  •  get             \u2013              
    Get the data associated with the node of given name, if it exists.
     
    •  
  •  entries             \u2013              
    List all the entries in the trie, along with their associated data.
     
    •  
  •  keys             \u2013              
    List the name of all nodes in the trie.
     
    •  
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.Trie.get","title":"get","text":"
get(name: bytes) -> T | None\n
 
Get the data associated with the node of given name, if it exists.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.Trie.entries","title":"entries","text":"
entries() -> Generator[tuple[bytes, T]]\n
 
List all the entries in the trie, along with their associated data.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.Trie.keys","title":"keys","text":"
keys() -> Generator[bytes]\n
 
List the name of all nodes in the trie.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping","title":"DyldSharedCacheMapping","text":"
DyldSharedCacheMapping(\n    addr: int, size: int, file_offset: int, max_prot: int, init_prot: int\n)\n
 
Attributes:
 
     
  •  addr           \u2013            
    •  
  •  size           \u2013            
    •  
  •  file_offset           \u2013            
    •  
  •  max_prot           \u2013            
    •  
  •  init_prot           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping.addr","title":"addr  instance-attribute","text":"
addr = addr\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping.size","title":"size  instance-attribute","text":"
size = size\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping.file_offset","title":"file_offset  instance-attribute","text":"
file_offset = file_offset\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping.max_prot","title":"max_prot  instance-attribute","text":"
max_prot = max_prot\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping.init_prot","title":"init_prot  instance-attribute","text":"
init_prot = init_prot\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet","title":"DyldSharedCacheHashSet","text":"
DyldSharedCacheHashSet(ptr: int)\n
 
A hash set from the DyLD Shared Cache.
 
The DyLD Shared Cache uses hash sets in all structures related to Objective-C Optimization. This class is an interface to them.
 
Methods:
 
     
  •  lookup             \u2013              
    Look up the given key in the hash set.
     
    •  
  •  keys             \u2013              
    Returns an iterator over all the keys present in the hash set.
     
    •  
 
Attributes:
 
     
  •  capacity           \u2013            
    •  
  •  shift           \u2013            
    •  
  •  mask           \u2013            
    •  
  •  salt           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.capacity","title":"capacity  instance-attribute","text":"
capacity = u32(_ptr + 4)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.shift","title":"shift  instance-attribute","text":"
shift = u32(_ptr + 12)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.mask","title":"mask  instance-attribute","text":"
mask = u32(_ptr + 16)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.salt","title":"salt  instance-attribute","text":"
salt = u64(_ptr + 24)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.lookup","title":"lookup","text":"
lookup(key: bytes) -> int | None\n
 
Look up the given key in the hash set.
 
Returns a pointer to the key if it is present, None otherwise.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.keys","title":"keys","text":"
keys() -> Generator[bytes]\n
 
Returns an iterator over all the keys present in the hash set.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache","title":"DyldSharedCache","text":"
DyldSharedCache(addr: int)\n
 
Handle to the DyLD Shared Cache in the address space of the inferior.
 
The shared cache format handling code in libmacho has multiple paths for gathering the same information, depending on a value that is near the beggining of the header, which indicates that the format has likely evolved quite a bit since its first intoduction.
 
The way the version of a given shared cache is determined isn't exactly straighforward, and relies on a combination of the magic and mappingOffset values. Fortunately for us, however, when mappingOffset is used for this purpose, it follows the fairly widely used pattern of using the size of the struct to denote its version.
 
Methods:
 
     
  •  mappings             \u2013              
    Generate the list of memory mappings in the shared cache.
     
    •  
  •  image_base             \u2013              
    •  
  •  image_name             \u2013              
    •  
  •  is_address_in_shared_cache             \u2013              
    Whether the given address is in the shared cache.
     
    •  
  •  objc_builtin_selectors             \u2013              
    Looks up the hash table of builtin Objective-C selectors and returns it.
     
    •  
 
Attributes:
 
     
  •  addr           \u2013            
    •  
  •  slide               (int)           \u2013            
    The slide value of the DyLD Shared Cache, in bytes.
     
    •  
  •  image_count           \u2013            
    •  
  •  base               (int)           \u2013            
    The base virtual address of the DyLD Shared Cache.
     
    •  
  •  size               (int)           \u2013            
    The mapped size, in bytes, of the DyLD Shared Cache.
     
    •  
  •  image_index_trie               (Trie[int] | None)           \u2013            
    The trie of image indices, if available.
     
    •  
  •  images               (Generator[tuple[bytes, int]])           \u2013            
    •  
  •  images_sorted               (Generator[tuple[bytes, int]])           \u2013            
    Same as images, but guaranteed to be sorted by increasing base address
     
    •  
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.addr","title":"addr  instance-attribute","text":"
addr = addr\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.slide","title":"slide  instance-attribute","text":"
slide: int = _slide()\n
 
The slide value of the DyLD Shared Cache, in bytes.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.image_count","title":"image_count  instance-attribute","text":"
image_count = u32(addr + images_offset + 4)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.base","title":"base  property","text":"
base: int\n
 
The base virtual address of the DyLD Shared Cache.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.size","title":"size  property","text":"
size: int\n
 
The mapped size, in bytes, of the DyLD Shared Cache.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.image_index_trie","title":"image_index_trie  property","text":"
image_index_trie: Trie[int] | None\n
 
The trie of image indices, if available.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.images","title":"images  property","text":"
images: Generator[tuple[bytes, int]]\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.images_sorted","title":"images_sorted  property","text":"
images_sorted: Generator[tuple[bytes, int]]\n
 
Same as images, but guaranteed to be sorted by increasing base address
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.mappings","title":"mappings","text":"
mappings() -> Generator[DyldSharedCacheMapping]\n
 
Generate the list of memory mappings in the shared cache.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.image_base","title":"image_base","text":"
image_base(index: int)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.image_name","title":"image_name","text":"
image_name(index: int)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.is_address_in_shared_cache","title":"is_address_in_shared_cache","text":"
is_address_in_shared_cache(addr: int) -> int\n
 
Whether the given address is in the shared cache.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.objc_builtin_selectors","title":"objc_builtin_selectors","text":"
objc_builtin_selectors() -> DyldSharedCacheHashSet\n
 
Looks up the hash table of builtin Objective-C selectors and returns it.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.shared_cache","title":"shared_cache","text":"
shared_cache() -> DyldSharedCache | None\n
 
Base address of the Darwin shared cache.
 
In Darwin, the way the Objective-C Runtime queries for this value is to call _dyld_get_shared_cache_range from libdyld1, which then calls a routine that lives inside dyld itself, and that returns the values after poking into internal C++ structures.
 
From our perspective, that kind of sucks. Calling routines from debuggers can be quite unreliable, and so ideally we'd always be peeking into the data structures directly. But, in this case, even for Apple these are considered entirely private to dyld2, and so there's even less of a stability guarantee for the layout of these structures than normal.
 
Because of this, a level of care must be taken before calling this function, as it must be assumed that the state of the inferior can be changed by it.
"},{"location":"reference/pwndbg/aglib/memory/","title":"memory","text":""},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory","title":"memory","text":"
Functions:
 
     
  •  read             \u2013              
    read(addr, count, partial=False) -> bytearray
     
    •  
  •  readtype             \u2013              
    readtype(type, addr) -> int
     
    •  
  •  write             \u2013              
    write(addr, data)
     
    •  
  •  peek             \u2013              
    peek(address) -> bytearray
     
    •  
  •  is_readable_address             \u2013              
    is_readable_address(address) -> bool
     
    •  
  •  poke             \u2013              
    poke(address)
     
    •  
  •  string             \u2013              
    Reads a null-terminated string from memory.
     
    •  
  •  byte             \u2013              
    byte(addr) -> int
     
    •  
  •  uchar             \u2013              
    uchar(addr) -> int
     
    •  
  •  ushort             \u2013              
    ushort(addr) -> int
     
    •  
  •  uint             \u2013              
    uint(addr) -> int
     
    •  
  •  read_pointer_width             \u2013              
    Read one pointer-width integer at the specified address.
     
    •  
  •  u8             \u2013              
    u8(addr) -> int
     
    •  
  •  u16             \u2013              
    u16(addr) -> int
     
    •  
  •  u32             \u2013              
    u32(addr) -> int
     
    •  
  •  u64             \u2013              
    u64(addr) -> int
     
    •  
  •  u             \u2013              
    u(addr, size=None) -> int
     
    •  
  •  s8             \u2013              
    s8(addr) -> int
     
    •  
  •  s16             \u2013              
    s16(addr) -> int
     
    •  
  •  s32             \u2013              
    s32(addr) -> int
     
    •  
  •  s64             \u2013              
    s64(addr) -> int
     
    •  
  •  sint             \u2013              
    Read one signed int from the specified
     
    •  
  •  cast_pointer             \u2013              
    Create a Value containing given address and cast it to the pointer of specified type
     
    •  
  •  get_typed_pointer             \u2013              
    Look up a type by name if necessary and return a Value of addr cast to that type
     
    •  
  •  get_typed_pointer_value             \u2013              
    Read the pointer value of addr cast to type specified by type_name
     
    •  
  •  find_upper_boundary             \u2013              
    find_upper_boundary(addr, max_pages=1024) -> int
     
    •  
  •  find_lower_boundary             \u2013              
    find_lower_boundary(addr, max_pages=1024) -> int
     
    •  
  •  update_min_addr             \u2013              
    •  
  •  fetch_struct_as_dictionary             \u2013              
    •  
  •  pack_struct_into_dictionary             \u2013              
    •  
  •  convert_pwndbg_value_to_python_value             \u2013              
    •  
  •  resolve_renamed_struct_field             \u2013              
    •  
  •  is_pagefault_supported             \u2013              
    This function should be called before stray memory dereferences to protect against the following situations:
     
    •  
  •  is_kernel             \u2013              
    •  
 
Attributes:
 
     
  •  GdbDict           \u2013            
    •  
  •  MMAP_MIN_ADDR           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.GdbDict","title":"GdbDict  module-attribute","text":"
GdbDict = Dict[str, Union['GdbDict', int]]\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.MMAP_MIN_ADDR","title":"MMAP_MIN_ADDR  module-attribute","text":"
MMAP_MIN_ADDR = 32768\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.read","title":"read","text":"
read(addr: int, count: int, partial: bool = False) -> bytearray\n
 
read(addr, count, partial=False) -> bytearray
 
Read memory from the program being debugged.
 
Parameters:
 
     
  •  addr               (int)           \u2013            
    Address to read
     
    •  
  •  count               (int)           \u2013            
    Number of bytes to read
     
    •  
  •  partial               (bool, default:                   False )           \u2013            
    Whether less than count bytes can be returned
     
    •  
 
Returns:
 
     
  •  bytearray           \u2013            
    bytearray The memory at the specified address,
     
    •  
  •  bytearray           \u2013            
    or None.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.readtype","title":"readtype","text":"
readtype(type: Type, addr: int) -> int\n
 
readtype(type, addr) -> int
 
Reads an integer-type (e.g. uint64) and returns a Python native integer representation of the same.
 
Parameters:
 
     
  •  type               (Type)           \u2013            
    GDB type to read
     
    •  
  •  addr               (int)           \u2013            
    Address at which the value to be read resides
     
    •  
 
Returns:
 
     
  •  int           \u2013            
    int
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.write","title":"write","text":"
write(addr: int, data: str | bytes | bytearray) -> None\n
 
write(addr, data)
 
Writes data into the memory of the process being debugged.
 
Parameters:
 
     
  •  addr               (int)           \u2013            
    Address to write
     
    •  
  •  data               (str | bytes | bytearray)           \u2013            
    Data to write
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.peek","title":"peek","text":"
peek(address: int) -> bytearray | None\n
 
peek(address) -> bytearray
 
Read one byte from the specified address.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to read
     
    •  
 
Returns:
 
     
  •  bytearray | None           \u2013            
    bytearray A single byte of data, or None if the
     
    •  
  •  bytearray | None           \u2013            
    address cannot be read.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.is_readable_address","title":"is_readable_address","text":"
is_readable_address(address: int) -> bool\n
 
is_readable_address(address) -> bool
 
Check if the address can be read by GDB.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to read
     
    •  
 
Returns:
 
     
  •  bool           \u2013            
    bool: Whether the address is readable.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.poke","title":"poke","text":"
poke(address: int) -> bool\n
 
poke(address)
 
Checks whether an address is writable.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to check
     
    •  
 
Returns:
 
     
  •  bool           \u2013            
    bool: Whether the address is writable.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.string","title":"string","text":"
string(addr: int, max: int = 4096) -> bytearray\n
 
Reads a null-terminated string from memory.
 
Parameters:
 
     
  •  addr               (int)           \u2013            
    Address to read from
     
    •  
  •  max               (int, default:                   4096 )           \u2013            
    Maximum string length (default 4096)
     
    •  
 
Returns:
 
     
  •  bytearray           \u2013            
    An empty bytearray, or a NULL-terminated bytearray.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.byte","title":"byte","text":"
byte(addr: int) -> int\n
 
byte(addr) -> int
 
Read one byte at the specified address
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uchar","title":"uchar","text":"
uchar(addr: int) -> int\n
 
uchar(addr) -> int
 
Read one unsigned char at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.ushort","title":"ushort","text":"
ushort(addr: int) -> int\n
 
ushort(addr) -> int
 
Read one unisgned short at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uint","title":"uint","text":"
uint(addr: int) -> int\n
 
uint(addr) -> int
 
Read one unsigned int at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.read_pointer_width","title":"read_pointer_width","text":"
read_pointer_width(addr: int) -> int\n
 
Read one pointer-width integer at the specified address.
 
Raises:
 
     
  •  Error             \u2013            
    if memory read fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u8","title":"u8","text":"
u8(addr: int) -> int\n
 
u8(addr) -> int
 
Read one uint8_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u16","title":"u16","text":"
u16(addr: int) -> int\n
 
u16(addr) -> int
 
Read one uint16_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u32","title":"u32","text":"
u32(addr: int) -> int\n
 
u32(addr) -> int
 
Read one uint32_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u64","title":"u64","text":"
u64(addr: int) -> int\n
 
u64(addr) -> int
 
Read one uint64_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u","title":"u","text":"
u(addr: int, size: int | None = None) -> int\n
 
u(addr, size=None) -> int
 
Read one unsigned integer from the specified address, with the bit-width specified by size, which defaults to the pointer width.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s8","title":"s8","text":"
s8(addr: int) -> int\n
 
s8(addr) -> int
 
Read one int8_t from the specified address
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s16","title":"s16","text":"
s16(addr: int) -> int\n
 
s16(addr) -> int
 
Read one int16_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s32","title":"s32","text":"
s32(addr: int) -> int\n
 
s32(addr) -> int
 
Read one int32_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s64","title":"s64","text":"
s64(addr: int) -> int\n
 
s64(addr) -> int
 
Read one int64_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.sint","title":"sint","text":"
sint(addr: int) -> int\n
 
Read one signed int from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.cast_pointer","title":"cast_pointer","text":"
cast_pointer(type: Type, addr: int | Value) -> Value\n
 
Create a Value containing given address and cast it to the pointer of specified type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer","title":"get_typed_pointer","text":"
get_typed_pointer(type: str | Type, addr: int | Value) -> Value\n
 
Look up a type by name if necessary and return a Value of addr cast to that type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer_value","title":"get_typed_pointer_value","text":"
get_typed_pointer_value(type_name: str | Type, addr: int | Value) -> Value\n
 
Read the pointer value of addr cast to type specified by type_name
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_upper_boundary","title":"find_upper_boundary","text":"
find_upper_boundary(addr: int, max_pages: int = 1024) -> int\n
 
find_upper_boundary(addr, max_pages=1024) -> int
 
Brute-force search the upper boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_lower_boundary","title":"find_lower_boundary","text":"
find_lower_boundary(addr: int, max_pages: int = 1024) -> int\n
 
find_lower_boundary(addr, max_pages=1024) -> int
 
Brute-force search the lower boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.update_min_addr","title":"update_min_addr","text":"
update_min_addr() -> None\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.fetch_struct_as_dictionary","title":"fetch_struct_as_dictionary","text":"
fetch_struct_as_dictionary(\n    struct_name: str,\n    struct_address: int | Value,\n    include_only_fields: set[str] | None = None,\n    exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.pack_struct_into_dictionary","title":"pack_struct_into_dictionary","text":"
pack_struct_into_dictionary(\n    fetched_struct: Value,\n    include_only_fields: set[str] | None = None,\n    exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.convert_pwndbg_value_to_python_value","title":"convert_pwndbg_value_to_python_value","text":"
convert_pwndbg_value_to_python_value(dbg_value: Value) -> int | GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.resolve_renamed_struct_field","title":"resolve_renamed_struct_field","text":"
resolve_renamed_struct_field(\n    struct_name: str, possible_field_names: set[str]\n) -> str\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.is_pagefault_supported","title":"is_pagefault_supported","text":"
is_pagefault_supported() -> bool\n
 
This function should be called before stray memory dereferences to protect against the following situations:
 
     
  1. On embedded systems, it's not uncommon for MMIO regions to exist where memory reads might mutate the hardware/process state.
    2.  
  2. On baremetal/embedded, paging doesn't always exist, so all memory is \"valid\" (and often initialized to zero) - this makes every value appear to be a pointer.
    3.  
 
As such, we disable dereferencing by default for bare metal targets.
 
See more discussion here: !385
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.is_kernel","title":"is_kernel","text":"
is_kernel(addr: int)\n
"},{"location":"reference/pwndbg/aglib/nearpc/","title":"nearpc","text":""},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc","title":"nearpc","text":"
Functions:
 
     
  •  ljust_padding             \u2013              
    •  
  •  nearpc             \u2013              
    Disassemble near a specified address.
     
    •  
 
Attributes:
 
     
  •  c           \u2013            
    •  
  •  nearpc_branch_marker           \u2013            
    •  
  •  nearpc_branch_marker_contiguous           \u2013            
    •  
  •  show_args           \u2013            
    •  
  •  show_comments           \u2013            
    •  
  •  show_opcode_bytes           \u2013            
    •  
  •  opcode_separator_bytes           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.c","title":"c  module-attribute","text":"
c = ColorConfig(\n    \"nearpc\",\n    [\n        ColorParamSpec(\"symbol\", \"normal\", \"color for nearpc command (symbol)\"),\n        ColorParamSpec(\n            \"address\", \"normal\", \"color for nearpc command (address)\"\n        ),\n        ColorParamSpec(\n            \"prefix\", \"none\", \"color for nearpc command (prefix marker)\"\n        ),\n        ColorParamSpec(\n            \"breakpoint\", \"red\", \"color for nearpc command (breakpoint marker)\"\n        ),\n        ColorParamSpec(\n            \"syscall-name\",\n            \"red\",\n            \"color for nearpc command (resolved syscall name)\",\n        ),\n        ColorParamSpec(\n            \"argument\", \"bold\", \"color for nearpc command (target argument)\"\n        ),\n        ColorParamSpec(\n            \"integration-comments\",\n            \"bold\",\n            \"color for nearpc command (integration comments)\",\n        ),\n        ColorParamSpec(\n            \"branch-marker\",\n            \"normal\",\n            \"color for nearpc command (branch marker line)\",\n        ),\n    ],\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker","title":"nearpc_branch_marker  module-attribute","text":"
nearpc_branch_marker = add_param(\n    \"nearpc-branch-marker\", \"    \u2193\", \"branch marker line for nearpc command\"\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker_contiguous","title":"nearpc_branch_marker_contiguous  module-attribute","text":"
nearpc_branch_marker_contiguous = add_param(\n    \"nearpc-branch-marker-contiguous\",\n    \" \",\n    \"contiguous branch marker line for nearpc command\",\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_args","title":"show_args  module-attribute","text":"
show_args = add_param(\n    \"nearpc-show-args\", True, \"whether to show call arguments below instruction\"\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_comments","title":"show_comments  module-attribute","text":"
show_comments = add_param(\n    \"nearpc-integration-comments\",\n    True,\n    \"whether to show comments from integration provider\",\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_opcode_bytes","title":"show_opcode_bytes  module-attribute","text":"
show_opcode_bytes = add_param(\n    \"nearpc-num-opcode-bytes\",\n    0,\n    \"number of opcode bytes to print for each instruction\",\n    param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.opcode_separator_bytes","title":"opcode_separator_bytes  module-attribute","text":"
opcode_separator_bytes = add_param(\n    \"nearpc-opcode-separator-bytes\",\n    1,\n    \"number of spaces between opcode bytes\",\n    param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.ljust_padding","title":"ljust_padding","text":"
ljust_padding(lst)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc","title":"nearpc","text":"
nearpc(\n    pc: int = None,\n    lines: int = 5,\n    back_lines: int = 0,\n    total_lines: int = None,\n    emulate=False,\n    repeat=False,\n    use_cache=False,\n    linear=False,\n) -> list[str]\n
 
Disassemble near a specified address.
 
The linear argument specifies if we should disassemble linearly in memory, or take jumps into account
"},{"location":"reference/pwndbg/aglib/next/","title":"next","text":""},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next","title":"next","text":"
Commands for setting temporary breakpoints on the next instruction of some type (call, branch, etc.)
 
Functions:
 
     
  •  next_int             \u2013              
    If there is a syscall in the current basic black,
     
    •  
  •  next_branch             \u2013              
    Return the next branch instruction that the process will encounter with repeated usage of the \"nexti\" command.
     
    •  
  •  next_matching_until_branch             \u2013              
    Finds the next instruction that matches the arguments between the given
     
    •  
  •  break_next_branch             \u2013              
    If including_current == True, do not step in case we are currently on a branch
     
    •  
  •  break_next_interrupt             \u2013              
    Break at the next interrupt if there is one in the current basic block
     
    •  
  •  break_next_call             \u2013              
    •  
  •  break_next_ret             \u2013              
    •  
  •  break_on_next_matching_instruction             \u2013              
    Breaks on next instuction that matches the arguments.
     
    •  
  •  break_on_program_code             \u2013              
    Breaks on next instruction that belongs to process' objfile code
     
    •  
  •  break_on_next             \u2013              
    •  
 
Attributes:
 
     
  •  interrupts           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.interrupts","title":"interrupts  module-attribute","text":"
interrupts = {CS_GRP_INT}\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_int","title":"next_int","text":"
next_int(address=None, honor_current_branch=False)\n
 
If there is a syscall in the current basic black, return the instruction of the one closest to $PC.
 
If honor_current_branch is True, then if the address is already a branch, return None.
 
If no interrupt exists or a jump is in the way, return None.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_branch","title":"next_branch","text":"
next_branch(address=None, including_current=False) -> PwndbgInstruction | None\n
 
Return the next branch instruction that the process will encounter with repeated usage of the \"nexti\" command.
 
If including_current == True, then if the instruction at the address is already a branch, return it.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_matching_until_branch","title":"next_matching_until_branch","text":"
next_matching_until_branch(address=None, mnemonic=None, op_str=None)\n
 
Finds the next instruction that matches the arguments between the given address and the branch closest to it.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_branch","title":"break_next_branch  async","text":"
break_next_branch(\n    ec: ExecutionController, address=None, including_current=False\n)\n
 
If including_current == True, do not step in case we are currently on a branch
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_interrupt","title":"break_next_interrupt  async","text":"
break_next_interrupt(\n    ec: ExecutionController, address=None, honor_current_branch=False\n) -> PwndbgInstruction | None\n
 
Break at the next interrupt if there is one in the current basic block and no jumps are between the current instruction and the interrupt.
 
If no such interrupt exists or a jump is in the way, return None.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_call","title":"break_next_call  async","text":"
break_next_call(ec: ExecutionController, symbol_regex=None)\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_ret","title":"break_next_ret  async","text":"
break_next_ret(ec: ExecutionController, address=None)\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next_matching_instruction","title":"break_on_next_matching_instruction  async","text":"
break_on_next_matching_instruction(\n    ec: ExecutionController, mnemonic=None, op_str=None\n) -> bool\n
 
Breaks on next instuction that matches the arguments.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_program_code","title":"break_on_program_code  async","text":"
break_on_program_code(ec: ExecutionController) -> bool\n
 
Breaks on next instruction that belongs to process' objfile code
 
:return: True for success, False when process ended or when pc is not at the code or if a signal occurred
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next","title":"break_on_next  async","text":"
break_on_next(ec: ExecutionController, address=None) -> None\n
"},{"location":"reference/pwndbg/aglib/objc/","title":"objc","text":""},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc","title":"objc","text":"
Apple Objective-C Runtime Support
 
This module implements support for analyzing the Apple Objective-C runtime. As expected, Apple provides no oficial specification for the internal ABI of ObjC and no guarantees of its stability, and so this module is not guaranteed to work on all versions of Darwin.
 
Classes:
 
     
  •  Object           \u2013            
    •  
  •  Class           \u2013            
    •  
  •  InstanceVariable           \u2013            
    An Objective-C Instance Variable.
     
    •  
  •  ClassProperty           \u2013            
    •  
  •  Selector           \u2013            
    An Objective-C Selector.
     
    •  
  •  Method           \u2013            
    An Objective-C Method Pointer.
     
    •  
 
Functions:
 
     
  •  try_resolve_call_at_current_pc             \u2013              
    Tries to resolve a call to an Objective-C method for an instruction in the
     
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
  •  max_method_argument_count           \u2013            
    •  
  •  max_method_type_depth           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.max_method_argument_count","title":"max_method_argument_count  module-attribute","text":"
max_method_argument_count = add_param(\n    \"objc-max-function-arguments\",\n    32,\n    \"maximum number of arguments to resolve for an Objective-C method call\",\n    param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.max_method_type_depth","title":"max_method_type_depth  module-attribute","text":"
max_method_type_depth = add_param(\n    \"objc-max-function-types-depth\",\n    32,\n    \"maximum allowed depth for a type in an Objective-C method call\",\n    param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Object","title":"Object","text":"
Object(addr: int)\n
 
Attributes:
 
     
  •  cls               (Class | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Object.cls","title":"cls  property","text":"
cls: Class | None\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class","title":"Class","text":"
Class(addr: int)\n
 
               Bases: Object
 
Attributes:
 
     
  •  superclass               (Class | None)           \u2013            
    •  
  •  name               (bytes)           \u2013            
    •  
  •  methods               (Generator[Method])           \u2013            
    •  
  •  ivars               (Generator[InstanceVariable])           \u2013            
    •  
  •  properties               (Generator[ClassProperty])           \u2013            
    •  
  •  is_metaclass               (bool)           \u2013            
    •  
  •  cls               (Class | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.superclass","title":"superclass  property","text":"
superclass: Class | None\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.name","title":"name  property","text":"
name: bytes\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.methods","title":"methods  property","text":"
methods: Generator[Method]\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.ivars","title":"ivars  property","text":"
ivars: Generator[InstanceVariable]\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.properties","title":"properties  property","text":"
properties: Generator[ClassProperty]\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.is_metaclass","title":"is_metaclass  property","text":"
is_metaclass: bool\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.cls","title":"cls  property","text":"
cls: Class | None\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable","title":"InstanceVariable","text":"
InstanceVariable(ptr: int)\n
 
An Objective-C Instance Variable.
 
Instance Variables are NOT objects!
 
Attributes:
 
     
  •  offset               (int)           \u2013            
    The offset in bytes of this value from the start of the object instance.
     
    •  
  •  name               (bytes)           \u2013            
    The name of this instance variable.
     
    •  
  •  typename               (bytes)           \u2013            
    The name of the type of this instance variable.
     
    •  
  •  alignment               (int)           \u2013            
    The alignment of this instance variable, in bytes.
     
    •  
  •  size               (int)           \u2013            
    The size of this instance variable, in bytes.
     
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable.offset","title":"offset  property","text":"
offset: int\n
 
The offset in bytes of this value from the start of the object instance.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable.name","title":"name  property","text":"
name: bytes\n
 
The name of this instance variable.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable.typename","title":"typename  property","text":"
typename: bytes\n
 
The name of the type of this instance variable.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable.alignment","title":"alignment  property","text":"
alignment: int\n
 
The alignment of this instance variable, in bytes.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable.size","title":"size  property","text":"
size: int\n
 
The size of this instance variable, in bytes.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.ClassProperty","title":"ClassProperty","text":"
ClassProperty(ptr: int)\n
 
Attributes:
 
     
  •  name               (bytes)           \u2013            
    The name of this class property.
     
    •  
  •  value               (bytes)           \u2013            
    The value of this property.
     
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.ClassProperty.name","title":"name  property","text":"
name: bytes\n
 
The name of this class property.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.ClassProperty.value","title":"value  property","text":"
value: bytes\n
 
The value of this property.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Selector","title":"Selector","text":"
Selector(ptr: int)\n
 
An Objective-C Selector.
 
Selectors are NOT objects!
 
Attributes:
 
     
  •  name               (bytes)           \u2013            
    Retrieves the name of this selector.
     
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Selector.name","title":"name  property","text":"
name: bytes\n
 
Retrieves the name of this selector.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Method","title":"Method","text":"
Method(ptr: int)\n
 
An Objective-C Method Pointer.
 
Methods are NOT objects!
 
A method pointer can be one of three types: Small, small direct, and big.
 
Pointer types are distinguished by the two least significant bits in the integer representation of the pointer. A value of 1 is used for both small pointer types, while all other values are used to distinguish between the signing nuances of big pointers.
 
Small pointers 32-bit wide and relative to a given base value. Big pointers contain the pointers themselves, and they may or may not be signed.
 
Small direct pointers are small pointers that reside in the shared cache, and their selectors are relative to @selector(\ud83e\udd2f), while the selectors of regular small pointers are relative to the pointers themselves.
 
Attributes:
 
     
  •  sel               (Selector)           \u2013            
    The selector this method responds to.
     
    •  
  •  types               (bytes)           \u2013            
    The types of the arguments to this method.
     
    •  
  •  imp               (int)           \u2013            
    The pointer to the function that implements this method.
     
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Method.sel","title":"sel  property","text":"
sel: Selector\n
 
The selector this method responds to.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Method.types","title":"types  property","text":"
types: bytes\n
 
The types of the arguments to this method.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Method.imp","title":"imp  property","text":"
imp: int\n
 
The pointer to the function that implements this method.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.try_resolve_call_at_current_pc","title":"try_resolve_call_at_current_pc","text":"
try_resolve_call_at_current_pc(insn: PwndbgInstruction) -> Function | None\n
 
Tries to resolve a call to an Objective-C method for an instruction in the current Program Counter.
"},{"location":"reference/pwndbg/aglib/onegadget/","title":"onegadget","text":""},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget","title":"onegadget","text":"
Classes:
 
     
  •  CheckSatResult           \u2013            
    •  
  •  Lambda           \u2013            
    Modified from onegadget's Lambda class
     
    •  
 
Functions:
 
     
  •  colorize_reg             \u2013              
    •  
  •  colorize_integer             \u2013              
    •  
  •  colorize_psuedo_code             \u2013              
    Colorize the pseudo code of onegadget
     
    •  
  •  compute_file_hash             \u2013              
    Compute the MD5 hash of the file, return the hash
     
    •  
  •  run_onegadget             \u2013              
    Run onegadget and return the output
     
    •  
  •  parse_expression             \u2013              
    Parse expression, return the result, colorized string and error message
     
    •  
  •  check_stack_argv             \u2013              
    Check argv that's on the stack, return the result and the message
     
    •  
  •  check_non_stack_argv             \u2013              
    Check argv that's not on the stack, return the result and the message
     
    •  
  •  check_argv             \u2013              
    Check argv, return the result and the message
     
    •  
  •  check_envp             \u2013              
    Check envp, return the result and the message
     
    •  
  •  check_constraint             \u2013              
    Parse constraint, return the result and the message
     
    •  
  •  check_gadget             \u2013              
    Check status of each gadget, return the gadget's status
     
    •  
  •  find_gadgets             \u2013              
    Find gadgets by parsing the output of onegadget, return there's any valid gadget
     
    •  
 
Attributes:
 
     
  •  ADDRESS_WRITABLE_PATTERN           \u2013            
    •  
  •  WRITABLE_COLON_PATTERN           \u2013            
    •  
  •  EQUAL_NULL_PATTERN           \u2013            
    •  
  •  VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN           \u2013            
    •  
  •  VALID_ARGV_PATTERN           \u2013            
    •  
  •  VALID_ENVP_PATTERN           \u2013            
    •  
  •  IS_ALIGNED_PATTERN           \u2013            
    •  
  •  IS_GOT_ADDRESS_PATTERN           \u2013            
    •  
  •  CAST_PATTERN           \u2013            
    •  
  •  XMM_SHIFT           \u2013            
    •  
  •  CONSTRAINT_SEPARATOR           \u2013            
    •  
  •  CAST_DEREF_MAPPING           \u2013            
    •  
  •  CAST_MAPPING           \u2013            
    •  
  •  ONEGADGET_COLOR           \u2013            
    •  
  •  ONEGADGET_CACHEDIR           \u2013            
    •  
  •  SAT           \u2013            
    •  
  •  UNSAT           \u2013            
    •  
  •  UNKNOWN           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ADDRESS_WRITABLE_PATTERN","title":"ADDRESS_WRITABLE_PATTERN  module-attribute","text":"
ADDRESS_WRITABLE_PATTERN = compile('address(?:es)? (.*) (?:is|are) writable')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.WRITABLE_COLON_PATTERN","title":"WRITABLE_COLON_PATTERN  module-attribute","text":"
WRITABLE_COLON_PATTERN = compile('writable: (.*)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.EQUAL_NULL_PATTERN","title":"EQUAL_NULL_PATTERN  module-attribute","text":"
EQUAL_NULL_PATTERN = compile('(.*) == NULL')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN","title":"VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN  module-attribute","text":"
VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN = compile('(.*) <= 0')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ARGV_PATTERN","title":"VALID_ARGV_PATTERN  module-attribute","text":"
VALID_ARGV_PATTERN = compile('(.+) is a valid argv')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ENVP_PATTERN","title":"VALID_ENVP_PATTERN  module-attribute","text":"
VALID_ENVP_PATTERN = compile('(.+) is a valid envp')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_ALIGNED_PATTERN","title":"IS_ALIGNED_PATTERN  module-attribute","text":"
IS_ALIGNED_PATTERN = compile('(.+) & 0xf == (\\\\d+)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_GOT_ADDRESS_PATTERN","title":"IS_GOT_ADDRESS_PATTERN  module-attribute","text":"
IS_GOT_ADDRESS_PATTERN = compile('(.+) is the GOT address of libc')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_PATTERN","title":"CAST_PATTERN  module-attribute","text":"
CAST_PATTERN = compile('^\\\\([s|u]\\\\d+\\\\)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.XMM_SHIFT","title":"XMM_SHIFT  module-attribute","text":"
XMM_SHIFT = ' >> '\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CONSTRAINT_SEPARATOR","title":"CONSTRAINT_SEPARATOR  module-attribute","text":"
CONSTRAINT_SEPARATOR = ' || '\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_DEREF_MAPPING","title":"CAST_DEREF_MAPPING  module-attribute","text":"
CAST_DEREF_MAPPING = {\n    \"(u16)\": u16,\n    \"(s16)\": s16,\n    \"(u32)\": u32,\n    \"(s32)\": s32,\n    \"(u64)\": u64,\n    \"(s64)\": s64,\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_MAPPING","title":"CAST_MAPPING  module-attribute","text":"
CAST_MAPPING = {\n    \"(u16)\": lambda x: value,\n    \"(s16)\": lambda x: value,\n    \"(u32)\": lambda x: value,\n    \"(s32)\": lambda x: value,\n    \"(u64)\": lambda x: value,\n    \"(s64)\": lambda x: value,\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_COLOR","title":"ONEGADGET_COLOR  module-attribute","text":"
ONEGADGET_COLOR = {\n    \"light_green\": lambda x: colorize(x, \"\\x1b[38;5;82m\"),\n    \"light_purple\": lambda x: colorize(x, \"\\x1b[38;5;153m\"),\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_CACHEDIR","title":"ONEGADGET_CACHEDIR  module-attribute","text":"
ONEGADGET_CACHEDIR = cachedir('onegadget')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.SAT","title":"SAT  module-attribute","text":"
SAT = SAT\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNSAT","title":"UNSAT  module-attribute","text":"
UNSAT = UNSAT\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNKNOWN","title":"UNKNOWN  module-attribute","text":"
UNKNOWN = UNKNOWN\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult","title":"CheckSatResult","text":"
               Bases: Enum
 
Methods:
 
     
  •  __str__             \u2013              
    •  
  •  __and__             \u2013              
    •  
  •  __or__             \u2013              
    •  
 
Attributes:
 
     
  •  SAT           \u2013            
    •  
  •  UNSAT           \u2013            
    •  
  •  UNKNOWN           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.SAT","title":"SAT  class-attribute instance-attribute","text":"
SAT = 1\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNSAT","title":"UNSAT  class-attribute instance-attribute","text":"
UNSAT = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNKNOWN","title":"UNKNOWN  class-attribute instance-attribute","text":"
UNKNOWN = -1\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__and__","title":"__and__","text":"
__and__(other: CheckSatResult) -> CheckSatResult\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__or__","title":"__or__","text":"
__or__(other: CheckSatResult) -> CheckSatResult\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda","title":"Lambda","text":"
Lambda(obj: str | Lambda)\n
 
Modified from onegadget's Lambda class
 
https://github.com/david942j/one_gadget/blob/65ce1dade70bf89e7496346ccf452ce5b2d139b3/lib/one_gadget/emulators/lambda.rb#L13
 
Methods:
 
     
  •  __add__             \u2013              
    •  
  •  __sub__             \u2013              
    •  
  •  __str__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
  •  deref             \u2013              
    •  
  •  deref_             \u2013              
    •  
  •  ref             \u2013              
    •  
  •  evaluate             \u2013              
    •  
  •  parse             \u2013              
    •  
  •  mem_obj             \u2013              
    •  
 
Attributes:
 
     
  •  immi           \u2013            
    •  
  •  obj           \u2013            
    •  
  •  deref_count           \u2013            
    •  
  •  gdb_expr               (str)           \u2013            
    •  
  •  color_str               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.immi","title":"immi  instance-attribute","text":"
immi = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.obj","title":"obj  instance-attribute","text":"
obj = obj\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_count","title":"deref_count  instance-attribute","text":"
deref_count = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.gdb_expr","title":"gdb_expr  property","text":"
gdb_expr: str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.color_str","title":"color_str  property","text":"
color_str: str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__add__","title":"__add__","text":"
__add__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__sub__","title":"__sub__","text":"
__sub__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref","title":"deref","text":"
deref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_","title":"deref_","text":"
deref_() -> None\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.ref","title":"ref","text":"
ref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.evaluate","title":"evaluate","text":"
evaluate(context: dict[Any, Any]) -> int | Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.parse","title":"parse  staticmethod","text":"
parse(argument: str, predefined: dict[Any, Any] = {}) -> int | Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.mem_obj","title":"mem_obj  staticmethod","text":"
mem_obj(arg: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_reg","title":"colorize_reg","text":"
colorize_reg(x: object) -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_integer","title":"colorize_integer","text":"
colorize_integer(x: object) -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_psuedo_code","title":"colorize_psuedo_code","text":"
colorize_psuedo_code(code: str) -> str\n
 
Colorize the pseudo code of onegadget
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.compute_file_hash","title":"compute_file_hash","text":"
compute_file_hash(filename: str) -> str\n
 
Compute the MD5 hash of the file, return the hash
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.run_onegadget","title":"run_onegadget","text":"
run_onegadget() -> str\n
 
Run onegadget and return the output
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.parse_expression","title":"parse_expression","text":"
parse_expression(expr: str) -> tuple[int | None, str, str | None]\n
 
Parse expression, return the result, colorized string and error message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_stack_argv","title":"check_stack_argv","text":"
check_stack_argv(expr: str) -> tuple[CheckSatResult, str]\n
 
Check argv that's on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_non_stack_argv","title":"check_non_stack_argv","text":"
check_non_stack_argv(expr: str) -> tuple[CheckSatResult, str]\n
 
Check argv that's not on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_argv","title":"check_argv","text":"
check_argv(expr: str) -> tuple[CheckSatResult, str]\n
 
Check argv, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_envp","title":"check_envp","text":"
check_envp(expr: str) -> tuple[bool, str]\n
 
Check envp, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_constraint","title":"check_constraint","text":"
check_constraint(constraint: str) -> tuple[CheckSatResult, str]\n
 
Parse constraint, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_gadget","title":"check_gadget","text":"
check_gadget(\n    gadget: str,\n    show_unsat: bool = False,\n    no_unknown: bool = False,\n    verbose: bool = False,\n) -> CheckSatResult\n
 
Check status of each gadget, return the gadget's status
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.find_gadgets","title":"find_gadgets","text":"
find_gadgets(\n    show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> dict[CheckSatResult, int]\n
 
Find gadgets by parsing the output of onegadget, return there's any valid gadget
"},{"location":"reference/pwndbg/aglib/proc/","title":"proc","text":""},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc","title":"proc","text":"
Provides values which would be available from /proc which are not fulfilled by other modules and some process/gdb flow related information.
 
Classes:
 
     
  •  module           \u2013            
    •  
 
Functions:
 
     
  •  OnlyWhenRunning             \u2013              
    •  
  •  OnlyWhenQemuKernel             \u2013              
    •  
  •  OnlyWithArch             \u2013              
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  pid               (int)           \u2013            
    •  
  •  tid               (int)           \u2013            
    •  
  •  thread_id               (int)           \u2013            
    •  
  •  alive               (bool)           \u2013            
    •  
  •  stopped_with_signal               (bool)           \u2013            
    •  
  •  exe               (str | None)           \u2013            
    •  
  •  binary_base_addr               (int)           \u2013            
    •  
  •  binary_vmmap               (tuple[Page, ...])           \u2013            
    •  
  •  tether           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.pid","title":"pid  module-attribute","text":"
pid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tid","title":"tid  module-attribute","text":"
tid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.thread_id","title":"thread_id  module-attribute","text":"
thread_id: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.alive","title":"alive  module-attribute","text":"
alive: bool\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.stopped_with_signal","title":"stopped_with_signal  module-attribute","text":"
stopped_with_signal: bool\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.exe","title":"exe  module-attribute","text":"
exe: str | None\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_base_addr","title":"binary_base_addr  module-attribute","text":"
binary_base_addr: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_vmmap","title":"binary_vmmap  module-attribute","text":"
binary_vmmap: tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tether","title":"tether  module-attribute","text":"
tether = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module","title":"module","text":"
               Bases: ModuleType
 
Methods:
 
     
  •  dump_elf_data_section             \u2013              
    Dump .data section of current process's ELF file
     
    •  
  •  dump_relocations_by_section_name             \u2013              
    Dump relocations of a section by section name of current process's ELF file
     
    •  
  •  get_section_address_by_name             \u2013              
    Find section address of current process by section name
     
    •  
  •  OnlyWhenRunning             \u2013              
    •  
  •  OnlyWhenQemuKernel             \u2013              
    •  
  •  OnlyWithArch             \u2013              
    Decorates function to work only with the specified archictectures.
     
    •  
 
Attributes:
 
     
  •  pid               (int)           \u2013            
    •  
  •  tid               (int)           \u2013            
    •  
  •  thread_id               (int)           \u2013            
    •  
  •  alive               (bool)           \u2013            
    Informs whether the process has a thread. However, note that it will
     
    •  
  •  stopped_with_signal               (bool)           \u2013            
    Returns whether the program has stopped with a signal
     
    •  
  •  exe               (str | None)           \u2013            
    Returns the executed file path.
     
    •  
  •  binary_base_addr               (int)           \u2013            
    •  
  •  binary_vmmap               (tuple[Page, ...])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.pid","title":"pid  property","text":"
pid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.tid","title":"tid  property","text":"
tid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.thread_id","title":"thread_id  property","text":"
thread_id: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.alive","title":"alive  property","text":"
alive: bool\n
 
Informs whether the process has a thread. However, note that it will still return True for a segfaulted thread. To detect that, consider using the stopped_with_signal method.
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.stopped_with_signal","title":"stopped_with_signal  property","text":"
stopped_with_signal: bool\n
 
Returns whether the program has stopped with a signal
 
Can be used to detect segfaults (but will also detect other signals)
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.exe","title":"exe  property","text":"
exe: str | None\n
 
Returns the executed file path.
 
On remote targets, this path may not exist locally.
 If you need the locally referenced file use 
gdb.current_process().filename
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_base_addr","title":"binary_base_addr  property","text":"
binary_base_addr: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_vmmap","title":"binary_vmmap  property","text":"
binary_vmmap: tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_elf_data_section","title":"dump_elf_data_section","text":"
dump_elf_data_section() -> tuple[int, int, bytes] | None\n
 
Dump .data section of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"
dump_relocations_by_section_name(\n    section_name: str,\n) -> tuple[Relocation, ...] | None\n
 
Dump relocations of a section by section name of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.get_section_address_by_name","title":"get_section_address_by_name","text":"
get_section_address_by_name(section_name: str) -> int\n
 
Find section address of current process by section name
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenRunning","title":"OnlyWhenRunning","text":"
OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"
OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWithArch","title":"OnlyWithArch","text":"
OnlyWithArch(\n    arch_names: list[str],\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\n
 
Decorates function to work only with the specified archictectures.
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenRunning","title":"OnlyWhenRunning","text":"
OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"
OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWithArch","title":"OnlyWithArch","text":"
OnlyWithArch(\n    arch_names: list[str],\n) -> Callable[[Callable[..., T]], Callable[..., T | None]]\n
"},{"location":"reference/pwndbg/aglib/qemu/","title":"qemu","text":""},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu","title":"qemu","text":"
Determine whether the target is being run under QEMU.
 
Functions:
 
     
  •  is_qemu             \u2013              
    •  
  •  is_usermode             \u2013              
    •  
  •  is_qemu_usermode             \u2013              
    Returns True if the target remote is being run under
     
    •  
  •  is_qemu_kernel             \u2013              
    •  
  •  is_old_qemu_user             \u2013              
    •  
  •  exec_file_supported             \u2013              
    Returns True if the remote target understands the 'qXfer:exec-file:read' packet.
     
    •  
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu","title":"is_qemu","text":"
is_qemu() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_usermode","title":"is_usermode","text":"
is_usermode() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_usermode","title":"is_qemu_usermode","text":"
is_qemu_usermode() -> bool\n
 
Returns True if the target remote is being run under QEMU usermode emulation.
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_kernel","title":"is_qemu_kernel","text":"
is_qemu_kernel() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_old_qemu_user","title":"is_old_qemu_user","text":"
is_old_qemu_user() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.exec_file_supported","title":"exec_file_supported","text":"
exec_file_supported() -> bool\n
 
Returns True if the remote target understands the 'qXfer:exec-file:read' packet. A check for this feature is done in vmmap code, to warn against running legacy Qemu versions.
"},{"location":"reference/pwndbg/aglib/regs/","title":"regs","text":""},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs","title":"regs","text":"
Reading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
 
Classes:
 
     
  •  module           \u2013            
    •  
 
Functions:
 
     
  •  regs_in_frame             \u2013              
    •  
  •  get_register             \u2013              
    •  
  •  get_qemu_register             \u2013              
    •  
  •  update_last             \u2013              
    •  
 
Attributes:
 
     
  •  PTRACE_ARCH_PRCTL           \u2013            
    •  
  •  ARCH_GET_FS           \u2013            
    •  
  •  ARCH_GET_GS           \u2013            
    •  
  •  gpr               (tuple[str, ...])           \u2013            
    •  
  •  common               (list[str])           \u2013            
    •  
  •  frame               (str | None)           \u2013            
    •  
  •  retaddr               (tuple[str, ...])           \u2013            
    •  
  •  flags               (dict[str, BitFlags])           \u2013            
    •  
  •  extra_flags               (dict[str, BitFlags])           \u2013            
    •  
  •  stack               (str)           \u2013            
    •  
  •  retval               (str | None)           \u2013            
    •  
  •  all               (list[str])           \u2013            
    •  
  •  changed               (list[str])           \u2013            
    •  
  •  fsbase               (int)           \u2013            
    •  
  •  gsbase               (int)           \u2013            
    •  
  •  current               (RegisterSet)           \u2013            
    •  
  •  fix               (Callable[[str], str])           \u2013            
    •  
  •  items               (Callable[[], Generator[tuple[str, Any], None, None]])           \u2013            
    •  
  •  previous               (dict[str, int])           \u2013            
    •  
  •  last               (dict[str, int])           \u2013            
    •  
  •  pc               (int | None)           \u2013            
    •  
  •  tether           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.PTRACE_ARCH_PRCTL","title":"PTRACE_ARCH_PRCTL  module-attribute","text":"
PTRACE_ARCH_PRCTL = 30\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_FS","title":"ARCH_GET_FS  module-attribute","text":"
ARCH_GET_FS = 4099\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_GS","title":"ARCH_GET_GS  module-attribute","text":"
ARCH_GET_GS = 4100\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gpr","title":"gpr  module-attribute","text":"
gpr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.common","title":"common  module-attribute","text":"
common: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.frame","title":"frame  module-attribute","text":"
frame: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retaddr","title":"retaddr  module-attribute","text":"
retaddr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.flags","title":"flags  module-attribute","text":"
flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.extra_flags","title":"extra_flags  module-attribute","text":"
extra_flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.stack","title":"stack  module-attribute","text":"
stack: str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retval","title":"retval  module-attribute","text":"
retval: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.all","title":"all  module-attribute","text":"
all: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.changed","title":"changed  module-attribute","text":"
changed: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fsbase","title":"fsbase  module-attribute","text":"
fsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gsbase","title":"gsbase  module-attribute","text":"
gsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.current","title":"current  module-attribute","text":"
current: RegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fix","title":"fix  module-attribute","text":"
fix: Callable[[str], str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.items","title":"items  module-attribute","text":"
items: Callable[[], Generator[tuple[str, Any], None, None]]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.previous","title":"previous  module-attribute","text":"
previous: dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.last","title":"last  module-attribute","text":"
last: dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.pc","title":"pc  module-attribute","text":"
pc: int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.tether","title":"tether  module-attribute","text":"
tether = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module","title":"module","text":"
               Bases: ModuleType
 
Methods:
 
     
  •  read_reg             \u2013              
    •  
  •  read_reg_uncached             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  __setattr__             \u2013              
    •  
  •  __contains__             \u2013              
    •  
  •  __iter__             \u2013              
    •  
  •  fix             \u2013              
    •  
  •  items             \u2013              
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  previous               (dict[str, int])           \u2013            
    •  
  •  last               (dict[str, int])           \u2013            
    •  
  •  current               (RegisterSet)           \u2013            
    •  
  •  gpr               (tuple[str, ...])           \u2013            
    •  
  •  common               (list[str])           \u2013            
    •  
  •  frame               (str | None)           \u2013            
    •  
  •  retaddr               (tuple[str, ...])           \u2013            
    •  
  •  kernel               (KernelRegisterSet)           \u2013            
    •  
  •  flags               (dict[str, BitFlags])           \u2013            
    •  
  •  extra_flags               (dict[str, BitFlags])           \u2013            
    •  
  •  stack               (str)           \u2013            
    •  
  •  retval               (str | None)           \u2013            
    •  
  •  all               (set[str])           \u2013            
    •  
  •  reg_sets           \u2013            
    •  
  •  changed               (list[str])           \u2013            
    •  
  •  idt               (int)           \u2013            
    •  
  •  idt_limit               (int)           \u2013            
    •  
  •  fsbase               (int)           \u2013            
    •  
  •  gsbase               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.previous","title":"previous  class-attribute instance-attribute","text":"
previous: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.last","title":"last  class-attribute instance-attribute","text":"
last: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.current","title":"current  property","text":"
current: RegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gpr","title":"gpr  property","text":"
gpr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.common","title":"common  property","text":"
common: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.frame","title":"frame  property","text":"
frame: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retaddr","title":"retaddr  property","text":"
retaddr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.kernel","title":"kernel  property","text":"
kernel: KernelRegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.flags","title":"flags  property","text":"
flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.extra_flags","title":"extra_flags  property","text":"
extra_flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.stack","title":"stack  property","text":"
stack: str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retval","title":"retval  property","text":"
retval: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.all","title":"all  property","text":"
all: set[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.reg_sets","title":"reg_sets  class-attribute instance-attribute","text":"
reg_sets = reg_sets\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.changed","title":"changed  property","text":"
changed: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt","title":"idt  property","text":"
idt: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt_limit","title":"idt_limit  property","text":"
idt_limit: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fsbase","title":"fsbase  property","text":"
fsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gsbase","title":"gsbase  property","text":"
gsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.read_reg","title":"read_reg","text":"
read_reg(reg: str, frame: Frame | None = None) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.read_reg_uncached","title":"read_reg_uncached","text":"
read_reg_uncached(reg: str, frame: Frame | None = None) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__getattr__","title":"__getattr__","text":"
__getattr__(attr: str) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__setattr__","title":"__setattr__","text":"
__setattr__(attr: str, val: Any) -> None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__contains__","title":"__contains__","text":"
__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__iter__","title":"__iter__","text":"
__iter__() -> Iterator[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fix","title":"fix","text":"
fix(expression: str) -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.items","title":"items","text":"
items() -> Generator[tuple[str, Any], None, None]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.regs_in_frame","title":"regs_in_frame","text":"
regs_in_frame(frame: Frame) -> Registers\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_register","title":"get_register","text":"
get_register(name: str, frame: Frame | None = None) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_qemu_register","title":"get_qemu_register","text":"
get_qemu_register(name: str) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.update_last","title":"update_last","text":"
update_last() -> None\n
"},{"location":"reference/pwndbg/aglib/remote/","title":"remote","text":""},{"location":"reference/pwndbg/aglib/remote/#pwndbg.aglib.remote","title":"remote","text":"
Information about whether the debuggee is local (under GDB) or remote (under GDBSERVER or QEMU stub).
 
Functions:
 
     
  •  is_remote             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/remote/#pwndbg.aglib.remote.is_remote","title":"is_remote","text":"
is_remote() -> bool\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/","title":"saved_register_frames","text":""},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames","title":"saved_register_frames","text":"
Classes:
 
     
  •  SavedRegisterFrame           \u2013            
    A list of registers that have been saved to process memory for later restoration.
     
    •  
 
Attributes:
 
     
  •  ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS           \u2013            
    •  
  •  ARM_CORTEX_M_EXCEPTION_STACK           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS","title":"ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS  module-attribute","text":"
ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS = {\n    \"r0\": 0,\n    \"r1\": 4,\n    \"r2\": 8,\n    \"r3\": 12,\n    \"r12\": 16,\n    \"lr\": 20,\n    \"pc\": 24,\n    \"xpsr\": 28,\n}\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.ARM_CORTEX_M_EXCEPTION_STACK","title":"ARM_CORTEX_M_EXCEPTION_STACK  module-attribute","text":"
ARM_CORTEX_M_EXCEPTION_STACK = SavedRegisterFrame(\n    ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS\n)\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame","title":"SavedRegisterFrame  dataclass","text":"
SavedRegisterFrame(register_offsets: dict[str, int])\n
 
A list of registers that have been saved to process memory for later restoration.
 
For example, on syscall entry, the process registers are saved to the kernel stack.
 
Methods:
 
     
  •  read_saved_register             \u2013              
    •  
 
Attributes:
 
     
  •  offsets               (dict[str, int])           \u2013            
    •  
  •  frame_layout               (list[tuple[int, str]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.offsets","title":"offsets  instance-attribute","text":"
offsets: dict[str, int] = register_offsets\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.frame_layout","title":"frame_layout  instance-attribute","text":"
frame_layout: list[tuple[int, str]] = sorted((y, x) for (x, y) in (items()))\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.read_saved_register","title":"read_saved_register","text":"
read_saved_register(reg: str, sp: int = None) -> int | None\n
"},{"location":"reference/pwndbg/aglib/shellcode/","title":"shellcode","text":""},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode","title":"shellcode","text":"
Shellcode
 
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
 
Functions:
 
     
  •  exec_syscall             \u2013              
    Tries executing the given syscall in the context of the inferior.
     
    •  
  •  exec_shellcode             \u2013              
    Tries executing the given blob of machine code in the current context of the
     
    •  
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_syscall","title":"exec_syscall  async","text":"
exec_syscall(\n    ec: ExecutionController,\n    syscall,\n    arg0=None,\n    arg1=None,\n    arg2=None,\n    arg3=None,\n    arg4=None,\n    arg5=None,\n)\n
 
Tries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode","title":"exec_shellcode  async","text":"
exec_shellcode(ec: ExecutionController, blob)\n
 
Tries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
 
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode--safety","title":"Safety","text":"
Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/aglib/stack/","title":"stack","text":""},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack","title":"stack","text":"
Helpers for finding address mappings which are used as a stack.
 
Generally not needed, except under qemu-user and for when binaries do things to remap the stack (e.g. pwnies' postit).
 
Functions:
 
     
  •  find             \u2013              
    Returns a pwndbg.lib.memory.Page object which corresponds to given address stack
     
    •  
  •  find_upper_stack_boundary             \u2013              
    •  
  •  get             \u2013              
    For each running thread, return the known address range for its stack
     
    •  
  •  current             \u2013              
    Returns the bounds for the stack for the current thread.
     
    •  
  •  is_executable             \u2013              
    •  
  •  callstack             \u2013              
    Return the address of the return address for the current frame.
     
    •  
  •  get_stack_var_name             \u2013              
    Get the name of the stack variable covering the given address.
     
    •  
 
Attributes:
 
     
  •  auto_explore           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.auto_explore","title":"auto_explore  module-attribute","text":"
auto_explore = add_param(\n    \"auto-explore-stack\",\n    \"warn\",\n    \"stack exploration; it may be really slow\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find","title":"find","text":"
find(address: int) -> Page | None\n
 
Returns a pwndbg.lib.memory.Page object which corresponds to given address stack or None if it does not exist
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find_upper_stack_boundary","title":"find_upper_stack_boundary","text":"
find_upper_stack_boundary(stack_ptr: int, max_pages: int = 1024) -> int\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.get","title":"get","text":"
get() -> dict[int, Page]\n
 
For each running thread, return the known address range for its stack Returns a dict which should never be modified (since its cached)
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.current","title":"current","text":"
current() -> Page | None\n
 
Returns the bounds for the stack for the current thread.
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.is_executable","title":"is_executable","text":"
is_executable() -> bool\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.callstack","title":"callstack","text":"
callstack() -> list[int]\n
 
Return the address of the return address for the current frame.
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.get_stack_var_name","title":"get_stack_var_name","text":"
get_stack_var_name(address: int) -> str | None\n
 
Get the name of the stack variable covering the given address.
 
Returns the variable name with optional offset (e.g., \"buf+0x8\") if the address is within a variable but not at its start. Returns None if no variable is found.
"},{"location":"reference/pwndbg/aglib/strings/","title":"strings","text":""},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings","title":"strings","text":"
Functionality for resolving ASCII printable strings within the debuggee's address space.
 
Functions:
 
     
  •  update_length             \u2013              
    Unfortunately there's not a better way to get at this info.
     
    •  
  •  get             \u2013              
    Returns a printable C-string from address.
     
    •  
  •  yield_in_page             \u2013              
    Yields strings of length >= n found in a given vmmap page
     
    •  
 
Attributes:
 
     
  •  length           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.length","title":"length  module-attribute","text":"
length = 15\n
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.update_length","title":"update_length","text":"
update_length() -> None\n
 
Unfortunately there's not a better way to get at this info.
 
gdb.execute('show print elements', from_tty=False, to_string=True) 'Limit on string chars or array elements to print is 21.\\n'
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.get","title":"get","text":"
get(\n    address: int, maxlen: int | None = None, maxread: int | None = None\n) -> str | None\n
 
Returns a printable C-string from address.
 
Returns None if string contains non-printable chars or if the maxlen length data does not end up with a null byte.
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.yield_in_page","title":"yield_in_page","text":"
yield_in_page(page: Page, n=4) -> Iterator[str]\n
 
Yields strings of length >= n found in a given vmmap page
"},{"location":"reference/pwndbg/aglib/symbol/","title":"symbol","text":""},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol","title":"symbol","text":"
Looking up addresses for function names / symbols, and vice-versa.
 
Functions:
 
     
  •  lookup_symbol_addr             \u2013              
    •  
  •  lookup_symbol_value             \u2013              
    •  
  •  lookup_symbol             \u2013              
    Returns the address of the given symbol, cast-ed to the appropriate symbol type.
     
    •  
  •  lookup_frame_symbol             \u2013              
    Returns the address of the given symbol, cast-ed to the appropriate symbol type.
     
    •  
  •  resolve_addr             \u2013              
    Resolves an address to its corresponding symbol name, if available.
     
    •  
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol_addr","title":"lookup_symbol_addr","text":"
lookup_symbol_addr(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> int | None\n
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol_value","title":"lookup_symbol_value","text":"
lookup_symbol_value(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> int | None\n
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> Value | None\n
 
Returns the address of the given symbol, cast-ed to the appropriate symbol type.
 
This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only) Typedef names (if you need please use aglib.typeinfo.load) - (gdb only) Enum values (if you need please use aglib.typeinfo.enum_member)
 
The lookup order is as follows (default): 1. Global scope within the current module 2. Global static scope within the current module 3. Global scope in other modules 4. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"
lookup_frame_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
 
Returns the address of the given symbol, cast-ed to the appropriate symbol type.
 
This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only, please don't use) Typedef names - (gdb only, please don't use) Enum values
 
The lookup order is as follows: 1. Local scope 2. Global scope within the current module 3. Global static scope within the current module 4. Global scope in other modules 5. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.resolve_addr","title":"resolve_addr","text":"
resolve_addr(addr: int) -> str | None\n
 
Resolves an address to its corresponding symbol name, if available.
 
Note: - This function does not resolve TLS (Thread-Local Storage) addresses or addresses with local scope.
 
Resolution is performed in the following order: - Global scope symbols.
"},{"location":"reference/pwndbg/aglib/tls/","title":"tls","text":""},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls","title":"tls","text":"
Getting Thread Local Storage (TLS) information.
 
Functions:
 
     
  •  find_address_with_pthread_self             \u2013              
    Get the base address of the Thread Local Storage (TLS) for the current thread using
     
    •  
  •  find_address_with_register             \u2013              
    Get the base address of the Thread Local Storage (TLS) for the current thread using
     
    •  
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.__call_pthread_self","title":"__call_pthread_self","text":"
__call_pthread_self() -> int\n
 
Retrieve the address of the struct pthread_t for the current thread by calling pthread_self(). This address can be used to locate the base address of the Thread Local Storage (TLS).
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_pthread_self","title":"find_address_with_pthread_self","text":"
find_address_with_pthread_self() -> int\n
 
Get the base address of the Thread Local Storage (TLS) for the current thread using the pthread_self() function. The returned address points to the struct tcbhead_t, which serves as the header for TLS and thread-specific metadata.
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_register","title":"find_address_with_register","text":"
find_address_with_register() -> int\n
 
Get the base address of the Thread Local Storage (TLS) for the current thread using a CPU register. The returned address points to the struct tcbhead_t, which is the entry point for TLS and thread-specific metadata.
"},{"location":"reference/pwndbg/aglib/typeinfo/","title":"typeinfo","text":""},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo","title":"typeinfo","text":"
Common types.
 
Functions:
 
     
  •  lookup_types             \u2013              
    •  
  •  update             \u2013              
    •  
  •  load             \u2013              
    Load a symbol; note that new symbols can be added with add-symbol-file functionality
     
    •  
  •  get_type             \u2013              
    •  
 
Attributes:
 
     
  •  module           \u2013            
    •  
  •  char               (Type)           \u2013            
    •  
  •  ulong               (Type)           \u2013            
    •  
  •  long               (Type)           \u2013            
    •  
  •  uchar               (Type)           \u2013            
    •  
  •  ushort               (Type)           \u2013            
    •  
  •  uint               (Type)           \u2013            
    •  
  •  sint               (Type)           \u2013            
    •  
  •  void               (Type)           \u2013            
    •  
  •  uint8               (Type)           \u2013            
    •  
  •  uint16               (Type)           \u2013            
    •  
  •  uint32               (Type)           \u2013            
    •  
  •  uint64               (Type)           \u2013            
    •  
  •  unsigned               (dict[int, Type])           \u2013            
    •  
  •  int8               (Type)           \u2013            
    •  
  •  int16               (Type)           \u2013            
    •  
  •  int32               (Type)           \u2013            
    •  
  •  int64               (Type)           \u2013            
    •  
  •  signed               (dict[int, Type])           \u2013            
    •  
  •  pvoid               (Type)           \u2013            
    •  
  •  ppvoid               (Type)           \u2013            
    •  
  •  pchar               (Type)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    •  
  •  ptrdiff               (Type)           \u2013            
    •  
  •  size_t               (Type)           \u2013            
    •  
  •  ssize_t               (Type)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.module","title":"module  module-attribute","text":"
module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.char","title":"char  module-attribute","text":"
char: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ulong","title":"ulong  module-attribute","text":"
ulong: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.long","title":"long  module-attribute","text":"
long: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uchar","title":"uchar  module-attribute","text":"
uchar: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ushort","title":"ushort  module-attribute","text":"
ushort: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint","title":"uint  module-attribute","text":"
uint: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.sint","title":"sint  module-attribute","text":"
sint: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.void","title":"void  module-attribute","text":"
void: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint8","title":"uint8  module-attribute","text":"
uint8: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint16","title":"uint16  module-attribute","text":"
uint16: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint32","title":"uint32  module-attribute","text":"
uint32: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint64","title":"uint64  module-attribute","text":"
uint64: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.unsigned","title":"unsigned  module-attribute","text":"
unsigned: dict[int, Type]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int8","title":"int8  module-attribute","text":"
int8: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int16","title":"int16  module-attribute","text":"
int16: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int32","title":"int32  module-attribute","text":"
int32: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int64","title":"int64  module-attribute","text":"
int64: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.signed","title":"signed  module-attribute","text":"
signed: dict[int, Type]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pvoid","title":"pvoid  module-attribute","text":"
pvoid: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ppvoid","title":"ppvoid  module-attribute","text":"
ppvoid: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pchar","title":"pchar  module-attribute","text":"
pchar: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrsize","title":"ptrsize  module-attribute","text":"
ptrsize: int = 4\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrdiff","title":"ptrdiff  module-attribute","text":"
ptrdiff: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.size_t","title":"size_t  module-attribute","text":"
size_t: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ssize_t","title":"ssize_t  module-attribute","text":"
ssize_t: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.lookup_types","title":"lookup_types","text":"
lookup_types(*types: str) -> Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.load","title":"load","text":"
load(name: str) -> Type | None\n
 
Load a symbol; note that new symbols can be added with add-symbol-file functionality
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.get_type","title":"get_type","text":"
get_type(size: int) -> Type\n
"},{"location":"reference/pwndbg/aglib/vmmap/","title":"vmmap","text":""},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap","title":"vmmap","text":"
Functions:
 
     
  •  get_memory_map             \u2013              
    •  
  •  get             \u2013              
    •  
  •  find             \u2013              
    •  
  •  addr_region_start             \u2013              
    Let's define a \"region\" as contiguous memory compromised of memory mappings
     
    •  
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.get_memory_map","title":"get_memory_map","text":"
get_memory_map() -> MemoryMap\n
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.get","title":"get","text":"
get() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.find","title":"find","text":"
find(address: int | Value | None) -> Page | None\n
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.addr_region_start","title":"addr_region_start","text":"
addr_region_start(address: int | Value) -> int | None\n
 
Let's define a \"region\" as contiguous memory compromised of memory mappings which all have the same object file name. Also referred to as \"File (Base)\" by xinfo.
 
Returns:
 
     
  •  int | None           \u2013            
    The start of the memory region this address belongs to, or None if the address
     
    •  
  •  int | None           \u2013            
    is not mapped.
     
    •  
"},{"location":"reference/pwndbg/aglib/vmmap_custom/","title":"vmmap_custom","text":""},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom","title":"vmmap_custom","text":"
Functions:
 
     
  •  clear_warn_cache             \u2013              
    •  
  •  get_custom_pages             \u2013              
    Returns a tuple of Page objects representing the memory mappings of the
     
    •  
  •  add_custom_page             \u2013              
    •  
  •  clear_custom_page             \u2013              
    •  
  •  explore             \u2013              
    Given a potential address, check to see what permissions it has.
     
    •  
  •  get_memory_flags             \u2013              
    •  
  •  find_boundaries             \u2013              
    Given a single address, find all contiguous pages
     
    •  
 
Attributes:
 
     
  •  explored_pages               (list[Page])           \u2013            
    •  
  •  custom_pages               (list[Page])           \u2013            
    •  
  •  auto_explore           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.explored_pages","title":"explored_pages  module-attribute","text":"
explored_pages: list[Page] = []\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.custom_pages","title":"custom_pages  module-attribute","text":"
custom_pages: list[Page] = []\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.auto_explore","title":"auto_explore  module-attribute","text":"
auto_explore = add_param(\n    \"auto-explore-pages\",\n    \"warn\",\n    \"whether to try to infer page permissions when memory maps are missing\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"yes\", \"warn\", \"no\"],\n    help_docstring=\"\\nThis command can cause errors.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_warn_cache","title":"clear_warn_cache","text":"
clear_warn_cache()\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_custom_pages","title":"get_custom_pages","text":"
get_custom_pages() -> tuple[Page, ...]\n
 
Returns a tuple of Page objects representing the memory mappings of the target, sorted by virtual address ascending.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.add_custom_page","title":"add_custom_page","text":"
add_custom_page(page: Page) -> None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_custom_page","title":"clear_custom_page","text":"
clear_custom_page() -> None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.explore","title":"explore","text":"
explore(address_maybe: int) -> Page | None\n
 
Given a potential address, check to see what permissions it has.
 
Returns:
 
     
  •  Page | None           \u2013            
    Page object
     
    •  
 Note 
Adds the Page object to a persistent list of pages which are only reset when the process dies. This means pages which are added this way will not be removed when unmapped.
 
Also assumes the entire contiguous section has the same permission.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_memory_flags","title":"get_memory_flags","text":"
get_memory_flags(address_maybe: int) -> int | None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.find_boundaries","title":"find_boundaries","text":"
find_boundaries(addr: int, name: str = '', min: int = 0) -> Page\n
 
Given a single address, find all contiguous pages which are mapped.
"},{"location":"reference/pwndbg/arguments/","title":"arguments","text":""},{"location":"reference/pwndbg/arguments/#pwndbg.arguments","title":"arguments","text":"
Function and syscall argument formatting.
 
Enumerates arguments which may be passed in a combination of registers and stack values.
 
Functions:
 
     
  •  get             \u2013              
    Returns an array containing the arguments to the current function,
     
    •  
  •  argname             \u2013              
    •  
  •  argument             \u2013              
    Returns the nth argument, as if $pc were a 'call' or 'bl' type
     
    •  
  •  arguments             \u2013              
    Yields (arg_name, arg_value) tuples for arguments from a given ABI.
     
    •  
  •  format_args             \u2013              
    •  
 
Attributes:
 
     
  •  FILE_DESCRIPTOR_ARG_NAMES           \u2013            
    •  
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.FILE_DESCRIPTOR_ARG_NAMES","title":"FILE_DESCRIPTOR_ARG_NAMES  module-attribute","text":"
FILE_DESCRIPTOR_ARG_NAMES = {\n    \"fd\",\n    \"in_fd\",\n    \"out_fd\",\n    \"fdin\",\n    \"fdout\",\n    \"oldfd\",\n    \"fildes\",\n    \"newfd\",\n    \"epfd\",\n    \"dfd\",\n    \"dirfd\",\n    \"mountdirfd\",\n}\n
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.get","title":"get","text":"
get(instruction: PwndbgInstruction) -> list[tuple[Argument, int]]\n
 
Returns an array containing the arguments to the current function, if $pc is a function call or syscall instruction.
 
Otherwise, returns None.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argname","title":"argname","text":"
argname(n: int, abi: ABI) -> str\n
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argument","title":"argument","text":"
argument(n: int, abi: ABI | None = None) -> int\n
 
Returns the nth argument, as if $pc were a 'call' or 'bl' type instruction. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.arguments","title":"arguments","text":"
arguments(abi: ABI | None = None)\n
 
Yields (arg_name, arg_value) tuples for arguments from a given ABI. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.format_args","title":"format_args","text":"
format_args(instruction: PwndbgInstruction) -> list[str]\n
"},{"location":"reference/pwndbg/auxv/","title":"auxv","text":""},{"location":"reference/pwndbg/auxv/#pwndbg.auxv","title":"auxv","text":"
Performs handling of the linux auxiliary vector.
 
https://www.man7.org/linux/man-pages/man3/getauxval.3.html https://lwn.net/Articles/519085/
 
Functions:
 
     
  •  get             \u2013              
    •  
  •  procfs_auxv             \u2013              
    •  
  •  use_info_auxv             \u2013              
    •  
  •  explore_stack_auxv             \u2013              
    •  
  •  walk_stack2             \u2013              
    •  
 
Attributes:
 
     
  •  auto_explore           \u2013            
    •  
  •  example_info_auxv_linux           \u2013            
    •  
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.auto_explore","title":"auto_explore  module-attribute","text":"
auto_explore = add_param(\n    \"auto-explore-auxv\",\n    \"warn\",\n    \"stack exploration for AUXV information; it may be really slow\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.example_info_auxv_linux","title":"example_info_auxv_linux  module-attribute","text":"
example_info_auxv_linux = '\\n33   AT_SYSINFO_EHDR      System-supplied DSO\\'s ELF header 0x7ffff7ffa000\\n16   AT_HWCAP             Machine-dependent CPU capability hints 0xfabfbff\\n6    AT_PAGESZ            System page size               4096\\n17   AT_CLKTCK            Frequency of times()           100\\n3    AT_PHDR              Program headers for program    0x400040\\n4    AT_PHENT             Size of program header entry   56\\n5    AT_PHNUM             Number of program headers      9\\n7    AT_BASE              Base address of interpreter    0x7ffff7dda000\\n8    AT_FLAGS             Flags                          0x0\\n9    AT_ENTRY             Entry point of program         0x42020b\\n11   AT_UID               Real user ID                   1000\\n12   AT_EUID              Effective user ID              1000\\n13   AT_GID               Real group ID                  1000\\n14   AT_EGID              Effective group ID             1000\\n23   AT_SECURE            Boolean, was exec setuid-like? 0\\n25   AT_RANDOM            Address of 16 random bytes     0x7fffffffdb39\\n31   AT_EXECFN            File name of executable        0x7fffffffefee \"/bin/bash\"\\n15   AT_PLATFORM          String identifying platform    0x7fffffffdb49 \"x86_64\"\\n0    AT_NULL              End of vector                  0x0\\n'\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.get","title":"get","text":"
get() -> AUXV\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.procfs_auxv","title":"procfs_auxv","text":"
procfs_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.use_info_auxv","title":"use_info_auxv","text":"
use_info_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.explore_stack_auxv","title":"explore_stack_auxv","text":"
explore_stack_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.walk_stack2","title":"walk_stack2","text":"
walk_stack2(offset: int = 0) -> AUXV\n
"},{"location":"reference/pwndbg/chain/","title":"chain","text":""},{"location":"reference/pwndbg/chain/#pwndbg.chain","title":"chain","text":"
Dereference and format pointer chains.
 
Functions:
 
     
  •  get             \u2013              
    Recursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
     
    •  
  •  format             \u2013              
    Recursively dereferences an address into string representation, or convert the list representation
     
    •  
 
Attributes:
 
     
  •  LIMIT           \u2013            
    •  
  •  c           \u2013            
    •  
  •  config_arrow_left           \u2013            
    •  
  •  config_arrow_right           \u2013            
    •  
  •  config_contiguous           \u2013            
    •  
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.LIMIT","title":"LIMIT  module-attribute","text":"
LIMIT = add_param(\n    \"dereference-limit\", 5, \"max number of pointers to dereference in a chain\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.c","title":"c  module-attribute","text":"
c = ColorConfig(\n    \"chain\",\n    [\n        ColorParamSpec(\"arrow\", \"normal\", \"color of chain formatting (arrow)\"),\n        ColorParamSpec(\n            \"contiguous-marker\",\n            \"normal\",\n            \"color of chain formatting (contiguous marker)\",\n        ),\n    ],\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_left","title":"config_arrow_left  module-attribute","text":"
config_arrow_left = add_param(\n    \"chain-arrow-left\", \"\u25c2\u2014\", \"left arrow of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_right","title":"config_arrow_right  module-attribute","text":"
config_arrow_right = add_param(\n    \"chain-arrow-right\", \"\u2014\u25b8\", \"right arrow of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_contiguous","title":"config_contiguous  module-attribute","text":"
config_contiguous = add_param(\n    \"chain-contiguous-marker\", \"...\", \"contiguous marker of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.get","title":"get","text":"
get(\n    address: int | None,\n    limit: int = LIMIT,\n    offset: int = 0,\n    hard_stop: int | None = None,\n    hard_end: int = 0,\n    include_start: bool = True,\n    safe_linking: bool = False,\n) -> list[int] | None\n
 
Recursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
 
Parameters:
 
     
  •  address               (int | None)           \u2013            
    the first address to begin dereferencing
     
    •  
  •  limit               (int, default:                   LIMIT )           \u2013            
    number of valid pointers
     
    •  
  •  offset               (int, default:                   0 )           \u2013            
    offset into the address to get the next pointer
     
    •  
  •  hard_stop               (int | None, default:                   None )           \u2013            
    address to stop at
     
    •  
  •  hard_end               (int, default:                   0 )           \u2013            
    value to append when hard_stop is reached
     
    •  
  •  include_start               (bool, default:                   True )           \u2013            
    whether to include starting address or not
     
    •  
  •  safe_linking               (bool, default:                   False )           \u2013            
    whether this chain use safe-linking
     
    •  
 
Returns:
 
     
  •  list[int] | None           \u2013            
    A list representing pointers of each address and reference
     
    •  
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.format","title":"format","text":"
format(\n    value: int | list[int] | None,\n    limit: int = LIMIT,\n    code: bool = True,\n    offset: int = 0,\n    hard_stop: int | None = None,\n    hard_end: int = 0,\n    safe_linking: bool = False,\n    enhance_string_len: int | None = None,\n) -> str\n
 
Recursively dereferences an address into string representation, or convert the list representation of address dereferences into string representation.
 
Parameters:
 
     
  •  value               (int | list[int] | None)           \u2013            
    Either the starting address to be sent to get, or the result of get (a list)
     
    •  
  •  limit               (int, default:                   LIMIT )           \u2013            
    Number of valid pointers
     
    •  
  •  code               (bool, default:                   True )           \u2013            
    Hint that indicates the value may be an instruction
     
    •  
  •  offset               (int, default:                   0 )           \u2013            
    Offset into the address to get the next pointer
     
    •  
  •  hard_stop               (int | None, default:                   None )           \u2013            
    Value to stop on
     
    •  
  •  hard_end               (int, default:                   0 )           \u2013            
    Value to append when hard_stop is reached: null, value of hard stop, a string.
     
    •  
  •  safe_linking               (bool, default:                   False )           \u2013            
    whether this chain use safe-linking
     
    •  
  •  enhance_string_len               (int | None, default:                   None )           \u2013            
    The length of string to display for enhancement of the last pointer
     
    •  
 
Returns:     A string representing pointers of each address and reference     Strings format: 0x0804a10 \u2014\u25b8 0x08061000 \u25c2\u2014 0x41414141
"},{"location":"reference/pwndbg/color/","title":"color","text":""},{"location":"reference/pwndbg/color/#pwndbg.color","title":"color","text":"
Text colorizing and theme configuration logic.
 
Modules:
 
     
  •  context           \u2013            
    •  
  •  disasm           \u2013            
    •  
  •  enhance           \u2013            
    •  
  •  hexdump           \u2013            
    •  
  •  memory           \u2013            
    •  
  •  message           \u2013            
    •  
  •  syntax_highlight           \u2013            
    •  
  •  telescope           \u2013            
    •  
  •  theme           \u2013            
    •  
 
Classes:
 
     
  •  ColorParamSpec           \u2013            
    •  
  •  ColorConfig           \u2013            
    •  
 
Functions:
 
     
  •  normal             \u2013              
    •  
  •  black             \u2013              
    •  
  •  red             \u2013              
    •  
  •  green             \u2013              
    •  
  •  yellow             \u2013              
    •  
  •  blue             \u2013              
    •  
  •  purple             \u2013              
    •  
  •  cyan             \u2013              
    •  
  •  light_gray             \u2013              
    •  
  •  foreground             \u2013              
    •  
  •  gray             \u2013              
    •  
  •  light_red             \u2013              
    •  
  •  light_green             \u2013              
    •  
  •  light_yellow             \u2013              
    •  
  •  light_blue             \u2013              
    •  
  •  light_purple             \u2013              
    •  
  •  light_cyan             \u2013              
    •  
  •  white             \u2013              
    •  
  •  bold             \u2013              
    •  
  •  underline             \u2013              
    •  
  •  colorize             \u2013              
    •  
  •  nocolor             \u2013              
    •  
  •  unstylize             \u2013              
    •  
  •  generateColorFunctionInner             \u2013              
    •  
  •  generateColorFunction             \u2013              
    •  
  •  strip             \u2013              
    •  
  •  terminateWith             \u2013              
    •  
  •  ljust_colored             \u2013              
    •  
  •  rjust_colored             \u2013              
    •  
 
Attributes:
 
     
  •  NORMAL           \u2013            
    •  
  •  BLACK           \u2013            
    •  
  •  RED           \u2013            
    •  
  •  GREEN           \u2013            
    •  
  •  YELLOW           \u2013            
    •  
  •  BLUE           \u2013            
    •  
  •  PURPLE           \u2013            
    •  
  •  CYAN           \u2013            
    •  
  •  LIGHT_GREY           \u2013            
    •  
  •  LIGHT_GRAY           \u2013            
    •  
  •  FOREGROUND           \u2013            
    •  
  •  GREY           \u2013            
    •  
  •  GRAY           \u2013            
    •  
  •  LIGHT_RED           \u2013            
    •  
  •  LIGHT_GREEN           \u2013            
    •  
  •  LIGHT_YELLOW           \u2013            
    •  
  •  LIGHT_BLUE           \u2013            
    •  
  •  LIGHT_PURPLE           \u2013            
    •  
  •  LIGHT_CYAN           \u2013            
    •  
  •  WHITE           \u2013            
    •  
  •  BOLD           \u2013            
    •  
  •  UNDERLINE           \u2013            
    •  
  •  none           \u2013            
    •  
  •  ansi_escape_8bit           \u2013            
    •  
  •  disable_colors           \u2013            
    •  
"},{"location":"reference/pwndbg/color/#pwndbg.color.NORMAL","title":"NORMAL  module-attribute","text":"
NORMAL = '\\x1b[0m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLACK","title":"BLACK  module-attribute","text":"
BLACK = '\\x1b[30m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.RED","title":"RED  module-attribute","text":"
RED = '\\x1b[31m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREEN","title":"GREEN  module-attribute","text":"
GREEN = '\\x1b[32m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.YELLOW","title":"YELLOW  module-attribute","text":"
YELLOW = '\\x1b[33m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLUE","title":"BLUE  module-attribute","text":"
BLUE = '\\x1b[34m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.PURPLE","title":"PURPLE  module-attribute","text":"
PURPLE = '\\x1b[35m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.CYAN","title":"CYAN  module-attribute","text":"
CYAN = '\\x1b[36m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREY","title":"LIGHT_GREY  module-attribute","text":"
LIGHT_GREY = '\\x1b[37m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GRAY","title":"LIGHT_GRAY  module-attribute","text":"
LIGHT_GRAY = '\\x1b[37m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.FOREGROUND","title":"FOREGROUND  module-attribute","text":"
FOREGROUND = '\\x1b[39m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREY","title":"GREY  module-attribute","text":"
GREY = '\\x1b[90m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GRAY","title":"GRAY  module-attribute","text":"
GRAY = '\\x1b[90m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_RED","title":"LIGHT_RED  module-attribute","text":"
LIGHT_RED = '\\x1b[91m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREEN","title":"LIGHT_GREEN  module-attribute","text":"
LIGHT_GREEN = '\\x1b[92m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_YELLOW","title":"LIGHT_YELLOW  module-attribute","text":"
LIGHT_YELLOW = '\\x1b[93m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_BLUE","title":"LIGHT_BLUE  module-attribute","text":"
LIGHT_BLUE = '\\x1b[94m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_PURPLE","title":"LIGHT_PURPLE  module-attribute","text":"
LIGHT_PURPLE = '\\x1b[95m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_CYAN","title":"LIGHT_CYAN  module-attribute","text":"
LIGHT_CYAN = '\\x1b[96m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.WHITE","title":"WHITE  module-attribute","text":"
WHITE = '\\x1b[97m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BOLD","title":"BOLD  module-attribute","text":"
BOLD = '\\x1b[1m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.UNDERLINE","title":"UNDERLINE  module-attribute","text":"
UNDERLINE = '\\x1b[4m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.none","title":"none  module-attribute","text":"
none = str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ansi_escape_8bit","title":"ansi_escape_8bit  module-attribute","text":"
ansi_escape_8bit = compile(\n    \"(?:\\\\x1B[@-Z\\\\\\\\-_]|[\\\\x80-\\\\x9A\\\\x9C-\\\\x9F]|(?:\\\\x1B\\\\[|\\\\x9B)[0-?]*[ -/]*[@-~])\"\n)\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.disable_colors","title":"disable_colors  module-attribute","text":"
disable_colors = add_param(\n    \"disable-colors\",\n    bool(get(\"NO_COLOR\")),\n    \"whether to color the output or not\",\n)\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec","title":"ColorParamSpec","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  default               (str)           \u2013            
    •  
  •  doc               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.default","title":"default  instance-attribute","text":"
default: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.doc","title":"doc  instance-attribute","text":"
doc: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorConfig","title":"ColorConfig","text":"
ColorConfig(namespace: str, params: list[ColorParamSpec])\n
 
Methods:
 
     
  •  __getattr__             \u2013              
    •  
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorConfig.__getattr__","title":"__getattr__","text":"
__getattr__(attr: str) -> Callable[[str], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.normal","title":"normal","text":"
normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.black","title":"black","text":"
black(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.red","title":"red","text":"
red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.green","title":"green","text":"
green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.yellow","title":"yellow","text":"
yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.blue","title":"blue","text":"
blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.purple","title":"purple","text":"
purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.cyan","title":"cyan","text":"
cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_gray","title":"light_gray","text":"
light_gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.foreground","title":"foreground","text":"
foreground(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.gray","title":"gray","text":"
gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_red","title":"light_red","text":"
light_red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_green","title":"light_green","text":"
light_green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_yellow","title":"light_yellow","text":"
light_yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_blue","title":"light_blue","text":"
light_blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_purple","title":"light_purple","text":"
light_purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_cyan","title":"light_cyan","text":"
light_cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.white","title":"white","text":"
white(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.bold","title":"bold","text":"
bold(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.underline","title":"underline","text":"
underline(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.colorize","title":"colorize","text":"
colorize(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.nocolor","title":"nocolor","text":"
nocolor(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.unstylize","title":"unstylize","text":"
unstylize(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunctionInner","title":"generateColorFunctionInner","text":"
generateColorFunctionInner(\n    old: Callable[[object], str], new: Callable[[str], str]\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunction","title":"generateColorFunction","text":"
generateColorFunction(\n    config: str | Parameter,\n    _globals: dict[str, Callable[[str], str]] = globals(),\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.strip","title":"strip","text":"
strip(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.terminateWith","title":"terminateWith","text":"
terminateWith(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ljust_colored","title":"ljust_colored","text":"
ljust_colored(x: str, length: int, char: str = ' ') -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.rjust_colored","title":"rjust_colored","text":"
rjust_colored(x: str, length: int, char: str = ' ')\n
"},{"location":"reference/pwndbg/color/context/","title":"context","text":""},{"location":"reference/pwndbg/color/context/#pwndbg.color.context","title":"context","text":"
Functions:
 
     
  •  prefix             \u2013              
    •  
  •  highlight             \u2013              
    •  
  •  register             \u2013              
    •  
  •  register_changed             \u2013              
    •  
  •  flag_bracket             \u2013              
    •  
  •  flag_value             \u2013              
    •  
  •  flag_set             \u2013              
    •  
  •  flag_unset             \u2013              
    •  
  •  flag_changed             \u2013              
    •  
  •  banner             \u2013              
    •  
  •  banner_title             \u2013              
    •  
  •  comment             \u2013              
    •  
  •  format_flags             \u2013              
    •  
 
Attributes:
 
     
  •  config_prefix_color           \u2013            
    •  
  •  config_highlight_color           \u2013            
    •  
  •  config_register_color           \u2013            
    •  
  •  config_flag_value_color           \u2013            
    •  
  •  config_flag_bracket_color           \u2013            
    •  
  •  config_flag_set_color           \u2013            
    •  
  •  config_flag_unset_color           \u2013            
    •  
  •  config_flag_changed_color           \u2013            
    •  
  •  config_banner_color           \u2013            
    •  
  •  config_banner_title           \u2013            
    •  
  •  config_register_changed_color           \u2013            
    •  
  •  config_register_changed_marker           \u2013            
    •  
  •  config_comment           \u2013            
    •  
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_prefix_color","title":"config_prefix_color  module-attribute","text":"
config_prefix_color = add_color_param(\n    \"code-prefix-color\",\n    \"none\",\n    \"color for 'context code' command (prefix marker)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_highlight_color","title":"config_highlight_color  module-attribute","text":"
config_highlight_color = add_color_param(\n    \"highlight-color\", \"green,bold\", \"color added to highlights like source/pc\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_color","title":"config_register_color  module-attribute","text":"
config_register_color = add_color_param(\n    \"context-register-color\", \"bold\", \"color for registers label\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_value_color","title":"config_flag_value_color  module-attribute","text":"
config_flag_value_color = add_color_param(\n    \"context-flag-value-color\",\n    \"none\",\n    \"color for flags register (register value)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_bracket_color","title":"config_flag_bracket_color  module-attribute","text":"
config_flag_bracket_color = add_color_param(\n    \"context-flag-bracket-color\", \"none\", \"color for flags register (bracket)\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_set_color","title":"config_flag_set_color  module-attribute","text":"
config_flag_set_color = add_color_param(\n    \"context-flag-set-color\",\n    \"green,bold\",\n    \"color for flags register (flag set)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_unset_color","title":"config_flag_unset_color  module-attribute","text":"
config_flag_unset_color = add_color_param(\n    \"context-flag-unset-color\", \"red\", \"color for flags register (flag unset)\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_changed_color","title":"config_flag_changed_color  module-attribute","text":"
config_flag_changed_color = add_color_param(\n    \"context-flag-changed-color\",\n    \"underline\",\n    \"color for flags register (flag changed)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_color","title":"config_banner_color  module-attribute","text":"
config_banner_color = add_color_param(\n    \"banner-color\", \"blue\", \"color for banner line\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_title","title":"config_banner_title  module-attribute","text":"
config_banner_title = add_color_param(\n    \"banner-title-color\", \"none\", \"color for banner title\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_color","title":"config_register_changed_color  module-attribute","text":"
config_register_changed_color = add_color_param(\n    \"context-register-changed-color\",\n    \"red\",\n    \"color for registers label (change marker)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_marker","title":"config_register_changed_marker  module-attribute","text":"
config_register_changed_marker = add_param(\n    \"context-register-changed-marker\", \"*\", \"change marker for registers label\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_comment","title":"config_comment  module-attribute","text":"
config_comment = add_color_param('comment-color', 'gray', 'color for comment')\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.prefix","title":"prefix","text":"
prefix(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.highlight","title":"highlight","text":"
highlight(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register","title":"register","text":"
register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register_changed","title":"register_changed","text":"
register_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_bracket","title":"flag_bracket","text":"
flag_bracket(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_value","title":"flag_value","text":"
flag_value(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_set","title":"flag_set","text":"
flag_set(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_unset","title":"flag_unset","text":"
flag_unset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_changed","title":"flag_changed","text":"
flag_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner","title":"banner","text":"
banner(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner_title","title":"banner_title","text":"
banner_title(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.comment","title":"comment","text":"
comment(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.format_flags","title":"format_flags","text":"
format_flags(value: int | None, flags: BitFlags, last: int | None = None)\n
"},{"location":"reference/pwndbg/color/disasm/","title":"disasm","text":""},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm","title":"disasm","text":"
Functions:
 
     
  •  one_instruction             \u2013              
    •  
  •  instructions_and_padding             \u2013              
    •  
 
Attributes:
 
     
  •  c           \u2013            
    •  
  •  config_branch_on           \u2013            
    •  
  •  config_branch_off           \u2013            
    •  
  •  MIN_SPACING           \u2013            
    •  
  •  WHITESPACE_LIMIT           \u2013            
    •  
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.c","title":"c  module-attribute","text":"
c = ColorConfig(\n    \"disasm\",\n    [\n        ColorParamSpec(\n            \"branch\", \"bold\", \"color for disasm (branch/call instruction)\"\n        )\n    ],\n)\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.config_branch_on","title":"config_branch_on  module-attribute","text":"
config_branch_on = add_param(\n    \"disasm-branch-on\", \"\u2714\", \"marker for branches that WILL be taken\"\n)\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.config_branch_off","title":"config_branch_off  module-attribute","text":"
config_branch_off = add_param(\n    \"disasm-branch-off\", \"\u2718\", \"marker for branches that will NOT be taken\"\n)\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.MIN_SPACING","title":"MIN_SPACING  module-attribute","text":"
MIN_SPACING = 5\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.WHITESPACE_LIMIT","title":"WHITESPACE_LIMIT  module-attribute","text":"
WHITESPACE_LIMIT = 20\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.one_instruction","title":"one_instruction","text":"
one_instruction(ins: PwndbgInstruction) -> str\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.instructions_and_padding","title":"instructions_and_padding","text":"
instructions_and_padding(instructions: list[PwndbgInstruction]) -> list[str]\n
"},{"location":"reference/pwndbg/color/enhance/","title":"enhance","text":""},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance","title":"enhance","text":"
Functions:
 
     
  •  integer             \u2013              
    •  
  •  string             \u2013              
    •  
  •  comment             \u2013              
    •  
  •  unknown             \u2013              
    •  
 
Attributes:
 
     
  •  config_integer_color           \u2013            
    •  
  •  config_string_color           \u2013            
    •  
  •  config_comment_color           \u2013            
    •  
  •  config_unknown_color           \u2013            
    •  
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_integer_color","title":"config_integer_color  module-attribute","text":"
config_integer_color = add_color_param(\n    \"enhance-integer-value-color\", \"none\", \"color of value enhance (integer)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_string_color","title":"config_string_color  module-attribute","text":"
config_string_color = add_color_param(\n    \"enhance-string-value-color\", \"none\", \"color of value enhance (string)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_comment_color","title":"config_comment_color  module-attribute","text":"
config_comment_color = add_color_param(\n    \"enhance-comment-color\", \"none\", \"color of value enhance (comment)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_unknown_color","title":"config_unknown_color  module-attribute","text":"
config_unknown_color = add_color_param(\n    \"enhance-unknown-color\", \"none\", \"color of value enhance (unknown value)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.integer","title":"integer","text":"
integer(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.string","title":"string","text":"
string(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.comment","title":"comment","text":"
comment(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.unknown","title":"unknown","text":"
unknown(x)\n
"},{"location":"reference/pwndbg/color/hexdump/","title":"hexdump","text":""},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump","title":"hexdump","text":"
Functions:
 
     
  •  normal             \u2013              
    •  
  •  printable             \u2013              
    •  
  •  zero             \u2013              
    •  
  •  special             \u2013              
    •  
  •  offset             \u2013              
    •  
  •  address             \u2013              
    •  
  •  separator             \u2013              
    •  
  •  highlight_group_lsb             \u2013              
    •  
 
Attributes:
 
     
  •  config_normal           \u2013            
    •  
  •  config_printable           \u2013            
    •  
  •  config_zero           \u2013            
    •  
  •  config_special           \u2013            
    •  
  •  config_offset           \u2013            
    •  
  •  config_address           \u2013            
    •  
  •  config_separator           \u2013            
    •  
  •  config_highlight_group_lsb           \u2013            
    •  
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_normal","title":"config_normal  module-attribute","text":"
config_normal = add_color_param(\n    \"hexdump-normal-color\", \"none\", \"color for hexdump command (normal bytes)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_printable","title":"config_printable  module-attribute","text":"
config_printable = add_color_param(\n    \"hexdump-printable-color\",\n    \"bold\",\n    \"color for hexdump command (printable characters)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_zero","title":"config_zero  module-attribute","text":"
config_zero = add_color_param(\n    \"hexdump-zero-color\", \"red\", \"color for hexdump command (zero bytes)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_special","title":"config_special  module-attribute","text":"
config_special = add_color_param(\n    \"hexdump-special-color\",\n    \"yellow\",\n    \"color for hexdump command (special bytes)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_offset","title":"config_offset  module-attribute","text":"
config_offset = add_color_param(\n    \"hexdump-offset-color\", \"none\", \"color for hexdump command (offset label)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_address","title":"config_address  module-attribute","text":"
config_address = add_color_param(\n    \"hexdump-address-color\", \"none\", \"color for hexdump command (address label)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_separator","title":"config_separator  module-attribute","text":"
config_separator = add_color_param(\n    \"hexdump-separator-color\",\n    \"none\",\n    \"color for hexdump command (group separator)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_highlight_group_lsb","title":"config_highlight_group_lsb  module-attribute","text":"
config_highlight_group_lsb = add_param(\n    \"hexdump-highlight-group-lsb\",\n    \"underline\",\n    \"highlight LSB of each group\",\n    help_docstring=\"Applies only if hexdump-use-big-endian actually changes byte order.\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.normal","title":"normal","text":"
normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.printable","title":"printable","text":"
printable(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.zero","title":"zero","text":"
zero(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.special","title":"special","text":"
special(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.offset","title":"offset","text":"
offset(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.address","title":"address","text":"
address(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.separator","title":"separator","text":"
separator(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.highlight_group_lsb","title":"highlight_group_lsb","text":"
highlight_group_lsb(x: str) -> str\n
"},{"location":"reference/pwndbg/color/memory/","title":"memory","text":""},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory","title":"memory","text":"
Functions:
 
     
  •  get_address_and_symbol             \u2013              
    Convert and colorize address 0x7ffff7fcecd0 to string 0x7ffff7fcecd0 (_dl_fini)
     
    •  
  •  get_address_or_symbol             \u2013              
    Convert and colorize address to symbol if it can be resolved, else return colorized address
     
    •  
  •  attempt_colorized_symbol             \u2013              
    Convert address to colorized symbol (if symbol is there), else None
     
    •  
  •  get             \u2013              
    Returns a colorized string representing the provided address.
     
    •  
  •  legend             \u2013              
    •  
 
Attributes:
 
     
  •  ColorFunction           \u2013            
    •  
  •  c           \u2013            
    •  
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.ColorFunction","title":"ColorFunction  module-attribute","text":"
ColorFunction = Callable[[str], str]\n
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.c","title":"c  module-attribute","text":"
c = ColorConfig(\n    \"memory\",\n    [\n        ColorParamSpec(\"stack\", \"yellow\", \"color for stack memory\"),\n        ColorParamSpec(\"heap\", \"blue\", \"color for heap memory\"),\n        ColorParamSpec(\"code\", \"red\", \"color for executable memory\"),\n        ColorParamSpec(\"data\", \"purple\", \"color for all other writable memory\"),\n        ColorParamSpec(\"rodata\", \"normal\", \"color for all read only memory\"),\n        ColorParamSpec(\"wx\", \"underline\", \"color added to all WX memory\"),\n        ColorParamSpec(\n            \"guard\", \"cyan\", \"color added to all guard pages (no perms)\"\n        ),\n    ],\n)\n
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_and_symbol","title":"get_address_and_symbol","text":"
get_address_and_symbol(address: int) -> str\n
 
Convert and colorize address 0x7ffff7fcecd0 to string 0x7ffff7fcecd0 (_dl_fini) If no symbol exists for the address, return colorized address
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_or_symbol","title":"get_address_or_symbol","text":"
get_address_or_symbol(address: int) -> str\n
 
Convert and colorize address to symbol if it can be resolved, else return colorized address
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.attempt_colorized_symbol","title":"attempt_colorized_symbol","text":"
attempt_colorized_symbol(address: int) -> str | None\n
 
Convert address to colorized symbol (if symbol is there), else None
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get","title":"get","text":"
get(\n    address: int | Value | Any,\n    text: str | None = None,\n    prefix: str | None = None,\n) -> str\n
 
Returns a colorized string representing the provided address.
 
Parameters:
 
     
  •  address               (int | Value | Any)           \u2013            
    Address to look up
     
    •  
  •  text               (str | None, default:                   None )           \u2013            
    Optional text to use in place of the address in the return value string.
     
    •  
  •  prefix               (str | None, default:                   None )           \u2013            
    Optional text to set at beginning in the return value string, followed by a space, without modifiying the original text.
     
    •  
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.legend","title":"legend","text":"
legend()\n
"},{"location":"reference/pwndbg/color/message/","title":"message","text":""},{"location":"reference/pwndbg/color/message/#pwndbg.color.message","title":"message","text":"
Functions:
 
     
  •  on             \u2013              
    •  
  •  off             \u2013              
    •  
  •  notice             \u2013              
    •  
  •  hint             \u2013              
    •  
  •  success             \u2013              
    •  
  •  debug             \u2013              
    •  
  •  info             \u2013              
    •  
  •  warn             \u2013              
    •  
  •  error             \u2013              
    •  
  •  system             \u2013              
    •  
  •  exit             \u2013              
    •  
  •  breakpoint             \u2013              
    •  
  •  signal             \u2013              
    •  
  •  prompt             \u2013              
    •  
  •  alive_prompt             \u2013              
    •  
  •  readline_escape             \u2013              
    •  
 
Attributes:
 
     
  •  config_status_on_color           \u2013            
    •  
  •  config_status_off_color           \u2013            
    •  
  •  config_notice_color           \u2013            
    •  
  •  config_hint_color           \u2013            
    •  
  •  config_success_color           \u2013            
    •  
  •  config_debug_color           \u2013            
    •  
  •  config_info_color           \u2013            
    •  
  •  config_warning_color           \u2013            
    •  
  •  config_error_color           \u2013            
    •  
  •  config_system_color           \u2013            
    •  
  •  config_exit_color           \u2013            
    •  
  •  config_breakpoint_color           \u2013            
    •  
  •  config_signal_color           \u2013            
    •  
  •  config_prompt_color           \u2013            
    •  
  •  config_prompt_alive_color           \u2013            
    •  
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_status_on_color","title":"config_status_on_color  module-attribute","text":"
config_status_on_color = add_color_param(\n    \"message-status-on-color\", \"green\", \"color of on status messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_status_off_color","title":"config_status_off_color  module-attribute","text":"
config_status_off_color = add_color_param(\n    \"message-status-off-color\", \"red\", \"color of off status messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_notice_color","title":"config_notice_color  module-attribute","text":"
config_notice_color = add_color_param(\n    \"message-notice-color\", \"purple\", \"color of notice messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_hint_color","title":"config_hint_color  module-attribute","text":"
config_hint_color = add_color_param(\n    \"message-hint-color\", \"yellow\", \"color of hint and marker messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_success_color","title":"config_success_color  module-attribute","text":"
config_success_color = add_color_param(\n    \"message-success-color\", \"green\", \"color of success messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_debug_color","title":"config_debug_color  module-attribute","text":"
config_debug_color = add_color_param(\n    \"message-debug-color\", \"blue\", \"color of debug messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_info_color","title":"config_info_color  module-attribute","text":"
config_info_color = add_color_param(\n    \"message-info-color\", \"white\", \"color of info messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_warning_color","title":"config_warning_color  module-attribute","text":"
config_warning_color = add_color_param(\n    \"message-warning-color\", \"yellow\", \"color of warning messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_error_color","title":"config_error_color  module-attribute","text":"
config_error_color = add_color_param(\n    \"message-error-color\", \"red\", \"color of error messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_system_color","title":"config_system_color  module-attribute","text":"
config_system_color = add_color_param(\n    \"message-system-color\", \"light-red\", \"color of system messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_exit_color","title":"config_exit_color  module-attribute","text":"
config_exit_color = add_color_param(\n    \"message-exit-color\", \"red\", \"color of exit messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_breakpoint_color","title":"config_breakpoint_color  module-attribute","text":"
config_breakpoint_color = add_color_param(\n    \"message-breakpoint-color\", \"yellow\", \"color of breakpoint messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_signal_color","title":"config_signal_color  module-attribute","text":"
config_signal_color = add_color_param(\n    \"message-signal-color\", \"bold,red\", \"color of signal messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_color","title":"config_prompt_color  module-attribute","text":"
config_prompt_color = add_color_param(\n    \"prompt-color\", \"bold,red\", \"prompt color\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_alive_color","title":"config_prompt_alive_color  module-attribute","text":"
config_prompt_alive_color = add_color_param(\n    \"prompt-alive-color\", \"bold,green\", \"prompt alive color\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.on","title":"on","text":"
on(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.off","title":"off","text":"
off(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.notice","title":"notice","text":"
notice(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.hint","title":"hint","text":"
hint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.success","title":"success","text":"
success(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.debug","title":"debug","text":"
debug(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.info","title":"info","text":"
info(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.warn","title":"warn","text":"
warn(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.error","title":"error","text":"
error(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.system","title":"system","text":"
system(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.exit","title":"exit","text":"
exit(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.breakpoint","title":"breakpoint","text":"
breakpoint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.signal","title":"signal","text":"
signal(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.prompt","title":"prompt","text":"
prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.alive_prompt","title":"alive_prompt","text":"
alive_prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.readline_escape","title":"readline_escape","text":"
readline_escape(func_message: Callable[[str], str], text: str) -> str\n
"},{"location":"reference/pwndbg/color/syntax_highlight/","title":"syntax_highlight","text":""},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight","title":"syntax_highlight","text":"
Functions:
 
     
  •  check_style             \u2013              
    •  
  •  syntax_highlight             \u2013              
    •  
 
Attributes:
 
     
  •  style           \u2013            
    •  
  •  formatter           \u2013            
    •  
  •  pwntools_lexer           \u2013            
    •  
  •  lexer_cache               (dict[str, Any])           \u2013            
    •  
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.style","title":"style  module-attribute","text":"
style = add_param(\n    \"syntax-highlight-style\",\n    \"monokai\",\n    \"source code / assembly syntax highlight stylename of pygments module\",\n)\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.formatter","title":"formatter  module-attribute","text":"
formatter = Terminal256Formatter(style=str(style))\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.pwntools_lexer","title":"pwntools_lexer  module-attribute","text":"
pwntools_lexer = PwntoolsLexer()\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.lexer_cache","title":"lexer_cache  module-attribute","text":"
lexer_cache: dict[str, Any] = {}\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.check_style","title":"check_style","text":"
check_style() -> None\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.syntax_highlight","title":"syntax_highlight","text":"
syntax_highlight(code: str, filename: str = '.asm') -> str\n
"},{"location":"reference/pwndbg/color/telescope/","title":"telescope","text":""},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope","title":"telescope","text":"
Functions:
 
     
  •  offset             \u2013              
    •  
  •  register             \u2013              
    •  
  •  separator             \u2013              
    •  
  •  delimiter             \u2013              
    •  
  •  repeating_marker             \u2013              
    •  
 
Attributes:
 
     
  •  offset_color           \u2013            
    •  
  •  register_color           \u2013            
    •  
  •  offset_separator_color           \u2013            
    •  
  •  offset_delimiter_color           \u2013            
    •  
  •  repeating_marker_color           \u2013            
    •  
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_color","title":"offset_color  module-attribute","text":"
offset_color = add_color_param(\n    \"telescope-offset-color\",\n    \"normal\",\n    \"color of the telescope command (offset prefix)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register_color","title":"register_color  module-attribute","text":"
register_color = add_color_param(\n    \"telescope-register-color\",\n    \"bold\",\n    \"color of the telescope command (register)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_separator_color","title":"offset_separator_color  module-attribute","text":"
offset_separator_color = add_color_param(\n    \"telescope-offset-separator-color\",\n    \"normal\",\n    \"color of the telescope command (offset separator)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_delimiter_color","title":"offset_delimiter_color  module-attribute","text":"
offset_delimiter_color = add_color_param(\n    \"telescope-offset-delimiter-color\",\n    \"normal\",\n    \"color of the telescope command (offset delimiter)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker_color","title":"repeating_marker_color  module-attribute","text":"
repeating_marker_color = add_color_param(\n    \"telescope-repeating-marker-color\",\n    \"normal\",\n    \"color of the telescope command (repeating values marker)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset","title":"offset","text":"
offset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register","title":"register","text":"
register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.separator","title":"separator","text":"
separator(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.delimiter","title":"delimiter","text":"
delimiter(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker","title":"repeating_marker","text":"
repeating_marker(x: object) -> str\n
"},{"location":"reference/pwndbg/color/theme/","title":"theme","text":""},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme","title":"theme","text":"
Classes:
 
     
  •  ColorParameter           \u2013            
    •  
 
Functions:
 
     
  •  add_param             \u2013              
    •  
  •  add_color_param             \u2013              
    •  
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter","title":"ColorParameter","text":"
ColorParameter(*args, **kwargs)\n
 
               Bases: Parameter
 
Methods:
 
     
  •  update_color_function             \u2013              
    •  
  •  add_update_listener             \u2013              
    •  
  •  revert_default             \u2013              
    •  
  •  attr_name             \u2013              
    Returns the attribute name associated with this config option,
     
    •  
  •  __getattr__             \u2013              
    •  
  •  pretty_val             \u2013              
    Convert a value this object could contain to its pretty string representation.
     
    •  
  •  pretty             \u2013              
    •  
  •  pretty_default             \u2013              
    •  
  •  __int__             \u2013              
    •  
  •  __str__             \u2013              
    •  
  •  __bool__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
  •  __lt__             \u2013              
    •  
  •  __add__             \u2013              
    •  
  •  __radd__             \u2013              
    •  
  •  __sub__             \u2013              
    •  
  •  __rsub__             \u2013              
    •  
  •  __mul__             \u2013              
    •  
  •  __rmul__             \u2013              
    •  
  •  __div__             \u2013              
    •  
  •  __floordiv__             \u2013              
    •  
  •  __pow__             \u2013              
    •  
  •  __mod__             \u2013              
    •  
  •  __len__             \u2013              
    •  
 
Attributes:
 
     
  •  color_function               (Callable[[object], str])           \u2013            
    •  
  •  name           \u2013            
    •  
  •  default           \u2013            
    •  
  •  param_class           \u2013            
    •  
  •  set_show_doc           \u2013            
    •  
  •  help_docstring           \u2013            
    •  
  •  enum_sequence           \u2013            
    •  
  •  scope           \u2013            
    •  
  •  update_listeners               (list[Callable[[Any], None]])           \u2013            
    •  
  •  value               (Any)           \u2013            
    •  
  •  is_changed               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.color_function","title":"color_function  instance-attribute","text":"
color_function: Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.name","title":"name  instance-attribute","text":"
name = name\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.default","title":"default  instance-attribute","text":"
default = default\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.param_class","title":"param_class  instance-attribute","text":"
param_class = param_class or PARAM_CLASSES[type(default)]\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.set_show_doc","title":"set_show_doc  instance-attribute","text":"
set_show_doc = set_show_doc\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.help_docstring","title":"help_docstring  instance-attribute","text":"
help_docstring = help_docstring\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.enum_sequence","title":"enum_sequence  instance-attribute","text":"
enum_sequence = enum_sequence\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.scope","title":"scope  instance-attribute","text":"
scope = scope\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.update_listeners","title":"update_listeners  instance-attribute","text":"
update_listeners: list[Callable[[Any], None]] = []\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.value","title":"value  property writable","text":"
value: Any\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.is_changed","title":"is_changed  property","text":"
is_changed: bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.update_color_function","title":"update_color_function","text":"
update_color_function()\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.add_update_listener","title":"add_update_listener","text":"
add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.revert_default","title":"revert_default","text":"
revert_default() -> None\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.attr_name","title":"attr_name","text":"
attr_name() -> str\n
 
Returns the attribute name associated with this config option, i.e. my-config has the attribute name my_config
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_val","title":"pretty_val","text":"
pretty_val(val: Any) -> str\n
 
Convert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty","title":"pretty","text":"
pretty() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_default","title":"pretty_default","text":"
pretty_default() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__int__","title":"__int__","text":"
__int__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__bool__","title":"__bool__","text":"
__bool__() -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__eq__","title":"__eq__","text":"
__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__lt__","title":"__lt__","text":"
__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__add__","title":"__add__","text":"
__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__radd__","title":"__radd__","text":"
__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__sub__","title":"__sub__","text":"
__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rsub__","title":"__rsub__","text":"
__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mul__","title":"__mul__","text":"
__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rmul__","title":"__rmul__","text":"
__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__div__","title":"__div__","text":"
__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__floordiv__","title":"__floordiv__","text":"
__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__pow__","title":"__pow__","text":"
__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mod__","title":"__mod__","text":"
__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__len__","title":"__len__","text":"
__len__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_param","title":"add_param","text":"
add_param(\n    name: str,\n    default: Any,\n    set_show_doc: str,\n    *,\n    help_docstring: str = \"\",\n    param_class: int | None = None,\n    enum_sequence: Sequence[str] | None = None,\n) -> Parameter\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_color_param","title":"add_color_param","text":"
add_color_param(\n    name: str, default: Any, set_show_doc: str, *, help_docstring: str = \"\"\n) -> ColorParameter\n
"},{"location":"reference/pwndbg/commands/","title":"commands","text":""},{"location":"reference/pwndbg/commands/#pwndbg.commands","title":"commands","text":"
Pwndbg command implementations.
 
As well as various command-handling logic.
 
Modules:
 
     
  •  ai           \u2013            
    This command sends information on the current debugging context to OpenAI's
     
    •  
  •  argv           \u2013            
    •  
  •  aslr           \u2013            
    •  
  •  asm           \u2013            
    •  
  •  attachp           \u2013            
    •  
  •  auxv           \u2013            
    •  
  •  binder           \u2013            
    •  
  •  binja           \u2013            
    •  
  •  binja_functions           \u2013            
    •  
  •  branch           \u2013            
    •  
  •  buddydump           \u2013            
    •  
  •  canary           \u2013            
    •  
  •  checksec           \u2013            
    •  
  •  comments           \u2013            
    •  
  •  commpage           \u2013            
    •  
  •  config           \u2013            
    Dumps all pwndbg-specific configuration points.
     
    •  
  •  context           \u2013            
    •  
  •  cpsr           \u2013            
    •  
  •  cyclic           \u2013            
    •  
  •  cymbol           \u2013            
    Add, load, show, edit, or delete symbols for custom structures.
     
    •  
  •  dev           \u2013            
    •  
  •  distance           \u2013            
    •  
  •  dt           \u2013            
    •  
  •  dumpargs           \u2013            
    •  
  •  elf           \u2013            
    •  
  •  flags           \u2013            
    •  
  •  gdt           \u2013            
    •  
  •  ghidra           \u2013            
    •  
  •  godbg           \u2013            
    •  
  •  got           \u2013            
    •  
  •  got_tracking           \u2013            
    •  
  •  hex2ptr           \u2013            
    •  
  •  hexdump           \u2013            
    •  
  •  hijack_fd           \u2013            
    •  
  •  ida           \u2013            
    •  
  •  ignore           \u2013            
    Ignoring a breakpoint
     
    •  
  •  integration           \u2013            
    •  
  •  ipython_interactive           \u2013            
    Command to start an interactive IPython prompt.
     
    •  
  •  jemalloc           \u2013            
    •  
  •  kbase           \u2013            
    •  
  •  kbpf           \u2013            
    •  
  •  kchecksec           \u2013            
    •  
  •  kcmdline           \u2013            
    •  
  •  kconfig           \u2013            
    •  
  •  kcurrent           \u2013            
    •  
  •  kdmabuf           \u2013            
    •  
  •  kdmesg           \u2013            
    Display the kernel ring buffer (dmesg) contents.
     
    •  
  •  killthreads           \u2013            
    •  
  •  klookup           \u2013            
    •  
  •  kmem_trace           \u2013            
    •  
  •  kmod           \u2013            
    Displays information about loaded kernel modules. This command retrieves the list of kernel modules from the modules symbol
     
    •  
  •  knft           \u2013            
    •  
  •  ksyscalls           \u2013            
    Displays the syscall table for kernel debugging.
     
    •  
  •  ktask           \u2013            
    Displays information about kernel tasks. This command iterates through the kernel's task list
     
    •  
  •  kversion           \u2013            
    •  
  •  leakfind           \u2013            
    Find a chain of leaks given some starting address.
     
    •  
  •  libcinfo           \u2013            
    •  
  •  linkmap           \u2013            
    •  
  •  mallocng           \u2013            
    Commands that help with debugging musl's allocator, mallocng.
     
    •  
  •  memoize           \u2013            
    •  
  •  misc           \u2013            
    •  
  •  mmap           \u2013            
    •  
  •  mprotect           \u2013            
    •  
  •  msr           \u2013            
    •  
  •  nearpc           \u2013            
    •  
  •  next           \u2013            
    Stepping until an event occurs
     
    •  
  •  onegadget           \u2013            
    •  
  •  p2p           \u2013            
    •  
  •  paging           \u2013            
    •  
  •  parse_seccomp           \u2013            
    •  
  •  patch           \u2013            
    •  
  •  peda           \u2013            
    •  
  •  pie           \u2013            
    •  
  •  plist           \u2013            
    •  
  •  probeleak           \u2013            
    •  
  •  procinfo           \u2013            
    •  
  •  profiler           \u2013            
    Utilities for profiling pwndbg.
     
    •  
  •  ptmalloc2           \u2013            
    •  
  •  ptmalloc2_tracking           \u2013            
    •  
  •  radare2           \u2013            
    •  
  •  reload           \u2013            
    •  
  •  retaddr           \u2013            
    •  
  •  rizin           \u2013            
    •  
  •  rop           \u2013            
    •  
  •  ropper           \u2013            
    •  
  •  saved_register_frames           \u2013            
    •  
  •  search           \u2013            
    •  
  •  segments           \u2013            
    •  
  •  sigreturn           \u2013            
    •  
  •  slab           \u2013            
    Commands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
     
    •  
  •  spray           \u2013            
    •  
  •  start           \u2013            
    Launches the target process after setting a breakpoint at a convenient
     
    •  
  •  strings           \u2013            
    •  
  •  telescope           \u2013            
    Prints out pointer chains starting at some address in memory.
     
    •  
  •  tips           \u2013            
    •  
  •  tls           \u2013            
    Command to print the information of the current Thread Local Storage (TLS).
     
    •  
  •  valist           \u2013            
    •  
  •  version           \u2013            
    Implements version and bugreport commands.
     
    •  
  •  vmlinux           \u2013            
    Loads a bzImage or vmlinux file to add kernel debug symbols. This command uses vmlinux-to-elf
     
    •  
  •  vmmap           \u2013            
    Command to print the virtual memory map a la /proc/self/maps.
     
    •  
  •  windbg           \u2013            
    Compatibility functionality for WinDbg users.
     
    •  
  •  xinfo           \u2013            
    •  
  •  xor           \u2013            
    •  
 
Classes:
 
     
  •  CommandCategory           \u2013            
    •  
  •  InvalidDebuggerError           \u2013            
    Raised when a command is called in a debugger for which
     
    •  
  •  CommandFormatter           \u2013            
    The formatter_class that is passed to argparse for all
     
    •  
  •  CommandObj           \u2013            
    Represents a command that can be invoked from the
     
    •  
  •  Command           \u2013            
    Parametrized decorator for functions that serve as pwndbg commands.
     
    •  
 
Functions:
 
     
  •  fix             \u2013              
    Fix a single command-line argument coming from the CLI.
     
    •  
  •  fix_reraise             \u2013              
    •  
  •  fix_reraise_arg             \u2013              
    fix_reraise wrapper for evaluating command arguments
     
    •  
  •  fix_int             \u2013              
    •  
  •  fix_int_reraise             \u2013              
    •  
  •  fix_int_reraise_arg             \u2013              
    fix_int_reraise wrapper for evaluating command arguments
     
    •  
  •  func_name             \u2013              
    •  
  •  OnlyWhenLocal             \u2013              
    •  
  •  OnlyWithFile             \u2013              
    •  
  •  OnlyWhenQemuKernel             \u2013              
    •  
  •  OnlyWhenUserspace             \u2013              
    •  
  •  OnlyWithKernelDebugInfo             \u2013              
    •  
  •  OnlyWithKernelSymbols             \u2013              
    •  
  •  OnlyWhenPagingEnabled             \u2013              
    •  
  •  OnlyWhenRunning             \u2013              
    •  
  •  OnlyWithTcache             \u2013              
    •  
  •  OnlyWhenHeapIsInitialized             \u2013              
    •  
  •  OnlyWithResolvedHeapSyms             \u2013              
    •  
  •  sloppy_gdb_parse             \u2013              
    This function should be used as argparse.ArgumentParser .add_argument method's type helper.
     
    •  
  •  AddressExpr             \u2013              
    Parses an address expression. Returns an int.
     
    •  
  •  HexOrAddressExpr             \u2013              
    Parses string as hexadecimal int or an address expression. Returns an int.
     
    •  
  •  load_commands             \u2013              
    •  
 
Attributes:
 
     
  •  log           \u2013            
    •  
  •  T           \u2013            
    •  
  •  P           \u2013            
    •  
  •  commands               (list[CommandObj])           \u2013            
    •  
  •  command_names               (set[str])           \u2013            
    •  
  •  GDB_BUILTIN_COMMANDS           \u2013            
    •  
  •  pwndbg_is_reloading           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.log","title":"log  module-attribute","text":"
log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.commands","title":"commands  module-attribute","text":"
commands: list[CommandObj] = []\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.command_names","title":"command_names  module-attribute","text":"
command_names: set[str] = set()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.GDB_BUILTIN_COMMANDS","title":"GDB_BUILTIN_COMMANDS  module-attribute","text":"
GDB_BUILTIN_COMMANDS = commands()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.pwndbg_is_reloading","title":"pwndbg_is_reloading  module-attribute","text":"
pwndbg_is_reloading = False\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory","title":"CommandCategory","text":"
               Bases: str, Enum
 
Attributes:
 
     
  •  START           \u2013            
    •  
  •  NEXT           \u2013            
    •  
  •  CONTEXT           \u2013            
    •  
  •  PTMALLOC2           \u2013            
    •  
  •  JEMALLOC           \u2013            
    •  
  •  BREAKPOINT           \u2013            
    •  
  •  MEMORY           \u2013            
    •  
  •  MUSL           \u2013            
    •  
  •  STACK           \u2013            
    •  
  •  REGISTER           \u2013            
    •  
  •  PROCESS           \u2013            
    •  
  •  LINUX           \u2013            
    •  
  •  DARWIN           \u2013            
    •  
  •  DISASS           \u2013            
    •  
  •  MISC           \u2013            
    •  
  •  KERNEL           \u2013            
    •  
  •  INTEGRATIONS           \u2013            
    •  
  •  WINDBG           \u2013            
    •  
  •  PWNDBG           \u2013            
    •  
  •  SHELL           \u2013            
    •  
  •  DEV           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.START","title":"START  class-attribute instance-attribute","text":"
START = 'Start'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.NEXT","title":"NEXT  class-attribute instance-attribute","text":"
NEXT = 'Step/Next/Continue'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.CONTEXT","title":"CONTEXT  class-attribute instance-attribute","text":"
CONTEXT = 'Context'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PTMALLOC2","title":"PTMALLOC2  class-attribute instance-attribute","text":"
PTMALLOC2 = 'GLibc ptmalloc2 Heap'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.JEMALLOC","title":"JEMALLOC  class-attribute instance-attribute","text":"
JEMALLOC = 'jemalloc Heap'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.BREAKPOINT","title":"BREAKPOINT  class-attribute instance-attribute","text":"
BREAKPOINT = 'Breakpoint'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MEMORY","title":"MEMORY  class-attribute instance-attribute","text":"
MEMORY = 'Memory'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MUSL","title":"MUSL  class-attribute instance-attribute","text":"
MUSL = 'musl'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.STACK","title":"STACK  class-attribute instance-attribute","text":"
STACK = 'Stack'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.REGISTER","title":"REGISTER  class-attribute instance-attribute","text":"
REGISTER = 'Register'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PROCESS","title":"PROCESS  class-attribute instance-attribute","text":"
PROCESS = 'Process'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.LINUX","title":"LINUX  class-attribute instance-attribute","text":"
LINUX = 'Linux/libc/ELF'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DARWIN","title":"DARWIN  class-attribute instance-attribute","text":"
DARWIN = 'Darwin/libsystem/Mach-O'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DISASS","title":"DISASS  class-attribute instance-attribute","text":"
DISASS = 'Disassemble'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MISC","title":"MISC  class-attribute instance-attribute","text":"
MISC = 'Misc'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.KERNEL","title":"KERNEL  class-attribute instance-attribute","text":"
KERNEL = 'Kernel'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.INTEGRATIONS","title":"INTEGRATIONS  class-attribute instance-attribute","text":"
INTEGRATIONS = 'Integrations'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.WINDBG","title":"WINDBG  class-attribute instance-attribute","text":"
WINDBG = 'WinDbg'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PWNDBG","title":"PWNDBG  class-attribute instance-attribute","text":"
PWNDBG = 'Pwndbg'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.SHELL","title":"SHELL  class-attribute instance-attribute","text":"
SHELL = 'Shell'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DEV","title":"DEV  class-attribute instance-attribute","text":"
DEV = 'Developer'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.InvalidDebuggerError","title":"InvalidDebuggerError","text":"
               Bases: Exception
 
Raised when a command is called in a debugger for which it is disallowed.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandFormatter","title":"CommandFormatter","text":"
               Bases: RawDescriptionHelpFormatter
 
The formatter_class that is passed to argparse for all commands.
 
Subclassing this isn't officially supported, but there isn't a good alternative.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj","title":"CommandObj","text":"
CommandObj(\n    function: Callable[..., str | None],\n    parser: ArgumentParser,\n    command_name: str | None,\n    category: CommandCategory,\n    aliases: list[str],\n    examples: str,\n    notes: str,\n)\n
 
Represents a command that can be invoked from the debugger.
 
Methods:
 
     
  •  register_command             \u2013              
    Register this object command with the underlying debugger
     
    •  
  •  has_notes_string             \u2013              
    •  
  •  has_examples_string             \u2013              
    •  
  •  initialize_parser             \u2013              
    •  
  •  invoke             \u2013              
    Invoke the command with an argument string
     
    •  
  •  check_repeated             \u2013              
    Keep a record of all commands which come from the TTY.
     
    •  
  •  __call__             \u2013              
    •  
 
Attributes:
 
     
  •  builtin_override_whitelist               (set[str])           \u2013            
    •  
  •  history               (dict[int, str])           \u2013            
    •  
  •  function           \u2013            
    •  
  •  command_name           \u2013            
    •  
  •  category           \u2013            
    •  
  •  aliases           \u2013            
    •  
  •  examples           \u2013            
    •  
  •  notes           \u2013            
    •  
  •  parser           \u2013            
    •  
  •  repeat           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.builtin_override_whitelist","title":"builtin_override_whitelist  class-attribute instance-attribute","text":"
builtin_override_whitelist: set[str] = {\n    \"up\",\n    \"down\",\n    \"search\",\n    \"pwd\",\n    \"start\",\n    \"starti\",\n    \"ignore\",\n}\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.history","title":"history  class-attribute instance-attribute","text":"
history: dict[int, str] = {}\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.function","title":"function  instance-attribute","text":"
function = function\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.command_name","title":"command_name  instance-attribute","text":"
command_name = command_name\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.category","title":"category  instance-attribute","text":"
category = category\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.aliases","title":"aliases  instance-attribute","text":"
aliases = aliases\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.examples","title":"examples  instance-attribute","text":"
examples = strip()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.notes","title":"notes  instance-attribute","text":"
notes = strip()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.parser","title":"parser  instance-attribute","text":"
parser = parser\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.repeat","title":"repeat  instance-attribute","text":"
repeat = False\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.register_command","title":"register_command","text":"
register_command()\n
 
Register this object command with the underlying debugger and update pwndbg global state to know about this command.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.has_notes_string","title":"has_notes_string  staticmethod","text":"
has_notes_string(text: str) -> bool\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.has_examples_string","title":"has_examples_string  staticmethod","text":"
has_examples_string(text: str) -> bool\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.initialize_parser","title":"initialize_parser","text":"
initialize_parser()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.invoke","title":"invoke","text":"
invoke(argument: str, from_tty: bool) -> None\n
 
Invoke the command with an argument string
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.check_repeated","title":"check_repeated","text":"
check_repeated(argument: str, from_tty: bool) -> bool\n
 
Keep a record of all commands which come from the TTY.
 
Returns:
 
     
  •  bool           \u2013            
    True if this command was executed by the user just hitting \"enter\".
     
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.__call__","title":"__call__","text":"
__call__(*args: Any, **kwargs: Any) -> str | None\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command","title":"Command","text":"
Command(\n    parser_or_desc: str | ArgumentParser,\n    *,\n    category: CommandCategory,\n    command_name: str | None = None,\n    aliases: list[str] = [],\n    examples: str = \"\",\n    notes: str = \"\",\n    only_debuggers: set[DebuggerType] = None,\n    exclude_debuggers: set[DebuggerType] = None,\n)\n
 
Parametrized decorator for functions that serve as pwndbg commands.
 
Always use this to decorate your commands.
 
Methods:
 
     
  •  __call__             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  category           \u2013            
    •  
  •  command_name           \u2013            
    •  
  •  aliases           \u2013            
    •  
  •  examples           \u2013            
    •  
  •  notes           \u2013            
    •  
  •  only_debuggers           \u2013            
    •  
  •  exclude_debuggers           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.parser","title":"parser  instance-attribute","text":"
parser = ArgumentParser(description=parser_or_desc)\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.category","title":"category  instance-attribute","text":"
category = category\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.command_name","title":"command_name  instance-attribute","text":"
command_name = command_name\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.aliases","title":"aliases  instance-attribute","text":"
aliases = aliases\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.examples","title":"examples  instance-attribute","text":"
examples = examples\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.notes","title":"notes  instance-attribute","text":"
notes = notes\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.only_debuggers","title":"only_debuggers  instance-attribute","text":"
only_debuggers = only_debuggers\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.exclude_debuggers","title":"exclude_debuggers  instance-attribute","text":"
exclude_debuggers = exclude_debuggers\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.__call__","title":"__call__","text":"
__call__(function: Callable[..., Any]) -> CommandObj\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix","title":"fix","text":"
fix(\n    arg: str | Value,\n    sloppy: bool = False,\n    quiet: bool = True,\n    reraise: bool = False,\n) -> str | Value | None\n
 
Fix a single command-line argument coming from the CLI.
 
Parameters:
 
     
  •  arg               (str | Value)           \u2013            
    Original string representation (e.g. '0', '$rax', '$rax+44')
     
    •  
  •  sloppy               (bool, default:                   False )           \u2013            
    If arg cannot be evaluated, return arg. (default: False)
     
    •  
  •  quiet               (bool, default:                   True )           \u2013            
    If an error occurs, suppress it. (default: True)
     
    •  
  •  reraise               (bool, default:                   False )           \u2013            
    If an error occurs, raise the exception. (default: False)
     
    •  
 
Returns:
 
     
  •  str | Value | None           \u2013            
    Ideally a Value object.  May return a str if sloppy==True.
     
    •  
  •  str | Value | None           \u2013            
    May return None if sloppy == False and reraise == False.
     
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_reraise","title":"fix_reraise","text":"
fix_reraise(*a, **kw) -> str | Value | None\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_reraise_arg","title":"fix_reraise_arg","text":"
fix_reraise_arg(arg) -> Value\n
 
fix_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int","title":"fix_int","text":"
fix_int(*a, **kw) -> int\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise","title":"fix_int_reraise","text":"
fix_int_reraise(*a, **kw) -> int\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise_arg","title":"fix_int_reraise_arg","text":"
fix_int_reraise_arg(arg) -> int\n
 
fix_int_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.func_name","title":"func_name","text":"
func_name(function: Callable[P, T]) -> str\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenLocal","title":"OnlyWhenLocal","text":"
OnlyWhenLocal(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithFile","title":"OnlyWithFile","text":"
OnlyWithFile(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"
OnlyWhenQemuKernel(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenUserspace","title":"OnlyWhenUserspace","text":"
OnlyWhenUserspace(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithKernelDebugInfo","title":"OnlyWithKernelDebugInfo","text":"
OnlyWithKernelDebugInfo(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithKernelSymbols","title":"OnlyWithKernelSymbols","text":"
OnlyWithKernelSymbols(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenPagingEnabled","title":"OnlyWhenPagingEnabled","text":"
OnlyWhenPagingEnabled(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenRunning","title":"OnlyWhenRunning","text":"
OnlyWhenRunning(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithTcache","title":"OnlyWithTcache","text":"
OnlyWithTcache(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenHeapIsInitialized","title":"OnlyWhenHeapIsInitialized","text":"
OnlyWhenHeapIsInitialized(\n    function: Callable[P, T],\n) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithResolvedHeapSyms","title":"OnlyWithResolvedHeapSyms","text":"
OnlyWithResolvedHeapSyms(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.sloppy_gdb_parse","title":"sloppy_gdb_parse","text":"
sloppy_gdb_parse(s: str) -> int | str\n
 
This function should be used as argparse.ArgumentParser .add_argument method's type helper.
 
This makes the type being parsed as gdb value and if that parsing fails, a string is returned.
 
:param s: String. :return: Whatever gdb.parse_and_eval returns or string.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.AddressExpr","title":"AddressExpr","text":"
AddressExpr(s: str) -> int\n
 
Parses an address expression. Returns an int.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.HexOrAddressExpr","title":"HexOrAddressExpr","text":"
HexOrAddressExpr(s: str) -> int\n
 
Parses string as hexadecimal int or an address expression. Returns an int. (e.g. '1234' will return 0x1234)
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.load_commands","title":"load_commands","text":"
load_commands() -> None\n
"},{"location":"reference/pwndbg/commands/ai/","title":"ai","text":""},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai","title":"ai","text":"
This command sends information on the current debugging context to OpenAI's GPT-3 large language model and asks it a question supplied by the user. It then displays GPT-3's response to that question to the user.
 
Functions:
 
     
  •  set_dummy_mode             \u2013              
    •  
  •  get_openai_api_key             \u2013              
    •  
  •  get_anthropic_api_key             \u2013              
    •  
  •  get_ollama_endpoint             \u2013              
    •  
  •  build_prompt             \u2013              
    •  
  •  flatten_prompt             \u2013              
    •  
  •  build_context_prompt_body             \u2013              
    •  
  •  build_command_prompt_body             \u2013              
    •  
  •  query_openai_chat             \u2013              
    •  
  •  query_openai_completions             \u2013              
    •  
  •  query             \u2013              
    •  
  •  query_anthropic             \u2013              
    •  
  •  query_ollama             \u2013              
    •  
  •  get_openai_models             \u2013              
    •  
  •  ai             \u2013              
    •  
 
Attributes:
 
     
  •  last_question               (list[str])           \u2013            
    •  
  •  last_answer               (list[str])           \u2013            
    •  
  •  last_pc           \u2013            
    •  
  •  last_command           \u2013            
    •  
  •  dummy           \u2013            
    •  
  •  verbosity           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_question","title":"last_question  module-attribute","text":"
last_question: list[str] = []\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_answer","title":"last_answer  module-attribute","text":"
last_answer: list[str] = []\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_pc","title":"last_pc  module-attribute","text":"
last_pc = None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_command","title":"last_command  module-attribute","text":"
last_command = None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.dummy","title":"dummy  module-attribute","text":"
dummy = False\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.verbosity","title":"verbosity  module-attribute","text":"
verbosity = 0\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Ask GPT-3 a question about the current debugging context.\"\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.set_dummy_mode","title":"set_dummy_mode","text":"
set_dummy_mode(d=True) -> None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_api_key","title":"get_openai_api_key","text":"
get_openai_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_anthropic_api_key","title":"get_anthropic_api_key","text":"
get_anthropic_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_ollama_endpoint","title":"get_ollama_endpoint","text":"
get_ollama_endpoint()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_prompt","title":"build_prompt","text":"
build_prompt(question, command=None)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.flatten_prompt","title":"flatten_prompt","text":"
flatten_prompt(conversation)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_context_prompt_body","title":"build_context_prompt_body","text":"
build_context_prompt_body()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_command_prompt_body","title":"build_command_prompt_body","text":"
build_command_prompt_body(command)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_chat","title":"query_openai_chat","text":"
query_openai_chat(\n    prompt, model=\"gpt-3.5-turbo\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_completions","title":"query_openai_completions","text":"
query_openai_completions(\n    prompt, model=\"text-davinci-003\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query","title":"query","text":"
query(prompt, model='text-davinci-003', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_anthropic","title":"query_anthropic","text":"
query_anthropic(prompt, model='claude-v1', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_ollama","title":"query_ollama","text":"
query_ollama(prompt, model='mistral', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_models","title":"get_openai_models","text":"
get_openai_models()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.ai","title":"ai","text":"
ai(\n    question,\n    model,\n    temperature,\n    max_tokens,\n    verbose,\n    list_models=False,\n    command=None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/argv/","title":"argv","text":""},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv","title":"argv","text":"
Functions:
 
     
  •  argc             \u2013              
    •  
  •  argv             \u2013              
    •  
  •  envp             \u2013              
    Prints out the contents of the environment.
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints out the contents of the environment.\"\n)\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argc","title":"argc","text":"
argc() -> None\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argv","title":"argv","text":"
argv(i: int = None) -> None\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.envp","title":"envp","text":"
envp(name: str = None)\n
 
Prints out the contents of the environment.
"},{"location":"reference/pwndbg/commands/aslr/","title":"aslr","text":""},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr","title":"aslr","text":"
Functions:
 
     
  •  check_aslr             \u2013              
    Detects the ASLR status. Returns True, False or None.
     
    •  
  •  aslr             \u2013              
    •  
 
Attributes:
 
     
  •  options           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.options","title":"options  module-attribute","text":"
options = {'on': 'off', 'off': 'on'}\n
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nCheck the current ASLR status, or turn it on/off.\\n\\nDoes not take effect until the program is restarted.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.check_aslr","title":"check_aslr","text":"
check_aslr() -> tuple[bool | None, str]\n
 
Detects the ASLR status. Returns True, False or None.
 
None is returned when we can't detect ASLR.
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.aslr","title":"aslr","text":"
aslr(state=None) -> None\n
"},{"location":"reference/pwndbg/commands/asm/","title":"asm","text":""},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm","title":"asm","text":"
Functions:
 
     
  •  asm             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  input_group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Assemble shellcode into bytes')\n
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.input_group","title":"input_group  module-attribute","text":"
input_group = add_mutually_exclusive_group(required=True)\n
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.asm","title":"asm","text":"
asm(shellcode, format, arch, avoid, infile) -> None\n
"},{"location":"reference/pwndbg/commands/attachp/","title":"attachp","text":""},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp","title":"attachp","text":"
Classes:
 
     
  •  ProcessInfo           \u2013            
    •  
 
Functions:
 
     
  •  find_pids             \u2013              
    •  
  •  resolve_target_process             \u2013              
    •  
  •  attachp             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description='Attaches to a given pid, process name, process found with partial argv match or to a device file.\\n\\nThis command wraps the original GDB `attach` command to add the ability\\nto debug a process with a given name or partial name match. In such cases,\\nthe process identifier is fetched via the `pidof <name>` command first. If no\\nmatches are found, then it uses the `ps -eo pid,args` command to search for\\npartial name matches.\\n\\nOriginal GDB attach command help:\\n    Attach to a process or file outside of GDB.\\n    This command attaches to another target, of the same type as your last\\n    \"target\" command (\"info files\" will show your target stack).\\n    The command may take as argument a process id or a device file.\\n    For a process id, you must have permission to send the process a signal,\\n    and it must have the same effective uid as the debugger.\\n    When using \"attach\" with a process id, the debugger finds the\\n    program running in the process, looking first in the current working\\n    directory, or (if not found there) using the source file search path\\n    (see the \"directory\" command).  You can also use the \"file\" command\\n    to specify the program, and to load its symbol table.'\n)\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo","title":"ProcessInfo","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  pid               (int)           \u2013            
    •  
  •  user               (str)           \u2013            
    •  
  •  elapsed               (str)           \u2013            
    •  
  •  command               (str)           \u2013            
    •  
  •  start_time               (float)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo.pid","title":"pid  instance-attribute","text":"
pid: int\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo.user","title":"user  instance-attribute","text":"
user: str\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo.elapsed","title":"elapsed  instance-attribute","text":"
elapsed: str\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo.command","title":"command  instance-attribute","text":"
command: str\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo.start_time","title":"start_time  instance-attribute","text":"
start_time: float\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.find_pids","title":"find_pids","text":"
find_pids(target: str, user: str | None, exact: bool, all: bool) -> list[int]\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.resolve_target_process","title":"resolve_target_process","text":"
resolve_target_process(\n    pids: list[int], method: str, no_truncate: bool\n) -> int | None\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.attachp","title":"attachp","text":"
attachp(\n    target: str,\n    no_truncate: bool,\n    retry: bool,\n    exact: bool,\n    all: bool,\n    user: str | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/auxv/","title":"auxv","text":""},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv","title":"auxv","text":"
Functions:
 
     
  •  auxv             \u2013              
    •  
  •  auxv_explore             \u2013              
    •  
"},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv.auxv","title":"auxv","text":"
auxv() -> None\n
"},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv.auxv_explore","title":"auxv_explore","text":"
auxv_explore() -> None\n
"},{"location":"reference/pwndbg/commands/binder/","title":"binder","text":""},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder","title":"binder","text":"
Classes:
 
     
  •  IndentContextManager           \u2013            
    •  
  •  BinderVisitor           \u2013            
    •  
 
Functions:
 
     
  •  for_each_transaction             \u2013              
    •  
  •  for_each_hlist_entry             \u2013              
    •  
  •  binder             \u2013              
    •  
 
Attributes:
 
     
  •  log           \u2013            
    •  
  •  addrc           \u2013            
    •  
  •  fieldnamec           \u2013            
    •  
  •  fieldvaluec           \u2013            
    •  
  •  typenamec           \u2013            
    •  
  •  node_types           \u2013            
    •  
  •  entry_field_names           \u2013            
    •  
  •  rb_node_field_names           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.log","title":"log  module-attribute","text":"
log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.addrc","title":"addrc  module-attribute","text":"
addrc = green\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldnamec","title":"fieldnamec  module-attribute","text":"
fieldnamec = blue\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldvaluec","title":"fieldvaluec  module-attribute","text":"
fieldvaluec = yellow\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.typenamec","title":"typenamec  module-attribute","text":"
typenamec = red\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.node_types","title":"node_types  module-attribute","text":"
node_types = {\n    \"waiting_threads\": \"struct binder_thread\",\n    \"todo\": \"struct binder_work\",\n    \"refs\": \"struct binder_ref\",\n    \"threads\": \"struct binder_thread\",\n    \"nodes\": \"struct binder_node\",\n    \"refs_by_node\": \"struct binder_ref\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.entry_field_names","title":"entry_field_names  module-attribute","text":"
entry_field_names = {\n    \"waiting_threads\": \"waiting_thread_node\",\n    \"todo\": \"entry\",\n    \"refs\": \"node_entry\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.rb_node_field_names","title":"rb_node_field_names  module-attribute","text":"
rb_node_field_names = {\n    \"threads\": \"rb_node\",\n    \"nodes\": \"rb_node\",\n    \"refs_by_node\": \"rb_node_node\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Show Android Binder information')\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager","title":"IndentContextManager","text":"
IndentContextManager()\n
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
 
Attributes:
 
     
  •  indent           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.indent","title":"indent  instance-attribute","text":"
indent = 0\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__enter__","title":"__enter__","text":"
__enter__()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__exit__","title":"__exit__","text":"
__exit__(exc_type, exc_value, exc_tb)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor","title":"BinderVisitor","text":"
BinderVisitor(procs_addr)\n
 
Methods:
 
     
  •  format_rb_tree             \u2013              
    •  
  •  format_list             \u2013              
    •  
  •  visit             \u2013              
    •  
  •  format_proc             \u2013              
    •  
  •  format_thread             \u2013              
    •  
  •  format_transaction             \u2013              
    •  
  •  format_node             \u2013              
    •  
  •  format_ref             \u2013              
    •  
  •  format_work             \u2013              
    •  
  •  print_object             \u2013              
    •  
  •  format_spinlock             \u2013              
    •  
 
Attributes:
 
     
  •  indent           \u2013            
    •  
  •  addr           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.indent","title":"indent  instance-attribute","text":"
indent = IndentContextManager()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.addr","title":"addr  instance-attribute","text":"
addr = get_typed_pointer_value('struct hlist_head', procs_addr)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_rb_tree","title":"format_rb_tree","text":"
format_rb_tree(field: str, value: Value) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_list","title":"format_list","text":"
format_list(field: str, value: Value, typename: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.visit","title":"visit","text":"
visit()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_proc","title":"format_proc","text":"
format_proc(proc: Value, only_heading=False)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_thread","title":"format_thread","text":"
format_thread(thread: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_transaction","title":"format_transaction","text":"
format_transaction(transaction: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_node","title":"format_node","text":"
format_node(node: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_ref","title":"format_ref","text":"
format_ref(ref: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_work","title":"format_work","text":"
format_work(work: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.print_object","title":"print_object","text":"
print_object(obj: Value)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_spinlock","title":"format_spinlock","text":"
format_spinlock(lock: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_transaction","title":"for_each_transaction","text":"
for_each_transaction(addr: Value, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_hlist_entry","title":"for_each_hlist_entry","text":"
for_each_hlist_entry(head: Value, typename, field) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.binder","title":"binder","text":"
binder()\n
"},{"location":"reference/pwndbg/commands/binja/","title":"binja","text":""},{"location":"reference/pwndbg/commands/binja/#pwndbg.commands.binja","title":"binja","text":"
Functions:
 
     
  •  bn_sync             \u2013              
    Synchronize Binary Ninja's cursor with GDB
     
    •  
"},{"location":"reference/pwndbg/commands/binja/#pwndbg.commands.binja.bn_sync","title":"bn_sync","text":"
bn_sync(*args) -> None\n
 
Synchronize Binary Ninja's cursor with GDB
"},{"location":"reference/pwndbg/commands/binja_functions/","title":"binja_functions","text":""},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions","title":"binja_functions","text":"
Functions:
 
     
  •  bn_sym             \u2013              
    Lookup a symbol's address by name from Binary Ninja.
     
    •  
  •  bn_var             \u2013              
    Lookup a stack variable's address by name from Binary Ninja.
     
    •  
  •  bn_eval             \u2013              
    Parse and evaluate a Binary Ninja expression.
     
    •  
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_sym","title":"bn_sym","text":"
bn_sym(name_val: Value) -> int\n
 
Lookup a symbol's address by name from Binary Ninja.
 
This function sees symbols like functions and global variables, but not stack local variables, use bn_var for that.
 
Example: 
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $bn_sym(\"main\")\n$2 = 0x555555555645\npwndbg> b *($bn_sym(\"main\"))\nBreakpoint 1 at 0x555555555645\n
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_var","title":"bn_var","text":"
bn_var(name_val: Value) -> int\n
 
Lookup a stack variable's address by name from Binary Ninja.
 
This function doesn't see functions or global variables, use bn_sym for that.
 
Example: 
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p user_choice\nNo symbol \"user_choice\" in current context.\npwndbg> p/x $bn_var(\"user_choice\")\n$4 = 0x7fffffffe118\npwndbg> vmmap $4\n    0x7ffff7ffe000     0x7ffff7fff000 rw-p     1000      0 [anon_7ffff7ffe]\n\u25ba   0x7ffffffde000     0x7ffffffff000 rw-p    21000      0 [stack] +0x20118\npwndbg> p/x $bn_var(\"main\")\nTypeError: Could not convert Python object: None.\nError while executing Python code.\n
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_eval","title":"bn_eval","text":"
bn_eval(expr: Value) -> int\n
 
Parse and evaluate a Binary Ninja expression.
 
Read more about binary ninja expressions here: https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView.parse_expression
 
All registers in the current register set are available as magic variables (e.g. $rip). The $piebase magic variable is also included, with the computed executable base.
 
This function cannot see stack local variables.
 
Example: 
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p/x $bn_eval(\"10+20\")\n$6 = 0x30\npwndbg> p/x $bn_eval(\"main\")\n$7 = 0x1645\npwndbg> p/x $rebase($bn_eval(\"main\"))\n$8 = 0x555555555645\npwndbg> p some_global_var\nNo symbol \"some_global_var\" in current context.\npwndbg> p/x $rebase($bn_eval(\"some_global_var+$rax\"))\n$9 = 0x5555555586b8\npwndbg> p $rebase($bn_eval(\"some_global_var+$rax\")) == $bn_sym(\"some_global_var\") + $rax\n$10 = 1\npwndbg> p $bn_eval(\"$piebase+some_global_var+$rax\") == $bn_sym(\"some_global_var\") + $rax\n$11 = 1\n
"},{"location":"reference/pwndbg/commands/branch/","title":"branch","text":""},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch","title":"branch","text":"
Classes:
 
     
  •  BreakOnConditionalBranch           \u2013            
    A breakpoint that only stops the inferior if a given branch is taken or not taken.
     
    •  
 
Functions:
 
     
  •  break_if_taken             \u2013              
    •  
  •  break_if_not_taken             \u2013              
    •  
  •  install_breakpoint             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Breaks on a branch if it is not taken.')\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch","title":"BreakOnConditionalBranch","text":"
BreakOnConditionalBranch(instruction: PwndbgInstruction, taken: bool)\n
 
               Bases: Breakpoint
 
A breakpoint that only stops the inferior if a given branch is taken or not taken.
 
Methods:
 
     
  •  should_stop             \u2013              
    •  
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  instruction           \u2013            
    •  
  •  taken           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.instruction","title":"instruction  instance-attribute","text":"
instruction = instruction\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.taken","title":"taken  instance-attribute","text":"
taken = taken\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.should_stop","title":"should_stop","text":"
should_stop()\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_taken","title":"break_if_taken","text":"
break_if_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_not_taken","title":"break_if_not_taken","text":"
break_if_not_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.install_breakpoint","title":"install_breakpoint","text":"
install_breakpoint(branch, taken: bool) -> None\n
"},{"location":"reference/pwndbg/commands/buddydump/","title":"buddydump","text":""},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump","title":"buddydump","text":"
Classes:
 
     
  •  ParsedBuddyArgs           \u2013            
    •  
  •  CurrentBuddyParams           \u2013            
    •  
 
Functions:
 
     
  •  cpu_limitcheck             \u2013              
    •  
  •  static_str_arr             \u2013              
    •  
  •  check_find             \u2013              
    •  
  •  traverse_pglist             \u2013              
    •  
  •  print_section             \u2013              
    •  
  •  print_pglist             \u2013              
    •  
  •  print_mtypes             \u2013              
    •  
  •  print_pcp_set             \u2013              
    •  
  •  print_free_area             \u2013              
    •  
  •  print_zones             \u2013              
    •  
  •  buddydump             \u2013              
    •  
 
Attributes:
 
     
  •  log           \u2013            
    •  
  •  MAX_PG_FREE_LIST_STR_RESULT_CNT           \u2013            
    •  
  •  MAX_PG_FREE_LIST_CNT           \u2013            
    •  
  •  NONE_TUPLE           \u2013            
    •  
  •  MIGRATE_PCPTYPES           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.log","title":"log  module-attribute","text":"
log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MAX_PG_FREE_LIST_STR_RESULT_CNT","title":"MAX_PG_FREE_LIST_STR_RESULT_CNT  module-attribute","text":"
MAX_PG_FREE_LIST_STR_RESULT_CNT = 16\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MAX_PG_FREE_LIST_CNT","title":"MAX_PG_FREE_LIST_CNT  module-attribute","text":"
MAX_PG_FREE_LIST_CNT = 4096\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.NONE_TUPLE","title":"NONE_TUPLE  module-attribute","text":"
NONE_TUPLE = (None, None)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MIGRATE_PCPTYPES","title":"MIGRATE_PCPTYPES  module-attribute","text":"
MIGRATE_PCPTYPES = 3\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Displays metadata and freelists of the buddy allocator.\"\n)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs","title":"ParsedBuddyArgs  dataclass","text":"
ParsedBuddyArgs(\n    zone: str | None,\n    order: int | None,\n    mtype: str | None,\n    cpu: int | None,\n    find: int | None,\n)\n
 
Attributes:
 
     
  •  zone               (str | None)           \u2013            
    •  
  •  order               (int | None)           \u2013            
    •  
  •  mtype               (str | None)           \u2013            
    •  
  •  cpu               (int | None)           \u2013            
    •  
  •  find               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.zone","title":"zone  instance-attribute","text":"
zone: str | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.order","title":"order  instance-attribute","text":"
order: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.mtype","title":"mtype  instance-attribute","text":"
mtype: str | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.cpu","title":"cpu  instance-attribute","text":"
cpu: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.find","title":"find  instance-attribute","text":"
find: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams","title":"CurrentBuddyParams  dataclass","text":"
CurrentBuddyParams(\n    sections: list[tuple[str, str]],\n    indent: IndentContextManager,\n    node: int | None,\n    zone: Value | None,\n    order: int,\n    mtype: str | None,\n    freelists: Value | None,\n    freelist: Value | None,\n    nr_types: int | None,\n    found: bool,\n)\n
 
Attributes:
 
     
  •  sections               (list[tuple[str, str]])           \u2013            
    •  
  •  indent               (IndentContextManager)           \u2013            
    •  
  •  node               (int | None)           \u2013            
    •  
  •  zone               (Value | None)           \u2013            
    •  
  •  order               (int)           \u2013            
    •  
  •  mtype               (str | None)           \u2013            
    •  
  •  freelists               (Value | None)           \u2013            
    •  
  •  freelist               (Value | None)           \u2013            
    •  
  •  nr_types               (int | None)           \u2013            
    •  
  •  found               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.sections","title":"sections  instance-attribute","text":"
sections: list[tuple[str, str]]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.indent","title":"indent  instance-attribute","text":"
indent: IndentContextManager\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.node","title":"node  instance-attribute","text":"
node: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.zone","title":"zone  instance-attribute","text":"
zone: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.order","title":"order  instance-attribute","text":"
order: int\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.mtype","title":"mtype  instance-attribute","text":"
mtype: str | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.freelists","title":"freelists  instance-attribute","text":"
freelists: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.freelist","title":"freelist  instance-attribute","text":"
freelist: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.nr_types","title":"nr_types  instance-attribute","text":"
nr_types: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.found","title":"found  instance-attribute","text":"
found: bool\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.cpu_limitcheck","title":"cpu_limitcheck","text":"
cpu_limitcheck(cpu: str)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.static_str_arr","title":"static_str_arr","text":"
static_str_arr(name: str) -> list[str]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.check_find","title":"check_find","text":"
check_find(\n    counter: int,\n    physmap_addr: int,\n    pba: ParsedBuddyArgs,\n    cbp: CurrentBuddyParams,\n)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.traverse_pglist","title":"traverse_pglist","text":"
traverse_pglist(\n    pba: ParsedBuddyArgs, cbp: CurrentBuddyParams\n) -> tuple[list[tuple[int, str]], int, list[str]]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_section","title":"print_section","text":"
print_section(section: tuple[str, str], indent: IndentContextManager)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_pglist","title":"print_pglist","text":"
print_pglist(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_mtypes","title":"print_mtypes","text":"
print_mtypes(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_pcp_set","title":"print_pcp_set","text":"
print_pcp_set(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_free_area","title":"print_free_area","text":"
print_free_area(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_zones","title":"print_zones","text":"
print_zones(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams, zones, pcp_only)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.buddydump","title":"buddydump","text":"
buddydump(\n    zone: str,\n    pcp_only: bool,\n    order: int,\n    mtype: str,\n    cpu: int,\n    node: int,\n    find: int,\n) -> None\n
"},{"location":"reference/pwndbg/commands/canary/","title":"canary","text":""},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary","title":"canary","text":"
Functions:
 
     
  •  canary_value             \u2013              
    Get the global canary value from AT_RANDOM with its last byte masked (as glibc does)
     
    •  
  •  find_tls_canary_addr             \u2013              
    Find the address of the canary in the Thread Local Storage (TLS).
     
    •  
  •  canary             \u2013              
    Display information about the stack canary, including its location in TLS and any copies found on the stack.
     
    •  
 
Attributes:
 
     
  •  DEFAULT_NUM_CANARIES_TO_DISPLAY           \u2013            
    •  
  •  TLS_CANARY_OFFSETS           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.DEFAULT_NUM_CANARIES_TO_DISPLAY","title":"DEFAULT_NUM_CANARIES_TO_DISPLAY  module-attribute","text":"
DEFAULT_NUM_CANARIES_TO_DISPLAY = 1\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.TLS_CANARY_OFFSETS","title":"TLS_CANARY_OFFSETS  module-attribute","text":"
TLS_CANARY_OFFSETS = {'x86-64': 40, 'i386': 20, 'aarch64': 40}\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Print out the current stack canary.')\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary_value","title":"canary_value","text":"
canary_value() -> tuple[int | None, int | None]\n
 
Get the global canary value from AT_RANDOM with its last byte masked (as glibc does)
 
Returns:
 
     
  •  tuple (              tuple[int | None, int | None] )          \u2013            
    (canary_value, at_random_addr) or (None, None) if not found
     
    •  
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.find_tls_canary_addr","title":"find_tls_canary_addr","text":"
find_tls_canary_addr() -> int | None\n
 
Find the address of the canary in the Thread Local Storage (TLS).
 
The canary is stored at a fixed offset from the TLS base, which varies by architecture. The TLS base can be accessed through architecture-specific registers: - x86_64: fs register - i386: gs register - aarch64: tpidr_el0 register
 
Returns:
 
     
  •  int (              int | None )          \u2013            
    The virtual address of the canary in TLS, or None if not found/supported
     
    •  
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary","title":"canary","text":"
canary(all) -> None\n
 
Display information about the stack canary, including its location in TLS and any copies found on the stack.
"},{"location":"reference/pwndbg/commands/checksec/","title":"checksec","text":""},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec","title":"checksec","text":"
Functions:
 
     
  •  checksec             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints out the binary security settings using `checksec`.\"\n)\n
"},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec.checksec","title":"checksec","text":"
checksec(file: str) -> None\n
"},{"location":"reference/pwndbg/commands/comments/","title":"comments","text":""},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments","title":"comments","text":"
Functions:
 
     
  •  comm             \u2013              
    •  
  •  init             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  file_lists               (dict[str, dict[str, str]])           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Put comments in assembly code.')\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.file_lists","title":"file_lists  module-attribute","text":"
file_lists: dict[str, dict[str, str]] = {}\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.comm","title":"comm","text":"
comm(addr=None, comment=None) -> None\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.init","title":"init","text":"
init() -> None\n
"},{"location":"reference/pwndbg/commands/commpage/","title":"commpage","text":""},{"location":"reference/pwndbg/commands/commpage/#pwndbg.commands.commpage","title":"commpage","text":"
Functions:
 
     
  •  pretty_bytes             \u2013              
    •  
  •  commpage             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/commpage/#pwndbg.commands.commpage.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description=\"Dumps all values from the macOS commpage.\")\n
"},{"location":"reference/pwndbg/commands/commpage/#pwndbg.commands.commpage.pretty_bytes","title":"pretty_bytes","text":"
pretty_bytes(data: bytes) -> str\n
"},{"location":"reference/pwndbg/commands/commpage/#pwndbg.commands.commpage.commpage","title":"commpage","text":"
commpage(verbose: bool = False)\n
"},{"location":"reference/pwndbg/commands/config/","title":"config","text":""},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config","title":"config","text":"
Dumps all pwndbg-specific configuration points.
 
Functions:
 
     
  •  print_row             \u2013              
    •  
  •  extend_value_with_default             \u2013              
    •  
  •  get_config_parameters             \u2013              
    •  
  •  display_config             \u2013              
    •  
  •  config             \u2013              
    •  
  •  theme             \u2013              
    •  
  •  configfile             \u2013              
    •  
  •  themefile             \u2013              
    •  
  •  heap_config             \u2013              
    •  
  •  configfile_print_scope             \u2013              
    •  
 
Attributes:
 
     
  •  configfile_parser           \u2013            
    •  
  •  themefile_parser           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile_parser","title":"configfile_parser  module-attribute","text":"
configfile_parser = ArgumentParser(\n    description=\"Generates a configuration file for the current Pwndbg options.\"\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile_parser","title":"themefile_parser  module-attribute","text":"
themefile_parser = ArgumentParser(\n    description=\"Generates a configuration file for the current Pwndbg theme options.\"\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Shows heap related configuration.')\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.print_row","title":"print_row","text":"
print_row(\n    name: str,\n    value: str,\n    default: str,\n    set_show_doc: str,\n    ljust_optname: int,\n    ljust_doc: int,\n    empty_space: int = 2,\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.extend_value_with_default","title":"extend_value_with_default","text":"
extend_value_with_default(value, default)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.get_config_parameters","title":"get_config_parameters","text":"
get_config_parameters(scope: Scope, filter_pattern: str)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.display_config","title":"display_config","text":"
display_config(\n    filter_pattern: str,\n    scope: Scope,\n    has_file_command: bool = True,\n    show_hints: bool = True,\n) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.config","title":"config","text":"
config(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.theme","title":"theme","text":"
theme(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile","title":"configfile","text":"
configfile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile","title":"themefile","text":"
themefile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.heap_config","title":"heap_config","text":"
heap_config(filter_pattern: str) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile_print_scope","title":"configfile_print_scope","text":"
configfile_print_scope(scope: Scope, show_all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/context/","title":"context","text":""},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context","title":"context","text":"
Classes:
 
     
  •  StdOutput           \u2013            
    A context manager wrapper to give stdout
     
    •  
  •  FileOutput           \u2013            
    A context manager wrapper to reopen files on enter
     
    •  
  •  CallOutput           \u2013            
    A context manager which calls a function on write
     
    •  
  •  RegisterContext           \u2013            
    •  
 
Functions:
 
     
  •  clear_screen             \u2013              
    Clear the screen by moving the cursor to top-left corner and
     
    •  
  •  reserve_lines_maybe             \u2013              
    Scroll the terminal up a few lines to reduce shaking
     
    •  
  •  validate_context_sections             \u2013              
    •  
  •  output             \u2013              
    Creates a context manager corresponding to configured context output
     
    •  
  •  contextoutput             \u2013              
    •  
  •  resetcontextoutput             \u2013              
    •  
  •  history_size_changed             \u2013              
    •  
  •  serve_context_history             \u2013              
    •  
  •  history_handle_unchanged_contents             \u2013              
    •  
  •  contextprev             \u2013              
    •  
  •  contextnext             \u2013              
    •  
  •  contextsearch             \u2013              
    •  
  •  contextwatch             \u2013              
    •  
  •  contextunwatch             \u2013              
    •  
  •  context_expressions             \u2013              
    •  
  •  context_ghidra             \u2013              
    Print out the source of the current function decompiled by ghidra.
     
    •  
  •  context             \u2013              
    Print out the current register, instruction, and stack context.
     
    •  
  •  calculate_padding_to_align             \u2013              
    Calculates the number of spaces to append to reach the next alignment.
     
    •  
  •  compact_regs             \u2013              
    •  
  •  context_regs             \u2013              
    •  
  •  context_heap_tracker             \u2013              
    •  
  •  regs             \u2013              
    Print out all registers and enhance the information.
     
    •  
  •  get_regs             \u2013              
    •  
  •  try_emulate_if_bug_disable             \u2013              
    •  
  •  context_disasm             \u2013              
    •  
  •  get_highlight_source             \u2013              
    •  
  •  get_filename_and_formatted_source             \u2013              
    Returns formatted, lines limited and highlighted source as list
     
    •  
  •  context_code             \u2013              
    •  
  •  context_stack             \u2013              
    •  
  •  context_backtrace             \u2013              
    •  
  •  context_args             \u2013              
    •  
  •  get_thread_status             \u2013              
    •  
  •  context_threads             \u2013              
    •  
  •  save_signal             \u2013              
    •  
  •  context_last_signal             \u2013              
    •  
 
Attributes:
 
     
  •  log           \u2013            
    •  
  •  T           \u2013            
    •  
  •  P           \u2013            
    •  
  •  c           \u2013            
    •  
  •  config_reserve_lines           \u2013            
    •  
  •  config_clear_screen           \u2013            
    •  
  •  config_output           \u2013            
    •  
  •  config_context_sections           \u2013            
    •  
  •  config_max_threads_display           \u2013            
    •  
  •  outputs               (dict[str, str])           \u2013            
    •  
  •  output_settings               (DefaultDict[str, dict[str, Any]])           \u2013            
    •  
  •  banner_arg           \u2013            
    •  
  •  context_history               (DefaultDict[str, list[list[str]]])           \u2013            
    •  
  •  selected_history_index               (int | None)           \u2013            
    •  
  •  context_history_size           \u2013            
    •  
  •  expressions           \u2013            
    •  
  •  config_context_ghidra           \u2013            
    •  
  •  parser           \u2013            
    •  
  •  disasm_lines           \u2013            
    •  
  •  source_disasm_lines           \u2013            
    •  
  •  should_decompile           \u2013            
    •  
  •  stack_lines           \u2013            
    •  
  •  backtrace_lines           \u2013            
    •  
  •  backtrace_frame_label           \u2013            
    •  
  •  last_signal               (list[str])           \u2013            
    •  
  •  thread_status_messages           \u2013            
    •  
  •  context_sections           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.log","title":"log  module-attribute","text":"
log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.c","title":"c  module-attribute","text":"
c = ColorConfig(\n    \"backtrace\",\n    [\n        ColorParamSpec(\n            \"prefix\", \"none\", \"color for prefix of current backtrace label\"\n        ),\n        ColorParamSpec(\"address\", \"none\", \"color for backtrace (address)\"),\n        ColorParamSpec(\"symbol\", \"none\", \"color for backtrace (symbol)\"),\n        ColorParamSpec(\n            \"frame-label\", \"none\", \"color for backtrace (frame label)\"\n        ),\n    ],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_reserve_lines","title":"config_reserve_lines  module-attribute","text":"
config_reserve_lines = add_param(\n    \"context-reserve-lines\",\n    \"if-ctx-fits\",\n    \"when to reserve lines after the prompt to reduce context shake\",\n    help_docstring='\\nThe \"if-ctx-fits\" setting only reserves lines if the whole context would still fit vertically in the current terminal window.\\nIt doesn\\'t take into account line-wrapping due to insufficient terminal width.\\n',\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"never\", \"if-ctx-fits\", \"always\"],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_clear_screen","title":"config_clear_screen  module-attribute","text":"
config_clear_screen = add_param(\n    \"context-clear-screen\",\n    False,\n    \"whether to clear the screen before printing the context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_output","title":"config_output  module-attribute","text":"
config_output = add_param(\n    \"context-output\",\n    \"stdout\",\n    'where Pwndbg should output (\"stdout\" or file/tty)',\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_sections","title":"config_context_sections  module-attribute","text":"
config_context_sections = add_param(\n    \"context-sections\",\n    \"regs disasm code ghidra stack backtrace expressions threads heap_tracker\",\n    \"which context sections are displayed (controls order)\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_max_threads_display","title":"config_max_threads_display  module-attribute","text":"
config_max_threads_display = add_param(\n    \"context-max-threads\",\n    4,\n    \"maximum number of threads displayed by the context command\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.outputs","title":"outputs  module-attribute","text":"
outputs: dict[str, str] = {}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output_settings","title":"output_settings  module-attribute","text":"
output_settings: DefaultDict[str, dict[str, Any]] = defaultdict(dict)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.banner_arg","title":"banner_arg  module-attribute","text":"
banner_arg = add_argument(\n    \"banner\",\n    type=str,\n    nargs=\"?\",\n    default=\"both\",\n    help=\"Where a banner should be placed: both, top , bottom, none\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history","title":"context_history  module-attribute","text":"
context_history: DefaultDict[str, list[list[str]]] = defaultdict(list)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.selected_history_index","title":"selected_history_index  module-attribute","text":"
selected_history_index: int | None = None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history_size","title":"context_history_size  module-attribute","text":"
context_history_size = add_param(\n    \"context-history-size\", 50, \"number of context history entries to store\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.expressions","title":"expressions  module-attribute","text":"
expressions = []\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_ghidra","title":"config_context_ghidra  module-attribute","text":"
config_context_ghidra = add_param(\n    \"context-ghidra\",\n    \"never\",\n    \"when to try to decompile the current function with ghidra\",\n    help_docstring=\"Doing this is slow and requires radare2/r2pipe or rizin/rzpipe.\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"always\", \"never\", \"if-no-source\"],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Print out all registers and enhance the information.\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.disasm_lines","title":"disasm_lines  module-attribute","text":"
disasm_lines = add_param(\n    \"context-disasm-lines\",\n    10,\n    \"number of additional lines to print in the disasm context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.source_disasm_lines","title":"source_disasm_lines  module-attribute","text":"
source_disasm_lines = add_param(\n    \"context-code-lines\",\n    10,\n    \"number of source code lines to print by the context command\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.should_decompile","title":"should_decompile  module-attribute","text":"
should_decompile = add_param(\n    \"context-integration-decompile\",\n    True,\n    \"whether context should fall back to decompilation with no source code\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.stack_lines","title":"stack_lines  module-attribute","text":"
stack_lines = add_param(\n    \"context-stack-lines\", 8, \"number of lines to print in the stack context\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_lines","title":"backtrace_lines  module-attribute","text":"
backtrace_lines = add_param(\n    \"context-backtrace-lines\",\n    8,\n    \"number of lines to print in the backtrace context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_frame_label","title":"backtrace_frame_label  module-attribute","text":"
backtrace_frame_label = add_param(\n    \"backtrace-frame-label\", \"\", \"frame number label for backtrace\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.last_signal","title":"last_signal  module-attribute","text":"
last_signal: list[str] = []\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.thread_status_messages","title":"thread_status_messages  module-attribute","text":"
thread_status_messages = {\n    \"running\": light_green(\"running\"),\n    \"stopped\": yellow(\"stopped\"),\n    \"exited\": gray(\"exited \"),\n}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_sections","title":"context_sections  module-attribute","text":"
context_sections = {\n    \"a\": context_args,\n    \"r\": context_regs,\n    \"d\": context_disasm,\n    \"s\": context_stack,\n    \"b\": context_backtrace,\n    \"c\": context_code,\n}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput","title":"StdOutput","text":"
A context manager wrapper to give stdout
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
  •  __hash__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__enter__","title":"__enter__","text":"
__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__exit__","title":"__exit__","text":"
__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__hash__","title":"__hash__","text":"
__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__eq__","title":"__eq__","text":"
__eq__(other) -> bool\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput","title":"FileOutput","text":"
FileOutput(*args)\n
 
A context manager wrapper to reopen files on enter
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
  •  __hash__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
 
Attributes:
 
     
  •  args           \u2013            
    •  
  •  handle           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.args","title":"args  instance-attribute","text":"
args = args\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.handle","title":"handle  instance-attribute","text":"
handle = None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__enter__","title":"__enter__","text":"
__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__exit__","title":"__exit__","text":"
__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__hash__","title":"__hash__","text":"
__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__eq__","title":"__eq__","text":"
__eq__(other)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput","title":"CallOutput","text":"
CallOutput(func)\n
 
A context manager which calls a function on write
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
  •  __hash__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
  •  write             \u2013              
    •  
  •  writelines             \u2013              
    •  
  •  flush             \u2013              
    •  
  •  isatty             \u2013              
    •  
 
Attributes:
 
     
  •  func           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.func","title":"func  instance-attribute","text":"
func = func\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__enter__","title":"__enter__","text":"
__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__exit__","title":"__exit__","text":"
__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__hash__","title":"__hash__","text":"
__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__eq__","title":"__eq__","text":"
__eq__(other)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.write","title":"write","text":"
write(data) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.writelines","title":"writelines","text":"
writelines(lines_iterable) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.flush","title":"flush","text":"
flush()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.isatty","title":"isatty","text":"
isatty()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext","title":"RegisterContext","text":"
RegisterContext()\n
 
Methods:
 
     
  •  get_prefix             \u2013              
    •  
  •  get_register_value             \u2013              
    •  
  •  flag_register_context             \u2013              
    •  
  •  segment_registers_context             \u2013              
    •  
  •  addressing_register_context             \u2013              
    •  
  •  register_context_default             \u2013              
    •  
 
Attributes:
 
     
  •  changed               (list[str])           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.changed","title":"changed  instance-attribute","text":"
changed: list[str] = changed\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.get_prefix","title":"get_prefix","text":"
get_prefix(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.get_register_value","title":"get_register_value","text":"
get_register_value(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.flag_register_context","title":"flag_register_context","text":"
flag_register_context(reg, bit_flags)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.segment_registers_context","title":"segment_registers_context","text":"
segment_registers_context(regs)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.addressing_register_context","title":"addressing_register_context","text":"
addressing_register_context(reg, is_virtual)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.register_context_default","title":"register_context_default","text":"
register_context_default(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.clear_screen","title":"clear_screen","text":"
clear_screen(out=stdout) -> None\n
 
Clear the screen by moving the cursor to top-left corner and clearing the content. Different terminals may act differently
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.reserve_lines_maybe","title":"reserve_lines_maybe","text":"
reserve_lines_maybe(cmd_lines: int) -> None\n
 
Scroll the terminal up a few lines to reduce shaking when repeatedly printing the context.
 
Only do this if the context would still fit on the screen.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.validate_context_sections","title":"validate_context_sections","text":"
validate_context_sections() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output","title":"output","text":"
output(section: str)\n
 
Creates a context manager corresponding to configured context output
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextoutput","title":"contextoutput","text":"
contextoutput(section, path, clearing, banner='both', width: int = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.resetcontextoutput","title":"resetcontextoutput","text":"
resetcontextoutput(section)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_size_changed","title":"history_size_changed","text":"
history_size_changed() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.serve_context_history","title":"serve_context_history","text":"
serve_context_history(\n    function: Callable[P, list[str]],\n) -> Callable[P, list[str]]\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_handle_unchanged_contents","title":"history_handle_unchanged_contents","text":"
history_handle_unchanged_contents() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextprev","title":"contextprev","text":"
contextprev(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextnext","title":"contextnext","text":"
contextnext(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextsearch","title":"contextsearch","text":"
contextsearch(needle, section) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextwatch","title":"contextwatch","text":"
contextwatch(expression, cmd) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextunwatch","title":"contextunwatch","text":"
contextunwatch(num) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_expressions","title":"context_expressions","text":"
context_expressions(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_ghidra","title":"context_ghidra","text":"
context_ghidra(target=stdout, with_banner=True, width=None)\n
 
Print out the source of the current function decompiled by ghidra.
 
The context-ghidra config parameter is used to configure whether to always, never or only show the context if no source is available.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context","title":"context","text":"
context(subcontext=None, enabled=None) -> None\n
 
Print out the current register, instruction, and stack context.
 
Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.calculate_padding_to_align","title":"calculate_padding_to_align","text":"
calculate_padding_to_align(length, align)\n
 
Calculates the number of spaces to append to reach the next alignment. The next alignment point is given by \"x * align >= length\".
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.compact_regs","title":"compact_regs","text":"
compact_regs(regs, width=None, target=stdout)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_regs","title":"context_regs","text":"
context_regs(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_heap_tracker","title":"context_heap_tracker","text":"
context_heap_tracker(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.regs","title":"regs","text":"
regs(regs=[]) -> None\n
 
Print out all registers and enhance the information.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_regs","title":"get_regs","text":"
get_regs(regs: list[str] = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.try_emulate_if_bug_disable","title":"try_emulate_if_bug_disable","text":"
try_emulate_if_bug_disable(handler: Callable[[], T]) -> T\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_disasm","title":"context_disasm","text":"
context_disasm(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_highlight_source","title":"get_highlight_source","text":"
get_highlight_source(filename: str) -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_filename_and_formatted_source","title":"get_filename_and_formatted_source","text":"
get_filename_and_formatted_source()\n
 
Returns formatted, lines limited and highlighted source as list or if it isn't there - an empty list
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_code","title":"context_code","text":"
context_code(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_stack","title":"context_stack","text":"
context_stack(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_backtrace","title":"context_backtrace","text":"
context_backtrace(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_args","title":"context_args","text":"
context_args(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_thread_status","title":"get_thread_status","text":"
get_thread_status(thread)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_threads","title":"context_threads","text":"
context_threads(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.save_signal","title":"save_signal","text":"
save_signal(signal) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_last_signal","title":"context_last_signal","text":"
context_last_signal(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/cpsr/","title":"cpsr","text":""},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr","title":"cpsr","text":"
Functions:
 
     
  •  cpsr             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Print out ARM CPSR or xPSR register.')\n
"},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr.cpsr","title":"cpsr","text":"
cpsr(cpsr_value=None) -> None\n
"},{"location":"reference/pwndbg/commands/cyclic/","title":"cyclic","text":""},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic","title":"cyclic","text":"
Classes:
 
     
  •  TimeoutException           \u2013            
    Custom exception for signal-based timeouts.
     
    •  
 
Functions:
 
     
  •  detect_register_patterns             \u2013              
    •  
  •  cyclic_cmd             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Cyclic pattern creator/finder.')\n
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.group","title":"group  module-attribute","text":"
group = add_mutually_exclusive_group(required=False)\n
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.TimeoutException","title":"TimeoutException","text":"
               Bases: Exception
 
Custom exception for signal-based timeouts.
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.detect_register_patterns","title":"detect_register_patterns","text":"
detect_register_patterns(alphabet, length, timeout) -> None\n
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.cyclic_cmd","title":"cyclic_cmd","text":"
cyclic_cmd(\n    alphabet,\n    length: int | None,\n    lookup,\n    detect,\n    count=100,\n    filename=\"\",\n    timeout=2,\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/","title":"cymbol","text":""},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol","title":"cymbol","text":"
Add, load, show, edit, or delete symbols for custom structures.
 
For the generation of the symbols g++/gcc is being used under the hood.
 
In case of remote debugging a binary which is not native to your architecture it is advised to configure the 'gcc-config-path' config parameter to your own cross-platform gnu gcc compiled toolchain for your target architecture.
 
You are advised to configure the 'cymbol-editor' config parameter to the path of your favorite text editor. Otherwise cymbol expands $EDITOR and $VISUAL environment variables to find the path to the default text editor.
 
Functions:
 
     
  •  create_temp_header_file             \u2013              
    Create a temporary header file with the given content.
     
    •  
  •  unload_loaded_symbol             \u2013              
    •  
  •  OnlyWhenStructFileExists             \u2013              
    •  
  •  compile_with_flags             \u2013              
    •  
  •  generate_debug_symbols             \u2013              
    •  
  •  create_blank_elf             \u2013              
    •  
  •  add_custom_structure             \u2013              
    •  
  •  add_structure_from_header             \u2013              
    •  
  •  edit_custom_structure             \u2013              
    •  
  •  remove_custom_structure             \u2013              
    •  
  •  load_custom_structure             \u2013              
    •  
  •  show_custom_structure             \u2013              
    •  
  •  cymbol             \u2013              
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  gcc_compiler_path           \u2013            
    •  
  •  cymbol_editor           \u2013            
    •  
  •  loaded_symbols               (dict[str, str])           \u2013            
    •  
  •  pwndbg_cachedir           \u2013            
    •  
  •  parser           \u2013            
    •  
  •  subparsers           \u2013            
    •  
  •  add_parser           \u2013            
    •  
  •  remove_parser           \u2013            
    •  
  •  edit_parser           \u2013            
    •  
  •  load_parser           \u2013            
    •  
  •  show_parser           \u2013            
    •  
  •  file_parser           \u2013            
    •  
  •  show_all_parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.gcc_compiler_path","title":"gcc_compiler_path  module-attribute","text":"
gcc_compiler_path = add_param(\n    \"gcc-compiler-path\",\n    \"\",\n    \"path to the gcc/g++ toolchain for generating imported symbols\",\n    param_class=PARAM_OPTIONAL_FILENAME,\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol_editor","title":"cymbol_editor  module-attribute","text":"
cymbol_editor = add_param(\n    \"cymbol-editor\",\n    \"\",\n    \"path to the editor for editing custom structures\",\n    param_class=PARAM_OPTIONAL_FILENAME,\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.loaded_symbols","title":"loaded_symbols  module-attribute","text":"
loaded_symbols: dict[str, str] = {}\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.pwndbg_cachedir","title":"pwndbg_cachedir  module-attribute","text":"
pwndbg_cachedir = cachedir('custom-symbols')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Manage custom C structures in pwndbg. Supports project-specific auto-loading from .gdbinit.\"\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.subparsers","title":"subparsers  module-attribute","text":"
subparsers = add_subparsers(dest='subcommand', help='Available subcommands')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_parser","title":"add_parser  module-attribute","text":"
add_parser = add_parser('add', help='Add a custom structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.remove_parser","title":"remove_parser  module-attribute","text":"
remove_parser = add_parser('remove', help='Remove a custom structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.edit_parser","title":"edit_parser  module-attribute","text":"
edit_parser = add_parser('edit', help='Edit a custom structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.load_parser","title":"load_parser  module-attribute","text":"
load_parser = add_parser('load', help='Load a custom structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.show_parser","title":"show_parser  module-attribute","text":"
show_parser = add_parser('show', help='Show a custom structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.file_parser","title":"file_parser  module-attribute","text":"
file_parser = add_parser('file', help='Add a structure from a header file')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.show_all_parser","title":"show_all_parser  module-attribute","text":"
show_all_parser = add_parser('show-all', help='Show all stored structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.create_temp_header_file","title":"create_temp_header_file","text":"
create_temp_header_file(content: str) -> str\n
 
Create a temporary header file with the given content.
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.unload_loaded_symbol","title":"unload_loaded_symbol","text":"
unload_loaded_symbol(custom_structure_name: str) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.OnlyWhenStructFileExists","title":"OnlyWhenStructFileExists","text":"
OnlyWhenStructFileExists(\n    func: _OnlyWhenStructFileExists,\n) -> _OnlyWhenStructFileExists\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.compile_with_flags","title":"compile_with_flags","text":"
compile_with_flags(gcc_extra_flags)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.generate_debug_symbols","title":"generate_debug_symbols","text":"
generate_debug_symbols(\n    custom_structure_path: str,\n    pwndbg_debug_symbols_output_file: str | None = None,\n) -> str | None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.create_blank_elf","title":"create_blank_elf","text":"
create_blank_elf()\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_custom_structure","title":"add_custom_structure","text":"
add_custom_structure(custom_structure_name: str, force=False)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_structure_from_header","title":"add_structure_from_header","text":"
add_structure_from_header(\n    header_file: str, custom_structure_name: str = None, force: bool = False\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.edit_custom_structure","title":"edit_custom_structure","text":"
edit_custom_structure(\n    custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.remove_custom_structure","title":"remove_custom_structure","text":"
remove_custom_structure(\n    custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.load_custom_structure","title":"load_custom_structure","text":"
load_custom_structure(\n    custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.show_custom_structure","title":"show_custom_structure","text":"
show_custom_structure(\n    custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol","title":"cymbol","text":"
cymbol(subcommand: str = None, name: str = None, path: str = None, force=False)\n
"},{"location":"reference/pwndbg/commands/dev/","title":"dev","text":""},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev","title":"dev","text":"
Functions:
 
     
  •  dev_dump_instruction             \u2013              
    •  
  •  log_level             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Set the log level.')\n
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.dev_dump_instruction","title":"dev_dump_instruction","text":"
dev_dump_instruction(\n    address=None, force_emulate=False, no_emulate=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.log_level","title":"log_level","text":"
log_level(level: str) -> None\n
"},{"location":"reference/pwndbg/commands/distance/","title":"distance","text":""},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance","title":"distance","text":"
Functions:
 
     
  •  distance             \u2013              
    Print the distance between the two arguments
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Print the distance between the two arguments, or print the offset to the address's page base.\"\n)\n
"},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance.distance","title":"distance","text":"
distance(a, b) -> None\n
 
Print the distance between the two arguments
"},{"location":"reference/pwndbg/commands/dt/","title":"dt","text":""},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt","title":"dt","text":"
Functions:
 
     
  •  dt             \u2013              
    Dump out information on a type (e.g. ucontext_t).
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nDump out information on a type (e.g. ucontext_t).\\n\\nOptionally overlay that information at an address.\"\n)\n
"},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt.dt","title":"dt","text":"
dt(typename: str, address: int | None = None) -> None\n
 
Dump out information on a type (e.g. ucontext_t).
 
Optionally overlay that information at an address.
"},{"location":"reference/pwndbg/commands/dumpargs/","title":"dumpargs","text":""},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs","title":"dumpargs","text":"
Functions:
 
     
  •  dumpargs             \u2013              
    •  
  •  call_args             \u2013              
    Returns list of resolved call argument strings for display.
     
    •  
  •  all_args             \u2013              
    Returns list of all argument strings for display.
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints determined arguments for call/syscall instruction.\"\n)\n
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.dumpargs","title":"dumpargs","text":"
dumpargs(force: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.call_args","title":"call_args","text":"
call_args() -> list[str]\n
 
Returns list of resolved call argument strings for display. Attempts to resolve the target and determine the number of arguments.
 
Return empty list if PC is not on a call or syscall instruction.
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.all_args","title":"all_args","text":"
all_args() -> list[str]\n
 
Returns list of all argument strings for display.
"},{"location":"reference/pwndbg/commands/elf/","title":"elf","text":""},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf","title":"elf","text":"
Functions:
 
     
  •  elfsections             \u2013              
    •  
  •  gotplt             \u2013              
    •  
  •  plt             \u2013              
    •  
  •  get_section_bounds             \u2013              
    •  
  •  print_symbols_in_section             \u2013              
    •  
  •  get_symbols_in_region             \u2013              
    •  
 
Attributes:
 
     
  •  PLT_SECTION_NAMES           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.PLT_SECTION_NAMES","title":"PLT_SECTION_NAMES  module-attribute","text":"
PLT_SECTION_NAMES = ('.plt', '.plt.sec', '.plt.got', '.plt.bnd')\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints any symbols found in Procedure Linkage Table sections if any exist.\"\n)\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.elfsections","title":"elfsections","text":"
elfsections(no_rebase: bool) -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.gotplt","title":"gotplt","text":"
gotplt() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.plt","title":"plt","text":"
plt(all_symbols: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_section_bounds","title":"get_section_bounds","text":"
get_section_bounds(section_name: str)\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.print_symbols_in_section","title":"print_symbols_in_section","text":"
print_symbols_in_section(section_name, filter_text='') -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_symbols_in_region","title":"get_symbols_in_region","text":"
get_symbols_in_region(\n    start: int, end: int, filter_text=\"\"\n) -> list[tuple[str, int]]\n
"},{"location":"reference/pwndbg/commands/flags/","title":"flags","text":""},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags","title":"flags","text":"
Functions:
 
     
  •  setflag             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Modify the flags register.')\n
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.setflag","title":"setflag","text":"
setflag(flag: str, value: int) -> None\n
"},{"location":"reference/pwndbg/commands/gdt/","title":"gdt","text":""},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt","title":"gdt","text":"
Functions:
 
     
  •  gdt             \u2013              
    •  
  •  decode_gdt_entry             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Decode X86-64 GDT entries at address\\n\\nSee also:\\n\\n* https://wiki.osdev.org/Global_Descriptor_Table\\n* https://wiki.osdev.org/GDT_Tutorial\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.gdt","title":"gdt","text":"
gdt(address, count) -> None\n
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.decode_gdt_entry","title":"decode_gdt_entry","text":"
decode_gdt_entry(value)\n
"},{"location":"reference/pwndbg/commands/ghidra/","title":"ghidra","text":""},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra","title":"ghidra","text":"
Functions:
 
     
  •  ghidra             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Decompile a given function using Ghidra.')\n
"},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra.ghidra","title":"ghidra","text":"
ghidra(func) -> None\n
"},{"location":"reference/pwndbg/commands/godbg/","title":"godbg","text":""},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg","title":"godbg","text":"
Functions:
 
     
  •  go_dump             \u2013              
    •  
  •  go_type             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Dumps a Go runtime reflection type at a specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_dump","title":"go_dump","text":"
go_dump(\n    ty: str,\n    address: int,\n    hex: bool,\n    decimals: int | None,\n    debug: bool,\n    pretty: bool,\n) -> None\n
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_type","title":"go_type","text":"
go_type(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/got/","title":"got","text":""},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got","title":"got","text":"
Functions:
 
     
  •  got             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Show the state of the Global Offset Table.\"\n)\n
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.group","title":"group  module-attribute","text":"
group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.got","title":"got","text":"
got(\n    path_filter: str, all_: bool, accept_readonly: bool, symbol_filter: str\n) -> None\n
"},{"location":"reference/pwndbg/commands/got_tracking/","title":"got_tracking","text":""},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking","title":"got_tracking","text":"
Functions:
 
     
  •  columns             \u2013              
    Print data formatted into distinct columns.
     
    •  
  •  track_got             \u2013              
    •  
  •  got_report             \u2013              
    Prints out a report of the current status of the GOT tracker.
     
    •  
  •  got_tracking_status             \u2013              
    Prints out information about a single GOT tracking entry.
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  subparsers           \u2013            
    •  
  •  enable           \u2013            
    •  
  •  disable           \u2013            
    •  
  •  report           \u2013            
    •  
  •  status           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Controls GOT tracking')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.subparsers","title":"subparsers  module-attribute","text":"
subparsers = add_subparsers(\n    required=True,\n    description=\"Used to disable and query information about the tracker\",\n)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.enable","title":"enable  module-attribute","text":"
enable = add_parser('enable', help='Enable GOT parsing')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.disable","title":"disable  module-attribute","text":"
disable = add_parser('disable', help='Disable GOT tracking')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.report","title":"report  module-attribute","text":"
report = add_parser('info', help='Give an overview of the GOT tracker')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.status","title":"status  module-attribute","text":"
status = add_parser(\n    \"query\",\n    help=\"Queries detailed tracking information about a single entry in the GOT\",\n)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.columns","title":"columns","text":"
columns(rows, colors=None) -> None\n
 
Print data formatted into distinct columns.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.track_got","title":"track_got","text":"
track_got(mode=None, soname=None, writable=False, fnname=None, address=None)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_report","title":"got_report","text":"
got_report(soname='.*', writable=False, fnname='.*') -> None\n
 
Prints out a report of the current status of the GOT tracker.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_tracking_status","title":"got_tracking_status","text":"
got_tracking_status(address) -> None\n
 
Prints out information about a single GOT tracking entry.
"},{"location":"reference/pwndbg/commands/hex2ptr/","title":"hex2ptr","text":""},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr","title":"hex2ptr","text":"
Functions:
 
     
  •  hex2ptr             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Converts a space-separated hex string to a little-endian address.\"\n)\n
"},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr.hex2ptr","title":"hex2ptr","text":"
hex2ptr(hex_string) -> None\n
"},{"location":"reference/pwndbg/commands/hexdump/","title":"hexdump","text":""},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump","title":"hexdump","text":"
Functions:
 
     
  •  address_or_module_name             \u2013              
    •  
  •  format_c             \u2013              
    •  
  •  format_py             \u2013              
    •  
  •  hexdump             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Hexdumps data at the specified address or module name.\"\n)\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.address_or_module_name","title":"address_or_module_name","text":"
address_or_module_name(s) -> int\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.format_c","title":"format_c","text":"
format_c(data: bytes) -> str\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.format_py","title":"format_py","text":"
format_py(data: bytes) -> str\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.hexdump","title":"hexdump","text":"
hexdump(address, count=hexdump_bytes, code: str | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/hijack_fd/","title":"hijack_fd","text":""},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd","title":"hijack_fd","text":"
Classes:
 
     
  •  ShellcodeRegs           \u2013            
    •  
  •  ParsedSocket           \u2013            
    •  
 
Functions:
 
     
  •  get_shellcode_regs             \u2013              
    •  
  •  stack_size_alignment             \u2013              
    •  
  •  asm_replace_file             \u2013              
    •  
  •  asm_replace_socket             \u2013              
    •  
  •  exec_shellcode_with_stack             \u2013              
    •  
  •  parse_socket             \u2013              
    •  
  •  parse_file_or_socket             \u2013              
    •  
  •  hijack_fd             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  PARSED_FILE_ARG           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Replace a file descriptor of a debugged process.\\n\\nThe new file descriptor can point to:\\n\\n- a file\\n- a pipe\\n- a socket\\n- a device, etc.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.PARSED_FILE_ARG","title":"PARSED_FILE_ARG  module-attribute","text":"
PARSED_FILE_ARG = Tuple[Optional[ParsedSocket], Optional[str]]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs","title":"ShellcodeRegs","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  newfd               (str)           \u2013            
    •  
  •  syscall_ret               (str)           \u2013            
    •  
  •  stack               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.newfd","title":"newfd  instance-attribute","text":"
newfd: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.syscall_ret","title":"syscall_ret  instance-attribute","text":"
syscall_ret: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.stack","title":"stack  instance-attribute","text":"
stack: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket","title":"ParsedSocket","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  protocol               (Literal['tcp', 'udp'])           \u2013            
    •  
  •  ip_version               (Literal['ipv4', 'ipv6'])           \u2013            
    •  
  •  address               (str)           \u2013            
    •  
  •  port               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.protocol","title":"protocol  instance-attribute","text":"
protocol: Literal['tcp', 'udp']\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.ip_version","title":"ip_version  instance-attribute","text":"
ip_version: Literal['ipv4', 'ipv6']\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.address","title":"address  instance-attribute","text":"
address: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.port","title":"port  instance-attribute","text":"
port: int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.get_shellcode_regs","title":"get_shellcode_regs","text":"
get_shellcode_regs() -> ShellcodeRegs\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.stack_size_alignment","title":"stack_size_alignment","text":"
stack_size_alignment(s: int) -> int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_file","title":"asm_replace_file","text":"
asm_replace_file(replace_fd: int, filename: str) -> tuple[int, str]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_socket","title":"asm_replace_socket","text":"
asm_replace_socket(\n    replace_fd: int, socket_data: ParsedSocket\n) -> tuple[int, str]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.exec_shellcode_with_stack","title":"exec_shellcode_with_stack  async","text":"
exec_shellcode_with_stack(ec: ExecutionController, blob, stack_size: int)\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_socket","title":"parse_socket","text":"
parse_socket(url: str) -> ParsedSocket\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_file_or_socket","title":"parse_file_or_socket","text":"
parse_file_or_socket(s: str) -> PARSED_FILE_ARG\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.hijack_fd","title":"hijack_fd","text":"
hijack_fd(fdnum: int, newfile: PARSED_FILE_ARG) -> None\n
"},{"location":"reference/pwndbg/commands/ida/","title":"ida","text":""},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida","title":"ida","text":"
Functions:
 
     
  •  j             \u2013              
    Synchronize IDA's cursor with GDB
     
    •  
  •  up             \u2013              
    Select and print stack frame that called this one.
     
    •  
  •  down             \u2013              
    Select and print stack frame called by this one.
     
    •  
  •  save_ida             \u2013              
    Save the IDA database
     
    •  
  •  ida             \u2013              
    Lookup a symbol's address by name from IDA.
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Select and print stack frame called by this one.\"\n)\n
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.j","title":"j","text":"
j(*args) -> None\n
 
Synchronize IDA's cursor with GDB
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.up","title":"up","text":"
up(n=1) -> None\n
 
Select and print stack frame that called this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.down","title":"down","text":"
down(n=1) -> None\n
 
Select and print stack frame called by this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.save_ida","title":"save_ida","text":"
save_ida() -> None\n
 
Save the IDA database
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.ida","title":"ida","text":"
ida(name: Value) -> int\n
 
Lookup a symbol's address by name from IDA. Evaluate ida.LocByName() on the supplied value.
 
This functions doesn't see stack local variables.
 
Example: 
pwndbg> set integration-provider ida\nPwndbg successfully connected to Ida Pro xmlrpc: http://127.0.0.1:43718\nSet which provider to use for integration features to 'ida'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $ida(\"main\")\n$1 = 0x555555555645\npwndbg> b *$ida(\"main\")\nBreakpoint 2 at 0x555555555645\n
"},{"location":"reference/pwndbg/commands/ignore/","title":"ignore","text":""},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore","title":"ignore","text":"
Ignoring a breakpoint
 
Functions:
 
     
  •  ignore             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Set ignore-count of breakpoint number N to COUNT.\\n\\nWhile the ignore count is positive, execution will not stop on the breakpoint.\\n\\nBy default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.\"\n)\n
"},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore.ignore","title":"ignore","text":"
ignore(bpnum, count) -> None\n
"},{"location":"reference/pwndbg/commands/integration/","title":"integration","text":""},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration","title":"integration","text":"
Functions:
 
     
  •  decomp             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Use the current integration to decompile code near an address.\"\n)\n
"},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration.decomp","title":"decomp","text":"
decomp(addr: int | None, lines: int | None) -> None\n
"},{"location":"reference/pwndbg/commands/ipython_interactive/","title":"ipython_interactive","text":""},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive","title":"ipython_interactive","text":"
Command to start an interactive IPython prompt.
 
Functions:
 
     
  •  switch_to_ipython_env             \u2013              
    We need to change stdout/stderr to the default ones, otherwise we can't use tab or autocomplete
     
    •  
  •  ipi             \u2013              
    •  
"},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive.switch_to_ipython_env","title":"switch_to_ipython_env","text":"
switch_to_ipython_env()\n
 
We need to change stdout/stderr to the default ones, otherwise we can't use tab or autocomplete
"},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive.ipi","title":"ipi","text":"
ipi() -> None\n
"},{"location":"reference/pwndbg/commands/jemalloc/","title":"jemalloc","text":""},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc","title":"jemalloc","text":"
Functions:
 
     
  •  jemalloc_find_extent             \u2013              
    •  
  •  jemalloc_extent_info             \u2013              
    •  
  •  jemalloc_heap             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Prints all extents information')\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_find_extent","title":"jemalloc_find_extent","text":"
jemalloc_find_extent(addr) -> None\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_extent_info","title":"jemalloc_extent_info","text":"
jemalloc_extent_info(addr, verbose=False, header=True) -> bool\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_heap","title":"jemalloc_heap","text":"
jemalloc_heap() -> None\n
"},{"location":"reference/pwndbg/commands/kbase/","title":"kbase","text":""},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase","title":"kbase","text":"
Functions:
 
     
  •  kbase             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Finds the kernel virtual base address.')\n
"},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase.kbase","title":"kbase","text":"
kbase(rebase=False, verbose=False) -> None\n
"},{"location":"reference/pwndbg/commands/kbpf/","title":"kbpf","text":""},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf","title":"kbpf","text":"
Functions:
 
     
  •  handle_bpf_aux_reg_for_insns_bytes             \u2013              
    •  
  •  handle_bpf_aux_reg_for_opstr             \u2013              
    •  
  •  bpf_map_array_offset             \u2013              
    •  
  •  parse_xa_node             \u2013              
    •  
  •  print_bpf_progs             \u2013              
    •  
  •  print_bpf_maps             \u2013              
    •  
  •  kbpf             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  MAX_PRINTED_VALUE_SIZE           \u2013            
    •  
  •  MAX_BPF_VERBOSE_LEVEL1_OUTPUT_LEN           \u2013            
    •  
  •  BPF_AUX_REG_STRING           \u2013            
    •  
  •  BPF_MAP_ARRAY_TYPES           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints information about the linux kernel bpf progs and maps.\"\n)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.MAX_PRINTED_VALUE_SIZE","title":"MAX_PRINTED_VALUE_SIZE  module-attribute","text":"
MAX_PRINTED_VALUE_SIZE = 32\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.MAX_BPF_VERBOSE_LEVEL1_OUTPUT_LEN","title":"MAX_BPF_VERBOSE_LEVEL1_OUTPUT_LEN  module-attribute","text":"
MAX_BPF_VERBOSE_LEVEL1_OUTPUT_LEN = 16\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.BPF_AUX_REG_STRING","title":"BPF_AUX_REG_STRING  module-attribute","text":"
BPF_AUX_REG_STRING = 'ax'\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.BPF_MAP_ARRAY_TYPES","title":"BPF_MAP_ARRAY_TYPES  module-attribute","text":"
BPF_MAP_ARRAY_TYPES = ('BPF_MAP_TYPE_ARRAY', 'BPF_MAP_TYPE_PROG_ARRAY')\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.handle_bpf_aux_reg_for_insns_bytes","title":"handle_bpf_aux_reg_for_insns_bytes","text":"
handle_bpf_aux_reg_for_insns_bytes(insns_bytes)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.handle_bpf_aux_reg_for_opstr","title":"handle_bpf_aux_reg_for_opstr","text":"
handle_bpf_aux_reg_for_opstr(opstr, regflag)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.bpf_map_array_offset","title":"bpf_map_array_offset","text":"
bpf_map_array_offset(bpf_array, t, max_entries, value_size)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.parse_xa_node","title":"parse_xa_node","text":"
parse_xa_node(xa_node)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.print_bpf_progs","title":"print_bpf_progs","text":"
print_bpf_progs(verbose)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.print_bpf_maps","title":"print_bpf_maps","text":"
print_bpf_maps(verbose)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.kbpf","title":"kbpf","text":"
kbpf(verbose: int, print_progs: bool, print_maps: bool)\n
"},{"location":"reference/pwndbg/commands/kchecksec/","title":"kchecksec","text":""},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec","title":"kchecksec","text":"
Classes:
 
     
  •  Option           \u2013            
    •  
 
Functions:
 
     
  •  kchecksec             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Checks for kernel hardening configuration options.\"\n)\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option","title":"Option","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  desired               (bool)           \u2013            
    •  
  •  cmdline_option               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.desired","title":"desired  class-attribute instance-attribute","text":"
desired: bool = True\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.cmdline_option","title":"cmdline_option  class-attribute instance-attribute","text":"
cmdline_option: str = None\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.kchecksec","title":"kchecksec","text":"
kchecksec() -> None\n
"},{"location":"reference/pwndbg/commands/kcmdline/","title":"kcmdline","text":""},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline","title":"kcmdline","text":"
Functions:
 
     
  •  kcmdline             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Return the kernel commandline (/proc/cmdline).\"\n)\n
"},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline.kcmdline","title":"kcmdline","text":"
kcmdline() -> None\n
"},{"location":"reference/pwndbg/commands/kconfig/","title":"kconfig","text":""},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig","title":"kconfig","text":"
Functions:
 
     
  •  kconfig             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Outputs the kernel config.')\n
"},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig.kconfig","title":"kconfig","text":"
kconfig(config_name=None, file_path=None) -> None\n
"},{"location":"reference/pwndbg/commands/kcurrent/","title":"kcurrent","text":""},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent","title":"kcurrent","text":"
Functions:
 
     
  •  kfile             \u2013              
    •  
  •  kcurrent             \u2013              
    •  
 
Attributes:
 
     
  •  indent           \u2013            
    •  
  •  fmode_flags           \u2013            
    •  
  •  KCURRENT_PID           \u2013            
    •  
  •  KCURRENT_PGD           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.indent","title":"indent  module-attribute","text":"
indent = IndentContextManager()\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.fmode_flags","title":"fmode_flags  module-attribute","text":"
fmode_flags = BitFlags([('R', 0), ('W', 1), ('X', 5)])\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.KCURRENT_PID","title":"KCURRENT_PID  module-attribute","text":"
KCURRENT_PID = None\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.KCURRENT_PGD","title":"KCURRENT_PGD  module-attribute","text":"
KCURRENT_PGD = None\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\n    Displays the current kernel task debugged by the debugger (gdb/lldb) if pid == None\\n    Displays the task with pid if pid != None.\\n    \"\n)\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.kfile","title":"kfile","text":"
kfile(pid=None, fd=None)\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.kcurrent","title":"kcurrent","text":"
kcurrent(pid=None, set_pid=False, verbose=True)\n
"},{"location":"reference/pwndbg/commands/kdmabuf/","title":"kdmabuf","text":""},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf","title":"kdmabuf","text":"
Functions:
 
     
  •  print_dmabuf             \u2013              
    •  
  •  print_sgl             \u2013              
    •  
  •  kdmabuf             \u2013              
    •  
 
Attributes:
 
     
  •  SG_CHAIN           \u2013            
    •  
  •  SG_END           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.SG_CHAIN","title":"SG_CHAIN  module-attribute","text":"
SG_CHAIN = 1\n
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.SG_END","title":"SG_END  module-attribute","text":"
SG_END = 2\n
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Prints DMA buf info')\n
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.print_dmabuf","title":"print_dmabuf","text":"
print_dmabuf(dmabuf, idx, indent)\n
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.print_sgl","title":"print_sgl","text":"
print_sgl(sgl, indent)\n
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.kdmabuf","title":"kdmabuf","text":"
kdmabuf()\n
"},{"location":"reference/pwndbg/commands/kdmesg/","title":"kdmesg","text":""},{"location":"reference/pwndbg/commands/kdmesg/#pwndbg.commands.kdmesg","title":"kdmesg","text":"
Display the kernel ring buffer (dmesg) contents. This command reads the printk_ringbuffer structure, which stores printk messages. It iterates through the records in the ring buffer to print each record like a dmesg log.
 
This command supports only the \"new\" kernel ring buffer implementation that is present in kernel versions 5.10+. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d594d8f411d47bf7b583ec3474b11fec348c88bb
 
This implementation read information from the Linux kernel's printk_ringbuffer structure as defined in: https://github.com/torvalds/linux/blob/19272b37aa4f83ca52bdf9c16d5d81bdd1354494/kernel/printk/printk_ringbuffer.h
 
Functions:
 
     
  •  kdmesg             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kdmesg/#pwndbg.commands.kdmesg.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Displays the kernel ring buffer (dmesg) contents.\"\n)\n
"},{"location":"reference/pwndbg/commands/kdmesg/#pwndbg.commands.kdmesg.kdmesg","title":"kdmesg","text":"
kdmesg(ctime: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/killthreads/","title":"killthreads","text":""},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads","title":"killthreads","text":"
Functions:
 
     
  •  killthreads             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Kill all or given threads.\\n\\nSwitches to given threads and calls pthread_exit(0) on them.\\nThis is performed with scheduler-locking to prevent other threads from operating at the same time.\\n\\nKilling all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads.killthreads","title":"killthreads","text":"
killthreads(thread_ids: list[int] | None = None, all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/klookup/","title":"klookup","text":""},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup","title":"klookup","text":"
Functions:
 
     
  •  klookup             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Lookup kernel symbols')\n
"},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup.klookup","title":"klookup","text":"
klookup(symbol: str, apply: bool) -> None\n
"},{"location":"reference/pwndbg/commands/kmem_trace/","title":"kmem_trace","text":""},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace","title":"kmem_trace","text":"
Classes:
 
     
  •  KmemTracepointsData           \u2013            
    •  
  •  KmemTracepoints           \u2013            
    •  
 
Functions:
 
     
  •  get_kmem_tracepoints             \u2013              
    •  
  •  kmem_trace             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nTrace kernel memory (SLUB and buddy) allocations and frees.\\n\\nThis command will execute `next` in the debugger, and print out all (de)allocations that happen until\\nthe command finishes. As such this makes most sense to call when the PC is on a function call instruction.\\nOnly (de)allocations triggered by the current function are considered (rather than other threads etc).\\n\\nIf neither `-s` nor `-b` are passed, both allocators are traced.\\n    \"\n)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData","title":"KmemTracepointsData","text":"
KmemTracepointsData(verbose, trace_all)\n
 
Methods:
 
     
  •  add_result             \u2013              
    •  
  •  format_slab_kmem_tracepoint_output             \u2013              
    •  
  •  format_page_kmem_tracepoint_output             \u2013              
    •  
 
Attributes:
 
     
  •  results           \u2013            
    •  
  •  order           \u2013            
    •  
  •  mutex           \u2013            
    •  
  •  verbose           \u2013            
    •  
  •  curr           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.results","title":"results  instance-attribute","text":"
results = []\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.order","title":"order  instance-attribute","text":"
order = None\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.mutex","title":"mutex  instance-attribute","text":"
mutex = RLock()\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.verbose","title":"verbose  instance-attribute","text":"
verbose = verbose\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.curr","title":"curr  instance-attribute","text":"
curr = None\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.add_result","title":"add_result","text":"
add_result(result: str)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.format_slab_kmem_tracepoint_output","title":"format_slab_kmem_tracepoint_output","text":"
format_slab_kmem_tracepoint_output(is_free: bool, objaddr: int)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.format_page_kmem_tracepoint_output","title":"format_page_kmem_tracepoint_output","text":"
format_page_kmem_tracepoint_output(is_free: bool, page: int, order: int)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints","title":"KmemTracepoints","text":"
KmemTracepoints()\n
 
Methods:
 
     
  •  resolve_names             \u2013              
    •  
  •  kalloc_handler             \u2013              
    •  
  •  kfree_handler             \u2013              
    •  
  •  palloc_handler             \u2013              
    •  
  •  pfree_handler             \u2013              
    •  
  •  register_breakpoints             \u2013              
    •  
  •  remove_breakpoints             \u2013              
    •  
 
Attributes:
 
     
  •  kallocs           \u2013            
    •  
  •  kfrees           \u2013            
    •  
  •  pallocs           \u2013            
    •  
  •  pfrees           \u2013            
    •  
  •  sps           \u2013            
    •  
  •  data           \u2013            
    •  
  •  slab_tracepoints_enabled           \u2013            
    •  
  •  buddy_tracepoints_enabled           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.kallocs","title":"kallocs  instance-attribute","text":"
kallocs = resolve_names(kmalloc_names)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.kfrees","title":"kfrees  instance-attribute","text":"
kfrees = resolve_names(kfree_names)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.pallocs","title":"pallocs  instance-attribute","text":"
pallocs = resolve_names(palloc_names)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.pfrees","title":"pfrees  instance-attribute","text":"
pfrees = resolve_names(pfree_names)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.sps","title":"sps  instance-attribute","text":"
sps = []\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.data","title":"data  instance-attribute","text":"
data = None\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.slab_tracepoints_enabled","title":"slab_tracepoints_enabled  instance-attribute","text":"
slab_tracepoints_enabled = True\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.buddy_tracepoints_enabled","title":"buddy_tracepoints_enabled  instance-attribute","text":"
buddy_tracepoints_enabled = True\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.resolve_names","title":"resolve_names","text":"
resolve_names(names)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.kalloc_handler","title":"kalloc_handler  staticmethod","text":"
kalloc_handler(sp: StopPoint) -> bool\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.kfree_handler","title":"kfree_handler  staticmethod","text":"
kfree_handler(sp: StopPoint) -> bool\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.palloc_handler","title":"palloc_handler  staticmethod","text":"
palloc_handler(sp: StopPoint) -> bool\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.pfree_handler","title":"pfree_handler  staticmethod","text":"
pfree_handler(sp: StopPoint) -> bool\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.register_breakpoints","title":"register_breakpoints","text":"
register_breakpoints(verbose, trace_all)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.remove_breakpoints","title":"remove_breakpoints","text":"
remove_breakpoints()\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.get_kmem_tracepoints","title":"get_kmem_tracepoints","text":"
get_kmem_tracepoints()\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.kmem_trace","title":"kmem_trace","text":"
kmem_trace(\n    trace_slab: bool, trace_buddy: bool, verbose: bool, command: str, all: bool\n) -> None\n
"},{"location":"reference/pwndbg/commands/kmod/","title":"kmod","text":""},{"location":"reference/pwndbg/commands/kmod/#pwndbg.commands.kmod","title":"kmod","text":"
Displays information about loaded kernel modules. This command retrieves the list of kernel modules from the modules symbol and displays information about each module. It can filter modules by a substring of their names if provided.
 
Functions:
 
     
  •  kmod             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kmod/#pwndbg.commands.kmod.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description=\"Displays the loaded Linux kernel modules.\")\n
"},{"location":"reference/pwndbg/commands/kmod/#pwndbg.commands.kmod.kmod","title":"kmod","text":"
kmod(module_name=None, path=None) -> None\n
"},{"location":"reference/pwndbg/commands/knft/","title":"knft","text":""},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft","title":"knft","text":"
Functions:
 
     
  •  parse_nft_family             \u2013              
    •  
  •  knft_dump             \u2013              
    •  
  •  knft_list_tables             \u2013              
    •  
  •  knft_list_chains             \u2013              
    •  
  •  knft_list_rules             \u2013              
    •  
  •  knft_list_exprs             \u2013              
    •  
  •  knft_list_sets             \u2013              
    •  
  •  knft_list_objects             \u2013              
    •  
  •  knft_list_flowtables             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Dump netfilter flowtables from a specific table\"\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.parse_nft_family","title":"parse_nft_family","text":"
parse_nft_family(s: str) -> int\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_dump","title":"knft_dump","text":"
knft_dump(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_tables","title":"knft_list_tables","text":"
knft_list_tables(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_chains","title":"knft_list_chains","text":"
knft_list_chains(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_rules","title":"knft_list_rules","text":"
knft_list_rules(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    chain_name: str | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_exprs","title":"knft_list_exprs","text":"
knft_list_exprs(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    chain_name: str | None = None,\n    rule_id: int | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_sets","title":"knft_list_sets","text":"
knft_list_sets(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_objects","title":"knft_list_objects","text":"
knft_list_objects(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_flowtables","title":"knft_list_flowtables","text":"
knft_list_flowtables(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/ksyscalls/","title":"ksyscalls","text":""},{"location":"reference/pwndbg/commands/ksyscalls/#pwndbg.commands.ksyscalls","title":"ksyscalls","text":"
Displays the syscall table for kernel debugging.
 
Functions:
 
     
  •  ksyscalls             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ksyscalls/#pwndbg.commands.ksyscalls.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Displays Linux syscall table, including names and addresses of syscalls.\"\n)\n
"},{"location":"reference/pwndbg/commands/ksyscalls/#pwndbg.commands.ksyscalls.ksyscalls","title":"ksyscalls","text":"
ksyscalls(syscall_name=None) -> None\n
"},{"location":"reference/pwndbg/commands/ktask/","title":"ktask","text":""},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask","title":"ktask","text":"
Displays information about kernel tasks. This command iterates through the kernel's task list and prints details about each task, including its address, PID, user space status, CPU, UID, GID, and name.
 
Classes:
 
     
  •  Kthread           \u2013            
    •  
  •  Ktask           \u2013            
    •  
 
Functions:
 
     
  •  get_ktasks             \u2013              
    •  
  •  ktask             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  indent           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Displays information about kernel tasks.')\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.indent","title":"indent  module-attribute","text":"
indent = IndentContextManager()\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread","title":"Kthread","text":"
Kthread(thread: Value)\n
 
Methods:
 
     
  •  files             \u2013              
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  thread           \u2013            
    •  
  •  name           \u2013            
    •  
  •  pid           \u2013            
    •  
  •  has_user_page           \u2013            
    •  
  •  cpu           \u2013            
    •  
  •  uid           \u2013            
    •  
  •  gid           \u2013            
    •  
  •  mm           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.thread","title":"thread  instance-attribute","text":"
thread = thread\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.name","title":"name  instance-attribute","text":"
name = string()\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.pid","title":"pid  instance-attribute","text":"
pid = int(thread['pid'])\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.has_user_page","title":"has_user_page  instance-attribute","text":"
has_user_page = int(thread['mm']) != 0\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.cpu","title":"cpu  instance-attribute","text":"
cpu = '-'\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.uid","title":"uid  instance-attribute","text":"
uid = int(thread['real_cred']['uid']['val'])\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.gid","title":"gid  instance-attribute","text":"
gid = int(thread['real_cred']['gid']['val'])\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.mm","title":"mm  property","text":"
mm\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.files","title":"files","text":"
files()\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.__str__","title":"__str__","text":"
__str__()\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Ktask","title":"Ktask","text":"
Ktask(task: Value)\n
 
Attributes:
 
     
  •  task           \u2013            
    •  
  •  threads           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Ktask.task","title":"task  instance-attribute","text":"
task = task\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Ktask.threads","title":"threads  instance-attribute","text":"
threads = threads\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.get_ktasks","title":"get_ktasks","text":"
get_ktasks() -> tuple[Ktask, ...]\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.ktask","title":"ktask","text":"
ktask(task_name=None) -> None\n
"},{"location":"reference/pwndbg/commands/kversion/","title":"kversion","text":""},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion","title":"kversion","text":"
Functions:
 
     
  •  kversion             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Outputs the kernel version (/proc/version).\"\n)\n
"},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion.kversion","title":"kversion","text":"
kversion() -> None\n
"},{"location":"reference/pwndbg/commands/leakfind/","title":"leakfind","text":""},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind","title":"leakfind","text":"
Find a chain of leaks given some starting address.
 
Functions:
 
     
  •  get_rec_addr_string             \u2013              
    •  
  •  dbg_print_map             \u2013              
    •  
  •  leakfind             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nAttempt to find a leak chain given a starting address.\\n\\nScans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.get_rec_addr_string","title":"get_rec_addr_string","text":"
get_rec_addr_string(addr, visited_map)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.dbg_print_map","title":"dbg_print_map","text":"
dbg_print_map(maps) -> None\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.leakfind","title":"leakfind","text":"
leakfind(\n    address=None,\n    page_name=None,\n    max_offset: int = 64,\n    max_depth: int = 4,\n    step: int = 1,\n    negative_offset: int = 0,\n)\n
"},{"location":"reference/pwndbg/commands/libcinfo/","title":"libcinfo","text":""},{"location":"reference/pwndbg/commands/libcinfo/#pwndbg.commands.libcinfo","title":"libcinfo","text":"
Functions:
 
     
  •  libcinfo             \u2013              
    •  
"},{"location":"reference/pwndbg/commands/libcinfo/#pwndbg.commands.libcinfo.libcinfo","title":"libcinfo","text":"
libcinfo()\n
"},{"location":"reference/pwndbg/commands/linkmap/","title":"linkmap","text":""},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap","title":"linkmap","text":"
Functions:
 
     
  •  linkmap             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Show the state of the Link Map')\n
"},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap.linkmap","title":"linkmap","text":"
linkmap() -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/","title":"mallocng","text":""},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng","title":"mallocng","text":"
Commands that help with debugging musl's allocator, mallocng.
 
Functions:
 
     
  •  get_slot_color             \u2013              
    •  
  •  get_colored_slot_state             \u2013              
    •  
  •  get_colored_slot_state_short             \u2013              
    •  
  •  dump_group             \u2013              
    •  
  •  dump_meta             \u2013              
    Arguments:
     
    •  
  •  dump_grouped_slot             \u2013              
    •  
  •  dump_slot             \u2013              
    •  
  •  smart_dump_slot             \u2013              
    •  
  •  dump_meta_area             \u2013              
    •  
  •  dump_malloc_context             \u2013              
    •  
  •  mallocng_slot_user             \u2013              
    •  
  •  mallocng_slot_start             \u2013              
    •  
  •  mallocng_meta             \u2013              
    •  
  •  mallocng_group             \u2013              
    •  
  •  mallocng_meta_area             \u2013              
    •  
  •  mallocng_malloc_context             \u2013              
    •  
  •  mallocng_find             \u2013              
    •  
  •  bin_ascii             \u2013              
    •  
  •  colorize_pointer             \u2013              
    •  
  •  colorize_start_header_line             \u2013              
    •  
  •  line_decoration             \u2013              
    Maybe append extra clarification to a line.
     
    •  
  •  mallocng_visualize_slots             \u2013              
    •  
  •  mallocng_dump             \u2013              
    •  
  •  mallocng_explain             \u2013              
    •  
 
Attributes:
 
     
  •  search_on_fail           \u2013            
    •  
  •  state_alloc_color           \u2013            
    •  
  •  state_alloc_color_alt           \u2013            
    •  
  •  state_freed_color           \u2013            
    •  
  •  state_freed_color_alt           \u2013            
    •  
  •  state_avail_color           \u2013            
    •  
  •  state_avail_color_alt           \u2013            
    •  
  •  VALID_CHARS           \u2013            
    •  
  •  vis_cyclic_offset_color           \u2013            
    •  
  •  vis_offset_color           \u2013            
    •  
  •  vis_cycled_mark_color           \u2013            
    •  
  •  vis_pn3_reserved_color           \u2013            
    •  
  •  vis_big_offset_check_color           \u2013            
    •  
  •  vis_ftr_reserved_color           \u2013            
    •  
  •  default_vis_count           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.search_on_fail","title":"search_on_fail  module-attribute","text":"
search_on_fail = add_param(\n    \"ng-search-on-fail\",\n    True,\n    \"let the ng-slot* commands search the heap if necessary\",\n    help_docstring=\"\\nFor freed, avail(able) and corrupted slots, it may be\\nimpossible to recover the start of the group and meta.\\n\\nWhen this option is set to True, the ng-slotu and ng-slots\\ncommands will search the heap to try to find the correct meta/group.\\n    \",\n    param_class=PARAM_BOOLEAN,\n    scope=heap,\n)\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_alloc_color","title":"state_alloc_color  module-attribute","text":"
state_alloc_color = BLUE\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_alloc_color_alt","title":"state_alloc_color_alt  module-attribute","text":"
state_alloc_color_alt = CYAN\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_freed_color","title":"state_freed_color  module-attribute","text":"
state_freed_color = RED\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_freed_color_alt","title":"state_freed_color_alt  module-attribute","text":"
state_freed_color_alt = LIGHT_RED\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_avail_color","title":"state_avail_color  module-attribute","text":"
state_avail_color = GRAY\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_avail_color_alt","title":"state_avail_color_alt  module-attribute","text":"
state_avail_color_alt = LIGHT_GRAY\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.VALID_CHARS","title":"VALID_CHARS  module-attribute","text":"
VALID_CHARS = list(map(ord, set(printable) - set('\\t\\r\\n\\x0c\\x0b')))\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_cyclic_offset_color","title":"vis_cyclic_offset_color  module-attribute","text":"
vis_cyclic_offset_color = YELLOW\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_offset_color","title":"vis_offset_color  module-attribute","text":"
vis_offset_color = LIGHT_YELLOW\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_cycled_mark_color","title":"vis_cycled_mark_color  module-attribute","text":"
vis_cycled_mark_color = PURPLE\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_pn3_reserved_color","title":"vis_pn3_reserved_color  module-attribute","text":"
vis_pn3_reserved_color = LIGHT_CYAN\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_big_offset_check_color","title":"vis_big_offset_check_color  module-attribute","text":"
vis_big_offset_check_color = BLACK\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_ftr_reserved_color","title":"vis_ftr_reserved_color  module-attribute","text":"
vis_ftr_reserved_color = GREEN\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.default_vis_count","title":"default_vis_count  module-attribute","text":"
default_vis_count = add_param(\n    \"ng-vis-count\",\n    10,\n    \"default count for ng-vis\",\n    param_class=PARAM_UINTEGER,\n    scope=heap,\n)\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nDump the mallocng heap.\\n\\nMay produce lots of output.\\n    \"\n)\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.get_slot_color","title":"get_slot_color","text":"
get_slot_color(state: SlotState, last_color: str = '') -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.get_colored_slot_state","title":"get_colored_slot_state","text":"
get_colored_slot_state(ss: SlotState) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.get_colored_slot_state_short","title":"get_colored_slot_state_short","text":"
get_colored_slot_state_short(ss: SlotState) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_group","title":"dump_group","text":"
dump_group(group: Group) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_meta","title":"dump_meta","text":"
dump_meta(meta: Meta, focus_slot: int | None = None) -> str\n
 
Parameters:
 
     
  •  meta               (Meta)           \u2013            
    the meta to dump
     
    •  
  •  focus_slot               (int | None, default:                   None )           \u2013            
    the index of the slot to highlight in the slot statuses list
     
    •  
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_grouped_slot","title":"dump_grouped_slot","text":"
dump_grouped_slot(gslot: GroupedSlot, all: bool) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_slot","title":"dump_slot","text":"
dump_slot(\n    slot: Slot, all: bool, successful_preload: bool, will_dump_gslot: bool\n) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.smart_dump_slot","title":"smart_dump_slot","text":"
smart_dump_slot(slot: Slot, all: bool, gslot: GroupedSlot | None = None) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_meta_area","title":"dump_meta_area","text":"
dump_meta_area(meta_area: MetaArea, coming_from_dump: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_malloc_context","title":"dump_malloc_context","text":"
dump_malloc_context(ctx: MallocContext) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_slot_user","title":"mallocng_slot_user","text":"
mallocng_slot_user(address: int, all: bool) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_slot_start","title":"mallocng_slot_start","text":"
mallocng_slot_start(address: int, all: bool) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_meta","title":"mallocng_meta","text":"
mallocng_meta(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_group","title":"mallocng_group","text":"
mallocng_group(address: int, index: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_meta_area","title":"mallocng_meta_area","text":"
mallocng_meta_area(address: int, index: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_malloc_context","title":"mallocng_malloc_context","text":"
mallocng_malloc_context(address: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_find","title":"mallocng_find","text":"
mallocng_find(\n    address: int,\n    all: bool = False,\n    metadata: bool = False,\n    shallow: bool = False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.bin_ascii","title":"bin_ascii","text":"
bin_ascii(bs: bytearray)\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.colorize_pointer","title":"colorize_pointer","text":"
colorize_pointer(\n    address: int, ptrvalue: int, state: SlotState, slot: Slot\n) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.colorize_start_header_line","title":"colorize_start_header_line","text":"
colorize_start_header_line(shline: str, state: SlotState, slot: Slot) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.line_decoration","title":"line_decoration","text":"
line_decoration(addr: int, slot_state: SlotState, slot: Slot) -> str\n
 
Maybe append extra clarification to a line.
 
Currently only appends to p headers.
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_visualize_slots","title":"mallocng_visualize_slots","text":"
mallocng_visualize_slots(address: int, count: int = default_vis_count)\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_dump","title":"mallocng_dump","text":"
mallocng_dump(meta_area: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_explain","title":"mallocng_explain","text":"
mallocng_explain() -> None\n
"},{"location":"reference/pwndbg/commands/memoize/","title":"memoize","text":""},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize","title":"memoize","text":"
Functions:
 
     
  •  memoize             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nToggles memoization (caching).\\n\\nUseful for diagnosing caching-related bugs. Decreases performance.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize.memoize","title":"memoize","text":"
memoize() -> None\n
"},{"location":"reference/pwndbg/commands/misc/","title":"misc","text":""},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc","title":"misc","text":"
Functions:
 
     
  •  errno_             \u2013              
    •  
  •  pwndbg_             \u2013              
    •  
  •  list_and_filter_commands             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  cat_group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description=\"Prints out a list of all Pwndbg commands.\")\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.cat_group","title":"cat_group  module-attribute","text":"
cat_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.errno_","title":"errno_","text":"
errno_(err) -> None\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.pwndbg_","title":"pwndbg_","text":"
pwndbg_(filter_pattern, category_, list_categories) -> None\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.list_and_filter_commands","title":"list_and_filter_commands","text":"
list_and_filter_commands(filter_str)\n
"},{"location":"reference/pwndbg/commands/mmap/","title":"mmap","text":""},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap","title":"mmap","text":"
Functions:
 
     
  •  prot_str_to_val             \u2013              
    Heuristic to convert PROT_EXEC|PROT_WRITE to integer value.
     
    •  
  •  flag_str_to_val             \u2013              
    Heuristic to convert MAP_SHARED|MAP_FIXED to integer value.
     
    •  
  •  parse_str_or_int             \u2013              
    Try parsing a string with one of the parsers above or by converting it to
     
    •  
  •  mmap             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  prot_dict           \u2013            
    •  
  •  flag_dict           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nCalls the mmap syscall and prints its resulting address.\\n\\nNote that the mmap syscall may fail for various reasons\\n(see `man mmap`) and, in case of failure, its return value\\nwill not be a valid pointer.\\n\\nPROT values: NONE (0), READ (1), WRITE (2), EXEC (4)\\n\\nMAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10),\\n            ANONYMOUS (0x20)\\n\\nFlags and protection values can be either a string containing the names of the\\nflags or permissions or a single number corresponding to the bitwise OR of the\\nprotection and flag numbers.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_dict","title":"prot_dict  module-attribute","text":"
prot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_dict","title":"flag_dict  module-attribute","text":"
flag_dict = {\n    \"MAP_SHARED\": 1,\n    \"MAP_PRIVATE\": 2,\n    \"MAP_SHARED_VALIDATE\": 3,\n    \"MAP_FIXED\": 16,\n    \"MAP_ANONYMOUS\": 32,\n}\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_str_to_val","title":"prot_str_to_val","text":"
prot_str_to_val(protstr)\n
 
Heuristic to convert PROT_EXEC|PROT_WRITE to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_str_to_val","title":"flag_str_to_val","text":"
flag_str_to_val(flagstr)\n
 
Heuristic to convert MAP_SHARED|MAP_FIXED to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.parse_str_or_int","title":"parse_str_or_int","text":"
parse_str_or_int(val: str | int, parser)\n
 
Try parsing a string with one of the parsers above or by converting it to an int, or passes the value through if it is already an integer.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.mmap","title":"mmap","text":"
mmap(\n    addr, length, prot=7, flags=34, fd=-1, offset=0, quiet=False, force=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/mprotect/","title":"mprotect","text":""},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect","title":"mprotect","text":"
Functions:
 
     
  •  prot_str_to_val             \u2013              
    Converts a protection string to an integer. Formats include:
     
    •  
  •  prot_val_to_str             \u2013              
    •  
  •  mprotect             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  SYS_MPROTECT           \u2013            
    •  
  •  prot_dict           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nCalls the mprotect syscall and prints its result value.\\n\\nNote that the mprotect syscall may fail for various reasons\\n(see `man mprotect`) and a non-zero error return value\\ncan be decoded with the `errno <value>` command.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.SYS_MPROTECT","title":"SYS_MPROTECT  module-attribute","text":"
SYS_MPROTECT = 125\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_dict","title":"prot_dict  module-attribute","text":"
prot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_str_to_val","title":"prot_str_to_val","text":"
prot_str_to_val(protstr: str) -> int\n
 
Converts a protection string to an integer. Formats include:  - A positive integer, like 3  - A combination of r, w, and x, like rw  - A combination of PROT_READ, PROT_WRITE, and PROT_EXEC, like PROT_READ|PROT_WRITE
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_val_to_str","title":"prot_val_to_str","text":"
prot_val_to_str(protval: int) -> str\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.mprotect","title":"mprotect","text":"
mprotect(addr, length, prot) -> None\n
"},{"location":"reference/pwndbg/commands/msr/","title":"msr","text":""},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr","title":"msr","text":"
Functions:
 
     
  •  parse_msr             \u2013              
    •  
  •  parse_range             \u2013              
    •  
  •  x86_msr_read             \u2013              
    •  
  •  x86_msr_write             \u2013              
    •  
  •  msr_read             \u2013              
    •  
  •  msr_write             \u2013              
    •  
  •  msr_list             \u2013              
    •  
  •  msr             \u2013              
    •  
 
Attributes:
 
     
  •  X86_MSRS           \u2013            
    •  
  •  COMMON_MSRS           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.X86_MSRS","title":"X86_MSRS  module-attribute","text":"
X86_MSRS = {\n    \"MSR_EFER\": 3221225600,\n    \"MSR_STAR\": 3221225601,\n    \"MSR_LSTAR\": 3221225602,\n    \"MSR_CSTAR\": 3221225603,\n    \"MSR_SYSCALL_MASK\": 3221225604,\n    \"MSR_FS_BASE\": 3221225728,\n    \"MSR_GS_BASE\": 3221225729,\n    \"MSR_KERNEL_GS_BASE\": 3221225730,\n    \"MSR_TSC_AUX\": 3221225731,\n}\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.COMMON_MSRS","title":"COMMON_MSRS  module-attribute","text":"
COMMON_MSRS = {'i386': X86_MSRS, 'x86-64': X86_MSRS}\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nRead or write to Model Specific Register (MSR)\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parse_msr","title":"parse_msr","text":"
parse_msr(msr: str, arch: str) -> int | None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parse_range","title":"parse_range","text":"
parse_range(msr_range: str, arch: str) -> tuple[int, int] | None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.x86_msr_read","title":"x86_msr_read","text":"
x86_msr_read(msr: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.x86_msr_write","title":"x86_msr_write","text":"
x86_msr_write(msr: int, write_value: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_read","title":"msr_read","text":"
msr_read(msr: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_write","title":"msr_write","text":"
msr_write(msr: int, write_value: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_list","title":"msr_list","text":"
msr_list(arch: str)\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr","title":"msr","text":"
msr(\n    msr: str | None = None,\n    write: int | None = None,\n    list_msr=False,\n    msr_range: str | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/nearpc/","title":"nearpc","text":""},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc","title":"nearpc","text":"
Functions:
 
     
  •  nearpc             \u2013              
    Disassemble near a specified address.
     
    •  
  •  emulate             \u2013              
    Like nearpc, but will emulate instructions from the current $PC forward.
     
    •  
 
Attributes:
 
     
  •  nearpc_lines           \u2013            
    •  
  •  nearpc_backwards_lines           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.nearpc_lines","title":"nearpc_lines  module-attribute","text":"
nearpc_lines = add_param(\n    \"nearpc-lines\", 10, \"number of lines to print for the nearpc command\"\n)\n
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.nearpc_backwards_lines","title":"nearpc_backwards_lines  module-attribute","text":"
nearpc_backwards_lines = add_param(\n    \"nearpc-backwards-lines\",\n    5,\n    \"number of lines before the pc to print for the nearpc command\",\n)\n
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Like nearpc, but will emulate instructions from the current $PC forward.\"\n)\n
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.nearpc","title":"nearpc","text":"
nearpc(\n    pc=None,\n    lines=None,\n    reverse=None,\n    total=None,\n    emulate=False,\n    use_cache=False,\n    linear=True,\n) -> None\n
 
Disassemble near a specified address.
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.emulate","title":"emulate","text":"
emulate(pc=None, lines=None, reverse=None, total=None, emulate_=True) -> None\n
 
Like nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"reference/pwndbg/commands/next/","title":"next","text":""},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next","title":"next","text":"
Stepping until an event occurs
 
Functions:
 
     
  •  nextjmp             \u2013              
    Breaks at the next jump instruction
     
    •  
  •  nextcall             \u2013              
    Breaks at the next call instruction
     
    •  
  •  nextret             \u2013              
    Breaks at next return-like instruction
     
    •  
  •  stepret             \u2013              
    Breaks at next return-like instruction by 'stepping' to it
     
    •  
  •  nextproginstr             \u2013              
    •  
  •  stepover             \u2013              
    Sets a breakpoint on the instruction after this one
     
    •  
  •  nextsyscall             \u2013              
    Breaks at the next syscall not taking branches.
     
    •  
  •  stepsyscall             \u2013              
    Breaks at the next syscall by taking branches.
     
    •  
  •  stepuntilasm             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Breaks on the next matching instruction.')\n
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextjmp","title":"nextjmp","text":"
nextjmp() -> None\n
 
Breaks at the next jump instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextcall","title":"nextcall","text":"
nextcall(symbol_regex=None) -> None\n
 
Breaks at the next call instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextret","title":"nextret","text":"
nextret() -> None\n
 
Breaks at next return-like instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepret","title":"stepret","text":"
stepret() -> None\n
 
Breaks at next return-like instruction by 'stepping' to it
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextproginstr","title":"nextproginstr","text":"
nextproginstr() -> None\n
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepover","title":"stepover","text":"
stepover(addr=None) -> None\n
 
Sets a breakpoint on the instruction after this one
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextsyscall","title":"nextsyscall","text":"
nextsyscall() -> None\n
 
Breaks at the next syscall not taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepsyscall","title":"stepsyscall","text":"
stepsyscall() -> None\n
 
Breaks at the next syscall by taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepuntilasm","title":"stepuntilasm","text":"
stepuntilasm(mnemonic, op_str) -> None\n
"},{"location":"reference/pwndbg/commands/onegadget/","title":"onegadget","text":""},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget","title":"onegadget","text":"
Functions:
 
     
  •  onegadget             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nFind gadgets which single-handedly give code execution.\\n\\nUses the onegadget tool by david942j.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget.onegadget","title":"onegadget","text":"
onegadget(\n    show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> None\n
"},{"location":"reference/pwndbg/commands/p2p/","title":"p2p","text":""},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p","title":"p2p","text":"
Classes:
 
     
  •  AddrRange           \u2013            
    •  
 
Functions:
 
     
  •  get_addrrange_any_named             \u2013              
    •  
  •  address_range_explicit             \u2013              
    •  
  •  address_range             \u2013              
    •  
  •  maybe_points_to_ranges             \u2013              
    •  
  •  p2p_walk             \u2013              
    •  
  •  p2p             \u2013              
    •  
 
Attributes:
 
     
  •  ts           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.ts","title":"ts  module-attribute","text":"
ts = telescope\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.\\n\\nAny chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.\"\n)\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange","title":"AddrRange","text":"
AddrRange(begin: int, end: int)\n
 
Methods:
 
     
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  begin           \u2013            
    •  
  •  end           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.begin","title":"begin  instance-attribute","text":"
begin = begin\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.end","title":"end  instance-attribute","text":"
end = end\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.get_addrrange_any_named","title":"get_addrrange_any_named","text":"
get_addrrange_any_named() -> list[AddrRange]\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range_explicit","title":"address_range_explicit","text":"
address_range_explicit(section: str) -> AddrRange\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range","title":"address_range","text":"
address_range(section: str) -> list[AddrRange] | tuple[int, int] | None\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.maybe_points_to_ranges","title":"maybe_points_to_ranges","text":"
maybe_points_to_ranges(ptr: int, rs: list[AddrRange])\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p_walk","title":"p2p_walk","text":"
p2p_walk(\n    addr: int, ranges: list[list[AddrRange]], current_level: int\n) -> int | None\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p","title":"p2p","text":"
p2p(mapping_names: list[list[AddrRange]] | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/paging/","title":"paging","text":""},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging","title":"paging","text":"
Functions:
 
     
  •  print_pagetable_entry             \u2013              
    •  
  •  page_type             \u2013              
    •  
  •  page_info             \u2013              
    •  
  •  pagewalk             \u2013              
    •  
  •  paging_print_helper             \u2013              
    •  
  •  p2v             \u2013              
    •  
  •  v2p             \u2013              
    •  
  •  pageinfo             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  PAGETYPES           \u2013            
    •  
  •  p2v_parser           \u2013            
    •  
  •  v2p_parser           \u2013            
    •  
  •  page_parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Performs pagewalk.')\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.PAGETYPES","title":"PAGETYPES  module-attribute","text":"
PAGETYPES = (\n    \"buddy\",\n    \"offline\",\n    \"table\",\n    \"guard\",\n    \"hugetlb\",\n    \"slab\",\n    \"zsmalloc\",\n    \"unaccepted\",\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.p2v_parser","title":"p2v_parser  module-attribute","text":"
p2v_parser = ArgumentParser(\n    description=\"Translate physical address to its corresponding virtual address.\"\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.v2p_parser","title":"v2p_parser  module-attribute","text":"
v2p_parser = ArgumentParser(\n    description=\"Translate virtual address to its corresponding physmap address.\"\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.page_parser","title":"page_parser  module-attribute","text":"
page_parser = ArgumentParser(\n    description=\"Convert a pointer to a `struct page` to its corresponding virtual address.\"\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.print_pagetable_entry","title":"print_pagetable_entry","text":"
print_pagetable_entry(ptl: PageTableLevel, level: int, is_last: bool)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.page_type","title":"page_type","text":"
page_type(page)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.page_info","title":"page_info","text":"
page_info(page)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.pagewalk","title":"pagewalk","text":"
pagewalk(vaddr, entry=None)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.paging_print_helper","title":"paging_print_helper","text":"
paging_print_helper(name, addr)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.p2v","title":"p2v","text":"
p2v(paddr)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.v2p","title":"v2p","text":"
v2p(vaddr)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.pageinfo","title":"pageinfo","text":"
pageinfo(page)\n
"},{"location":"reference/pwndbg/commands/parse_seccomp/","title":"parse_seccomp","text":""},{"location":"reference/pwndbg/commands/parse_seccomp/#pwndbg.commands.parse_seccomp","title":"parse_seccomp","text":"
Functions:
 
     
  •  parse_seccomp             \u2013              
    Parse a struct sock_fprog at a given address and pass filter to external tool.
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/parse_seccomp/#pwndbg.commands.parse_seccomp.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Parse a struct sock_fprog from memory and dump its filter\"\n)\n
"},{"location":"reference/pwndbg/commands/parse_seccomp/#pwndbg.commands.parse_seccomp.parse_seccomp","title":"parse_seccomp","text":"
parse_seccomp(addr: int) -> None\n
 
Parse a struct sock_fprog at a given address and pass filter to external tool.
"},{"location":"reference/pwndbg/commands/patch/","title":"patch","text":""},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch","title":"patch","text":"
Functions:
 
     
  •  patch             \u2013              
    •  
  •  patch_revert             \u2013              
    •  
  •  patch_list             \u2013              
    •  
 
Attributes:
 
     
  •  patches               (dict[int, tuple[bytes, bytes]])           \u2013            
    •  
  •  parser           \u2013            
    •  
  •  parser2           \u2013            
    •  
  •  parser3           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patches","title":"patches  module-attribute","text":"
patches: dict[int, tuple[bytes, bytes]] = {}\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Patches given instruction with given code or bytes.\"\n)\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser2","title":"parser2  module-attribute","text":"
parser2 = ArgumentParser(description='Revert patch at given address.')\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser3","title":"parser3  module-attribute","text":"
parser3 = ArgumentParser(description='List all patches.')\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch","title":"patch","text":"
patch(address: int, ins: str, quiet: bool) -> None\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_revert","title":"patch_revert","text":"
patch_revert(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_list","title":"patch_list","text":"
patch_list() -> None\n
"},{"location":"reference/pwndbg/commands/peda/","title":"peda","text":""},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda","title":"peda","text":"
Functions:
 
     
  •  getfile             \u2013              
    •  
  •  xuntil             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Continue execution until an address or expression.\"\n)\n
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.getfile","title":"getfile","text":"
getfile() -> None\n
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.xuntil","title":"xuntil","text":"
xuntil(target) -> None\n
"},{"location":"reference/pwndbg/commands/pie/","title":"pie","text":""},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie","title":"pie","text":"
Functions:
 
     
  •  translate_addr             \u2013              
    •  
  •  piebase             \u2013              
    •  
  •  breakrva             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Calculate VA of RVA from PIE base.')\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.translate_addr","title":"translate_addr","text":"
translate_addr(offset, module)\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.piebase","title":"piebase","text":"
piebase(offset=None, module=None) -> None\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.breakrva","title":"breakrva","text":"
breakrva(offset=0, module=None) -> None\n
"},{"location":"reference/pwndbg/commands/plist/","title":"plist","text":""},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist","title":"plist","text":"
Functions:
 
     
  •  plist             \u2013              
    •  
  •  bit_offset_of_field             \u2013              
    •  
  •  get_byte_offset             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Dumps the elements of a linked list.\\n\\nThis command traverses the linked list beginning at a given element, dumping its\\ncontents and the contents of all the elements that come after it in the list.\\nTraversal is configurable and can handle multiple types of linked lists, but will\\nalways stop when a cycle is detected.\\n\\nThe path to the first element can be any GDB expression that evaluates to either\\nthe first element directly, or a to pointer to it. The next element is the name\\nof the field containing the next pointer, in either the structure itself or in\\nthe structure given by --inner.\\n\\nAn address value may be given with --sentinel that signals the end of the list.\\nBy default, the value used is NULL (0).\\n\\nIf only one field inside each node is desired, it can be printed exclusively by\\nspecifying its name with --field.\\n\\nThis command supports traversing three types of linked lists, classified by how\\nthe next pointer can be found in the structure and what type it is:\\n    1 - Next pointer is field of structure, type is the same as structure.\\n    2 - Next pointer is field of inner nested structure, pointed to type is the\\n        same as outer structure.\\n    3 - Next pointer is field of inner nested structure, pointed to type is the\\n        same as inner structure.\\nTypes 2 and 3 require --inner to be specified.\\n\\nExample 1:\\n\\n```\\nstruct node {\\n    int value;\\n    struct node *next;\\n};\\nstruct node node_c = { 2, NULL };\\nstruct node node_b = { 1, &node_c };\\nstruct node node_a = { 0, &node_b };\\n```\\n\\npwndbg> plist node_a next\\n0x4000011050 <node_a>: {\\n  value = 0,\\n  next = 0x4000011040 <node_b>\\n}\\n0x4000011040 <node_b>: {\\n  value = 1,\\n  next = 0x4000011010 <node_c>\\n}\\n0x4000011010 <node_c>: {\\n  value = 2,\\n  next = 0x0\\n}\\n\\nExample 2:\\n\\n```\\nstruct node_inner_a {\\n    struct node_inner_a *next;\\n};\\nstruct inner_a_node {\\n    int value;\\n    struct node_inner_a inner;\\n};\\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\\n```\\n\\npwndbg> plist inner_a_node_a -i inner next\\n0x4000011070 <inner_a_node_a>: {\\n  value = 0,\\n  inner = {\\n    next = 0x4000011068 <inner_a_node_b+8>\\n  }\\n}\\n0x4000011060 <inner_a_node_b>: {\\n  value = 1,\\n  inner = {\\n    next = 0x4000011028 <inner_a_node_c+8>\\n  }\\n}\\n0x4000011020 <inner_a_node_c>: {\\n  value = 2,\\n  inner = {\\n    next = 0x0\\n  }\\n}\\n\\nExample 3:\\n\\n```\\nstruct inner_b_node;\\nstruct node_inner_b {\\n    struct inner_b_node *next;\\n};\\nstruct inner_b_node {\\n    int value;\\n    struct node_inner_b inner;\\n};\\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\\n```\\n\\npwndbg> plist inner_b_node_a -i inner next\\n0x4000011090 <inner_b_node_a>: {\\n  value = 0,\\n  inner = {\\n    next = 0x4000011080 <inner_b_node_b>\\n  }\\n}\\n0x4000011080 <inner_b_node_b>: {\\n  value = 1,\\n  inner = {\\n    next = 0x4000011030 <inner_b_node_c>\\n  }\\n}\\n0x4000011030 <inner_b_node_c>: {\\n  value = 2,\\n  inner = {\\n    next = 0x0\\n  }\\n}\\n\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.plist","title":"plist","text":"
plist(\n    path: str,\n    next: str,\n    sentinel: int,\n    inner_name: str | None,\n    field_name: str | None,\n    offset: int,\n    count: int | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.bit_offset_of_field","title":"bit_offset_of_field","text":"
bit_offset_of_field(struct, field_name, inner_name=None)\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.get_byte_offset","title":"get_byte_offset","text":"
get_byte_offset(bit_offset)\n
"},{"location":"reference/pwndbg/commands/probeleak/","title":"probeleak","text":""},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak","title":"probeleak","text":"
Functions:
 
     
  •  find_module             \u2013              
    •  
  •  satisfied_flags             \u2013              
    •  
  •  flags_str2int             \u2013              
    •  
  •  probeleak             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Pointer scan for possible offset leaks.')\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.find_module","title":"find_module","text":"
find_module(addr, max_distance)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.satisfied_flags","title":"satisfied_flags","text":"
satisfied_flags(require_flags, flags)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.flags_str2int","title":"flags_str2int","text":"
flags_str2int(flags_s)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.probeleak","title":"probeleak","text":"
probeleak(\n    address=None,\n    count=64,\n    max_distance=0,\n    point_to=None,\n    max_ptrs=0,\n    flags=None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/procinfo/","title":"procinfo","text":""},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo","title":"procinfo","text":"
Classes:
 
     
  •  Process           \u2013            
    •  
 
Functions:
 
     
  •  tcp             \u2013              
    It will first list all listening TCP sockets, and next list all established
     
    •  
  •  tcp6             \u2013              
    •  
  •  unix             \u2013              
    •  
  •  netlink             \u2013              
    •  
  •  pid             \u2013              
    •  
  •  procinfo             \u2013              
    Display information about the running process.
     
    •  
 
Attributes:
 
     
  •  capabilities           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.capabilities","title":"capabilities  module-attribute","text":"
capabilities = {\n    0: \"CAP_CHOWN\",\n    1: \"CAP_DAC_OVERRIDE\",\n    2: \"CAP_DAC_READ_SEARCH\",\n    3: \"CAP_FOWNER\",\n    4: \"CAP_FSETID\",\n    5: \"CAP_KILL\",\n    6: \"CAP_SETGID\",\n    7: \"CAP_SETUID\",\n    8: \"CAP_SETPCAP\",\n    9: \"CAP_LINUX_IMMUTABLE\",\n    10: \"CAP_NET_BIND_SERVICE\",\n    11: \"CAP_NET_BROADCAST\",\n    12: \"CAP_NET_ADMIN\",\n    13: \"CAP_NET_RAW\",\n    14: \"CAP_IPC_LOCK\",\n    15: \"CAP_IPC_OWNER\",\n    16: \"CAP_SYS_MODULE\",\n    17: \"CAP_SYS_RAWIO\",\n    18: \"CAP_SYS_CHROOT\",\n    19: \"CAP_SYS_PTRACE\",\n    20: \"CAP_SYS_PACCT\",\n    21: \"CAP_SYS_ADMIN\",\n    22: \"CAP_SYS_BOOT\",\n    23: \"CAP_SYS_NICE\",\n    24: \"CAP_SYS_RESOURCE\",\n    25: \"CAP_SYS_TIME\",\n    26: \"CAP_SYS_TTY_CONFIG\",\n    27: \"CAP_MKNOD\",\n    28: \"CAP_LEASE\",\n    29: \"CAP_AUDIT_WRITE\",\n    30: \"CAP_AUDIT_CONTROL\",\n    31: \"CAP_SETFCAP\",\n    32: \"CAP_MAC_OVERRIDE\",\n    33: \"CAP_MAC_ADMIN\",\n    34: \"CAP_SYSLOG\",\n    35: \"CAP_WAKE_ALARM\",\n    36: \"CAP_BLOCK_SUSPEND\",\n}\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process","title":"Process","text":"
Process(pid=None, tid=None)\n
 
Attributes:
 
     
  •  pid           \u2013            
    •  
  •  tid           \u2013            
    •  
  •  selinux               (str)           \u2013            
    •  
  •  cmdline           \u2013            
    •  
  •  cwd               (str)           \u2013            
    •  
  •  status           \u2013            
    •  
  •  open_files           \u2013            
    •  
  •  connections           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.pid","title":"pid  instance-attribute","text":"
pid = pid\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.tid","title":"tid  instance-attribute","text":"
tid = tid\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.selinux","title":"selinux  property","text":"
selinux: str\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cmdline","title":"cmdline  property","text":"
cmdline\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cwd","title":"cwd  property","text":"
cwd: str\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.status","title":"status  property","text":"
status\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.open_files","title":"open_files  property","text":"
open_files\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.connections","title":"connections  property","text":"
connections\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.tcp","title":"tcp","text":"
tcp(tid: int)\n
 
It will first list all listening TCP sockets, and next list all established TCP connections. A typical entry of /proc/net/tcp would look like this (split up into 3 parts because of the length of the line):
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.tcp6","title":"tcp6","text":"
tcp6(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.unix","title":"unix","text":"
unix(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.netlink","title":"netlink","text":"
netlink(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.pid","title":"pid","text":"
pid() -> None\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.procinfo","title":"procinfo","text":"
procinfo() -> None\n
 
Display information about the running process.
"},{"location":"reference/pwndbg/commands/profiler/","title":"profiler","text":""},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler","title":"profiler","text":"
Utilities for profiling pwndbg.
 
Functions:
 
     
  •  profiler             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  subparsers           \u2013            
    •  
  •  parser_start           \u2013            
    •  
  •  parser_stop           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nUtilities for profiling Pwndbg.\\n\\nCheck out the `./profiling` folder for other useful utilities.\\nUse `./profiling/print_stats.py` to generate a report from a `.pstats` file.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.subparsers","title":"subparsers  module-attribute","text":"
subparsers = add_subparsers(dest='command')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_start","title":"parser_start  module-attribute","text":"
parser_start = add_parser('start', prog='profiler start')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_stop","title":"parser_stop  module-attribute","text":"
parser_stop = add_parser('stop', prog='profiler stop')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.profiler","title":"profiler","text":"
profiler(command, file='pwndbg.pstats') -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/","title":"ptmalloc2","text":""},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2","title":"ptmalloc2","text":"
Functions:
 
     
  •  read_chunk             \u2013              
    Read a chunk's metadata.
     
    •  
  •  format_bin             \u2013              
    •  
  •  print_no_arena_found_error             \u2013              
    •  
  •  print_no_tcache_bins_found_error             \u2013              
    •  
  •  heap             \u2013              
    Iteratively print chunks on a heap, default to the current thread's
     
    •  
  •  hi             \u2013              
    •  
  •  arena             \u2013              
    Print the contents of an arena, default to the current thread's arena.
     
    •  
  •  arenas             \u2013              
    Lists this process's arenas.
     
    •  
  •  tcache             \u2013              
    Print a thread's tcache contents, default to the current thread's
     
    •  
  •  mp             \u2013              
    Print the mp_ struct's contents.
     
    •  
  •  top_chunk             \u2013              
    Print relevant information about an arena's top chunk, default to the
     
    •  
  •  malloc_chunk             \u2013              
    Print a malloc_chunk struct's contents.
     
    •  
  •  bins             \u2013              
    Print the contents of all an arena's bins and a thread's tcache,
     
    •  
  •  fastbins             \u2013              
    Print the contents of an arena's fastbins, default to the current
     
    •  
  •  unsortedbin             \u2013              
    Print the contents of an arena's unsortedbin, default to the current
     
    •  
  •  smallbins             \u2013              
    Print the contents of an arena's smallbins, default to the current
     
    •  
  •  largebins             \u2013              
    Print the contents of an arena's largebins, default to the current
     
    •  
  •  tcachebins             \u2013              
    Print the contents of a tcache, default to the current thread's tcache.
     
    •  
  •  find_fake_fast             \u2013              
    Find candidate fake fast chunks overlapping the specified address.
     
    •  
  •  vis_heap_chunks             \u2013              
    Visualize chunks on a heap, default to the current arena's active heap.
     
    •  
  •  bin_ascii             \u2013              
    •  
  •  bin_labels_mapping             \u2013              
    Returns all potential bin labels for all potential addresses
     
    •  
  •  try_free             \u2013              
    •  
  •  try_unlink             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  group           \u2013            
    •  
  •  VALID_CHARS           \u2013            
    •  
  •  try_free_parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Visualize chunks on a heap.\\n\\nDefault to the current arena's active heap.\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.group","title":"group  module-attribute","text":"
group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.VALID_CHARS","title":"VALID_CHARS  module-attribute","text":"
VALID_CHARS = list(map(ord, set(printable) - set('\\t\\r\\n\\x0c\\x0b')))\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free_parser","title":"try_free_parser  module-attribute","text":"
try_free_parser = ArgumentParser(\n    description=\"Check what would happen if free was called with given address.\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.read_chunk","title":"read_chunk","text":"
read_chunk(addr: int) -> dict[str, int]\n
 
Read a chunk's metadata.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.format_bin","title":"format_bin","text":"
format_bin(\n    bins: Bins, verbose: bool = False, offset: int | None = None\n) -> list[str]\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_arena_found_error","title":"print_no_arena_found_error","text":"
print_no_arena_found_error(tid=None) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_tcache_bins_found_error","title":"print_no_tcache_bins_found_error","text":"
print_no_tcache_bins_found_error(tid: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.heap","title":"heap","text":"
heap(\n    addr: int | None = None, verbose: bool = False, simple: bool = False\n) -> None\n
 
Iteratively print chunks on a heap, default to the current thread's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.hi","title":"hi","text":"
hi(\n    addr: int, verbose: bool = False, simple: bool = False, fake: bool = False\n) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arena","title":"arena","text":"
arena(addr: int | None = None) -> None\n
 
Print the contents of an arena, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arenas","title":"arenas","text":"
arenas() -> None\n
 
Lists this process's arenas.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcache","title":"tcache","text":"
tcache(addr: int | None = None) -> None\n
 
Print a thread's tcache contents, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.mp","title":"mp","text":"
mp() -> None\n
 
Print the mp_ struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.top_chunk","title":"top_chunk","text":"
top_chunk(addr: int | None = None) -> None\n
 
Print relevant information about an arena's top chunk, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.malloc_chunk","title":"malloc_chunk","text":"
malloc_chunk(\n    addr: int,\n    fake: bool = False,\n    verbose: bool = False,\n    simple: bool = False,\n    next: int = 0,\n    dump: bool = False,\n) -> None\n
 
Print a malloc_chunk struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bins","title":"bins","text":"
bins(addr: int | None = None, tcache_addr: int | None = None) -> None\n
 
Print the contents of all an arena's bins and a thread's tcache, default to the current thread's arena and tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.fastbins","title":"fastbins","text":"
fastbins(addr: int | None = None, verbose: bool = False) -> None\n
 
Print the contents of an arena's fastbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.unsortedbin","title":"unsortedbin","text":"
unsortedbin(addr: int | None = None, verbose: bool = False) -> None\n
 
Print the contents of an arena's unsortedbin, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.smallbins","title":"smallbins","text":"
smallbins(addr: int | None = None, verbose: bool = False) -> None\n
 
Print the contents of an arena's smallbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.largebins","title":"largebins","text":"
largebins(addr: int | None = None, verbose: bool = False) -> None\n
 
Print the contents of an arena's largebins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcachebins","title":"tcachebins","text":"
tcachebins(addr: int | None = None, verbose: bool = False) -> None\n
 
Print the contents of a tcache, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.find_fake_fast","title":"find_fake_fast","text":"
find_fake_fast(\n    target_address: int,\n    max_candidate_size: int | None = None,\n    align: bool = False,\n    glibc_fastbin_bug: bool = False,\n    partial_overwrite: bool = False,\n) -> None\n
 
Find candidate fake fast chunks overlapping the specified address.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.vis_heap_chunks","title":"vis_heap_chunks","text":"
vis_heap_chunks(\n    addr: int | None = None,\n    count: int | None = None,\n    beyond_top: bool = False,\n    no_truncate: bool = False,\n    all_chunks: bool = False,\n) -> None\n
 
Visualize chunks on a heap, default to the current arena's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_ascii","title":"bin_ascii","text":"
bin_ascii(bs)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_labels_mapping","title":"bin_labels_mapping","text":"
bin_labels_mapping(collections)\n
 
Returns all potential bin labels for all potential addresses We precompute all of them because doing this on demand was too slow and inefficient See #1675 for more details
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free","title":"try_free","text":"
try_free(addr: str | int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_unlink","title":"try_unlink","text":"
try_unlink(addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/","title":"ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"
Functions:
 
     
  •  track_heap             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  subparsers           \u2013            
    •  
  •  enable           \u2013            
    •  
  •  disable           \u2013            
    •  
  •  toggle_break           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Manages the heap tracker.\\n\\nThe heap tracker is a module that tracks usage of the GLibc heap and looks for\\nuser errors such as double frees and use after frees.\\n\\nCurrently, the following errors can be detected:\\n    - Use After Free\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.subparsers","title":"subparsers  module-attribute","text":"
subparsers = add_subparsers(\n    required=True,\n    description=\"Used to enable, disable and query information about the tracker\",\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.enable","title":"enable  module-attribute","text":"
enable = add_parser('enable', help='Enable heap tracking')\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.disable","title":"disable  module-attribute","text":"
disable = add_parser('disable', help='Disable heap tracking')\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.toggle_break","title":"toggle_break  module-attribute","text":"
toggle_break = add_parser(\n    \"toggle-break\",\n    help=\"Toggles whether possible UAF conditions will pause execution\",\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.track_heap","title":"track_heap","text":"
track_heap(mode=None, use_hardware_breakpoints=False)\n
"},{"location":"reference/pwndbg/commands/radare2/","title":"radare2","text":""},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2","title":"radare2","text":"
Functions:
 
     
  •  r2             \u2013              
    •  
  •  r2pipe             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Execute stateful radare2 commands through r2pipe.\"\n)\n
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2","title":"r2","text":"
r2(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2pipe","title":"r2pipe","text":"
r2pipe(arguments) -> None\n
"},{"location":"reference/pwndbg/commands/reload/","title":"reload","text":""},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload","title":"reload","text":"
Functions:
 
     
  •  rreload             \u2013              
    Recursively reload modules.
     
    •  
  •  reload             \u2013              
    •  
  •  reinit_pwndbg             \u2013              
    Makes pwndbg reinitialize all state.
     
    •  
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.rreload","title":"rreload","text":"
rreload(module, _exclude_mods=None) -> None\n
 
Recursively reload modules. Impl based on https://stackoverflow.com/a/66661311/1508881
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reload","title":"reload","text":"
reload(*a) -> None\n
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reinit_pwndbg","title":"reinit_pwndbg","text":"
reinit_pwndbg() -> None\n
 
Makes pwndbg reinitialize all state.
"},{"location":"reference/pwndbg/commands/retaddr/","title":"retaddr","text":""},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr","title":"retaddr","text":"
Functions:
 
     
  •  retaddr             \u2013              
    •  
  •  stack_explore             \u2013              
    •  
"},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr.retaddr","title":"retaddr","text":"
retaddr() -> None\n
"},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr.stack_explore","title":"stack_explore","text":"
stack_explore() -> None\n
"},{"location":"reference/pwndbg/commands/rizin/","title":"rizin","text":""},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin","title":"rizin","text":"
Functions:
 
     
  •  rz             \u2013              
    •  
  •  rzpipe             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Execute stateful rizin commands through rzpipe.\"\n)\n
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rz","title":"rz","text":"
rz(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rzpipe","title":"rzpipe","text":"
rzpipe(arguments) -> None\n
"},{"location":"reference/pwndbg/commands/rop/","title":"rop","text":""},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop","title":"rop","text":"
Classes:
 
     
  •  RawMemoryBinary           \u2013            
    •  
 
Functions:
 
     
  •  split_range_to_chunks             \u2013              
    •  
  •  parse_size             \u2013              
    •  
  •  iterate_over_pages             \u2013              
    •  
  •  rop             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Dump ROP gadgets with Jon Salwan's ROPgadget tool.\"\n)\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary","title":"RawMemoryBinary","text":"
RawMemoryBinary(options, start_addr: int)\n
 
               Bases: object
 
Methods:
 
     
  •  getBinary             \u2013              
    •  
  •  getFileName             \u2013              
    •  
  •  getRawBinary             \u2013              
    •  
  •  getEntryPoint             \u2013              
    •  
  •  getExecSections             \u2013              
    •  
  •  getDataSections             \u2013              
    •  
  •  getArch             \u2013              
    •  
  •  getArchMode             \u2013              
    •  
  •  getEndian             \u2013              
    •  
  •  getFormat             \u2013              
    •  
 
Attributes:
 
     
  •  start_addr           \u2013            
    •  
  •  cs           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.start_addr","title":"start_addr  instance-attribute","text":"
start_addr = start_addr\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__fileName","title":"__fileName  instance-attribute","text":"
__fileName = binary\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.cs","title":"cs  instance-attribute","text":"
cs = get_disassembler(get_capstone_constants(pc))\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__rawBinary","title":"__rawBinary  instance-attribute","text":"
__rawBinary = read()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getBinary","title":"getBinary","text":"
getBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFileName","title":"getFileName","text":"
getFileName()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getRawBinary","title":"getRawBinary","text":"
getRawBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEntryPoint","title":"getEntryPoint","text":"
getEntryPoint()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getExecSections","title":"getExecSections","text":"
getExecSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getDataSections","title":"getDataSections","text":"
getDataSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArch","title":"getArch","text":"
getArch()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArchMode","title":"getArchMode","text":"
getArchMode()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEndian","title":"getEndian","text":"
getEndian()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFormat","title":"getFormat","text":"
getFormat()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.split_range_to_chunks","title":"split_range_to_chunks","text":"
split_range_to_chunks(\n    range_start: int, range_end: int, chunk_size: int = 10 * 1024 * 1024\n) -> Iterator[tuple[int, int, int, int]]\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.parse_size","title":"parse_size","text":"
parse_size(size_str: str) -> int\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.iterate_over_pages","title":"iterate_over_pages","text":"
iterate_over_pages(mem_limit: int) -> Iterator[tuple[str, Page | None]]\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.rop","title":"rop","text":"
rop(grep: str | None, memlimit: str, argument: list[str]) -> None\n
"},{"location":"reference/pwndbg/commands/ropper/","title":"ropper","text":""},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper","title":"ropper","text":"
Functions:
 
     
  •  ropper             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='ROP gadget search with ropper.')\n
"},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper.ropper","title":"ropper","text":"
ropper(argument) -> None\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/","title":"saved_register_frames","text":""},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames","title":"saved_register_frames","text":"
Functions:
 
     
  •  print_saved_register_frame             \u2013              
    •  
  •  dump_register_frame             \u2013              
    •  
 
Attributes:
 
     
  •  VALID_FRAME_TYPES           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.VALID_FRAME_TYPES","title":"VALID_FRAME_TYPES  module-attribute","text":"
VALID_FRAME_TYPES = {\n    \"armcm-exception\": ARM_CORTEX_M_EXCEPTION_STACK,\n    \"armcm-exception2\": ARM_CORTEX_M_EXCEPTION_STACK,\n}\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Display the registers saved to memory for a certain frame type\"\n)\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.print_saved_register_frame","title":"print_saved_register_frame","text":"
print_saved_register_frame(\n    context: SavedRegisterFrame, address: int = None, print_address=False\n)\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.dump_register_frame","title":"dump_register_frame","text":"
dump_register_frame(\n    frame_type: str, address: int = None, print_address=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/search/","title":"search","text":""},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search","title":"search","text":"
Functions:
 
     
  •  print_search_hit             \u2013              
    Prints out a single search hit.
     
    •  
  •  search             \u2013              
    •  
 
Attributes:
 
     
  •  saved               (set[int])           \u2013            
    •  
  •  auto_save           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.saved","title":"saved  module-attribute","text":"
saved: set[int] = set()\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.auto_save","title":"auto_save  module-attribute","text":"
auto_save = add_param(\n    \"auto-save-search\", False, 'automatically pass --save to \"search\" command'\n)\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Search memory for byte sequences, strings, pointers, and integer values.\\n\\nBy default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.\\n\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.print_search_hit","title":"print_search_hit","text":"
print_search_hit(address: int) -> None\n
 
Prints out a single search hit.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to print
     
    •  
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.search","title":"search","text":"
search(\n    type,\n    asmbp,\n    hex,\n    executable,\n    writable,\n    step,\n    limit,\n    aligned,\n    value,\n    mapping_name,\n    save,\n    next,\n    trunc_out,\n) -> None\n
"},{"location":"reference/pwndbg/commands/segments/","title":"segments","text":""},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments","title":"segments","text":"
Functions:
 
     
  •  fsbase             \u2013              
    Prints out the FS base address. See also $fsbase.
     
    •  
  •  gsbase             \u2013              
    Prints out the GS base address. See also $gsbase.
     
    •  
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.fsbase","title":"fsbase","text":"
fsbase() -> None\n
 
Prints out the FS base address. See also $fsbase.
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.gsbase","title":"gsbase","text":"
gsbase() -> None\n
 
Prints out the GS base address. See also $gsbase.
"},{"location":"reference/pwndbg/commands/sigreturn/","title":"sigreturn","text":""},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn","title":"sigreturn","text":"
Functions:
 
     
  •  sigreturn             \u2013              
    •  
  •  print_value             \u2013              
    •  
 
Attributes:
 
     
  •  SIGRETURN_FRAME_LAYOUTS               (dict[str, list[tuple[int, str]]])           \u2013            
    •  
  •  SIGRETURN_CORE_REGISTER               (dict[str, set[str]])           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.SIGRETURN_FRAME_LAYOUTS","title":"SIGRETURN_FRAME_LAYOUTS  module-attribute","text":"
SIGRETURN_FRAME_LAYOUTS: dict[str, list[tuple[int, str]]] = {\n    \"x86-64\": sorted([(-8, \"&pretcode\")] + list(items())),\n    \"i386\": sorted(items()),\n    \"aarch64\": sorted(items()),\n    \"arm\": sorted(items()),\n}\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.SIGRETURN_CORE_REGISTER","title":"SIGRETURN_CORE_REGISTER  module-attribute","text":"
SIGRETURN_CORE_REGISTER: dict[str, set[str]] = {\n    \"x86-64\": {*(gpr), frame, stack, pc},\n    \"i386\": {*(gpr), frame, stack, pc},\n    \"aarch64\": {*(gpr), \"sp\", \"pc\"},\n    \"arm\": {*(gpr), \"fp\", \"ip\", \"sp\", \"lr\", \"pc\"},\n}\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Display the SigreturnFrame at the specific address\"\n)\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.sigreturn","title":"sigreturn","text":"
sigreturn(address: int = None, display_all=False, print_address=False) -> None\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.print_value","title":"print_value","text":"
print_value(string: str, address: int, print_address) -> None\n
"},{"location":"reference/pwndbg/commands/slab/","title":"slab","text":""},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab","title":"slab","text":"
Commands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
 
Some of the code here was inspired from NeatMonster/slabdbg Some of the code here was inspired from osandov/drgn
 
Functions:
 
     
  •  slab             \u2013              
    •  
  •  emphasize             \u2013              
    •  
  •  handle_next             \u2013              
    •  
  •  freelist_desc             \u2013              
    •  
  •  print_slab             \u2013              
    •  
  •  print_cpu_cache             \u2013              
    •  
  •  print_node_cache             \u2013              
    •  
  •  slab_info             \u2013              
    •  
  •  slab_list             \u2013              
    •  
  •  slab_contains             \u2013              
    prints the slab_cache associated with the provided address
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  subparsers           \u2013            
    •  
  •  parser_list           \u2013            
    •  
  •  parser_info           \u2013            
    •  
  •  parser_contains           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints information about the linux kernel's slab allocator SLUB.\"\n)\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.subparsers","title":"subparsers  module-attribute","text":"
subparsers = add_subparsers(dest='command')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_list","title":"parser_list  module-attribute","text":"
parser_list = add_parser('list', prog='slab list')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_info","title":"parser_info  module-attribute","text":"
parser_info = add_parser('info', prog='slab info')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_contains","title":"parser_contains  module-attribute","text":"
parser_contains = add_parser('contains', prog='slab contains')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab","title":"slab","text":"
slab(\n    command,\n    filter_=None,\n    names=None,\n    verbose=False,\n    addresses=None,\n    cpu=None,\n    node=None,\n    partial_only=False,\n    active_only=False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.emphasize","title":"emphasize","text":"
emphasize(s)\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.handle_next","title":"handle_next","text":"
handle_next(curr: int, freelist: Freelist, indent)\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.freelist_desc","title":"freelist_desc","text":"
freelist_desc(freelist: Freelist, indent)\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_slab","title":"print_slab","text":"
print_slab(slab: Slab, indent, verbose: bool) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_cpu_cache","title":"print_cpu_cache","text":"
print_cpu_cache(\n    cpu_cache: CpuCache, verbose: bool, active: bool, partial: bool, indent\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_node_cache","title":"print_node_cache","text":"
print_node_cache(node_cache: NodeCache, verbose: bool, indent) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_info","title":"slab_info","text":"
slab_info(\n    name: str, verbose: bool, cpu: int, node: int, active: bool, partial: bool\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_list","title":"slab_list","text":"
slab_list(filter_) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_contains","title":"slab_contains","text":"
slab_contains(address: str) -> None\n
 
prints the slab_cache associated with the provided address
"},{"location":"reference/pwndbg/commands/spray/","title":"spray","text":""},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray","title":"spray","text":"
Functions:
 
     
  •  spray             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Spray memory with cyclic() generated values\"\n)\n
"},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray.spray","title":"spray","text":"
spray(addr, length, value, only_funcptrs) -> None\n
"},{"location":"reference/pwndbg/commands/start/","title":"start","text":""},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start","title":"start","text":"
Launches the target process after setting a breakpoint at a convenient entry point.
 
Functions:
 
     
  •  breakpoint_at_entry             \u2013              
    •  
  •  start             \u2013              
    •  
  •  entry             \u2013              
    •  
  •  sstart             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description='\\nStart the debugged program stopping at its entrypoint address.\\n\\nNote that the entrypoint may not be the first instruction executed\\nby the program. If you want to stop on the first executed instruction,\\nuse the GDB\\'s `starti` command or LLDB\\'s `process launch -s`.\\n\\nArgs may include \"*\", or \"[...]\"; they are expanded using the\\nshell that will start the program (specified by the \"$SHELL\" environment\\nvariable).  Input and output redirection with \">\", \"<\", or \">>\"\\nare also allowed.\\n\\nWith no arguments, uses arguments last specified (with \"run\" or\\n\"set args\").  To cancel previous arguments and run with no arguments,\\nuse \"set args\" without arguments.\\n\\nTo start the inferior without using a shell, use \"set startup-with-shell off\".\\n'\n)\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.breakpoint_at_entry","title":"breakpoint_at_entry","text":"
breakpoint_at_entry()\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.start","title":"start","text":"
start(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.entry","title":"entry","text":"
entry(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.sstart","title":"sstart","text":"
sstart() -> None\n
"},{"location":"reference/pwndbg/commands/strings/","title":"strings","text":""},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings","title":"strings","text":"
Functions:
 
     
  •  strings             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Extracts and displays ASCII strings from readable memory pages of the debugged process.\"\n)\n
"},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings.strings","title":"strings","text":"
strings(n: int = 4, page_names: list[str] = [], save_as: str = None)\n
"},{"location":"reference/pwndbg/commands/telescope/","title":"telescope","text":""},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope","title":"telescope","text":"
Prints out pointer chains starting at some address in memory.
 
Generally used to print out the stack or register values.
 
Functions:
 
     
  •  telescope             \u2013              
    Recursively dereferences pointers starting at the specified address
     
    •  
  •  regs_or_frame_offset             \u2013              
    •  
  •  stack             \u2013              
    •  
  •  stackf             \u2013              
    •  
 
Attributes:
 
     
  •  telescope_lines           \u2013            
    •  
  •  skip_repeating_values           \u2013            
    •  
  •  skip_repeating_values_minimum           \u2013            
    •  
  •  print_framepointer_offset           \u2013            
    •  
  •  print_retaddr_in_frame           \u2013            
    •  
  •  dont_skip_registers           \u2013            
    •  
  •  offset_separator           \u2013            
    •  
  •  offset_delimiter           \u2013            
    •  
  •  repeating_marker           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.telescope_lines","title":"telescope_lines  module-attribute","text":"
telescope_lines = add_param(\n    \"telescope-lines\", 8, \"number of lines to printed by the telescope command\"\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values","title":"skip_repeating_values  module-attribute","text":"
skip_repeating_values = add_param(\n    \"telescope-skip-repeating-val\",\n    True,\n    \"whether to skip repeating values of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values_minimum","title":"skip_repeating_values_minimum  module-attribute","text":"
skip_repeating_values_minimum = add_param(\n    \"telescope-skip-repeating-val-min\",\n    3,\n    \"minimum amount of repeated values before skipping lines\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_framepointer_offset","title":"print_framepointer_offset  module-attribute","text":"
print_framepointer_offset = add_param(\n    \"telescope-framepointer-offset\",\n    True,\n    \"print offset to framepointer for each address, if sufficiently small\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_retaddr_in_frame","title":"print_retaddr_in_frame  module-attribute","text":"
print_retaddr_in_frame = add_param(\n    \"telescope-frame-print-retaddr\",\n    True,\n    \"print one pointer past the stack frame\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.dont_skip_registers","title":"dont_skip_registers  module-attribute","text":"
dont_skip_registers = add_param(\n    \"telescope-dont-skip-registers\",\n    True,\n    \"don't skip a repeated line if a registers points to it\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_separator","title":"offset_separator  module-attribute","text":"
offset_separator = add_param(\n    \"telescope-offset-separator\",\n    \"\u2502\",\n    \"offset separator of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_delimiter","title":"offset_delimiter  module-attribute","text":"
offset_delimiter = add_param(\n    \"telescope-offset-delimiter\",\n    \":\",\n    \"offset delimiter of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.repeating_marker","title":"repeating_marker  module-attribute","text":"
repeating_marker = add_param(\n    \"telescope-repeating-marker\",\n    \"... \u2193\",\n    \"repeating values marker of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Dereferences on stack data, printing the entire stack frame with specified count and offset .\"\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.telescope","title":"telescope","text":"
telescope(\n    address=None,\n    count=telescope_lines,\n    to_string=False,\n    reverse=False,\n    frame=False,\n    inverse=False,\n)\n
 
Recursively dereferences pointers starting at the specified address ($sp by default)
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.regs_or_frame_offset","title":"regs_or_frame_offset","text":"
regs_or_frame_offset(\n    addr: int, bp: int | None, regs: dict[int, str], longest_regs: int\n) -> str\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stack","title":"stack","text":"
stack(count, offset, frame, inverse) -> None\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stackf","title":"stackf","text":"
stackf(count, offset) -> None\n
"},{"location":"reference/pwndbg/commands/tips/","title":"tips","text":""},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips","title":"tips","text":"
Functions:
 
     
  •  tips             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Shows tips.')\n
"},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips.tips","title":"tips","text":"
tips(all: bool) -> None\n
"},{"location":"reference/pwndbg/commands/tls/","title":"tls","text":""},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls","title":"tls","text":"
Command to print the information of the current Thread Local Storage (TLS).
 
Functions:
 
     
  •  tls             \u2013              
    •  
  •  threads             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"List all threads belonging to the selected inferior.\"\n)\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.group","title":"group  module-attribute","text":"
group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.tls","title":"tls","text":"
tls(pthread_self=False, all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.threads","title":"threads","text":"
threads(num_threads, respect_config) -> None\n
"},{"location":"reference/pwndbg/commands/valist/","title":"valist","text":""},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist","title":"valist","text":"
Functions:
 
     
  •  valist             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Dumps the arguments of a va_list.')\n
"},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist.valist","title":"valist","text":"
valist(addr: int, count: int) -> None\n
"},{"location":"reference/pwndbg/commands/version/","title":"version","text":""},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version","title":"version","text":"
Implements version and bugreport commands.
 
Functions:
 
     
  •  os_info             \u2013              
    •  
  •  module_version             \u2013              
    •  
  •  debugger_version             \u2013              
    •  
  •  all_versions             \u2013              
    •  
  •  get_target_arch             \u2013              
    •  
  •  get_terminal_size             \u2013              
    •  
  •  version_impl             \u2013              
    Implementation of the version command.
     
    •  
  •  version             \u2013              
    •  
  •  bugreport             \u2013              
    •  
  •  get_debugger_configuration             \u2013              
    •  
  •  get_debugger_session_history             \u2013              
    •  
 
Attributes:
 
     
  •  bugreport_parser           \u2013            
    •  
  •  bugreport_group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport_parser","title":"bugreport_parser  module-attribute","text":"
bugreport_parser = ArgumentParser(description='Generate a bug report.')\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport_group","title":"bugreport_group  module-attribute","text":"
bugreport_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.os_info","title":"os_info","text":"
os_info()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.module_version","title":"module_version","text":"
module_version(module)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.debugger_version","title":"debugger_version","text":"
debugger_version()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.all_versions","title":"all_versions","text":"
all_versions()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_target_arch","title":"get_target_arch","text":"
get_target_arch()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_terminal_size","title":"get_terminal_size","text":"
get_terminal_size()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version_impl","title":"version_impl","text":"
version_impl() -> None\n
 
Implementation of the version command.
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version","title":"version","text":"
version() -> None\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport","title":"bugreport","text":"
bugreport(run_browser=False, use_gh=False)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_configuration","title":"get_debugger_configuration","text":"
get_debugger_configuration()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_session_history","title":"get_debugger_session_history","text":"
get_debugger_session_history()\n
"},{"location":"reference/pwndbg/commands/vmlinux/","title":"vmlinux","text":""},{"location":"reference/pwndbg/commands/vmlinux/#pwndbg.commands.vmlinux","title":"vmlinux","text":"
Loads a bzImage or vmlinux file to add kernel debug symbols. This command uses vmlinux-to-elf to extract the ELF file from a bzImage and then loads it with the kernel base address.
 
Functions:
 
     
  •  vmlinux             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/vmlinux/#pwndbg.commands.vmlinux.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Load bzImage or vmlinux file to add kernel debug symbols.\"\n)\n
"},{"location":"reference/pwndbg/commands/vmlinux/#pwndbg.commands.vmlinux.vmlinux","title":"vmlinux","text":"
vmlinux(filepath: str, tool: str = None) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/","title":"vmmap","text":""},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap","title":"vmmap","text":"
Command to print the virtual memory map a la /proc/self/maps.
 
Functions:
 
     
  •  pages_filter             \u2013              
    •  
  •  print_vmmap_table_header             \u2013              
    Prints the table header for the vmmap command.
     
    •  
  •  print_vmmap_gaps_table_header             \u2013              
    Prints the table header for the vmmap --gaps command.
     
    •  
  •  calculate_total_memory             \u2013              
    •  
  •  gap_text             \u2013              
    •  
  •  print_map             \u2013              
    •  
  •  print_adjacent_map             \u2013              
    •  
  •  print_guard             \u2013              
    •  
  •  print_gap             \u2013              
    •  
  •  print_vmmap_gaps             \u2013              
    Indicates the size of adjacent memory regions and unmapped gaps between them in process memory
     
    •  
  •  vmmap             \u2013              
    •  
  •  vmmap_add             \u2013              
    •  
  •  vmmap_explore             \u2013              
    •  
  •  vmmap_clear             \u2013              
    •  
  •  vmmap_load             \u2013              
    •  
 
Attributes:
 
     
  •  integer_types           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.integer_types","title":"integer_types  module-attribute","text":"
integer_types = (int, Value)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Load virtual memory map pages from ELF file.\"\n)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.pages_filter","title":"pages_filter","text":"
pages_filter(gdbval_or_str)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_table_header","title":"print_vmmap_table_header","text":"
print_vmmap_table_header(prefix: str = '') -> None\n
 
Prints the table header for the vmmap command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps_table_header","title":"print_vmmap_gaps_table_header","text":"
print_vmmap_gaps_table_header() -> None\n
 
Prints the table header for the vmmap --gaps command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.calculate_total_memory","title":"calculate_total_memory","text":"
calculate_total_memory(pages: tuple[Page, ...]) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.gap_text","title":"gap_text","text":"
gap_text(page: Page) -> str\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_map","title":"print_map","text":"
print_map(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_adjacent_map","title":"print_adjacent_map","text":"
print_adjacent_map(map_start: Page, map_end: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_guard","title":"print_guard","text":"
print_guard(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_gap","title":"print_gap","text":"
print_gap(current: Page, last_map: Page)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps","title":"print_vmmap_gaps","text":"
print_vmmap_gaps(pages: tuple[Page, ...]) -> None\n
 
Indicates the size of adjacent memory regions and unmapped gaps between them in process memory
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap","title":"vmmap","text":"
vmmap(\n    gdbval_or_str=None,\n    writable=False,\n    executable=False,\n    lines_after=1,\n    lines_before=1,\n    context=None,\n    gaps=False,\n    expand_shared_cache=False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_add","title":"vmmap_add","text":"
vmmap_add(start: int, size: int, flags: str, offset: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_explore","title":"vmmap_explore","text":"
vmmap_explore(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_clear","title":"vmmap_clear","text":"
vmmap_clear() -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_load","title":"vmmap_load","text":"
vmmap_load(filename) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/","title":"windbg","text":""},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg","title":"windbg","text":"
Compatibility functionality for WinDbg users.
 
Functions:
 
     
  •  enhex             \u2013              
    •  
  •  db             \u2013              
    Starting at the specified address, dump N bytes
     
    •  
  •  dw             \u2013              
    Starting at the specified address, dump N words
     
    •  
  •  dd             \u2013              
    Starting at the specified address, dump N dwords
     
    •  
  •  dq             \u2013              
    Starting at the specified address, dump N qwords
     
    •  
  •  dc             \u2013              
    •  
  •  dX             \u2013              
    Traditionally, windbg will display 16 bytes of data per line.
     
    •  
  •  eb             \u2013              
    Write hex bytes at the specified address.
     
    •  
  •  ew             \u2013              
    Write hex words at the specified address.
     
    •  
  •  ed             \u2013              
    Write hex dwords at the specified address.
     
    •  
  •  eq             \u2013              
    Write hex qwords at the specified address.
     
    •  
  •  ez             \u2013              
    Write a character at the specified address.
     
    •  
  •  eza             \u2013              
    Write a string at the specified address.
     
    •  
  •  eX             \u2013              
    This relies on windbg's default hex encoding being enforced
     
    •  
  •  dds             \u2013              
    Dump pointers and symbols at the specified address.
     
    •  
  •  da             \u2013              
    •  
  •  ds             \u2013              
    •  
  •  bl             \u2013              
    List breakpoints
     
    •  
  •  bd             \u2013              
    Disable the breakpoint with the specified index.
     
    •  
  •  be             \u2013              
    Enable the breakpoint with the specified index.
     
    •  
  •  bc             \u2013              
    Clear the breakpoint with the specified index.
     
    •  
  •  bp             \u2013              
    •  
  •  k             \u2013              
    Print a backtrace (alias 'bt')
     
    •  
  •  go             \u2013              
    WinDbg compatibility alias for 'continue' command.
     
    •  
  •  ln             \u2013              
    List the symbols nearest to the provided value.
     
    •  
  •  peb             \u2013              
    •  
  •  pc             \u2013              
    WinDbg compatibility alias for 'nextcall' command.
     
    •  
 
Attributes:
 
     
  •  da_parser           \u2013            
    •  
  •  ds_parser           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.da_parser","title":"da_parser  module-attribute","text":"
da_parser = ArgumentParser(\n    description=\"Dump a string at the specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds_parser","title":"ds_parser  module-attribute","text":"
ds_parser = ArgumentParser(\n    description=\"Dump a string at the specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"List the symbols nearest to the provided value.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.enhex","title":"enhex","text":"
enhex(size, value)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.db","title":"db","text":"
db(address, count=64)\n
 
Starting at the specified address, dump N bytes (default 64).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dw","title":"dw","text":"
dw(address, count=32)\n
 
Starting at the specified address, dump N words (default 32).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dd","title":"dd","text":"
dd(address, count=16)\n
 
Starting at the specified address, dump N dwords (default 16).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dq","title":"dq","text":"
dq(address, count=8)\n
 
Starting at the specified address, dump N qwords (default 8).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dc","title":"dc","text":"
dc(address, count=8)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dX","title":"dX","text":"
dX(size, address, count, to_string=False, repeat=False)\n
 
Traditionally, windbg will display 16 bytes of data per line.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eb","title":"eb","text":"
eb(address, data)\n
 
Write hex bytes at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ew","title":"ew","text":"
ew(address, data)\n
 
Write hex words at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ed","title":"ed","text":"
ed(address, data)\n
 
Write hex dwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eq","title":"eq","text":"
eq(address, data)\n
 
Write hex qwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ez","title":"ez","text":"
ez(address, data)\n
 
Write a character at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eza","title":"eza","text":"
eza(address, data)\n
 
Write a string at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eX","title":"eX","text":"
eX(size, address, data, hex=True) -> None\n
 
This relies on windbg's default hex encoding being enforced
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dds","title":"dds","text":"
dds(addr)\n
 
Dump pointers and symbols at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.da","title":"da","text":"
da(address, max) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds","title":"ds","text":"
ds(address, max) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bl","title":"bl","text":"
bl() -> None\n
 
List breakpoints
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bd","title":"bd","text":"
bd(which='*') -> None\n
 
Disable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.be","title":"be","text":"
be(which='*') -> None\n
 
Enable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bc","title":"bc","text":"
bc(which='*') -> None\n
 
Clear the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bp","title":"bp","text":"
bp(where) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.k","title":"k","text":"
k() -> None\n
 
Print a backtrace (alias 'bt')
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.go","title":"go","text":"
go() -> None\n
 
WinDbg compatibility alias for 'continue' command.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ln","title":"ln","text":"
ln(value: int = None) -> None\n
 
List the symbols nearest to the provided value.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.peb","title":"peb","text":"
peb() -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.pc","title":"pc","text":"
pc()\n
 
WinDbg compatibility alias for 'nextcall' command.
"},{"location":"reference/pwndbg/commands/xinfo/","title":"xinfo","text":""},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo","title":"xinfo","text":"
Functions:
 
     
  •  print_line             \u2013              
    •  
  •  xinfo_stack             \u2013              
    •  
  •  xinfo_mmap_file             \u2013              
    •  
  •  xinfo_default             \u2013              
    •  
  •  xinfo             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Shows offsets of the specified address from various useful locations.\"\n)\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.print_line","title":"print_line","text":"
print_line(name, addr, first, second, op, width=20) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_stack","title":"xinfo_stack","text":"
xinfo_stack(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_mmap_file","title":"xinfo_mmap_file","text":"
xinfo_mmap_file(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_default","title":"xinfo_default","text":"
xinfo_default(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo","title":"xinfo","text":"
xinfo(address=None) -> None\n
"},{"location":"reference/pwndbg/commands/xor/","title":"xor","text":""},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor","title":"xor","text":"
Functions:
 
     
  •  xor_memory             \u2013              
    Helper function for xorring memory in gdb
     
    •  
  •  xor             \u2013              
    •  
  •  memfrob             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Memfrobs a region of memory (xor with '*').\"\n)\n
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor_memory","title":"xor_memory","text":"
xor_memory(address, key, count)\n
 
Helper function for xorring memory in gdb
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor","title":"xor","text":"
xor(address, key, count) -> None\n
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.memfrob","title":"memfrob","text":"
memfrob(address, count)\n
"},{"location":"reference/pwndbg/dbg/","title":"dbg","text":""},{"location":"reference/pwndbg/dbg/#pwndbg.dbg","title":"dbg","text":"
The abstracted debugger interface.
 
Modules:
 
     
  •  gdb           \u2013            
    •  
  •  lldb           \u2013            
    •  
 
Classes:
 
     
  •  Error           \u2013            
    •  
  •  DisassembledInstruction           \u2013            
    •  
  •  DebuggerType           \u2013            
    •  
  •  StopPoint           \u2013            
    The handle to either an insalled breakpoint or watchpoint.
     
    •  
  •  BreakpointLocation           \u2013            
    This is the location specification for a breakpoint.
     
    •  
  •  WatchpointLocation           \u2013            
    This is the location specification for a watchpoint.
     
    •  
  •  Registers           \u2013            
    A handle to the register values in a frame.
     
    •  
  •  SymbolLookupType           \u2013            
    Enum representing types of symbol lookups for filtering symbol searches.
     
    •  
  •  Frame           \u2013            
    •  
  •  Thread           \u2013            
    •  
  •  MemoryMap           \u2013            
    A wrapper around a sequence of memory ranges
     
    •  
  •  ExecutionController           \u2013            
    •  
  •  Process           \u2013            
    •  
  •  TypeCode           \u2013            
    Broad categories of types.
     
    •  
  •  TypeField           \u2013            
    The fields in a structured type.
     
    •  
  •  Type           \u2013            
    Class representing a type in the context of an inferior process.
     
    •  
  •  Value           \u2013            
    Class representing a value in the context of an inferior process.
     
    •  
  •  CommandHandle           \u2013            
    An opaque handle to an installed command.
     
    •  
  •  EventType           \u2013            
    Events that can be listened for and reacted to in a debugger.
     
    •  
  •  Debugger           \u2013            
    The base class representing a debugger.
     
    •  
 
Functions:
 
     
  •  selection             \u2013              
    Debuggers have global state. Many of our queries require that we select a
     
    •  
 
Attributes:
 
     
  •  dbg               (Debugger)           \u2013            
    •  
  •  T           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.dbg","title":"dbg  module-attribute","text":"
dbg: Debugger = None\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Error","title":"Error","text":"
               Bases: Exception
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction","title":"DisassembledInstruction","text":"
               Bases: TypedDict
 
Attributes:
 
     
  •  addr               (int)           \u2013            
    •  
  •  asm               (str)           \u2013            
    •  
  •  length               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.addr","title":"addr  instance-attribute","text":"
addr: int\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.asm","title":"asm  instance-attribute","text":"
asm: str\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.length","title":"length  instance-attribute","text":"
length: int\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType","title":"DebuggerType","text":"
               Bases: Enum
 
Attributes:
 
     
  •  GDB           \u2013            
    •  
  •  LLDB           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType.GDB","title":"GDB  class-attribute instance-attribute","text":"
GDB = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType.LLDB","title":"LLDB  class-attribute instance-attribute","text":"
LLDB = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint","title":"StopPoint","text":"
The handle to either an insalled breakpoint or watchpoint.
 
May be used in a with statement, in which case the stop point is automatically removed at the end of the statement. This allows for easy implementation of temporary breakpoints.
 
Methods:
 
     
  •  remove             \u2013              
    Removes the breakpoint associated with this handle.
     
    •  
  •  set_enabled             \u2013              
    Enables or disables this breakpoint.
     
    •  
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    Automatic breakpoint removal.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.remove","title":"remove","text":"
remove() -> None\n
 
Removes the breakpoint associated with this handle.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.set_enabled","title":"set_enabled","text":"
set_enabled(enabled: bool) -> None\n
 
Enables or disables this breakpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__enter__","title":"__enter__","text":"
__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__exit__","title":"__exit__","text":"
__exit__(exc_type, exc_value, traceback) -> None\n
 
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation","title":"BreakpointLocation","text":"
BreakpointLocation(address: int)\n
 
This is the location specification for a breakpoint.
 
Methods:
 
     
  •  __eq__             \u2013              
    •  
 
Attributes:
 
     
  •  address               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation.address","title":"address  instance-attribute","text":"
address: int = address\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation.__eq__","title":"__eq__","text":"
__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation","title":"WatchpointLocation","text":"
WatchpointLocation(\n    address: int, size: int, watch_read: bool, watch_write: bool\n)\n
 
This is the location specification for a watchpoint.
 
Attributes:
 
     
  •  address               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    •  
  •  watch_read               (bool)           \u2013            
    •  
  •  watch_write               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.address","title":"address  instance-attribute","text":"
address: int = address\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.size","title":"size  instance-attribute","text":"
size: int = size\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_read","title":"watch_read  instance-attribute","text":"
watch_read: bool = watch_read\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_write","title":"watch_write  instance-attribute","text":"
watch_write: bool = watch_write\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Registers","title":"Registers","text":"
A handle to the register values in a frame.
 
Methods:
 
     
  •  by_name             \u2013              
    Gets the value of a register if it exists, None otherwise.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Registers.by_name","title":"by_name","text":"
by_name(name: str) -> Value | None\n
 
Gets the value of a register if it exists, None otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType","title":"SymbolLookupType","text":"
               Bases: Enum
 
Enum representing types of symbol lookups for filtering symbol searches.
 
Attributes: - ANY: Represents searching for any symbol type (default). - FUNCTION: Represents searching specifically for function symbols. - VARIABLE: Represents searching specifically for variable symbols.
 
Attributes:
 
     
  •  ANY           \u2013            
    •  
  •  FUNCTION           \u2013            
    •  
  •  VARIABLE           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.ANY","title":"ANY  class-attribute instance-attribute","text":"
ANY = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.FUNCTION","title":"FUNCTION  class-attribute instance-attribute","text":"
FUNCTION = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.VARIABLE","title":"VARIABLE  class-attribute instance-attribute","text":"
VARIABLE = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame","title":"Frame","text":"
Methods:
 
     
  •  lookup_symbol             \u2013              
    Looks up and returns the address of a symbol in current frame by its name.
     
    •  
  •  evaluate_expression             \u2013              
    Evaluate the given expression in the context of this frame, and
     
    •  
  •  regs             \u2013              
    Access the values of the registers in this frame.
     
    •  
  •  reg_write             \u2013              
    Sets the value of the register with the given name to the given value.
     
    •  
  •  pc             \u2013              
    The value of the program counter for this frame.
     
    •  
  •  sp             \u2013              
    The value of the stack pointer for this frame.
     
    •  
  •  parent             \u2013              
    The parent frame of this frame, if it exists.
     
    •  
  •  child             \u2013              
    The child frame of this frame, if it exists.
     
    •  
  •  sal             \u2013              
    The filename of the source code file associated with this frame, and the
     
    •  
  •  stack_variables             \u2013              
    Get all stack variables (local variables and arguments) in current frame.
     
    •  
  •  __eq__             \u2013              
    Whether this frame is the same as the given frame. Two frames are the
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
 
Looks up and returns the address of a symbol in current frame by its name.
 
Parameters: - name (str): The name of the symbol to look up. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults   to SymbolLookupType.ANY.
 
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
 
Raises: - pwndbg.dbg_mod.Error: If symbol name contains invalid characters
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
 
Evaluate the given expression in the context of this frame, and return a Value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression--lock_scheduler","title":"lock_scheduler","text":"
Additionally, callers of this function might specify that they want to enable scheduler locking during the evaluation of this expression. This is a GDB-only option, and is intended for cases in which the result would be incorrect without it enabled, when running in GDB. Other debuggers should ignore this parameter.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.regs","title":"regs","text":"
regs() -> Registers\n
 
Access the values of the registers in this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.reg_write","title":"reg_write","text":"
reg_write(name: str, val: int) -> bool\n
 
Sets the value of the register with the given name to the given value. Returns true if the register exists, false othewise. Throws an exception if the register exists but cannot be written to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.pc","title":"pc","text":"
pc() -> int\n
 
The value of the program counter for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sp","title":"sp","text":"
sp() -> int\n
 
The value of the stack pointer for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.parent","title":"parent","text":"
parent() -> Frame | None\n
 
The parent frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.child","title":"child","text":"
child() -> Frame | None\n
 
The child frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sal","title":"sal","text":"
sal() -> tuple[str, int] | None\n
 
The filename of the source code file associated with this frame, and the line number associated with it, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.stack_variables","title":"stack_variables","text":"
stack_variables() -> tuple[tuple[int, int, str], ...]\n
 
Get all stack variables (local variables and arguments) in current frame.
 
Returns a tuple of (start_address, end_address, name) for each variable. Returns an empty tuple if no debug information is available or on error.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
 
Whether this frame is the same as the given frame. Two frames are the same if they point to the same stack frame and have the same execution context.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread","title":"Thread","text":"
Methods:
 
     
  •  bottom_frame             \u2013              
    Frame at the bottom of the call stack for this thread.
     
    •  
  •  ptid             \u2013              
    The PTID of this thread, if available.
     
    •  
  •  index             \u2013              
    The unique index of this thread from the perspective of the debugger.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.bottom_frame","title":"bottom_frame","text":"
bottom_frame() -> Iterator[Frame]\n
 
Frame at the bottom of the call stack for this thread.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.ptid","title":"ptid","text":"
ptid() -> int | None\n
 
The PTID of this thread, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.index","title":"index","text":"
index() -> int\n
 
The unique index of this thread from the perspective of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap","title":"MemoryMap","text":"
MemoryMap(pages: Sequence[Page])\n
 
A wrapper around a sequence of memory ranges
 
Methods:
 
     
  •  is_qemu             \u2013              
    Returns whether this memory map was generated from a QEMU target.
     
    •  
  •  ranges             \u2013              
    Returns all ranges in this memory map.
     
    •  
  •  lookup_page             \u2013              
    •  
 
Attributes:
 
     
  •  pages               (tuple[Page, ...])           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.pages","title":"pages  instance-attribute","text":"
pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.is_qemu","title":"is_qemu","text":"
is_qemu() -> bool\n
 
Returns whether this memory map was generated from a QEMU target.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.ranges","title":"ranges","text":"
ranges() -> Sequence[Page]\n
 
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.lookup_page","title":"lookup_page","text":"
lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController","title":"ExecutionController","text":"
Methods:
 
     
  •  single_step             \u2013              
    Steps to the next instruction.
     
    •  
  •  cont             \u2013              
    Continues execution until the given breakpoint or whatchpoint is hit.
     
    •  
  •  cont_selected_thread             \u2013              
    Continues execution on single thread until the given breakpoint or whatchpoint is hit.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.single_step","title":"single_step","text":"
single_step() -> Awaitable[None]\n
 
Steps to the next instruction.
 
Throws CancelledError if a breakpoint or watchpoint is hit, the program exits, or if any other unexpected event that diverts execution happens while fulfulling the step.
 
FIXME GDB: On GDB stepi will execute other threads. On LLDB not. Please use set scheduler-locking step
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.cont","title":"cont","text":"
cont(until: StopPoint) -> Awaitable[None]\n
 
Continues execution until the given breakpoint or whatchpoint is hit. Continues execution on all threads.
 
Throws CancelledError if a breakpoint or watchpoint is hit that is not the one given in until, the program exits, or if any other unexpected event happens.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.cont_selected_thread","title":"cont_selected_thread","text":"
cont_selected_thread(until: StopPoint) -> Awaitable[None]\n
 
Continues execution on single thread until the given breakpoint or whatchpoint is hit. Continues execution on selected thread.
 
Throws CancelledError if a breakpoint or watchpoint is hit that is not the one given in until, the program exits, or if any other unexpected event happens.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process","title":"Process","text":"
Methods:
 
     
  •  threads             \u2013              
    Returns a list containing the threads in this process.
     
    •  
  •  pid             \u2013              
    Returns the process ID of this process if it is alive.
     
    •  
  •  alive             \u2013              
    Returns whether this process is alive.
     
    •  
  •  stopped_with_signal             \u2013              
    Returns whether this process was stopped by a signal.
     
    •  
  •  evaluate_expression             \u2013              
    Evaluate the given expression in the context of the current process, and
     
    •  
  •  vmmap             \u2013              
    Returns the virtual memory map of this process, as seen by the debugger.
     
    •  
  •  read_memory             \u2013              
    Reads the requested number of bytes from the address given in the memory
     
    •  
  •  write_memory             \u2013              
    Writes as many bytes from the given data buffer as possible into the
     
    •  
  •  find_in_memory             \u2013              
    Searches for a bit pattern in the memory space of the process. The bit
     
    •  
  •  is_remote             \u2013              
    Returns whether this process is a remote process connected to using the
     
    •  
  •  send_remote             \u2013              
    Sends the given packet to the GDB remote debugging protocol server.
     
    •  
  •  send_monitor             \u2013              
    Sends the given monitor command to the GDB remote debugging protocol
     
    •  
  •  download_remote_file             \u2013              
    Downloads the given file from the remote host and saves it to the local
     
    •  
  •  create_value             \u2013              
    Create a new value in the context of this process, with the given value
     
    •  
  •  symbol_name_at_address             \u2013              
    Returns the name of the symbol at the given address in the program, if
     
    •  
  •  lookup_symbol             \u2013              
    Looks up and returns the address of a symbol by its name.
     
    •  
  •  types_with_name             \u2013              
    Returns a list of all types in this process that match the given name.
     
    •  
  •  arch             \u2013              
    The default architecture of this process.
     
    •  
  •  break_at             \u2013              
    Install a breakpoint or watchpoint at the given location.
     
    •  
  •  trace_ret             \u2013              
    Traces/break_at the current frame's return address.
     
    •  
  •  is_linux             \u2013              
    Returns whether the current ABI is GNU/Linux.
     
    •  
  •  disasm             \u2013              
    Returns the disassembled instruction at the given address in the address
     
    •  
  •  module_section_locations             \u2013              
    Return a list of (address, size, section_name, module_name) tuples for
     
    •  
  •  main_module_name             \u2013              
    Returns the name of the main module.
     
    •  
  •  main_module_entry             \u2013              
    Returns the entry point of the main module.
     
    •  
  •  is_dynamically_linked             \u2013              
    Returns whether this process makes use of dynamically linked libraries.
     
    •  
  •  dispatch_execution_controller             \u2013              
    Queues up the given execution controller-based coroutine for execution,
     
    •  
  •  add_symbol_file             \u2013              
    Adds a symbol file at base
     
    •  
  •  runcmd             \u2013              
    Runs a debugger command
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.threads","title":"threads","text":"
threads() -> list[Thread]\n
 
Returns a list containing the threads in this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.pid","title":"pid","text":"
pid() -> int | None\n
 
Returns the process ID of this process if it is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.alive","title":"alive","text":"
alive() -> bool\n
 
Returns whether this process is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.stopped_with_signal","title":"stopped_with_signal","text":"
stopped_with_signal() -> bool\n
 
Returns whether this process was stopped by a signal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str) -> Value\n
 
Evaluate the given expression in the context of the current process, and return a Value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.vmmap","title":"vmmap","text":"
vmmap() -> MemoryMap\n
 
Returns the virtual memory map of this process, as seen by the debugger.
 
Generally, one should prefer pwndbg.aglib.vmmap.get() over this function, as this passes the raw information from the debugger more or less straight through, without applying more general Pwndbg enhancements to the memory map. This is the lower-level functionality on top of which the function in aglib is implemented.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.read_memory","title":"read_memory","text":"
read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
 
Reads the requested number of bytes from the address given in the memory space of this process. Will read as many bytes as possible starting at that location, and returns how many were read.
 
Throws an exception if reading fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.write_memory","title":"write_memory","text":"
write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
 
Writes as many bytes from the given data buffer as possible into the given address in the memory space of this process.
 
Throws an exception if writing fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.find_in_memory","title":"find_in_memory","text":"
find_in_memory(\n    pattern: bytearray,\n    start: int,\n    size: int,\n    align: int,\n    max_matches: int = -1,\n    step: int = -1,\n) -> Generator[int, None, None]\n
 
Searches for a bit pattern in the memory space of the process. The bit pattern can be searched for in a given memory range, and with a given alignment. The maximum number of matches that will be generated is given by max_matches. A value of max_matches of -1 will generate all matches.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_remote","title":"is_remote","text":"
is_remote() -> bool\n
 
Returns whether this process is a remote process connected to using the GDB remote debugging protocol.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_remote","title":"send_remote","text":"
send_remote(packet: str) -> bytes\n
 
Sends the given packet to the GDB remote debugging protocol server. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_monitor","title":"send_monitor","text":"
send_monitor(cmd: str) -> str\n
 
Sends the given monitor command to the GDB remote debugging protocol server. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.download_remote_file","title":"download_remote_file","text":"
download_remote_file(remote_path: str, local_path: str) -> None\n
 
Downloads the given file from the remote host and saves it to the local given path. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.create_value","title":"create_value","text":"
create_value(value: int, type: Type | None = None) -> Value\n
 
Create a new value in the context of this process, with the given value and, optionally, type. If no type is provided, one will be chosen automatically.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.symbol_name_at_address","title":"symbol_name_at_address","text":"
symbol_name_at_address(address: int) -> str | None\n
 
Returns the name of the symbol at the given address in the program, if one exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> Value | None\n
 
Looks up and returns the address of a symbol by its name.
 
Parameters: - name (str): The name of the symbol to look up. - prefer_static (bool, optional): If True, prioritize symbols in the static block,   if supported by the debugger. Defaults to False. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults   to SymbolLookupType.ANY. - objfile_endswith (str | None, optional): If specified, limits the search to the   first object file whose name ends with the provided string.
 
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
 
Raises: - pwndbg.dbg_mod.Error: If no object file matching the objfile_endswith pattern is found.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.types_with_name","title":"types_with_name","text":"
types_with_name(name: str) -> Sequence[Type]\n
 
Returns a list of all types in this process that match the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.arch","title":"arch","text":"
arch() -> ArchDefinition\n
 
The default architecture of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.break_at","title":"break_at","text":"
break_at(\n    location: BreakpointLocation | WatchpointLocation,\n    stop_handler: Callable[[StopPoint], bool] | None = None,\n    internal: bool = False,\n) -> StopPoint\n
 
Install a breakpoint or watchpoint at the given location.
 
The type of the location determines whether the newly created object is a watchpoint or a breakpoint. BreakpointLocation locations yield breakpoints, while WatchpointLocation locations yield watchpoints.
 
Aditionally, one may specify a stop handler function, to be run when the breakpoint or whatchpoint is hit, and that determines whether execution should stop. With a return value of True being interpreted as a signal to stop, and a return value of False being interpreted as a signal to continue execution. The extent of the actions that may be taken during the stop handler is determined by the debugger.
 
Marking a breakpoint or watchpoint as internal hints to the implementation that the created breakpoint or watchpoint should not be directly nameable by the user, and that it should not print any messages upon being triggered. Implementations should try to honor this hint, but they are not required to in case honoring it is either not possible or comes at a significant impact to performance.
 
This function returns a handle to the newly created breakpoint or watchpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.trace_ret","title":"trace_ret","text":"
trace_ret(\n    stop_handler: Callable[[], bool] | None = None, internal: bool = False\n)\n
 
Traces/break_at the current frame's return address. stop_handler and internal have the same semantic meaning as they are in break_at
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_linux","title":"is_linux","text":"
is_linux() -> bool\n
 
Returns whether the current ABI is GNU/Linux.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.disasm","title":"disasm","text":"
disasm(address: int) -> DisassembledInstruction | None\n
 
Returns the disassembled instruction at the given address in the address space of the running process, or None if there's no valid instruction at that address.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.module_section_locations","title":"module_section_locations","text":"
module_section_locations() -> list[tuple[int, int, str, str]]\n
 
Return a list of (address, size, section_name, module_name) tuples for the loaded sections in every module of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_name","title":"main_module_name","text":"
main_module_name() -> str | None\n
 
Returns the name of the main module.
 
On remote targets, this may be prefixed with \"target:\" string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_entry","title":"main_module_entry","text":"
main_module_entry() -> int | None\n
 
Returns the entry point of the main module.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked","title":"is_dynamically_linked","text":"
is_dynamically_linked() -> bool\n
 
Returns whether this process makes use of dynamically linked libraries.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked--dynamically-linked","title":"\"dynamically linked\"","text":"
What exactly it means to be \"dynamically linked\" here is a little ill-defined. Ideally, this function should return true if the process uses the default dynamic linker for the system, as that would better reflect whether the process uses dynamic linking.
 
Currently, though, Pwndbg expects it to behave the same as a check for the string \"No shared libraries loaded at this time.\" in the output of the info dll GDB command, which checks for the presence of other modules in the address space of the process, rather than whether or not the dynamic linker is used.
 
We should probably sort this out in the future.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.dispatch_execution_controller","title":"dispatch_execution_controller","text":"
dispatch_execution_controller(\n    procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
 
Queues up the given execution controller-based coroutine for execution, sometime between the calling of this function and the
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.add_symbol_file","title":"add_symbol_file","text":"
add_symbol_file(path, base=None)\n
 
Adds a symbol file at base
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.runcmd","title":"runcmd","text":"
runcmd(cmd)\n
 
Runs a debugger command
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode","title":"TypeCode","text":"
               Bases: Enum
 
Broad categories of types.
 
Attributes:
 
     
  •  INVALID           \u2013            
    •  
  •  POINTER           \u2013            
    •  
  •  ARRAY           \u2013            
    •  
  •  STRUCT           \u2013            
    •  
  •  TYPEDEF           \u2013            
    •  
  •  UNION           \u2013            
    •  
  •  INT           \u2013            
    •  
  •  ENUM           \u2013            
    •  
  •  FUNC           \u2013            
    •  
  •  BOOL           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.INVALID","title":"INVALID  class-attribute instance-attribute","text":"
INVALID = -1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.POINTER","title":"POINTER  class-attribute instance-attribute","text":"
POINTER = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ARRAY","title":"ARRAY  class-attribute instance-attribute","text":"
ARRAY = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.STRUCT","title":"STRUCT  class-attribute instance-attribute","text":"
STRUCT = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.TYPEDEF","title":"TYPEDEF  class-attribute instance-attribute","text":"
TYPEDEF = 4\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.UNION","title":"UNION  class-attribute instance-attribute","text":"
UNION = 5\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.INT","title":"INT  class-attribute instance-attribute","text":"
INT = 6\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ENUM","title":"ENUM  class-attribute instance-attribute","text":"
ENUM = 7\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.FUNC","title":"FUNC  class-attribute instance-attribute","text":"
FUNC = 8\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.BOOL","title":"BOOL  class-attribute instance-attribute","text":"
BOOL = 9\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField","title":"TypeField","text":"
TypeField(\n    bitpos: int,\n    name: str | None,\n    type: Type,\n    parent_type,\n    enumval: int | None = None,\n    artificial: bool = False,\n    is_base_class: bool = False,\n    bitsize: int = 0,\n)\n
 
The fields in a structured type.
 
Currently this is just a mirror of gdb.Field.
 
Attributes:
 
     
  •  bitpos           \u2013            
    •  
  •  name           \u2013            
    •  
  •  type           \u2013            
    •  
  •  parent_type           \u2013            
    •  
  •  enumval           \u2013            
    •  
  •  artificial           \u2013            
    •  
  •  is_base_class           \u2013            
    •  
  •  bitsize           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.bitpos","title":"bitpos  instance-attribute","text":"
bitpos = bitpos\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.name","title":"name  instance-attribute","text":"
name = name\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.type","title":"type  instance-attribute","text":"
type = type\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.parent_type","title":"parent_type  instance-attribute","text":"
parent_type = parent_type\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.enumval","title":"enumval  instance-attribute","text":"
enumval = enumval\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.artificial","title":"artificial  instance-attribute","text":"
artificial = artificial\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.is_base_class","title":"is_base_class  instance-attribute","text":"
is_base_class = is_base_class\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.bitsize","title":"bitsize  instance-attribute","text":"
bitsize = bitsize\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type","title":"Type","text":"
Class representing a type in the context of an inferior process.
 
Methods:
 
     
  •  func_arguments             \u2013              
    Returns a list of function arguments type.
     
    •  
  •  fields             \u2013              
    List of all fields in this type, if it is a structured type.
     
    •  
  •  has_field             \u2013              
    Whether this type has a field with the given name.
     
    •  
  •  array             \u2013              
    Return a type that corresponds to an array whose elements have this type.
     
    •  
  •  pointer             \u2013              
    Return a pointer type that has this type as its pointee.
     
    •  
  •  strip_typedefs             \u2013              
    Return a type that corresponds to the base type after a typedef chain,
     
    •  
  •  target             \u2013              
    Return the target of this reference type, if this is a reference type.
     
    •  
  •  keys             \u2013              
    Returns a list containing all the field names of this type.
     
    •  
  •  enum_member             \u2013              
    Retrieve the integer value of an enum member.
     
    •  
  •  offsetof             \u2013              
    Calculate the byte offset of a field within a struct or union.
     
    •  
  •  __eq__             \u2013              
    Returns True if types are the same
     
    •  
 
Attributes:
 
     
  •  name_identifier               (str | None)           \u2013            
    Returns the identifier of this type, eg:
     
    •  
  •  name_to_human_readable               (str)           \u2013            
    Returns the human friendly name of this type, eg:
     
    •  
  •  array_len               (int)           \u2013            
    Get array length of this type.
     
    •  
  •  sizeof               (int)           \u2013            
    The size of this type, in bytes.
     
    •  
  •  alignof               (int)           \u2013            
    The alignment of this type, in bytes.
     
    •  
  •  code               (TypeCode)           \u2013            
    What category of type this object belongs to.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.name_identifier","title":"name_identifier  property","text":"
name_identifier: str | None\n
 
Returns the identifier of this type, eg: - someStructName - someEnumName - someTypedefName
 
Returns None if the type is anonymous or does not have a name, such as: - Anonymous structs - Anonymous Typedefs - Basic types like char[], void, etc.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.name_to_human_readable","title":"name_to_human_readable  property","text":"
name_to_human_readable: str\n
 
Returns the human friendly name of this type, eg: - char [16] - int - char * - void * - fooStructName - barEnumName - barTypedefName
 
This function is not standardized, may return different names in gdb/lldb, eg: gdb: char [16] or char [50] or struct {...} lldb: char[16] or char[]    or (anonymous struct)
 
You should not use this function. Only for human eyes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.array_len","title":"array_len  property","text":"
array_len: int\n
 
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.sizeof","title":"sizeof  property","text":"
sizeof: int\n
 
The size of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.alignof","title":"alignof  property","text":"
alignof: int\n
 
The alignment of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.code","title":"code  property","text":"
code: TypeCode\n
 
What category of type this object belongs to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.func_arguments","title":"func_arguments","text":"
func_arguments() -> list[Type] | None\n
 
Returns a list of function arguments type.
 
Returns:
 
     
  •  list[Type] | None           \u2013            
    List[Type] | None: The function arguments type, or None if debug information is missing.
     
    •  
 
Raises:
 
     
  •  TypeError             \u2013            
    If called on an unsupported type.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.fields","title":"fields","text":"
fields() -> list[TypeField]\n
 
List of all fields in this type, if it is a structured type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.has_field","title":"has_field","text":"
has_field(name: str) -> bool\n
 
Whether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.array","title":"array","text":"
array(count: int) -> Type\n
 
Return a type that corresponds to an array whose elements have this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.pointer","title":"pointer","text":"
pointer() -> Type\n
 
Return a pointer type that has this type as its pointee.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.strip_typedefs","title":"strip_typedefs","text":"
strip_typedefs() -> Type\n
 
Return a type that corresponds to the base type after a typedef chain, if this is a typedef. Returns the type itself otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.target","title":"target","text":"
target() -> Type\n
 
Return the target of this reference type, if this is a reference type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.keys","title":"keys","text":"
keys() -> list[str]\n
 
Returns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.enum_member","title":"enum_member","text":"
enum_member(field_name: str) -> int | None\n
 
Retrieve the integer value of an enum member.
 
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.offsetof","title":"offsetof","text":"
offsetof(field_name: str) -> int | None\n
 
Calculate the byte offset of a field within a struct or union.
 
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
 
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
 
Returns True if types are the same
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value","title":"Value","text":"
Class representing a value in the context of an inferior process.
 
Methods:
 
     
  •  dereference             \u2013              
    If this is a pointer value, dereferences the pointer and returns a new
     
    •  
  •  string             \u2013              
    If this value is a string, then this method converts it to a Python string.
     
    •  
  •  value_to_human_readable             \u2013              
        Converts a Value to a human-readable string representation.\n
     
    •  
  •  fetch_lazy             \u2013              
    Fetches the value if it is lazy, does nothing otherwise.
     
    •  
  •  __int__             \u2013              
    Converts this value to an integer, if possible.
     
    •  
  •  cast             \u2013              
    Returns a new value with the same value as this object, but of the
     
    •  
  •  __add__             \u2013              
    Adds an integer to this value, if that makes sense. Throws an exception
     
    •  
  •  __sub__             \u2013              
    Subtract an integer from this value, if that makes sense. Throws an
     
    •  
  •  __getitem__             \u2013              
    Gets the value with the given name that belongs to this value. For
     
    •  
 
Attributes:
 
     
  •  address               (Value | None)           \u2013            
    The address of this value, in memory, if addressable, otherwise None.
     
    •  
  •  is_optimized_out               (bool)           \u2013            
    Whether this value is present in debugging information, but has been
     
    •  
  •  type               (Type)           \u2013            
    The type associated with this value.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.address","title":"address  property","text":"
address: Value | None\n
 
The address of this value, in memory, if addressable, otherwise None.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.is_optimized_out","title":"is_optimized_out  property","text":"
is_optimized_out: bool\n
 
Whether this value is present in debugging information, but has been optimized out of the actual program.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.type","title":"type  property","text":"
type: Type\n
 
The type associated with this value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.dereference","title":"dereference","text":"
dereference() -> Value\n
 
If this is a pointer value, dereferences the pointer and returns a new instance of Value, containing the value pointed to by this pointer.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.string","title":"string","text":"
string() -> str\n
 
If this value is a string, then this method converts it to a Python string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
    Converts a Value to a human-readable string representation.\n\n    The format is similar to what is produced by the `str()` function for gdb.Value,\n    displaying nested fields and pointers in a user-friendly way.\n\n    **Usage Notes:**\n    - This function is intended solely for displaying results to the user.\n    - The output format may differ between debugger implementations (e.g., GDB vs LLDB),\n      as each debugger may format values differently. For instance:\n        - GDB might produce: '{\n
 
value = 0,   inner = {     next = 0x555555558098    } }'             - LLDB might produce: '(inner_a_node) *$PWNDBG_CREATED_VALUE_0 = {   value = 0   inner = {     next = 0x0000555555558098   } }'         - As such, this function should not be relied upon for parsing or programmatic use."},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.fetch_lazy","title":"fetch_lazy","text":"
fetch_lazy() -> None\n
 
Fetches the value if it is lazy, does nothing otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__int__","title":"__int__","text":"
__int__() -> int\n
 
Converts this value to an integer, if possible.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.cast","title":"cast","text":"
cast(type: Type | Any) -> Value\n
 
Returns a new value with the same value as this object, but of the given type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__add__","title":"__add__","text":"
__add__(rhs: int) -> Value\n
 
Adds an integer to this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__sub__","title":"__sub__","text":"
__sub__(rhs: int) -> Value\n
 
Subtract an integer from this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__getitem__","title":"__getitem__","text":"
__getitem__(idx: int | str) -> Value\n
 
Gets the value with the given name that belongs to this value. For structure types, this is the field with the given name. For array types, this is the field at the given index. For pointer types, this is the value of *(ptr+idx).
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.CommandHandle","title":"CommandHandle","text":"
An opaque handle to an installed command.
 
Methods:
 
     
  •  remove             \u2013              
    Removes this command from the command palette of the debugger.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.CommandHandle.remove","title":"remove","text":"
remove() -> None\n
 
Removes this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType","title":"EventType","text":"
               Bases: Enum
 
Events that can be listened for and reacted to in a debugger.
 The events types listed here are defined as follows 
     
  • START: This event is fired some time between the creation of or   attachment to the process to be debugged, and the start of its   execution.
    •  
  • STOP: This event is fired after execution of the process has been   suspended, but before control is returned to the user for interactive   debugging.
    •  
  • EXIT: This event is fired after the process being debugged has been   detached from or has finished executing.
    •  
  • MEMORY_CHANGED: This event is fired when the user interactively makes   changes to the memory of the process being debugged.
    •  
  • REGISTER_CHANGED: Like MEMORY_CHANGED, but for registers.
    •  
  • CONTINUE: This event is fired after the user has requested for   process execution to continue after it had been previously suspended.
    •  
  • NEW_MODULE: This event is fired when a new application module has   been encountered by the debugger. This usually happens when a new   application module is loaded into the memory space of the process being   debugged. In GDB terminology, these are called objfiles.
    •  
 
Attributes:
 
     
  •  SUSPEND_ALL           \u2013            
    •  
  •  START           \u2013            
    •  
  •  STOP           \u2013            
    •  
  •  EXIT           \u2013            
    •  
  •  MEMORY_CHANGED           \u2013            
    •  
  •  REGISTER_CHANGED           \u2013            
    •  
  •  CONTINUE           \u2013            
    •  
  •  NEW_MODULE           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.SUSPEND_ALL","title":"SUSPEND_ALL  class-attribute instance-attribute","text":"
SUSPEND_ALL = -1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.START","title":"START  class-attribute instance-attribute","text":"
START = 0\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.STOP","title":"STOP  class-attribute instance-attribute","text":"
STOP = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.EXIT","title":"EXIT  class-attribute instance-attribute","text":"
EXIT = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.MEMORY_CHANGED","title":"MEMORY_CHANGED  class-attribute instance-attribute","text":"
MEMORY_CHANGED = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.REGISTER_CHANGED","title":"REGISTER_CHANGED  class-attribute instance-attribute","text":"
REGISTER_CHANGED = 4\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.CONTINUE","title":"CONTINUE  class-attribute instance-attribute","text":"
CONTINUE = 5\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.NEW_MODULE","title":"NEW_MODULE  class-attribute instance-attribute","text":"
NEW_MODULE = 6\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger","title":"Debugger","text":"
The base class representing a debugger.
 
Methods:
 
     
  •  setup             \u2013              
    Perform debugger-specific initialization.
     
    •  
  •  history             \u2013              
    The command history of the interactive session in this debugger.
     
    •  
  •  lex_args             \u2013              
    Lexes the given command line into a list of arguments, according to the
     
    •  
  •  selected_inferior             \u2013              
    The inferior process currently being focused on in this interactive session.
     
    •  
  •  selected_thread             \u2013              
    The thread currently being focused on in this interactive session.
     
    •  
  •  selected_frame             \u2013              
    The stack frame currently being focused on in this interactive session.
     
    •  
  •  commands             \u2013              
    List the commands available in this session.
     
    •  
  •  add_command             \u2013              
    Adds a command with the given name to the debugger, that invokes the
     
    •  
  •  has_event_type             \u2013              
    Whether the given event type is supported by this debugger. Indicates
     
    •  
  •  event_handler             \u2013              
    Sets up the given function to be called when an event of the given type
     
    •  
  •  ctx_suspend_events             \u2013              
    Context manager for temporarily suspending and resuming the delivery of events
     
    •  
  •  ctx_suspend_once             \u2013              
    Avoid printing ctx once
     
    •  
  •  suspend_events             \u2013              
    Suspend delivery of all events of the given type until it is resumed
     
    •  
  •  resume_events             \u2013              
    Resume the delivery of all events of the given type, if previously
     
    •  
  •  set_sysroot             \u2013              
    Sets the system root for this debugger.
     
    •  
  •  x86_disassembly_flavor             \u2013              
    The flavor of disassembly to use for x86 targets.
     
    •  
  •  supports_breakpoint_creation_during_stop_handler             \u2013              
    Whether breakpoint or watchpoint creation through break_at is
     
    •  
  •  breakpoint_locations             \u2013              
    Returns a list of all breakpoint locations that are currently
     
    •  
  •  name             \u2013              
    The type of the current debugger.
     
    •  
  •  is_gdblib_available             \u2013              
    Whether gdblib is available under this debugger.
     
    •  
  •  string_limit             \u2013              
    The maximum size of a string.
     
    •  
  •  addrsz             \u2013              
    Format the given address value.
     
    •  
  •  get_cmd_window_size             \u2013              
    The size of the command window, in characters, if available.
     
    •  
  •  set_python_diagnostics             \u2013              
    Enables or disables Python diagnostic messages for this debugger.
     
    •  
 
Attributes:
 
     
  •  pre_ctx_lines               (int)           \u2013            
    Our prediction on how many lines of text will be printed as
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.pre_ctx_lines","title":"pre_ctx_lines  property","text":"
pre_ctx_lines: int\n
 
Our prediction on how many lines of text will be printed as a preamble (right after the prompt, and before the context) the next time the context is printed.
 
This includes any lines the underlying debugger generates.
 
The user never sees these lines when context-clear-screen is enabled.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.setup","title":"setup","text":"
setup(*args: Any) -> None\n
 
Perform debugger-specific initialization.
 
This method should be run immediately after pwndbg.dbg is set to an instance of this class, and, as such, is allowed to run code that depends on it being set.
 
Because we can't really know what a given debugger object will need as part of its setup process, we allow for as many arguments as desired to be passed in, and leave it up to the implementations to decide what they need. This shouldn't be a problem, seeing as, unlike other methods in this class, this should only be called as part of the debugger-specific bringup code.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.history","title":"history","text":"
history(last: int = 10) -> list[tuple[int, str]]\n
 
The command history of the interactive session in this debugger.
 
This function returns the last last items in the command history, as an oldest-to-youngest-sorted list of tuples, where the first element in each tuple is the index of the command in the history, and the second element is a string giving the command itself.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.lex_args","title":"lex_args","text":"
lex_args(command_line: str) -> list[str]\n
 
Lexes the given command line into a list of arguments, according to the conventions of the debugger being used and of the interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_inferior","title":"selected_inferior","text":"
selected_inferior() -> Process | None\n
 
The inferior process currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_thread","title":"selected_thread","text":"
selected_thread() -> Thread | None\n
 
The thread currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_frame","title":"selected_frame","text":"
selected_frame() -> Frame | None\n
 
The stack frame currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.commands","title":"commands","text":"
commands() -> list[str]\n
 
List the commands available in this session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.add_command","title":"add_command","text":"
add_command(\n    name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\n
 
Adds a command with the given name to the debugger, that invokes the given function every time it is called.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.has_event_type","title":"has_event_type","text":"
has_event_type(ty: EventType) -> bool\n
 
Whether the given event type is supported by this debugger. Indicates that a user either can or cannot register an event handler of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.event_handler","title":"event_handler","text":"
event_handler(\n    ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
 
Sets up the given function to be called when an event of the given type gets fired. Returns a callable that corresponds to the wrapped function. This function my be used as a decorator.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.ctx_suspend_events","title":"ctx_suspend_events","text":"
ctx_suspend_events(ty: EventType) -> Iterator[None]\n
 
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.ctx_suspend_once","title":"ctx_suspend_once","text":"
ctx_suspend_once()\n
 
Avoid printing ctx once
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.suspend_events","title":"suspend_events","text":"
suspend_events(ty: EventType) -> None\n
 
Suspend delivery of all events of the given type until it is resumed through a call to resume_events.
 
Events triggered during a suspension will be ignored, and will not be delived, even after delivery is resumed.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.resume_events","title":"resume_events","text":"
resume_events(ty: EventType) -> None\n
 
Resume the delivery of all events of the given type, if previously suspeded through a call to suspend_events. Does nothing if the delivery has not been previously suspeded.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_sysroot","title":"set_sysroot","text":"
set_sysroot(sysroot: str) -> bool\n
 
Sets the system root for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"
x86_disassembly_flavor() -> Literal['att', 'intel']\n
 
The flavor of disassembly to use for x86 targets.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"
supports_breakpoint_creation_during_stop_handler() -> bool\n
 
Whether breakpoint or watchpoint creation through break_at is supported during breakpoint stop handlers.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.breakpoint_locations","title":"breakpoint_locations","text":"
breakpoint_locations() -> list[BreakpointLocation]\n
 
Returns a list of all breakpoint locations that are currently installed and enabled in the focused process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.name","title":"name","text":"
name() -> DebuggerType\n
 
The type of the current debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.is_gdblib_available","title":"is_gdblib_available","text":"
is_gdblib_available() -> bool\n
 
Whether gdblib is available under this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.string_limit","title":"string_limit","text":"
string_limit() -> int\n
 
The maximum size of a string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.addrsz","title":"addrsz","text":"
addrsz(address: Any) -> str\n
 
Format the given address value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.get_cmd_window_size","title":"get_cmd_window_size","text":"
get_cmd_window_size() -> tuple[int, int]\n
 
The size of the command window, in characters, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_python_diagnostics","title":"set_python_diagnostics","text":"
set_python_diagnostics(enabled: bool) -> None\n
 
Enables or disables Python diagnostic messages for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.selection","title":"selection","text":"
selection(\n    target: T, get_current: Callable[[], T], select: Callable[[T], None]\n)\n
 
Debuggers have global state. Many of our queries require that we select a given object globally before we make them. When doing that, we must always be careful to return selection to its previous state before exiting. This class automatically manages the selection of a single object type.
 
Upon entrace to the with block, the element given by target will be compared to the object returned by calling get_current. If they compare different, the value previously returned by get_current is saved, and the element given by target will be selected by passing it as an argument to select, and, after execution leaves the with block, the previously saved element will be selected in the same fashion as the first element.
 
If the elements don't compare different, this is a no-op.
"},{"location":"reference/pwndbg/dbg/gdb/","title":"gdb","text":""},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb","title":"gdb","text":"
Modules:
 
     
  •  debug_sym           \u2013            
    •  
  •  symbol           \u2013            
    Looking up addresses for function names / symbols, and
     
    •  
 
Classes:
 
     
  •  GDBRegisters           \u2013            
    •  
  •  GDBFrame           \u2013            
    •  
  •  GDBThread           \u2013            
    •  
  •  GDBMemoryMap           \u2013            
    •  
  •  BreakpointAdapter           \u2013            
    •  
  •  FinishpointAdapter           \u2013            
    •  
  •  GDBStopPoint           \u2013            
    •  
  •  GDBProcess           \u2013            
    •  
  •  GDBExecutionController           \u2013            
    •  
  •  GDBCommand           \u2013            
    •  
  •  GDBCommandHandle           \u2013            
    •  
  •  GDBType           \u2013            
    •  
  •  GDBValue           \u2013            
    •  
  •  GDB           \u2013            
    •  
 
Functions:
 
     
  •  parse_and_eval             \u2013              
    Same as gdb.parse_and_eval, but only uses global_context if it is
     
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
  •  gdb_architecture_name_fixup_list           \u2013            
    •  
  •  gdb_mips_to_arch_attribute_map           \u2013            
    •  
  •  BPWP_DEFERRED_DELETE               (Set[GDBStopPoint])           \u2013            
    •  
  •  BPWP_DEFERRED_ENABLE               (Set[GDBStopPoint])           \u2013            
    •  
  •  BPWP_DEFERRED_DISABLE               (Set[GDBStopPoint])           \u2013            
    •  
  •  EXECUTION_CONTROLLER           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.gdb_architecture_name_fixup_list","title":"gdb_architecture_name_fixup_list  module-attribute","text":"
gdb_architecture_name_fixup_list = (\n    \"x86-64\",\n    \"i386\",\n    \"i8086\",\n    \"aarch64\",\n    \"mips\",\n    \"rs6000\",\n    \"powerpc\",\n    \"sparc\",\n    \"arm\",\n    \"iwmmxt\",\n    \"iwmmxt2\",\n    \"xscale\",\n    \"riscv:rv32\",\n    \"riscv:rv64\",\n    \"riscv\",\n    \"loongarch64\",\n    \"s390:64-bit\",\n)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.gdb_mips_to_arch_attribute_map","title":"gdb_mips_to_arch_attribute_map  module-attribute","text":"
gdb_mips_to_arch_attribute_map = {\n    \"mips5\": MIPS_ISA_5,\n    \"micromips\": MIPS_ISA_MICRO,\n    \"isa32\": MIPS_ISA_32,\n    \"isa32r2\": MIPS_ISA_32R2,\n    \"isa32r3\": MIPS_ISA_32R3,\n    \"isa32r5\": MIPS_ISA_32R5,\n    \"isa32r6\": MIPS_ISA_32R6,\n    \"isa64\": MIPS_ISA_64,\n    \"isa64r2\": MIPS_ISA_64R2,\n    \"isa64r3\": MIPS_ISA_64R3,\n    \"isa64r5\": MIPS_ISA_64R5,\n    \"isa64r6\": MIPS_ISA_64R6,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DELETE","title":"BPWP_DEFERRED_DELETE  module-attribute","text":"
BPWP_DEFERRED_DELETE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_ENABLE","title":"BPWP_DEFERRED_ENABLE  module-attribute","text":"
BPWP_DEFERRED_ENABLE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DISABLE","title":"BPWP_DEFERRED_DISABLE  module-attribute","text":"
BPWP_DEFERRED_DISABLE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLER  module-attribute","text":"
EXECUTION_CONTROLLER = GDBExecutionController()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters","title":"GDBRegisters","text":"
GDBRegisters(frame: GDBFrame)\n
 
               Bases: Registers
 
Methods:
 
     
  •  by_name             \u2013              
    •  
 
Attributes:
 
     
  •  frame           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters.frame","title":"frame  instance-attribute","text":"
frame = frame\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters.by_name","title":"by_name","text":"
by_name(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame","title":"GDBFrame","text":"
GDBFrame(inner: Frame)\n
 
               Bases: Frame
 
Methods:
 
     
  •  lookup_symbol             \u2013              
    •  
  •  evaluate_expression             \u2013              
    •  
  •  regs             \u2013              
    •  
  •  reg_write             \u2013              
    •  
  •  pc             \u2013              
    •  
  •  sp             \u2013              
    •  
  •  parent             \u2013              
    •  
  •  child             \u2013              
    •  
  •  sal             \u2013              
    •  
  •  stack_variables             \u2013              
    •  
  •  __eq__             \u2013              
    •  
 
Attributes:
 
     
  •  inner           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.regs","title":"regs","text":"
regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.reg_write","title":"reg_write","text":"
reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.pc","title":"pc","text":"
pc() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sp","title":"sp","text":"
sp() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.parent","title":"parent","text":"
parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.child","title":"child","text":"
child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sal","title":"sal","text":"
sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.stack_variables","title":"stack_variables","text":"
stack_variables() -> tuple[tuple[int, int, str], ...]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread","title":"GDBThread","text":"
GDBThread(inner: InferiorThread)\n
 
               Bases: Thread
 
Methods:
 
     
  •  bottom_frame             \u2013              
    •  
  •  ptid             \u2013              
    •  
  •  index             \u2013              
    •  
 
Attributes:
 
     
  •  inner           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.bottom_frame","title":"bottom_frame","text":"
bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.ptid","title":"ptid","text":"
ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.index","title":"index","text":"
index() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap","title":"GDBMemoryMap","text":"
GDBMemoryMap(qemu: bool, pages: Sequence[Page])\n
 
               Bases: MemoryMap
 
Methods:
 
     
  •  is_qemu             \u2013              
    •  
  •  ranges             \u2013              
    Returns all ranges in this memory map.
     
    •  
  •  lookup_page             \u2013              
    •  
 
Attributes:
 
     
  •  qemu           \u2013            
    •  
  •  pages               (tuple[Page, ...])           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.qemu","title":"qemu  instance-attribute","text":"
qemu = qemu\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.pages","title":"pages  instance-attribute","text":"
pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.is_qemu","title":"is_qemu","text":"
is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.ranges","title":"ranges","text":"
ranges() -> Sequence[Page]\n
 
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.lookup_page","title":"lookup_page","text":"
lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter","title":"BreakpointAdapter","text":"
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  stop_handler               (Callable[[], bool])           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter.stop_handler","title":"stop_handler  instance-attribute","text":"
stop_handler: Callable[[], bool]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.FinishpointAdapter","title":"FinishpointAdapter","text":"
FinishpointAdapter(stop_handler, internal)\n
 
               Bases: FinishBreakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  stop_handler               (Callable[[], bool])           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.FinishpointAdapter.stop_handler","title":"stop_handler  instance-attribute","text":"
stop_handler: Callable[[], bool] = stop_handler\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.FinishpointAdapter.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint","title":"GDBStopPoint","text":"
GDBStopPoint(inner: Breakpoint, proc: GDBProcess)\n
 
               Bases: StopPoint
 
Methods:
 
     
  •  set_enabled             \u2013              
    •  
  •  remove             \u2013              
    •  
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    Automatic breakpoint removal.
     
    •  
 
Attributes:
 
     
  •  inner               (Breakpoint)           \u2013            
    •  
  •  proc               (GDBProcess)           \u2013            
    •  
  •  inner_stop               (Callable[[], bool] | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.inner","title":"inner  instance-attribute","text":"
inner: Breakpoint = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.proc","title":"proc  instance-attribute","text":"
proc: GDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.inner_stop","title":"inner_stop  instance-attribute","text":"
inner_stop: Callable[[], bool] | None = None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.set_enabled","title":"set_enabled","text":"
set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.remove","title":"remove","text":"
remove() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__enter__","title":"__enter__","text":"
__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__exit__","title":"__exit__","text":"
__exit__(exc_type, exc_value, traceback) -> None\n
 
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess","title":"GDBProcess","text":"
GDBProcess(inner: Inferior)\n
 
               Bases: Process
 
Methods:
 
     
  •  threads             \u2013              
    •  
  •  pid             \u2013              
    •  
  •  alive             \u2013              
    •  
  •  stopped_with_signal             \u2013              
    •  
  •  evaluate_expression             \u2013              
    •  
  •  vmmap             \u2013              
    •  
  •  read_memory             \u2013              
    •  
  •  write_memory             \u2013              
    •  
  •  find_in_memory             \u2013              
    •  
  •  is_remote             \u2013              
    •  
  •  send_remote             \u2013              
    •  
  •  send_monitor             \u2013              
    •  
  •  download_remote_file             \u2013              
    •  
  •  create_value             \u2013              
    •  
  •  symbol_name_at_address             \u2013              
    •  
  •  lookup_symbol             \u2013              
    •  
  •  types_with_name             \u2013              
    •  
  •  arch             \u2013              
    •  
  •  break_at             \u2013              
    •  
  •  trace_ret             \u2013              
    •  
  •  is_linux             \u2013              
    •  
  •  disasm             \u2013              
    •  
  •  module_section_locations             \u2013              
    •  
  •  main_module_name             \u2013              
    •  
  •  main_module_entry             \u2013              
    •  
  •  is_dynamically_linked             \u2013              
    •  
  •  dispatch_execution_controller             \u2013              
    •  
  •  add_symbol_file             \u2013              
    •  
  •  runcmd             \u2013              
    •  
 
Attributes:
 
     
  •  inner           \u2013            
    •  
  •  in_bpwp_stop_handler               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.in_bpwp_stop_handler","title":"in_bpwp_stop_handler  instance-attribute","text":"
in_bpwp_stop_handler: bool = False\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.threads","title":"threads","text":"
threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.pid","title":"pid","text":"
pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.alive","title":"alive","text":"
alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"
stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.vmmap","title":"vmmap","text":"
vmmap() -> MemoryMap\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.read_memory","title":"read_memory","text":"
read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.write_memory","title":"write_memory","text":"
write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.find_in_memory","title":"find_in_memory","text":"
find_in_memory(\n    pattern: bytearray,\n    start: int,\n    size: int,\n    align: int,\n    max_matches: int = -1,\n    step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_remote","title":"is_remote","text":"
is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_remote","title":"send_remote","text":"
send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_monitor","title":"send_monitor","text":"
send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.download_remote_file","title":"download_remote_file","text":"
download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.create_value","title":"create_value","text":"
create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"
symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.types_with_name","title":"types_with_name","text":"
types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.arch","title":"arch","text":"
arch() -> ArchDefinition\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.break_at","title":"break_at","text":"
break_at(\n    location: BreakpointLocation | WatchpointLocation,\n    stop_handler: Callable[[StopPoint], bool] | None = None,\n    internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.trace_ret","title":"trace_ret","text":"
trace_ret(\n    stop_handler: Callable[[], bool] | None = None, internal: bool = False\n)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_linux","title":"is_linux","text":"
is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.disasm","title":"disasm","text":"
disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.module_section_locations","title":"module_section_locations","text":"
module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_name","title":"main_module_name","text":"
main_module_name() -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_entry","title":"main_module_entry","text":"
main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"
is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"
dispatch_execution_controller(\n    procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.add_symbol_file","title":"add_symbol_file","text":"
add_symbol_file(path, base=None)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.runcmd","title":"runcmd","text":"
runcmd(cmd) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController","title":"GDBExecutionController","text":"
               Bases: ExecutionController
 
Methods:
 
     
  •  single_step             \u2013              
    •  
  •  cont             \u2013              
    •  
  •  cont_selected_thread             \u2013              
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.single_step","title":"single_step  async","text":"
single_step()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.cont","title":"cont  async","text":"
cont(until: StopPoint)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.cont_selected_thread","title":"cont_selected_thread  async","text":"
cont_selected_thread(until: StopPoint)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand","title":"GDBCommand","text":"
GDBCommand(\n    debugger: GDB,\n    name: str,\n    handler: Callable[[Debugger, str, bool], None],\n    doc: str | None,\n)\n
 
               Bases: Command
 
Methods:
 
     
  •  invoke             \u2013              
    •  
 
Attributes:
 
     
  •  debugger           \u2013            
    •  
  •  handler           \u2013            
    •  
  •  __doc__           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.debugger","title":"debugger  instance-attribute","text":"
debugger = debugger\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.handler","title":"handler  instance-attribute","text":"
handler = handler\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.__doc__","title":"__doc__  instance-attribute","text":"
__doc__ = doc\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.invoke","title":"invoke","text":"
invoke(args: str, from_tty: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle","title":"GDBCommandHandle","text":"
GDBCommandHandle(command: Command)\n
 
               Bases: CommandHandle
 
Methods:
 
     
  •  remove             \u2013              
    •  
 
Attributes:
 
     
  •  command           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle.command","title":"command  instance-attribute","text":"
command = command\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle.remove","title":"remove","text":"
remove() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType","title":"GDBType","text":"
GDBType(inner: Type)\n
 
               Bases: Type
 
Methods:
 
     
  •  __eq__             \u2013              
    •  
  •  func_arguments             \u2013              
    •  
  •  fields             \u2013              
    •  
  •  has_field             \u2013              
    •  
  •  array             \u2013              
    •  
  •  pointer             \u2013              
    •  
  •  strip_typedefs             \u2013              
    •  
  •  target             \u2013              
    •  
  •  keys             \u2013              
    •  
  •  offsetof             \u2013              
    •  
  •  enum_member             \u2013              
    Retrieve the integer value of an enum member.
     
    •  
 
Attributes:
 
     
  •  CODE_MAPPING           \u2013            
    •  
  •  inner           \u2013            
    •  
  •  name_identifier               (str | None)           \u2013            
    •  
  •  name_to_human_readable               (str)           \u2013            
    •  
  •  sizeof               (int)           \u2013            
    •  
  •  alignof               (int)           \u2013            
    •  
  •  code               (TypeCode)           \u2013            
    •  
  •  array_len               (int)           \u2013            
    Get array length of this type.
     
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.CODE_MAPPING","title":"CODE_MAPPING  class-attribute instance-attribute","text":"
CODE_MAPPING = {\n    TYPE_CODE_BOOL: BOOL,\n    TYPE_CODE_INT: INT,\n    TYPE_CODE_UNION: UNION,\n    TYPE_CODE_STRUCT: STRUCT,\n    TYPE_CODE_ENUM: ENUM,\n    TYPE_CODE_TYPEDEF: TYPEDEF,\n    TYPE_CODE_PTR: POINTER,\n    TYPE_CODE_ARRAY: ARRAY,\n    TYPE_CODE_FUNC: FUNC,\n    TYPE_CODE_METHOD: FUNC,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_identifier","title":"name_identifier  property","text":"
name_identifier: str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_to_human_readable","title":"name_to_human_readable  property","text":"
name_to_human_readable: str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.sizeof","title":"sizeof  property","text":"
sizeof: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.alignof","title":"alignof  property","text":"
alignof: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.code","title":"code  property","text":"
code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.array_len","title":"array_len  property","text":"
array_len: int\n
 
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.func_arguments","title":"func_arguments","text":"
func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.fields","title":"fields","text":"
fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.has_field","title":"has_field","text":"
has_field(name: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.array","title":"array","text":"
array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.pointer","title":"pointer","text":"
pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.strip_typedefs","title":"strip_typedefs","text":"
strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.target","title":"target","text":"
target() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.keys","title":"keys","text":"
keys() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.offsetof","title":"offsetof","text":"
offsetof(field_name: str) -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.enum_member","title":"enum_member","text":"
enum_member(field_name: str) -> int | None\n
 
Retrieve the integer value of an enum member.
 
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue","title":"GDBValue","text":"
GDBValue(inner: Value)\n
 
               Bases: Value
 
Methods:
 
     
  •  dereference             \u2013              
    •  
  •  string             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    •  
  •  fetch_lazy             \u2013              
    •  
  •  __int__             \u2013              
    •  
  •  cast             \u2013              
    •  
  •  __add__             \u2013              
    •  
  •  __sub__             \u2013              
    •  
  •  __getitem__             \u2013              
    •  
 
Attributes:
 
     
  •  inner           \u2013            
    •  
  •  address               (Value | None)           \u2013            
    •  
  •  is_optimized_out               (bool)           \u2013            
    •  
  •  type               (Type)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.address","title":"address  property","text":"
address: Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.is_optimized_out","title":"is_optimized_out  property","text":"
is_optimized_out: bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.type","title":"type  property","text":"
type: Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.dereference","title":"dereference","text":"
dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.string","title":"string","text":"
string() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.fetch_lazy","title":"fetch_lazy","text":"
fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__int__","title":"__int__","text":"
__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.cast","title":"cast","text":"
cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__add__","title":"__add__","text":"
__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__sub__","title":"__sub__","text":"
__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__getitem__","title":"__getitem__","text":"
__getitem__(key: str | int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB","title":"GDB","text":"
               Bases: Debugger
 
Methods:
 
     
  •  setup             \u2013              
    •  
  •  add_command             \u2013              
    •  
  •  history             \u2013              
    •  
  •  lex_args             \u2013              
    •  
  •  selected_thread             \u2013              
    •  
  •  selected_frame             \u2013              
    •  
  •  commands             \u2013              
    •  
  •  selected_inferior             \u2013              
    •  
  •  is_gdblib_available             \u2013              
    •  
  •  has_event_type             \u2013              
    •  
  •  event_handler             \u2013              
    •  
  •  ctx_suspend_once             \u2013              
    •  
  •  suspend_events             \u2013              
    •  
  •  resume_events             \u2013              
    •  
  •  set_sysroot             \u2013              
    •  
  •  supports_breakpoint_creation_during_stop_handler             \u2013              
    •  
  •  breakpoint_locations             \u2013              
    •  
  •  name             \u2013              
    •  
  •  x86_disassembly_flavor             \u2013              
    •  
  •  string_limit             \u2013              
    •  
  •  addrsz             \u2013              
    •  
  •  get_cmd_window_size             \u2013              
    Get the size of the command window.
     
    •  
  •  set_python_diagnostics             \u2013              
    •  
  •  ctx_suspend_events             \u2013              
    Context manager for temporarily suspending and resuming the delivery of events
     
    •  
 
Attributes:
 
     
  •  pre_ctx_lines               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.pre_ctx_lines","title":"pre_ctx_lines  property","text":"
pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.setup","title":"setup","text":"
setup()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.add_command","title":"add_command","text":"
add_command(\n    name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.history","title":"history","text":"
history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.lex_args","title":"lex_args","text":"
lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_thread","title":"selected_thread","text":"
selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_frame","title":"selected_frame","text":"
selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.commands","title":"commands","text":"
commands()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_inferior","title":"selected_inferior","text":"
selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.is_gdblib_available","title":"is_gdblib_available","text":"
is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.has_event_type","title":"has_event_type","text":"
has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.event_handler","title":"event_handler","text":"
event_handler(\n    ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.ctx_suspend_once","title":"ctx_suspend_once","text":"
ctx_suspend_once()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.suspend_events","title":"suspend_events","text":"
suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.resume_events","title":"resume_events","text":"
resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_sysroot","title":"set_sysroot","text":"
set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"
supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.breakpoint_locations","title":"breakpoint_locations","text":"
breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.name","title":"name","text":"
name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"
x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.string_limit","title":"string_limit","text":"
string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.addrsz","title":"addrsz","text":"
addrsz(address: Any) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.get_cmd_window_size","title":"get_cmd_window_size","text":"
get_cmd_window_size() -> tuple[int | None, int | None]\n
 
Get the size of the command window.
 
GDB keeps these parameters up to date with the actual window size of the command output. This is the full terminal size in CLI mode or the size of the cmd window in TUI mode.
 
When the window size is set to be unlimited (0), the parameter is None.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_python_diagnostics","title":"set_python_diagnostics","text":"
set_python_diagnostics(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.ctx_suspend_events","title":"ctx_suspend_events","text":"
ctx_suspend_events(ty: EventType) -> Iterator[None]\n
 
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.parse_and_eval","title":"parse_and_eval","text":"
parse_and_eval(expression: str, global_context: bool) -> Value\n
 
Same as gdb.parse_and_eval, but only uses global_context if it is supported by the current version of GDB.
 
global_context was introduced in GDB 14.
"},{"location":"reference/pwndbg/dbg/gdb/debug_sym/","title":"debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/debug_sym/#pwndbg.dbg.gdb.debug_sym","title":"debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/","title":"symbol","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol","title":"symbol","text":"
Looking up addresses for function names / symbols, and vice-versa.
 
Classes:
 
     
  •  Domain           \u2013            
    •  
 
Functions:
 
     
  •  resolve_addr             \u2013              
    Retrieve the name for the symbol located at address
     
    •  
  •  lookup_symbol             \u2013              
    Get the address for symbol
     
    •  
  •  lookup_frame_symbol             \u2013              
    Get the address for local symbol from frame, in most time you don't need it
     
    •  
 
Attributes:
 
     
  •  skipped_exceptions           \u2013            
    •  
  •  DOMAIN_MAPPING           \u2013            
    •  
  •  order_prefs           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.skipped_exceptions","title":"skipped_exceptions  module-attribute","text":"
skipped_exceptions = ('No frame selected', 'Cannot find thread-local')\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.DOMAIN_MAPPING","title":"DOMAIN_MAPPING  module-attribute","text":"
DOMAIN_MAPPING = {\n    ANY: SYMBOL_VAR_DOMAIN,\n    VARIABLE: SYMBOL_VAR_DOMAIN,\n    FUNCTION: SYMBOL_FUNCTION_DOMAIN,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.order_prefs","title":"order_prefs  module-attribute","text":"
order_prefs = {\n    True: (\n        _global_static_symbol_to_address,\n        _global_exported_symbol_to_address,\n    ),\n    False: (\n        _global_exported_symbol_to_address,\n        _global_static_symbol_to_address,\n    ),\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain","title":"Domain","text":"
               Bases: Enum
 
Methods:
 
     
  •  validate             \u2013              
    •  
 
Attributes:
 
     
  •  ANY           \u2013            
    •  
  •  VARIABLE           \u2013            
    •  
  •  FUNCTION           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.ANY","title":"ANY  class-attribute instance-attribute","text":"
ANY = 1\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.VARIABLE","title":"VARIABLE  class-attribute instance-attribute","text":"
VARIABLE = 2\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.FUNCTION","title":"FUNCTION  class-attribute instance-attribute","text":"
FUNCTION = 3\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.validate","title":"validate","text":"
validate(sym: Symbol) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.resolve_addr","title":"resolve_addr","text":"
resolve_addr(address: int) -> str\n
 
Retrieve the name for the symbol located at address Empty string if no symbol
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    domain: Domain = ANY,\n    objfile_endswith: str | None = None,\n) -> Value | None\n
 
Get the address for symbol
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"
lookup_frame_symbol(name: str, *, domain: Domain = ANY) -> Value | None\n
 
Get the address for local symbol from frame, in most time you don't need it
"},{"location":"reference/pwndbg/dbg/lldb/","title":"lldb","text":""},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb","title":"lldb","text":"
Modules:
 
     
  •  hooks           \u2013            
    Code that sets up hooks for LLDB events.
     
    •  
  •  pset           \u2013            
    •  
  •  repl           \u2013            
    The Pwndbg REPL that is the interface to all debugging on LLDB.
     
    •  
  •  util           \u2013            
    •  
 
Classes:
 
     
  •  LLDBRegisters           \u2013            
    •  
  •  LLDBFrame           \u2013            
    •  
  •  LLDBThread           \u2013            
    •  
  •  LLDBType           \u2013            
    •  
  •  LLDBValue           \u2013            
    •  
  •  LLDBMemoryMap           \u2013            
    •  
  •  LLDBStopPoint           \u2013            
    •  
  •  OneShotAwaitable           \u2013            
    Used as part of the logic for the execution controller. This is an Awaitable
     
    •  
  •  YieldContinue           \u2013            
    Continues execution of the process until the breakpoint or watchpoint given
     
    •  
  •  YieldSingleStep           \u2013            
    Moves execution of the process being debugged forward by one instruction.
     
    •  
  •  LLDBExecutionController           \u2013            
    •  
  •  LLDBProcess           \u2013            
    •  
  •  LLDBCommand           \u2013            
    •  
  •  LLDBPythonState           \u2013            
    State of LLDB Python execution.
     
    •  
  •  LLDB           \u2013            
    •  
 
Functions:
 
     
  •  rename_register             \u2013              
    Some register names differ between Pwndbg/GDB and LLDB. This function takes
     
    •  
  •  map_type_code             \u2013              
    Determines the type code of a given LLDB SBType.
     
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
  •  LLDB_VERSION               (tuple[int, int])           \u2013            
    •  
  •  EXECUTION_CONTROLLER           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB_VERSION","title":"LLDB_VERSION  module-attribute","text":"
LLDB_VERSION: tuple[int, int] = None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLER  module-attribute","text":"
EXECUTION_CONTROLLER = LLDBExecutionController()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters","title":"LLDBRegisters","text":"
LLDBRegisters(groups: SBValueList, proc: LLDBProcess)\n
 
               Bases: Registers
 
Methods:
 
     
  •  by_name             \u2013              
    •  
 
Attributes:
 
     
  •  groups               (SBValueList)           \u2013            
    •  
  •  proc               (LLDBProcess)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.groups","title":"groups  instance-attribute","text":"
groups: SBValueList = groups\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.proc","title":"proc  instance-attribute","text":"
proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.by_name","title":"by_name","text":"
by_name(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame","title":"LLDBFrame","text":"
LLDBFrame(inner: SBFrame, proc: LLDBProcess)\n
 
               Bases: Frame
 
Methods:
 
     
  •  lookup_symbol             \u2013              
    •  
  •  evaluate_expression             \u2013              
    •  
  •  regs             \u2013              
    •  
  •  reg_write             \u2013              
    •  
  •  pc             \u2013              
    •  
  •  sp             \u2013              
    •  
  •  parent             \u2013              
    •  
  •  child             \u2013              
    •  
  •  sal             \u2013              
    •  
  •  stack_variables             \u2013              
    •  
  •  __eq__             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (SBFrame)           \u2013            
    •  
  •  proc               (LLDBProcess)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.inner","title":"inner  instance-attribute","text":"
inner: SBFrame = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.proc","title":"proc  instance-attribute","text":"
proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.regs","title":"regs","text":"
regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.reg_write","title":"reg_write","text":"
reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.pc","title":"pc","text":"
pc() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sp","title":"sp","text":"
sp() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.parent","title":"parent","text":"
parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.child","title":"child","text":"
child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sal","title":"sal","text":"
sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.stack_variables","title":"stack_variables","text":"
stack_variables() -> tuple[tuple[int, int, str], ...]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread","title":"LLDBThread","text":"
LLDBThread(inner: SBThread, proc: LLDBProcess)\n
 
               Bases: Thread
 
Methods:
 
     
  •  bottom_frame             \u2013              
    •  
  •  ptid             \u2013              
    •  
  •  index             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (SBThread)           \u2013            
    •  
  •  proc               (LLDBProcess)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.inner","title":"inner  instance-attribute","text":"
inner: SBThread = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.proc","title":"proc  instance-attribute","text":"
proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.bottom_frame","title":"bottom_frame","text":"
bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.ptid","title":"ptid","text":"
ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.index","title":"index","text":"
index() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType","title":"LLDBType","text":"
LLDBType(inner: SBType)\n
 
               Bases: Type
 
Methods:
 
     
  •  __eq__             \u2013              
    •  
  •  func_arguments             \u2013              
    •  
  •  fields             \u2013              
    •  
  •  array             \u2013              
    •  
  •  pointer             \u2013              
    •  
  •  strip_typedefs             \u2013              
    •  
  •  target             \u2013              
    •  
  •  has_field             \u2013              
    Whether this type has a field with the given name.
     
    •  
  •  keys             \u2013              
    Returns a list containing all the field names of this type.
     
    •  
  •  enum_member             \u2013              
    Retrieve the integer value of an enum member.
     
    •  
  •  offsetof             \u2013              
    Calculate the byte offset of a field within a struct or union.
     
    •  
 
Attributes:
 
     
  •  inner               (SBType)           \u2013            
    •  
  •  name_identifier               (str | None)           \u2013            
    •  
  •  name_to_human_readable               (str)           \u2013            
    •  
  •  sizeof               (int)           \u2013            
    •  
  •  alignof               (int)           \u2013            
    •  
  •  code               (TypeCode)           \u2013            
    •  
  •  array_len               (int)           \u2013            
    Get array length of this type.
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.inner","title":"inner  instance-attribute","text":"
inner: SBType = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_identifier","title":"name_identifier  property","text":"
name_identifier: str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_to_human_readable","title":"name_to_human_readable  property","text":"
name_to_human_readable: str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.sizeof","title":"sizeof  property","text":"
sizeof: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.alignof","title":"alignof  property","text":"
alignof: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.code","title":"code  property","text":"
code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.array_len","title":"array_len  property","text":"
array_len: int\n
 
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.func_arguments","title":"func_arguments","text":"
func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.fields","title":"fields","text":"
fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.array","title":"array","text":"
array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.pointer","title":"pointer","text":"
pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.strip_typedefs","title":"strip_typedefs","text":"
strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.target","title":"target","text":"
target() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.has_field","title":"has_field","text":"
has_field(name: str) -> bool\n
 
Whether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.keys","title":"keys","text":"
keys() -> list[str]\n
 
Returns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.enum_member","title":"enum_member","text":"
enum_member(field_name: str) -> int | None\n
 
Retrieve the integer value of an enum member.
 
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.offsetof","title":"offsetof","text":"
offsetof(field_name: str) -> int | None\n
 
Calculate the byte offset of a field within a struct or union.
 
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
 
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue","title":"LLDBValue","text":"
LLDBValue(inner: SBValue, proc: LLDBProcess)\n
 
               Bases: Value
 
Methods:
 
     
  •  dereference             \u2013              
    •  
  •  string             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    •  
  •  fetch_lazy             \u2013              
    •  
  •  __int__             \u2013              
    •  
  •  cast             \u2013              
    •  
  •  __add__             \u2013              
    •  
  •  __sub__             \u2013              
    •  
  •  __getitem__             \u2013              
    •  
 
Attributes:
 
     
  •  proc           \u2013            
    •  
  •  inner           \u2013            
    •  
  •  address               (Value | None)           \u2013            
    •  
  •  is_optimized_out               (bool)           \u2013            
    •  
  •  type               (Type)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.proc","title":"proc  instance-attribute","text":"
proc = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.address","title":"address  property","text":"
address: Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.is_optimized_out","title":"is_optimized_out  property","text":"
is_optimized_out: bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.type","title":"type  property","text":"
type: Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.dereference","title":"dereference","text":"
dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.string","title":"string","text":"
string() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.fetch_lazy","title":"fetch_lazy","text":"
fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__int__","title":"__int__","text":"
__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.cast","title":"cast","text":"
cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__add__","title":"__add__","text":"
__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__sub__","title":"__sub__","text":"
__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__getitem__","title":"__getitem__","text":"
__getitem__(key: str | int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap","title":"LLDBMemoryMap","text":"
LLDBMemoryMap(pages: list[Page])\n
 
               Bases: MemoryMap
 
Methods:
 
     
  •  is_qemu             \u2013              
    •  
  •  ranges             \u2013              
    Returns all ranges in this memory map.
     
    •  
  •  lookup_page             \u2013              
    •  
 
Attributes:
 
     
  •  pages               (tuple[Page, ...])           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.pages","title":"pages  instance-attribute","text":"
pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.is_qemu","title":"is_qemu","text":"
is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.ranges","title":"ranges","text":"
ranges() -> Sequence[Page]\n
 
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.lookup_page","title":"lookup_page","text":"
lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint","title":"LLDBStopPoint","text":"
LLDBStopPoint(\n    inner: SBBreakpoint | SBWatchpoint,\n    proc: LLDBProcess,\n    stop_handler_name: str | None,\n)\n
 
               Bases: StopPoint
 
Methods:
 
     
  •  remove             \u2013              
    •  
  •  set_enabled             \u2013              
    •  
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    Automatic breakpoint removal.
     
    •  
 
Attributes:
 
     
  •  inner               (SBBreakpoint | SBWatchpoint)           \u2013            
    •  
  •  proc               (LLDBProcess)           \u2013            
    •  
  •  stop_handler_name               (str | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.inner","title":"inner  instance-attribute","text":"
inner: SBBreakpoint | SBWatchpoint = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.proc","title":"proc  instance-attribute","text":"
proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.stop_handler_name","title":"stop_handler_name  instance-attribute","text":"
stop_handler_name: str | None = stop_handler_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.remove","title":"remove","text":"
remove() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.set_enabled","title":"set_enabled","text":"
set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__enter__","title":"__enter__","text":"
__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__exit__","title":"__exit__","text":"
__exit__(exc_type, exc_value, traceback) -> None\n
 
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable","title":"OneShotAwaitable","text":"
OneShotAwaitable(value: Any)\n
 
Used as part of the logic for the execution controller. This is an Awaitable object that yields the value passed to its constructor exactly once.
 
Methods:
 
     
  •  __await__             \u2013              
    •  
 
Attributes:
 
     
  •  value           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable.value","title":"value  instance-attribute","text":"
value = value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable.__await__","title":"__await__","text":"
__await__() -> Generator[Any, Any, Any]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue","title":"YieldContinue","text":"
YieldContinue(target: LLDBStopPoint, selected_thread: bool = False)\n
 
Continues execution of the process until the breakpoint or watchpoint given in the constructor is hit or the operation is cancelled.
 
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
 
Attributes:
 
     
  •  target               (LLDBStopPoint)           \u2013            
    •  
  •  selected_thread               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue.target","title":"target  instance-attribute","text":"
target: LLDBStopPoint = target\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue.selected_thread","title":"selected_thread  instance-attribute","text":"
selected_thread: bool = selected_thread\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldSingleStep","title":"YieldSingleStep","text":"
Moves execution of the process being debugged forward by one instruction.
 
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController","title":"LLDBExecutionController","text":"
               Bases: ExecutionController
 
Methods:
 
     
  •  single_step             \u2013              
    •  
  •  cont             \u2013              
    •  
  •  cont_selected_thread             \u2013              
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.single_step","title":"single_step","text":"
single_step() -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.cont","title":"cont","text":"
cont(target: StopPoint) -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.cont_selected_thread","title":"cont_selected_thread","text":"
cont_selected_thread(target: StopPoint) -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess","title":"LLDBProcess","text":"
LLDBProcess(\n    dbg: LLDB, process: SBProcess, target: SBTarget, is_gdb_remote: bool\n)\n
 
               Bases: Process
 
Methods:
 
     
  •  threads             \u2013              
    •  
  •  pid             \u2013              
    •  
  •  alive             \u2013              
    •  
  •  stopped_with_signal             \u2013              
    •  
  •  evaluate_expression             \u2013              
    •  
  •  get_known_pages             \u2013              
    •  
  •  vmmap             \u2013              
    •  
  •  find_largest_range_len             \u2013              
    Finds the largest memory range given a minimum and a maximum value
     
    •  
  •  read_memory             \u2013              
    •  
  •  write_memory             \u2013              
    •  
  •  find_in_memory             \u2013              
    •  
  •  is_remote             \u2013              
    •  
  •  send_remote             \u2013              
    •  
  •  send_monitor             \u2013              
    •  
  •  download_remote_file             \u2013              
    •  
  •  create_value             \u2013              
    •  
  •  symbol_name_at_address             \u2013              
    •  
  •  lookup_symbol             \u2013              
    •  
  •  types_with_name             \u2013              
    •  
  •  arch             \u2013              
    •  
  •  break_at             \u2013              
    •  
  •  trace_ret             \u2013              
    •  
  •  disasm             \u2013              
    •  
  •  is_linux             \u2013              
    •  
  •  module_section_locations             \u2013              
    •  
  •  main_module_name             \u2013              
    •  
  •  main_module_entry             \u2013              
    •  
  •  is_dynamically_linked             \u2013              
    •  
  •  dispatch_execution_controller             \u2013              
    •  
  •  runcmd             \u2013              
    •  
  •  add_symbol_file             \u2013              
    Adds a symbol file at base
     
    •  
 
Attributes:
 
     
  •  dbg           \u2013            
    •  
  •  process           \u2013            
    •  
  •  target           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.dbg","title":"dbg  instance-attribute","text":"
dbg = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.process","title":"process  instance-attribute","text":"
process = process\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.target","title":"target  instance-attribute","text":"
target = target\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.threads","title":"threads","text":"
threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.pid","title":"pid","text":"
pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.alive","title":"alive","text":"
alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"
stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.get_known_pages","title":"get_known_pages","text":"
get_known_pages() -> list[Page]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.vmmap","title":"vmmap","text":"
vmmap() -> MemoryMap\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_largest_range_len","title":"find_largest_range_len","text":"
find_largest_range_len(\n    min_search: int, max_search: int, test: Callable[[int], bool]\n) -> int\n
 
Finds the largest memory range given a minimum and a maximum value for the size of the rage. This is a binary search, so it should do on the order of log2(max_search - min_search) attempts before it arrives at an answer.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.read_memory","title":"read_memory","text":"
read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.write_memory","title":"write_memory","text":"
write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_in_memory","title":"find_in_memory","text":"
find_in_memory(\n    pattern: bytearray,\n    start: int,\n    size: int,\n    align: int,\n    max_matches: int = -1,\n    step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_remote","title":"is_remote","text":"
is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_remote","title":"send_remote","text":"
send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_monitor","title":"send_monitor","text":"
send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.download_remote_file","title":"download_remote_file","text":"
download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.create_value","title":"create_value","text":"
create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"
symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.types_with_name","title":"types_with_name","text":"
types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.arch","title":"arch","text":"
arch() -> ArchDefinition\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.break_at","title":"break_at","text":"
break_at(\n    location: BreakpointLocation | WatchpointLocation,\n    stop_handler: Callable[[StopPoint], bool] | None = None,\n    internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.trace_ret","title":"trace_ret","text":"
trace_ret(\n    stop_handler: Callable[[], bool] | None = None, internal: bool = False\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.disasm","title":"disasm","text":"
disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_linux","title":"is_linux","text":"
is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.module_section_locations","title":"module_section_locations","text":"
module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_name","title":"main_module_name","text":"
main_module_name() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_entry","title":"main_module_entry","text":"
main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"
is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"
dispatch_execution_controller(\n    procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.runcmd","title":"runcmd","text":"
runcmd(cmd) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.add_symbol_file","title":"add_symbol_file","text":"
add_symbol_file(path, base=None)\n
 
Adds a symbol file at base
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand","title":"LLDBCommand","text":"
LLDBCommand(handler_name: str, command_name: str)\n
 
               Bases: CommandHandle
 
Methods:
 
     
  •  remove             \u2013              
    Removes this command from the command palette of the debugger.
     
    •  
 
Attributes:
 
     
  •  handler_name           \u2013            
    •  
  •  command_name           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.handler_name","title":"handler_name  instance-attribute","text":"
handler_name = handler_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.command_name","title":"command_name  instance-attribute","text":"
command_name = command_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.remove","title":"remove","text":"
remove() -> None\n
 
Removes this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBPythonState","title":"LLDBPythonState","text":"
               Bases: Enum
 
State of LLDB Python execution.
 
Unlike in pwndbg-gdb, in pwndbg-lldb the responsibility of driving execution of Python code forward is shared between Pwndbg and LLDB. Knowing which one is in charge is crucial to the correct functioning of the Pwndbg REPL.
 
This class defines the different kinds of states we can be in.
 
Attributes:
 
     
  •  PWNDBG           \u2013            
    Pwndbg is driving execution of Python code
     
    •  
  •  LLDB_COMMAND_HANDLER           \u2013            
    Python code is executing from inside an LLDB command handler
     
    •  
  •  LLDB_STOP_HANDLER           \u2013            
    Python code is executing from an LLDB breakpoint/watchpoint hook handler
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBPythonState.PWNDBG","title":"PWNDBG  class-attribute instance-attribute","text":"
PWNDBG = 1\n
 
Pwndbg is driving execution of Python code
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBPythonState.LLDB_COMMAND_HANDLER","title":"LLDB_COMMAND_HANDLER  class-attribute instance-attribute","text":"
LLDB_COMMAND_HANDLER = 0\n
 
Python code is executing from inside an LLDB command handler
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBPythonState.LLDB_STOP_HANDLER","title":"LLDB_STOP_HANDLER  class-attribute instance-attribute","text":"
LLDB_STOP_HANDLER = 2\n
 
Python code is executing from an LLDB breakpoint/watchpoint hook handler
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB","title":"LLDB","text":"
               Bases: Debugger
 
Methods:
 
     
  •  setup             \u2013              
    •  
  •  relay_exceptions             \u2013              
    Relay an exception raised during an LLDB command handler.
     
    •  
  •  add_command             \u2013              
    •  
  •  history             \u2013              
    •  
  •  commands             \u2013              
    •  
  •  lex_args             \u2013              
    •  
  •  selected_inferior             \u2013              
    •  
  •  selected_thread             \u2013              
    •  
  •  selected_frame             \u2013              
    •  
  •  has_event_type             \u2013              
    •  
  •  event_handler             \u2013              
    •  
  •  ctx_suspend_once             \u2013              
    •  
  •  suspend_events             \u2013              
    •  
  •  resume_events             \u2013              
    •  
  •  set_sysroot             \u2013              
    •  
  •  supports_breakpoint_creation_during_stop_handler             \u2013              
    •  
  •  breakpoint_locations             \u2013              
    •  
  •  name             \u2013              
    •  
  •  x86_disassembly_flavor             \u2013              
    •  
  •  string_limit             \u2013              
    •  
  •  get_cmd_window_size             \u2013              
    •  
  •  is_gdblib_available             \u2013              
    •  
  •  addrsz             \u2013              
    •  
  •  set_python_diagnostics             \u2013              
    •  
  •  ctx_suspend_events             \u2013              
    Context manager for temporarily suspending and resuming the delivery of events
     
    •  
 
Attributes:
 
     
  •  exec_states               (list[SBExecutionState])           \u2013            
    •  
  •  event_handlers               (dict[EventType, list[Callable[..., T]]])           \u2013            
    •  
  •  suspended_events               (dict[EventType, bool])           \u2013            
    •  
  •  prompt_hook               (Callable[[], None])           \u2013            
    •  
  •  controllers               (list[tuple[LLDBProcess, Coroutine[Any, Any, None]]])           \u2013            
    •  
  •  lldb_python_state_callback               (Callable[[LLDBPythonState], None])           \u2013            
    Callback to the REPL, used to notify it of LLDB driving Python code
     
    •  
  •  should_suspend_ctx               (bool)           \u2013            
    •  
  •  pre_ctx_lines               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.exec_states","title":"exec_states  instance-attribute","text":"
exec_states: list[SBExecutionState]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handlers","title":"event_handlers  instance-attribute","text":"
event_handlers: dict[EventType, list[Callable[..., T]]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspended_events","title":"suspended_events  instance-attribute","text":"
suspended_events: dict[EventType, bool]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.prompt_hook","title":"prompt_hook  instance-attribute","text":"
prompt_hook: Callable[[], None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.controllers","title":"controllers  instance-attribute","text":"
controllers: list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.lldb_python_state_callback","title":"lldb_python_state_callback  instance-attribute","text":"
lldb_python_state_callback: Callable[[LLDBPythonState], None]\n
 
Callback to the REPL, used to notify it of LLDB driving Python code
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.should_suspend_ctx","title":"should_suspend_ctx  instance-attribute","text":"
should_suspend_ctx: bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.pre_ctx_lines","title":"pre_ctx_lines  property","text":"
pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.setup","title":"setup","text":"
setup(*args, **kwargs)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.relay_exceptions","title":"relay_exceptions","text":"
relay_exceptions() -> None\n
 
Relay an exception raised during an LLDB command handler.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.add_command","title":"add_command","text":"
add_command(\n    command_name: str,\n    handler: Callable[[Debugger, str, bool], None],\n    doc: str | None,\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.history","title":"history","text":"
history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.commands","title":"commands","text":"
commands() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.lex_args","title":"lex_args","text":"
lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_inferior","title":"selected_inferior","text":"
selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_thread","title":"selected_thread","text":"
selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_frame","title":"selected_frame","text":"
selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.has_event_type","title":"has_event_type","text":"
has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handler","title":"event_handler","text":"
event_handler(\n    ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.ctx_suspend_once","title":"ctx_suspend_once","text":"
ctx_suspend_once()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspend_events","title":"suspend_events","text":"
suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.resume_events","title":"resume_events","text":"
resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_sysroot","title":"set_sysroot","text":"
set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"
supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.breakpoint_locations","title":"breakpoint_locations","text":"
breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.name","title":"name","text":"
name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"
x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.string_limit","title":"string_limit","text":"
string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.get_cmd_window_size","title":"get_cmd_window_size","text":"
get_cmd_window_size() -> tuple[int, int]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.is_gdblib_available","title":"is_gdblib_available","text":"
is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.addrsz","title":"addrsz","text":"
addrsz(address: Any) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_python_diagnostics","title":"set_python_diagnostics","text":"
set_python_diagnostics(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.ctx_suspend_events","title":"ctx_suspend_events","text":"
ctx_suspend_events(ty: EventType) -> Iterator[None]\n
 
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.rename_register","title":"rename_register","text":"
rename_register(name: str, proc: LLDBProcess) -> str\n
 
Some register names differ between Pwndbg/GDB and LLDB. This function takes in a register name in the Pwndbg/GDB convention and returns the equivalent LLDB name for the register.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.map_type_code","title":"map_type_code","text":"
map_type_code(type: SBType) -> TypeCode\n
 
Determines the type code of a given LLDB SBType.
"},{"location":"reference/pwndbg/dbg/lldb/hooks/","title":"hooks","text":""},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks","title":"hooks","text":"
Code that sets up hooks for LLDB events.
 
Functions:
 
     
  •  update_typeinfo             \u2013              
    •  
  •  reset_config             \u2013              
    •  
  •  on_start             \u2013              
    •  
  •  on_stop             \u2013              
    •  
  •  on_exit             \u2013              
    •  
  •  renew_show_context             \u2013              
    •  
  •  prompt_hook             \u2013              
    •  
 
Attributes:
 
     
  •  should_show_context           \u2013            
    •  
  •  dbg               (LLDB)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.should_show_context","title":"should_show_context  module-attribute","text":"
should_show_context = False\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.dbg","title":"dbg  module-attribute","text":"
dbg: LLDB = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.update_typeinfo","title":"update_typeinfo","text":"
update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.reset_config","title":"reset_config","text":"
reset_config() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_start","title":"on_start","text":"
on_start() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_stop","title":"on_stop","text":"
on_stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_exit","title":"on_exit","text":"
on_exit() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.renew_show_context","title":"renew_show_context","text":"
renew_show_context()\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.prompt_hook","title":"prompt_hook","text":"
prompt_hook()\n
"},{"location":"reference/pwndbg/dbg/lldb/pset/","title":"pset","text":""},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset","title":"pset","text":"
Classes:
 
     
  •  InvalidParse           \u2013            
    •  
 
Functions:
 
     
  •  pget             \u2013              
    Retrieves a parameter with a given name.
     
    •  
  •  pset             \u2013              
    Parses and sets a Pwndbg configuration value.
     
    •  
  •  parse_value             \u2013              
    •  
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.InvalidParse","title":"InvalidParse","text":"
               Bases: Exception
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.pget","title":"pget","text":"
pget(name: str) -> Parameter | None\n
 
Retrieves a parameter with a given name.
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.pset","title":"pset","text":"
pset(param: Parameter, value: str)\n
 
Parses and sets a Pwndbg configuration value.
 
Raises InvalidParse if the value is not valid.
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.parse_value","title":"parse_value","text":"
parse_value(param: Parameter, expression: str) -> Any\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/","title":"repl","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl","title":"repl","text":"
The Pwndbg REPL that is the interface to all debugging on LLDB.
 
Pwndbg has an event system that allows it to react to events in the process being debugged, such as when new executable modules get added to the its address space, when the value of memory and registers change, and pretty much all possible changes to its execution state. We'd like to have the event system work the same way under LLDB as it does under GDB.
 
Fortunately for us, the events types that are native to LLDB map really well to the event types in GDB and Pwndbg. Very, very unfortunately for us, however, that's basically where our luck ends.
 
LLDB, as of version 18, only provides two ways to capture events: registering directly with the broadcaster, or registering globally. The former is not available to us in the standard LLDB REPL, as we don't get access to the process object until after it's been launched1. Likewise for the latter, as the interactive debugger will register to receive the global process state change events before everyone else, and LLDB doesn't allow for multiple listeners for the same event bits in the same event class2.
 
This leaves us with handling process management ourselves as the only option we really have to implement event dispatch in Pwndbg. Easy, right? We can just hijack the commands that deal with target and process creation, and leave everything else untouched. Unfortunately for us, again, shadowing builtin commands is simply not allowed3.
 
So, really, all that's left for us is either implement our own REPL, or get rid of the event system.
 
Modules:
 
     
  •  fuzzy           \u2013            
    •  
  •  io           \u2013            
    For our REPL, we need to drive our own I/O with the process being debugged. This
     
    •  
  •  proc           \u2013            
    •  
  •  readline           \u2013            
    Readline interface for the Pwndbg LLDB REPL.
     
    •  
 
Classes:
 
     
  •  UserCancelledError           \u2013            
    Internal cancellation exception used by the LLDB CLI.
     
    •  
  •  EventRelay           \u2013            
    The event system that is sensible for the REPL process driver to use isn't
     
    •  
  •  YieldExecDirect           \u2013            
    Execute the given command directly, on behalf of the user.
     
    •  
  •  YieldInteractive           \u2013            
    Prompt the user for the next command.
     
    •  
  •  PwndbgController           \u2013            
    Class providing interfaces for a client to control the behavior of Pwndbg
     
    •  
  •  AutoTarget           \u2013            
    During the execution of some commands, the LLDB CLI automatically creates an
     
    •  
 
Functions:
 
     
  •  print_error             \u2013              
    Print an error message in the style of the LLDB CLI.
     
    •  
  •  print_warn             \u2013              
    Print a warning message in the style of the LLDB CLI.
     
    •  
  •  print_hint             \u2013              
    Print a hint message in the style of the LLDB CLI.
     
    •  
  •  print_info             \u2013              
    Print an information message in the style of the LLDB CLI.
     
    •  
  •  lex_args             \u2013              
    Splits the arguments, respecting quotation marks.
     
    •  
  •  show_greeting             \u2013              
    Show the Pwndbg greeting, the same way the GDB version of Pwndbg would. This
     
    •  
  •  run             \u2013              
    Runs the Pwndbg CLI through the given asynchronous controller.
     
    •  
  •  exec_repl_command             \u2013              
    Parses and runs the given command, returning whether the event loop should continue.
     
    •  
  •  parse             \u2013              
    Parses a list of string arguments into an object containing the parsed
     
    •  
  •  run_ipython_shell             \u2013              
    •  
  •  target_create             \u2013              
    Creates a new target, registers it with the Pwndbg LLDB implementation, and
     
    •  
  •  process_launch             \u2013              
    Launches a process with the given arguments.
     
    •  
  •  process_attach             \u2013              
    Attaches to a process with the given arguments.
     
    •  
  •  attach             \u2013              
    Attaches to a process with the given name or pid based on regex match.
     
    •  
  •  process_connect             \u2013              
    Connects to the given remote process.
     
    •  
  •  gdb_remote             \u2013              
    Like process_connect, but more lenient with the remote URL format.
     
    •  
  •  continue_process             \u2013              
    Continues the execution of a process.
     
    •  
 
Attributes:
 
     
  •  HAS_FZF           \u2013            
    •  
  •  show_tip           \u2013            
    •  
  •  LLDB_EXCLUSIVE           \u2013            
    •  
  •  target_create_ap           \u2013            
    •  
  •  target_create_unsupported           \u2013            
    •  
  •  process_launch_ap           \u2013            
    •  
  •  process_launch_unsupported           \u2013            
    •  
  •  process_attach_ap           \u2013            
    •  
  •  process_attach_unsupported           \u2013            
    •  
  •  process_connect_ap           \u2013            
    •  
  •  gdb_remote_ap           \u2013            
    •  
  •  continue_ap           \u2013            
    •  
  •  continue_unsupported           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.HAS_FZF","title":"HAS_FZF  module-attribute","text":"
HAS_FZF = which('fzf') is not None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.show_tip","title":"show_tip  module-attribute","text":"
show_tip = add_param(\n    \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.LLDB_EXCLUSIVE","title":"LLDB_EXCLUSIVE  module-attribute","text":"
LLDB_EXCLUSIVE = [\n    (\"script\", lambda cmd: startswith(\"sc\") and startswith(cmd)),\n    (\"expression\", lambda cmd: startswith(\"e\") and startswith(cmd)),\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_ap","title":"target_create_ap  module-attribute","text":"
target_create_ap = ArgumentParser(add_help=False, prog='target create')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_unsupported","title":"target_create_unsupported  module-attribute","text":"
target_create_unsupported = [\n    \"build\",\n    \"core\",\n    \"no-dependents\",\n    \"remote-file\",\n    \"symfile\",\n    \"version\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_ap","title":"process_launch_ap  module-attribute","text":"
process_launch_ap = ArgumentParser(add_help=False, prog='process launch')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_unsupported","title":"process_launch_unsupported  module-attribute","text":"
process_launch_unsupported = [\n    \"script-class\",\n    \"plugin\",\n    \"arch\",\n    \"shell\",\n    \"stderr\",\n    \"stdin\",\n    \"structured-data-key\",\n    \"no-stdio\",\n    \"stdout\",\n    \"tty\",\n    \"structured-data-value\",\n    \"working-dir\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_ap","title":"process_attach_ap  module-attribute","text":"
process_attach_ap = ArgumentParser(add_help=False, prog='process attach')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_unsupported","title":"process_attach_unsupported  module-attribute","text":"
process_attach_unsupported = [\n    \"python-class\",\n    \"plugin\",\n    \"structured-data-key\",\n    \"structured-data-value\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect_ap","title":"process_connect_ap  module-attribute","text":"
process_connect_ap = ArgumentParser(add_help=False, prog='process connect')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote_ap","title":"gdb_remote_ap  module-attribute","text":"
gdb_remote_ap = ArgumentParser(add_help=False, prog='gdb-remote')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_ap","title":"continue_ap  module-attribute","text":"
continue_ap = ArgumentParser(add_help=False, prog='continue')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_unsupported","title":"continue_unsupported  module-attribute","text":"
continue_unsupported = ['ignore-count']\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.UserCancelledError","title":"UserCancelledError","text":"
               Bases: CancelledError
 
Internal cancellation exception used by the LLDB CLI.
 
Sometimes, it's necessary to cancel both commands and subroutines mid-execution. This is an internal exception type that is used in these conditions.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay","title":"EventRelay","text":"
EventRelay(dbg: LLDB)\n
 
               Bases: EventHandler
 
The event system that is sensible for the REPL process driver to use isn't an exact match with the one used by the rest of Pwndbg. They're close, but there's a bit of work we have to do to properly convey certain events.
 
Methods:
 
     
  •  created             \u2013              
    •  
  •  suspended             \u2013              
    •  
  •  resumed             \u2013              
    •  
  •  exited             \u2013              
    •  
  •  modules_loaded             \u2013              
    •  
 
Attributes:
 
     
  •  dbg           \u2013            
    •  
  •  ignore_resumed           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.dbg","title":"dbg  instance-attribute","text":"
dbg = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.ignore_resumed","title":"ignore_resumed  instance-attribute","text":"
ignore_resumed = 0\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.created","title":"created","text":"
created()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.suspended","title":"suspended","text":"
suspended(event: SBEvent)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.resumed","title":"resumed","text":"
resumed()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.exited","title":"exited","text":"
exited()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.modules_loaded","title":"modules_loaded","text":"
modules_loaded()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldExecDirect","title":"YieldExecDirect","text":"
YieldExecDirect(command: str, capture: bool, prompt_silent: bool)\n
 
Execute the given command directly, on behalf of the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldInteractive","title":"YieldInteractive","text":"
Prompt the user for the next command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController","title":"PwndbgController","text":"
Class providing interfaces for a client to control the behavior of Pwndbg asynchronously.
 
Methods:
 
     
  •  interactive             \u2013              
    Runs a single interactive round, in which the user is prompted for a
     
    •  
  •  execute             \u2013              
    Runs the given command, and displays its output to the user.
     
    •  
  •  execute_and_capture             \u2013              
    Runs the given command, and captures its output as a byte string.
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.interactive","title":"interactive","text":"
interactive() -> Awaitable[None]\n
 
Runs a single interactive round, in which the user is prompted for a command from standard input and readline, and whatever command they type in is executed.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute","title":"execute","text":"
execute(command: str) -> Awaitable[None]\n
 
Runs the given command, and displays its output to the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute--interactivity","title":"Interactivity","text":"
Some commands - such as lldb and ipi - start interactive prompts when they are run, and issuing them through this command will not change that behavior.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture","title":"execute_and_capture","text":"
execute_and_capture(command: str) -> Awaitable[bytes]\n
 
Runs the given command, and captures its output as a byte string.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--interactivity","title":"Interactivity","text":"
Same caveats apply as in execute.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--reliabily-of-capture","title":"Reliabily of Capture","text":"
Some Pwndbg commands currently do not have their outputs captured, even when run through this command. It is expected that this will be improved in the future, but, as as general rule, clients should not rely on the output of the command being available.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget","title":"AutoTarget","text":"
AutoTarget(dbg: LLDB)\n
 
During the execution of some commands, the LLDB CLI automatically creates an empty target and selects it before the command is executed.
 
Methods:
 
     
  •  __bool__             \u2013              
    •  
  •  close             \u2013              
    •  
 
Attributes:
 
     
  •  error           \u2013            
    •  
  •  target           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.error","title":"error  instance-attribute","text":"
error = SBError()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.target","title":"target  instance-attribute","text":"
target = CreateTarget(None, None, None, True, error)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.__bool__","title":"__bool__","text":"
__bool__()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.close","title":"close","text":"
close()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_error","title":"print_error","text":"
print_error(msg: str, *args)\n
 
Print an error message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_warn","title":"print_warn","text":"
print_warn(msg: str, *args)\n
 
Print a warning message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_hint","title":"print_hint","text":"
print_hint(msg: str, *args)\n
 
Print a hint message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_info","title":"print_info","text":"
print_info(msg: str, *args)\n
 
Print an information message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.lex_args","title":"lex_args","text":"
lex_args(args: str) -> list[str]\n
 
Splits the arguments, respecting quotation marks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.show_greeting","title":"show_greeting","text":"
show_greeting() -> None\n
 
Show the Pwndbg greeting, the same way the GDB version of Pwndbg would. This one is considerably simpler than the GDB version, however, as we control the lifetime of the program, we know exactly when the greeting needs to be shown, so we don't bother with any of the lifetime checks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run","title":"run","text":"
run(\n    controller: Callable[..., Coroutine[Any, Any, None]],\n    *args,\n    debug: bool = False,\n) -> None\n
 
Runs the Pwndbg CLI through the given asynchronous controller.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.exec_repl_command","title":"exec_repl_command","text":"
exec_repl_command(\n    line: str, output_to, dbg: LLDB, driver: ProcessDriver, relay: EventRelay\n) -> bool\n
 
Parses and runs the given command, returning whether the event loop should continue.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.parse","title":"parse","text":"
parse(\n    args: list[str],\n    parser: ArgumentParser,\n    unsupported: list[str],\n    raw_marker: str | None = None,\n) -> Any | None\n
 
Parses a list of string arguments into an object containing the parsed data.
 
If raw_marker is not None, the argument list will be split in two, with all arguments before the split being fed to the argument parser, and all arguments after the split being returned as-is. In this case the return value is a tuple.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run_ipython_shell","title":"run_ipython_shell","text":"
run_ipython_shell()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create","title":"target_create","text":"
target_create(args: list[str], dbg: LLDB) -> None\n
 
Creates a new target, registers it with the Pwndbg LLDB implementation, and sets up listeners for it.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch","title":"process_launch","text":"
process_launch(\n    driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
 
Launches a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach","title":"process_attach","text":"
process_attach(\n    driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
 
Attaches to a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.attach","title":"attach","text":"
attach(\n    driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
 
Attaches to a process with the given name or pid based on regex match. Used for _regexp-attach <pid|name> (alias for attach <pid|name>) Note: for some reason, attach does not really take a regex for process name.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect","title":"process_connect","text":"
process_connect(\n    driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
 
Connects to the given remote process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote","title":"gdb_remote","text":"
gdb_remote(\n    driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
 
Like process_connect, but more lenient with the remote URL format.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_process","title":"continue_process","text":"
continue_process(driver: ProcessDriver, args: list[str], dbg: LLDB) -> None\n
 
Continues the execution of a process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/","title":"fuzzy","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy","title":"fuzzy","text":"
Classes:
 
     
  •  FzfTabCompletePreviewThread           \u2013            
    A thread for previewing help docs of selected completion with fzf.
     
    •  
  •  LLDBHistory           \u2013            
    Manage your LLDB History
     
    •  
  •  LLDBCompleter           \u2013            
    Completer of LLDB
     
    •  
 
Functions:
 
     
  •  get_lldb_completes             \u2013              
    •  
  •  safe_get_help_docs             \u2013              
    •  
  •  should_get_help_docs             \u2013              
    Check if we need to get help docs for another completion that generated by same command.
     
    •  
  •  get_lldb_completion_and_status             \u2013              
    Return all possible completions and whether we need to get help docs for all completions.
     
    •  
  •  create_fzf_process             \u2013              
    Create a fzf process with given query and preview command.
     
    •  
  •  create_preview_fifos             \u2013              
    Create a temporary directory and two FIFOs in it, return the paths of these FIFOs.
     
    •  
  •  fzf_reverse_search             \u2013              
    Reverse search history with fzf.
     
    •  
  •  fzf_tab_autocomplete             \u2013              
    Tab autocomplete with fzf.
     
    •  
  •  wrap_with_history             \u2013              
    •  
  •  get_prompt_session             \u2013              
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  PROMPT           \u2013            
    •  
  •  HISTORY_FILE           \u2013            
    •  
  •  FZF_RUN_CMD           \u2013            
    •  
  •  FZF_PRVIEW_WINDOW_ARGS           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.PROMPT","title":"PROMPT  module-attribute","text":"
PROMPT = ANSI('\\x1b[34mpwndbg-lldb>\\x1b[0m ')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.HISTORY_FILE","title":"HISTORY_FILE  module-attribute","text":"
HISTORY_FILE = expanduser('~/.pwndbg_history')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FZF_RUN_CMD","title":"FZF_RUN_CMD  module-attribute","text":"
FZF_RUN_CMD = (\n    \"fzf\",\n    \"--select-1\",\n    \"--exit-0\",\n    \"--tiebreak=index\",\n    \"--no-multi\",\n    \"--height=40%\",\n    \"--layout=reverse\",\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FZF_PRVIEW_WINDOW_ARGS","title":"FZF_PRVIEW_WINDOW_ARGS  module-attribute","text":"
FZF_PRVIEW_WINDOW_ARGS = ('--preview-window', 'right:55%:wrap')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread","title":"FzfTabCompletePreviewThread","text":"
FzfTabCompletePreviewThread(\n    fifo_input_path: str,\n    fifo_output_path: str,\n    completion_help_docs: dict[int, str],\n    **kwargs,\n)\n
 
               Bases: Thread
 
A thread for previewing help docs of selected completion with fzf.
 
This is modified from: https://github.com/infokiller/config-public/blob/master/.config/ipython/profile_default/startup/ext/fzf_history.py#L72
 
Methods:
 
     
  •  run             \u2013              
    •  
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  fifo_input_path           \u2013            
    •  
  •  fifo_output_path           \u2013            
    •  
  •  completion_help_docs           \u2013            
    •  
  •  is_done           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.fifo_input_path","title":"fifo_input_path  instance-attribute","text":"
fifo_input_path = fifo_input_path\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.fifo_output_path","title":"fifo_output_path  instance-attribute","text":"
fifo_output_path = fifo_output_path\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.completion_help_docs","title":"completion_help_docs  instance-attribute","text":"
completion_help_docs = completion_help_docs\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.is_done","title":"is_done  instance-attribute","text":"
is_done = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.run","title":"run","text":"
run() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.stop","title":"stop","text":"
stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBHistory","title":"LLDBHistory","text":"
LLDBHistory(filename: str, ignore_duplicates: bool = False)\n
 
               Bases: FileHistory
 
Manage your LLDB History
 
Methods:
 
     
  •  load_history_strings             \u2013              
    •  
  •  store_string             \u2013              
    •  
 
Attributes:
 
     
  •  ignore_duplicates           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBHistory.ignore_duplicates","title":"ignore_duplicates  instance-attribute","text":"
ignore_duplicates = ignore_duplicates\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBHistory.load_history_strings","title":"load_history_strings","text":"
load_history_strings() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBHistory.store_string","title":"store_string","text":"
store_string(string: str) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBCompleter","title":"LLDBCompleter","text":"
LLDBCompleter(dbg)\n
 
               Bases: Completer
 
Completer of LLDB
 
Methods:
 
     
  •  get_completions             \u2013              
    •  
 
Attributes:
 
     
  •  dbg           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBCompleter.dbg","title":"dbg  instance-attribute","text":"
dbg = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBCompleter.get_completions","title":"get_completions","text":"
get_completions(\n    document: Document, complete_event: CompleteEvent\n) -> Iterator[Completion]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.get_lldb_completes","title":"get_lldb_completes","text":"
get_lldb_completes(dbg: LLDB, query: str = '') -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.safe_get_help_docs","title":"safe_get_help_docs","text":"
safe_get_help_docs(dbg: LLDB, command: str) -> str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.should_get_help_docs","title":"should_get_help_docs","text":"
should_get_help_docs(dbg: LLDB, completion: str) -> bool\n
 
Check if we need to get help docs for another completion that generated by same command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.get_lldb_completion_and_status","title":"get_lldb_completion_and_status","text":"
get_lldb_completion_and_status(dbg: LLDB, query: str) -> tuple[list[str], bool]\n
 
Return all possible completions and whether we need to get help docs for all completions.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.create_fzf_process","title":"create_fzf_process","text":"
create_fzf_process(\n    query: str, preview: str = \"\", pre_cmd: str = \"\"\n) -> Popen[str]\n
 
Create a fzf process with given query and preview command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.create_preview_fifos","title":"create_preview_fifos","text":"
create_preview_fifos() -> tuple[str, str]\n
 
Create a temporary directory and two FIFOs in it, return the paths of these FIFOs.
 
This is modified from: https://github.com/infokiller/config-public/blob/652b4638a0a0ffed9743fa9e0ad2a8d4e4e90572/.config/ipython/profile_default/startup/ext/fzf_history.py#L128
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.fzf_reverse_search","title":"fzf_reverse_search","text":"
fzf_reverse_search(event: KeyPressEvent) -> None\n
 
Reverse search history with fzf.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.fzf_tab_autocomplete","title":"fzf_tab_autocomplete","text":"
fzf_tab_autocomplete(\n    event: KeyPressEvent, dbg: LLDB, preview: str, fifo_in: str, fifo_out: str\n) -> None\n
 
Tab autocomplete with fzf.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.wrap_with_history","title":"wrap_with_history","text":"
wrap_with_history(function: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.get_prompt_session","title":"get_prompt_session","text":"
get_prompt_session(dbg)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/","title":"io","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io","title":"io","text":"
For our REPL, we need to drive our own I/O with the process being debugged. This module contains all the strategies we have for doing that.
 
Classes:
 
     
  •  OpportunisticTerminalControl           \u2013            
    Handles optional terminal control for a given file descriptor. Crucially,
     
    •  
  •  IODriver           \u2013            
    •  
  •  IODriverPlainText           \u2013            
    Plaintext-based I/O driver. It simply copies input from our standard input
     
    •  
  •  IODriverPseudoTerminal           \u2013            
    pty-based I/O driver. Forwards input from standard input and has support for
     
    •  
 
Functions:
 
     
  •  get_io_driver             \u2013              
    Instances a new IODriver using the best strategy available in the current
     
    •  
  •  make_pty             \u2013              
    We need to make a pseudo-terminal ourselves if we want the process to handle
     
    •  
 
Attributes:
 
     
  •  TERM_CONTROL_AVAILABLE           \u2013            
    •  
  •  SELECT_AVAILABLE           \u2013            
    •  
  •  PTY_AVAILABLE           \u2013            
    •  
  •  TC_LFLAG           \u2013            
    •  
  •  LIVE_PSEUDO_TERMINAL_OBJECTS           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.TERM_CONTROL_AVAILABLE","title":"TERM_CONTROL_AVAILABLE  module-attribute","text":"
TERM_CONTROL_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.SELECT_AVAILABLE","title":"SELECT_AVAILABLE  module-attribute","text":"
SELECT_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.PTY_AVAILABLE","title":"PTY_AVAILABLE  module-attribute","text":"
PTY_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.TC_LFLAG","title":"TC_LFLAG  module-attribute","text":"
TC_LFLAG = 3\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.LIVE_PSEUDO_TERMINAL_OBJECTS","title":"LIVE_PSEUDO_TERMINAL_OBJECTS  module-attribute","text":"
LIVE_PSEUDO_TERMINAL_OBJECTS = False\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl","title":"OpportunisticTerminalControl","text":"
OpportunisticTerminalControl(fd: int = -1)\n
 
Handles optional terminal control for a given file descriptor. Crucially, all the functions in this class should work regardless of whether terminal control is actually supported on not, but should do nothing in case it is not supported.
 
'/dev/tty', and use that.
 
Methods:
 
     
  •  get_line_buffering             \u2013              
    Gets the current state of line buffering for this terminal.
     
    •  
  •  set_line_buffering             \u2013              
    Enables or disables line buffering for this terminal.
     
    •  
  •  get_echo             \u2013              
    Gets the current state of echoing for this terminal.
     
    •  
  •  set_echo             \u2013              
    Enables or disables echoing for this terminal.
     
    •  
 
Attributes:
 
     
  •  fd               (int)           \u2013            
    •  
  •  supported               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.fd","title":"fd  instance-attribute","text":"
fd: int = fd\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.supported","title":"supported  instance-attribute","text":"
supported: bool = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_line_buffering","title":"get_line_buffering","text":"
get_line_buffering() -> bool\n
 
Gets the current state of line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_line_buffering","title":"set_line_buffering","text":"
set_line_buffering(enabled: bool) -> None\n
 
Enables or disables line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_echo","title":"get_echo","text":"
get_echo() -> bool\n
 
Gets the current state of echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_echo","title":"set_echo","text":"
set_echo(enabled: bool) -> None\n
 
Enables or disables echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver","title":"IODriver","text":"
Methods:
 
     
  •  stdio             \u2013              
    The names for the stdin, stdout and stderr files, respectively. These
     
    •  
  •  start             \u2013              
    Starts the handling of I/O by this driver on the given process.
     
    •  
  •  stop             \u2013              
    Stops the handling of I/O by this driver.
     
    •  
  •  on_output_event             \u2013              
    Hints that there might be data in either the standard output or the
     
    •  
  •  on_process_start             \u2013              
    Allow the I/O driver an opportunity to change aspects of the process
     
    •  
  •  close             \u2013              
    Terminate this driver and release all resources associated with it.
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.stdio","title":"stdio","text":"
stdio() -> tuple[str | None, str | None, str | None]\n
 
The names for the stdin, stdout and stderr files, respectively. These will get passed as arguments to SBTarget.Launch
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.start","title":"start","text":"
start(process: Process) -> None\n
 
Starts the handling of I/O by this driver on the given process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.stop","title":"stop","text":"
stop() -> None\n
 
Stops the handling of I/O by this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_output_event","title":"on_output_event","text":"
on_output_event() -> None\n
 
Hints that there might be data in either the standard output or the standard error streams. This should be called when an eBroadcastBitSTDOUT or eBroadcastBitSTDERR is encountered by the event loop.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_process_start","title":"on_process_start","text":"
on_process_start(proc: SBProcess) -> None\n
 
Allow the I/O driver an opportunity to change aspects of the process after it has been launched, but before it has started executing, if it so wishes.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.close","title":"close","text":"
close() -> None\n
 
Terminate this driver and release all resources associated with it.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText","title":"IODriverPlainText","text":"
IODriverPlainText()\n
 
               Bases: IODriver
 
Plaintext-based I/O driver. It simply copies input from our standard input to the standard input of a given process, and copies output from the standard output of a given process to out standard output.
 
Methods:
 
     
  •  stdio             \u2013              
    •  
  •  on_output_event             \u2013              
    •  
  •  on_process_start             \u2013              
    •  
  •  start             \u2013              
    •  
  •  stop             \u2013              
    •  
  •  close             \u2013              
    •  
 
Attributes:
 
     
  •  likely_output               (BoundedSemaphore)           \u2013            
    •  
  •  process               (SBProcess)           \u2013            
    •  
  •  stop_requested               (Event)           \u2013            
    •  
  •  start_requested               (Semaphore)           \u2013            
    •  
  •  stop_fulfilled               (Semaphore)           \u2013            
    •  
  •  in_thr               (Thread)           \u2013            
    •  
  •  out_thr               (Thread)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.likely_output","title":"likely_output  instance-attribute","text":"
likely_output: BoundedSemaphore = BoundedSemaphore(1)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.process","title":"process  instance-attribute","text":"
process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop_requested","title":"stop_requested  instance-attribute","text":"
stop_requested: Event = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.start_requested","title":"start_requested  instance-attribute","text":"
start_requested: Semaphore = BoundedSemaphore(2)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop_fulfilled","title":"stop_fulfilled  instance-attribute","text":"
stop_fulfilled: Semaphore = BoundedSemaphore(2)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.in_thr","title":"in_thr  instance-attribute","text":"
in_thr: Thread = Thread(target=_handle_input)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.out_thr","title":"out_thr  instance-attribute","text":"
out_thr: Thread = Thread(target=_handle_output)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stdio","title":"stdio","text":"
stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_output_event","title":"on_output_event","text":"
on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_process_start","title":"on_process_start","text":"
on_process_start(proc: SBProcess) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.start","title":"start","text":"
start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop","title":"stop","text":"
stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.close","title":"close","text":"
close() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal","title":"IODriverPseudoTerminal","text":"
IODriverPseudoTerminal(manager: int, worker: str)\n
 
               Bases: IODriver
 
pty-based I/O driver. Forwards input from standard input and has support for terminal width and height, and for terminal-based file operations on the program being debugged.
 
Methods:
 
     
  •  stdio             \u2013              
    •  
  •  start             \u2013              
    •  
  •  stop             \u2013              
    •  
  •  on_output_event             \u2013              
    •  
  •  on_process_start             \u2013              
    •  
  •  close             \u2013              
    •  
 
Attributes:
 
     
  •  io_thread               (Thread)           \u2013            
    •  
  •  has_terminal_control               (bool)           \u2013            
    •  
  •  manager               (int)           \u2013            
    •  
  •  worker               (str)           \u2013            
    •  
  •  termcontrol               (OpportunisticTerminalControl)           \u2013            
    •  
  •  stop_requested               (Event)           \u2013            
    •  
  •  input_buffer               (bytes)           \u2013            
    •  
  •  process               (SBProcess)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.io_thread","title":"io_thread  instance-attribute","text":"
io_thread: Thread\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.has_terminal_control","title":"has_terminal_control  instance-attribute","text":"
has_terminal_control: bool\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.manager","title":"manager  instance-attribute","text":"
manager: int = manager\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.worker","title":"worker  instance-attribute","text":"
worker: str = worker\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.termcontrol","title":"termcontrol  instance-attribute","text":"
termcontrol: OpportunisticTerminalControl = OpportunisticTerminalControl()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop_requested","title":"stop_requested  instance-attribute","text":"
stop_requested: Event = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.input_buffer","title":"input_buffer  instance-attribute","text":"
input_buffer: bytes = b''\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.process","title":"process  instance-attribute","text":"
process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stdio","title":"stdio","text":"
stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.start","title":"start","text":"
start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop","title":"stop","text":"
stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_output_event","title":"on_output_event","text":"
on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_process_start","title":"on_process_start","text":"
on_process_start(proc: SBProcess) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.close","title":"close","text":"
close() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.get_io_driver","title":"get_io_driver","text":"
get_io_driver() -> IODriver\n
 
Instances a new IODriver using the best strategy available in the current system. Meaning a PTY on Unix and plain text on Windows.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.make_pty","title":"make_pty","text":"
make_pty() -> tuple[str, int] | None\n
 
We need to make a pseudo-terminal ourselves if we want the process to handle naturally for the user. Returns a tuple with the path of the worker device and the file descriptor of the manager device if successful.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/","title":"proc","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc","title":"proc","text":"
Classes:
 
     
  •  EventHandler           \u2013            
    The event types that make sense for us to track in the process driver aren't
     
    •  
  •  LaunchResult           \u2013            
    Base class for results of launch operations.
     
    •  
  •  LaunchResultSuccess           \u2013            
    Indicates that the process was fully launched or attached to.
     
    •  
  •  LaunchResultEarlyExit           \u2013            
    Indicates that the process was fully launched or attached to, but that it
     
    •  
  •  LaunchResultConnected           \u2013            
    Indicates that there has been a successful connection to a remote
     
    •  
  •  LaunchResultError           \u2013            
    Indicates that there was an error launching the process.
     
    •  
  •  ProcessDriver           \u2013            
    Drives the execution of a process, responding to its events and handling its
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler","title":"EventHandler","text":"
The event types that make sense for us to track in the process driver aren't the same as the ones in the rest of Pwndbg, so we just expose the native events in process driver, and let the rest of the REPL deal with any complexities that might arise from the translation.
 
This is mostly intended to keep the complexity of generating the START and NEW_THREAD events correctly out of the process driver.
 
Methods:
 
     
  •  created             \u2013              
    This function is called when a process is created or attached to.
     
    •  
  •  suspended             \u2013              
    This function is called when the execution of a process is suspended.
     
    •  
  •  resumed             \u2013              
    This function is called when the execution of a process is resumed.
     
    •  
  •  exited             \u2013              
    This function is called when a process terminates or is detached from.
     
    •  
  •  modules_loaded             \u2013              
    This function is called when a new modules have been loaded.
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.created","title":"created","text":"
created()\n
 
This function is called when a process is created or attached to.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.suspended","title":"suspended","text":"
suspended(cause: SBEvent)\n
 
This function is called when the execution of a process is suspended.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.resumed","title":"resumed","text":"
resumed()\n
 
This function is called when the execution of a process is resumed.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.exited","title":"exited","text":"
exited()\n
 
This function is called when a process terminates or is detached from.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.modules_loaded","title":"modules_loaded","text":"
modules_loaded()\n
 
This function is called when a new modules have been loaded.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResult","title":"LaunchResult","text":"
Base class for results of launch operations.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultSuccess","title":"LaunchResultSuccess","text":"
               Bases: LaunchResult
 
Indicates that the process was fully launched or attached to.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultEarlyExit","title":"LaunchResultEarlyExit","text":"
               Bases: LaunchResult
 
Indicates that the process was fully launched or attached to, but that it exited immediately, with no stop events.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultConnected","title":"LaunchResultConnected","text":"
               Bases: LaunchResult
 
Indicates that there has been a successful connection to a remote debugserver, but that no process is being debugged yet.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultError","title":"LaunchResultError","text":"
LaunchResultError(what: SBError, disconnected: bool)\n
 
               Bases: LaunchResult
 
Indicates that there was an error launching the process.
 
Attributes:
 
     
  •  __match_args__           \u2013            
    •  
  •  what           \u2013            
    •  
  •  disconnected           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultError.__match_args__","title":"__match_args__  class-attribute instance-attribute","text":"
__match_args__ = ('what', 'disconnected')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultError.what","title":"what  instance-attribute","text":"
what = what\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultError.disconnected","title":"disconnected  instance-attribute","text":"
disconnected = disconnected\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver","title":"ProcessDriver","text":"
ProcessDriver(event_handler: EventHandler, debug=False)\n
 
Drives the execution of a process, responding to its events and handling its I/O, and exposes a simple synchronous interface to the REPL interface.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver--iodriver-state-machine","title":"IODriver State Machine","text":"
Because LLDB can make Python code from Pwndbg execute while an I/O driver is active, and having the I/O driver active while Pwndbg is running leads to all sorts of fun failure modes, we want to be able to pause it temporarily.
 
We, thus, use the states described in _IODriverState to keep track of what operations may be performed on the current IODriver.
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
  •  debug_print             \u2013              
    •  
  •  has_process             \u2013              
    Whether there's an active process in this driver.
     
    •  
  •  has_connection             \u2013              
    Whether this driver's connected to a target. All drivers that have an
     
    •  
  •  interrupt             \u2013              
    Interrupts the currently running process or command.
     
    •  
  •  suspend_interrupts             \u2013              
    Sometimes it's necessary to guard against interruption by
     
    •  
  •  pause_io_if_running             \u2013              
    Pauses the handling of process I/O if it is currently running.
     
    •  
  •  resume_io_if_running             \u2013              
    Resumes the handling of process I/O if it is currently running.
     
    •  
  •  cont             \u2013              
    Continues execution of the process this object is driving, and returns
     
    •  
  •  run_lldb_command             \u2013              
    Runs the given LLDB command and ataches I/O if necessary.
     
    •  
  •  run_coroutine             \u2013              
    Runs the given coroutine and allows it to control the execution of the
     
    •  
  •  launch             \u2013              
    Launches the process and handles startup events. Always stops on first
     
    •  
  •  attach             \u2013              
    Attach to a process and handles startup events. Always stops on first
     
    •  
  •  connect             \u2013              
    Connects to a remote proces with the given URL using the plugin with the
     
    •  
 
Attributes:
 
     
  •  io               (IODriver)           \u2013            
    •  
  •  process               (SBProcess)           \u2013            
    •  
  •  listener               (SBListener)           \u2013            
    •  
  •  debug               (bool)           \u2013            
    •  
  •  eh               (EventHandler)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.io","title":"io  instance-attribute","text":"
io: IODriver = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.process","title":"process  instance-attribute","text":"
process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.listener","title":"listener  instance-attribute","text":"
listener: SBListener = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.debug","title":"debug  instance-attribute","text":"
debug: bool = debug\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.eh","title":"eh  instance-attribute","text":"
eh: EventHandler = event_handler\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.__enter__","title":"__enter__","text":"
__enter__() -> ProcessDriver\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.__exit__","title":"__exit__","text":"
__exit__(_exc_type, _exc_val, _exc_tb) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.debug_print","title":"debug_print","text":"
debug_print(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_process","title":"has_process","text":"
has_process() -> bool\n
 
Whether there's an active process in this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_connection","title":"has_connection","text":"
has_connection() -> bool\n
 
Whether this driver's connected to a target. All drivers that have an active process also must necessarily be connected.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.interrupt","title":"interrupt","text":"
interrupt(in_lldb_command_handler: bool = False) -> None\n
 
Interrupts the currently running process or command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.suspend_interrupts","title":"suspend_interrupts","text":"
suspend_interrupts(interrupt: Callable[[], None] | None = None)\n
 
Sometimes it's necessary to guard against interruption by self.interrupt, especially when being interrupted would lead to bad process state.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.pause_io_if_running","title":"pause_io_if_running","text":"
pause_io_if_running() -> None\n
 
Pauses the handling of process I/O if it is currently running.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.resume_io_if_running","title":"resume_io_if_running","text":"
resume_io_if_running() -> None\n
 
Resumes the handling of process I/O if it is currently running.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cont","title":"cont","text":"
cont() -> None\n
 
Continues execution of the process this object is driving, and returns whenever the process stops.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_lldb_command","title":"run_lldb_command","text":"
run_lldb_command(command: str, target: BinaryIO) -> None\n
 
Runs the given LLDB command and ataches I/O if necessary.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_coroutine","title":"run_coroutine","text":"
run_coroutine(coroutine: Coroutine[Any, Any, None]) -> bool\n
 
Runs the given coroutine and allows it to control the execution of the process in this driver. Returns True if the coroutine ran to completion, and False if it was cancelled.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.launch","title":"launch","text":"
launch(\n    target: SBTarget,\n    io: IODriver,\n    env: list[str],\n    args: list[str],\n    working_dir: str | None,\n    disable_aslr: bool,\n) -> LaunchResult\n
 
Launches the process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
 
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.attach","title":"attach","text":"
attach(target: SBTarget, info: SBAttachInfo) -> LaunchResult\n
 
Attach to a process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
 
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.connect","title":"connect","text":"
connect(target: SBTarget, io: IODriver, url: str, plugin: str) -> LaunchResult\n
 
Connects to a remote proces with the given URL using the plugin with the given name. This might cause the process to launch in some implementations, or it might require a call to launch(), in implementations that require a further call to SBProcess::RemoteLaunch().
 
Fires the created() event if a process is automatically attached to or launched when a connection succeeds.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/","title":"readline","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline","title":"readline","text":"
Readline interface for the Pwndbg LLDB REPL.
 
Mostly concerns itself with argument completion.
 
Functions:
 
     
  •  complete             \u2013              
    Runs the tab autocompletion function for readline based on the values
     
    •  
  •  display_completions             \u2013              
    Display the completions found by complete in the style of LLDB.
     
    •  
  •  wrap_with_history             \u2013              
    •  
  •  ctx_with_history             \u2013              
    •  
  •  enable_readline             \u2013              
    Enables the readline functionality.
     
    •  
  •  disable_readline             \u2013              
    Disables the readline functionality.
     
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  PROMPT           \u2013            
    •  
  •  HISTORY_FILE           \u2013            
    •  
  •  complete_values           \u2013            
    •  
  •  complete_descrs           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.PROMPT","title":"PROMPT  module-attribute","text":"
PROMPT = readline_escape(prompt, 'pwndbg-lldb> ')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.HISTORY_FILE","title":"HISTORY_FILE  module-attribute","text":"
HISTORY_FILE = expanduser('~/.pwndbg_history')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_values","title":"complete_values  module-attribute","text":"
complete_values = SBStringList()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_descrs","title":"complete_descrs  module-attribute","text":"
complete_descrs = SBStringList()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete","title":"complete","text":"
complete(dbg: LLDB, text: str, state: int) -> str | None\n
 
Runs the tab autocompletion function for readline based on the values returned by SBCommandInterpreter.HandleCompletion.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.display_completions","title":"display_completions","text":"
display_completions(substitutions, matches, longest_match_len)\n
 
Display the completions found by complete in the style of LLDB.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.wrap_with_history","title":"wrap_with_history","text":"
wrap_with_history(function: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.ctx_with_history","title":"ctx_with_history","text":"
ctx_with_history()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.enable_readline","title":"enable_readline","text":"
enable_readline(dbg: LLDB)\n
 
Enables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.disable_readline","title":"disable_readline","text":"
disable_readline()\n
 
Disables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/util/","title":"util","text":""},{"location":"reference/pwndbg/dbg/lldb/util/#pwndbg.dbg.lldb.util","title":"util","text":"
Functions:
 
     
  •  system_decode             \u2013              
    LLDB requires Python strings in many places where it makes sense to accept
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/util/#pwndbg.dbg.lldb.util.system_decode","title":"system_decode","text":"
system_decode(b: bytes) -> str\n
 
LLDB requires Python strings in many places where it makes sense to accept bytes values. This is mostly an artifact of how Swig maps C char* to str in Python, but since Swig will refuse bytes objects, we have to figure out a way to pass this data as a regular string object, even if that's nonsensical in Python terms.
 
This function tries its best to resolve that by decoding it with the same decoder the filesystem uses, and, failing that, ASCII.
"},{"location":"reference/pwndbg/decorators/","title":"decorators","text":""},{"location":"reference/pwndbg/decorators/#pwndbg.decorators","title":"decorators","text":"
Project-wide function decorators.
 
Functions:
 
     
  •  only_after_first_prompt             \u2013              
    Decorator to prevent a function from running before the first prompt was displayed.
     
    •  
  •  suppress_errors             \u2013              
    Decorator to make a function return a fallback value when it would otherwise error.
     
    •  
 
Attributes:
 
     
  •  first_prompt           \u2013            
    •  
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  K           \u2013            
    •  
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.first_prompt","title":"first_prompt  module-attribute","text":"
first_prompt = False\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.K","title":"K  module-attribute","text":"
K = TypeVar('K')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.only_after_first_prompt","title":"only_after_first_prompt","text":"
only_after_first_prompt(\n    value_before: T | None = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\n
 
Decorator to prevent a function from running before the first prompt was displayed. The 'value_before' parameter can be used to specify the value that is returned if the function is called before the first prompt was displayed.
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.suppress_errors","title":"suppress_errors","text":"
suppress_errors(\n    fallback: K = None, should_warn: bool = True\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\n
 
Decorator to make a function return a fallback value when it would otherwise error. The 'fallback' parameter can be used to specify the fallback value. If the 'should_warn' parameter is set, a warning will be printed whenever an error is suppressed.
"},{"location":"reference/pwndbg/emu/","title":"emu","text":""},{"location":"reference/pwndbg/emu/#pwndbg.emu","title":"emu","text":"
Emulation assistance from Unicorn.
 
Modules:
 
     
  •  emulator           \u2013            
    Emulation assistance from Unicorn.
     
    •  
"},{"location":"reference/pwndbg/emu/emulator/","title":"emulator","text":""},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator","title":"emulator","text":"
Emulation assistance from Unicorn.
 
Classes:
 
     
  •  InstructionExecutedResult           \u2013            
    •  
  •  Emulator           \u2013            
    •  
 
Functions:
 
     
  •  parse_consts             \u2013              
    Unicorn \"consts\" is a python module consisting of a variable definition
     
    •  
  •  create_reg_to_const_map             \u2013              
    •  
  •  debug             \u2013              
    •  
 
Attributes:
 
     
  •  arch_to_UC               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, int])           \u2013            
    •  
  •  arch_to_UC_consts               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, dict[str, int]])           \u2013            
    •  
  •  arch_to_reg_const_map               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, dict[str, int]])           \u2013            
    •  
  •  enable_virtual_tlb           \u2013            
    •  
  •  DEBUG           \u2013            
    •  
  •  arch_to_SYSCALL           \u2013            
    •  
  •  ARM_BANNED_INSTRUCTIONS           \u2013            
    •  
  •  BANNED_INSTRUCTIONS           \u2013            
    •  
  •  blacklisted_regs           \u2013            
    e = pwndbg.emu.emulator.Emulator()
     
    •  
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_UC","title":"arch_to_UC  module-attribute","text":"
arch_to_UC: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, int] = {\n    \"i386\": UC_ARCH_X86,\n    \"x86-64\": UC_ARCH_X86,\n    \"mips\": UC_ARCH_MIPS,\n    \"sparc\": UC_ARCH_SPARC,\n    \"arm\": UC_ARCH_ARM,\n    \"armcm\": UC_ARCH_ARM,\n    \"aarch64\": UC_ARCH_ARM64,\n    \"powerpc\": UC_ARCH_PPC,\n    \"rv32\": UC_ARCH_RISCV,\n    \"rv64\": UC_ARCH_RISCV,\n    \"s390x\": UC_ARCH_S390X,\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_UC_consts","title":"arch_to_UC_consts  module-attribute","text":"
arch_to_UC_consts: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, dict[str, int]] = {\n    \"i386\": parse_consts(x86_const),\n    \"x86-64\": parse_consts(x86_const),\n    \"mips\": parse_consts(mips_const),\n    \"sparc\": parse_consts(sparc_const),\n    \"arm\": parse_consts(arm_const),\n    \"armcm\": parse_consts(arm_const),\n    \"aarch64\": parse_consts(arm64_const),\n    \"powerpc\": parse_consts(ppc_const),\n    \"rv32\": parse_consts(riscv_const),\n    \"rv64\": parse_consts(riscv_const),\n    \"s390x\": parse_consts(s390x_const),\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_reg_const_map","title":"arch_to_reg_const_map  module-attribute","text":"
arch_to_reg_const_map: dict[\n    PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, dict[str, int]\n] = {\n    \"i386\": create_reg_to_const_map(arch_to_UC_consts[\"i386\"]),\n    \"x86-64\": create_reg_to_const_map(\n        arch_to_UC_consts[\"x86-64\"],\n        {\"FSBASE\": UC_X86_REG_FS_BASE, \"GSBASE\": UC_X86_REG_GS_BASE},\n    ),\n    \"mips\": create_reg_to_const_map(arch_to_UC_consts[\"mips\"]),\n    \"sparc\": create_reg_to_const_map(arch_to_UC_consts[\"sparc\"]),\n    \"arm\": create_reg_to_const_map(arch_to_UC_consts[\"arm\"]),\n    \"armcm\": create_reg_to_const_map(arch_to_UC_consts[\"armcm\"]),\n    \"aarch64\": create_reg_to_const_map(\n        arch_to_UC_consts[\"aarch64\"], {\"CPSR\": UC_ARM64_REG_NZCV}\n    ),\n    \"powerpc\": create_reg_to_const_map(\n        arch_to_UC_consts[\"powerpc\"],\n        {\n            \"R0\": UC_PPC_REG_0,\n            \"SP\": UC_PPC_REG_1,\n            \"R2\": UC_PPC_REG_2,\n            \"R3\": UC_PPC_REG_3,\n            \"R4\": UC_PPC_REG_4,\n            \"R5\": UC_PPC_REG_5,\n            \"R6\": UC_PPC_REG_6,\n            \"R7\": UC_PPC_REG_7,\n            \"R8\": UC_PPC_REG_8,\n            \"R9\": UC_PPC_REG_9,\n            \"R10\": UC_PPC_REG_10,\n            \"R11\": UC_PPC_REG_11,\n            \"R12\": UC_PPC_REG_12,\n            \"R13\": UC_PPC_REG_13,\n            \"R14\": UC_PPC_REG_14,\n            \"R15\": UC_PPC_REG_15,\n            \"R16\": UC_PPC_REG_16,\n            \"R17\": UC_PPC_REG_17,\n            \"R18\": UC_PPC_REG_18,\n            \"R19\": UC_PPC_REG_19,\n            \"R20\": UC_PPC_REG_20,\n            \"R21\": UC_PPC_REG_21,\n            \"R22\": UC_PPC_REG_22,\n            \"R23\": UC_PPC_REG_23,\n            \"R24\": UC_PPC_REG_24,\n            \"R25\": UC_PPC_REG_25,\n            \"R26\": UC_PPC_REG_26,\n            \"R27\": UC_PPC_REG_27,\n            \"R28\": UC_PPC_REG_28,\n            \"R29\": UC_PPC_REG_29,\n            \"R30\": UC_PPC_REG_30,\n            \"R31\": UC_PPC_REG_31,\n        },\n    ),\n    \"rv32\": create_reg_to_const_map(arch_to_UC_consts[\"rv32\"]),\n    \"rv64\": create_reg_to_const_map(arch_to_UC_consts[\"rv64\"]),\n    \"s390x\": create_reg_to_const_map(arch_to_UC_consts[\"s390x\"]),\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.enable_virtual_tlb","title":"enable_virtual_tlb  module-attribute","text":"
enable_virtual_tlb = {'s390x': True, 'powerpc': True}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.DEBUG","title":"DEBUG  module-attribute","text":"
DEBUG = NO_DEBUG\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_SYSCALL","title":"arch_to_SYSCALL  module-attribute","text":"
arch_to_SYSCALL = {\n    UC_ARCH_X86: [\n        X86_INS_SYSCALL,\n        X86_INS_SYSENTER,\n        X86_INS_SYSEXIT,\n        X86_INS_SYSRET,\n        X86_INS_IRET,\n        X86_INS_IRETD,\n        X86_INS_IRETQ,\n        X86_INS_INT,\n        X86_INS_INT1,\n        X86_INS_INT3,\n    ],\n    UC_ARCH_MIPS: [MIPS_INS_SYSCALL],\n    UC_ARCH_SPARC: [SPARC_INS_T],\n    UC_ARCH_ARM: [ARM_INS_SVC],\n    UC_ARCH_ARM64: [AARCH64_INS_SVC],\n    UC_ARCH_PPC: [PPC_INS_SC],\n    UC_ARCH_RISCV: [RISCV_INS_ECALL],\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.ARM_BANNED_INSTRUCTIONS","title":"ARM_BANNED_INSTRUCTIONS  module-attribute","text":"
ARM_BANNED_INSTRUCTIONS = {\n    ARM_INS_MRC,\n    ARM_INS_MRRC,\n    ARM_INS_MRC2,\n    ARM_INS_MRRC2,\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.BANNED_INSTRUCTIONS","title":"BANNED_INSTRUCTIONS  module-attribute","text":"
BANNED_INSTRUCTIONS = {\n    \"mips\": {MIPS_INS_RDHWR, MIPS_INS_ALIAS_RDHWR},\n    \"arm\": ARM_BANNED_INSTRUCTIONS,\n    \"armcm\": ARM_BANNED_INSTRUCTIONS,\n    \"aarch64\": {AARCH64_INS_MRS},\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.blacklisted_regs","title":"blacklisted_regs  module-attribute","text":"
blacklisted_regs = ['ip', 'cs', 'ds', 'es', 'fs', 'gs', 'ss']\n
 
e = pwndbg.emu.emulator.Emulator() e.until_jump()
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult","title":"InstructionExecutedResult","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  address               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult.address","title":"address  instance-attribute","text":"
address: int\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult.size","title":"size  instance-attribute","text":"
size: int\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator","title":"Emulator","text":"
Emulator()\n
 
Methods:
 
     
  •  read_register             \u2013              
    •  
  •  read_memory             \u2013              
    •  
  •  telescope             \u2013              
    •  
  •  format_telescope             \u2013              
    •  
  •  format_telescope_list             \u2013              
    •  
  •  telescope_enhance             \u2013              
    •  
  •  memory_read_string             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  update_pc             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
  •  get_uc_mode             \u2013              
    Retrieve the mode used by Unicorn for the current architecture.
     
    •  
  •  map_page             \u2013              
    •  
  •  hook_mem_invalid             \u2013              
    •  
  •  hook_intr             \u2013              
    We never want to emulate through an interrupt.  Just stop.
     
    •  
  •  get_reg_enum             \u2013              
    Returns the Unicorn Emulator enum code for the named register.
     
    •  
  •  hook_add             \u2013              
    •  
  •  hook_del             \u2013              
    •  
  •  emu_start             \u2013              
    •  
  •  emu_stop             \u2013              
    •  
  •  emulate_with_hook             \u2013              
    •  
  •  mem_read             \u2013              
    •  
  •  until_jump             \u2013              
    Emulates instructions starting at the specified address until the
     
    •  
  •  until_jump_hook_code             \u2013              
    •  
  •  until_call             \u2013              
    •  
  •  until_syscall             \u2013              
    Emulates instructions starting at the specified address until the program
     
    •  
  •  until_syscall_hook_code             \u2013              
    •  
  •  single_step             \u2013              
    Steps one instruction.
     
    •  
  •  single_step_iter             \u2013              
    •  
  •  single_step_hook_code             \u2013              
    •  
  •  dumpregs             \u2013              
    •  
  •  trace_hook             \u2013              
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  arch           \u2013            
    •  
  •  const_regs           \u2013            
    •  
  •  uc_mode           \u2013            
    •  
  •  uc           \u2013            
    •  
  •  regs               (RegisterSet)           \u2013            
    •  
  •  valid           \u2013            
    •  
  •  last_pc           \u2013            
    •  
  •  last_single_step_result           \u2013            
    •  
  •  last_step_succeeded               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.arch","title":"arch  instance-attribute","text":"
arch = name\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.const_regs","title":"const_regs  instance-attribute","text":"
const_regs = arch_to_reg_const_map[arch]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc_mode","title":"uc_mode  instance-attribute","text":"
uc_mode = get_uc_mode()\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc","title":"uc  instance-attribute","text":"
uc = Uc(arch_to_UC[arch], uc_mode)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.regs","title":"regs  instance-attribute","text":"
regs: RegisterSet = current\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.valid","title":"valid  instance-attribute","text":"
valid = True\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_pc","title":"last_pc  instance-attribute","text":"
last_pc = None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_single_step_result","title":"last_single_step_result  instance-attribute","text":"
last_single_step_result = InstructionExecutedResult(None, None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_step_succeeded","title":"last_step_succeeded  property","text":"
last_step_succeeded: bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_register","title":"read_register","text":"
read_register(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_memory","title":"read_memory","text":"
read_memory(address: int, size: int) -> bytes | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope","title":"telescope","text":"
telescope(address: int, limit: int, read_size: int = None) -> list[int]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope","title":"format_telescope","text":"
format_telescope(address: int, limit: int) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope_list","title":"format_telescope_list","text":"
format_telescope_list(\n    chain: list[int], limit: int, enhance_string_len: int = None\n) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope_enhance","title":"telescope_enhance","text":"
telescope_enhance(\n    value: int, code: bool = True, enhance_string_len: int = None\n)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.memory_read_string","title":"memory_read_string","text":"
memory_read_string(\n    address: int, max_string_len=None, max_read=None\n) -> str | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.update_pc","title":"update_pc","text":"
update_pc(pc=None) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> int\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
This reads from the emulator itself, meaning this can be read to determine a state transitions between non-Thumb and Thumb mode
 
Return None if the Thumb bit is not relevent to the current architecture
 
Mimics the read_thumb_bit function defined in aglib/arch.py
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_uc_mode","title":"get_uc_mode","text":"
get_uc_mode()\n
 
Retrieve the mode used by Unicorn for the current architecture.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.map_page","title":"map_page","text":"
map_page(page) -> bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_mem_invalid","title":"hook_mem_invalid","text":"
hook_mem_invalid(uc, access, address, size: int, value, user_data) -> bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_intr","title":"hook_intr","text":"
hook_intr(uc, intno, user_data) -> None\n
 
We never want to emulate through an interrupt.  Just stop.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_reg_enum","title":"get_reg_enum","text":"
get_reg_enum(reg: str) -> int | None\n
 
Returns the Unicorn Emulator enum code for the named register.
 
Also supports general registers like 'sp' and 'pc'.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_add","title":"hook_add","text":"
hook_add(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_del","title":"hook_del","text":"
hook_del(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_start","title":"emu_start","text":"
emu_start(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_stop","title":"emu_stop","text":"
emu_stop(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emulate_with_hook","title":"emulate_with_hook","text":"
emulate_with_hook(hook, count=512) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.mem_read","title":"mem_read","text":"
mem_read(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump","title":"until_jump","text":"
until_jump(pc: int = None)\n
 
Emulates instructions starting at the specified address until the program counter is set to an address which does not linearly follow the previously-emulated instruction.
 
Parameters:
 
     
  •  pc               (int, default:                   None )           \u2013            
    Address to start at.  If None, uses the current instruction.
     
    •  
 Return 
Returns a tuple containing the address of the jump instruction, and its target in the format (address, target).
 
If emulation is forced to stop (e.g., because of a syscall or invalid memory access) then address is the instruction which could not be emulated through, and target will be None.
 Notes 
This routine does not consider 'call $+5'
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump_hook_code","title":"until_jump_hook_code","text":"
until_jump_hook_code(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_call","title":"until_call","text":"
until_call(pc=None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall","title":"until_syscall","text":"
until_syscall(pc=None)\n
 
Emulates instructions starting at the specified address until the program counter points at a syscall instruction (int 0x80, svc, etc.).
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall_hook_code","title":"until_syscall_hook_code","text":"
until_syscall_hook_code(uc, address, size: int, user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step","title":"single_step","text":"
single_step(\n    pc=None, instruction: PwndbgInstruction | None = None\n) -> tuple[int, int]\n
 
Steps one instruction.
 
Yields:
 
     
  •  int           \u2013            
    Each iteration, yields a tuple of (address_just_executed, instruction_size).
     
    •  
  •  int           \u2013            
    Returns (None, None) upon failure to execute the instruction
     
    •  
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step_iter","title":"single_step_iter","text":"
single_step_iter(pc=None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step_hook_code","title":"single_step_hook_code","text":"
single_step_hook_code(\n    _uc, address: int, instruction_size: int, _user_data\n) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.dumpregs","title":"dumpregs","text":"
dumpregs() -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.trace_hook","title":"trace_hook","text":"
trace_hook(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.parse_consts","title":"parse_consts","text":"
parse_consts(u_consts) -> dict[str, int]\n
 
Unicorn \"consts\" is a python module consisting of a variable definition for each known entity. We repack it here as a dict for performance.
 
Maps \"UC_*\" -> integer value of the constant
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.create_reg_to_const_map","title":"create_reg_to_const_map","text":"
create_reg_to_const_map(\n    base_consts: dict[str, int], additional_mapping: dict[str, int] = None\n) -> dict[str, int]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.debug","title":"debug","text":"
debug(debug_type, fmt, args=()) -> None\n
"},{"location":"reference/pwndbg/enhance/","title":"enhance","text":""},{"location":"reference/pwndbg/enhance/#pwndbg.enhance","title":"enhance","text":"
Attempt to describe the data at a memory address as best as possible.
 
Only when the data is not a pointer.
 
Currently prints out code, integers, or strings, in a best-effort manner dependent on page permissions, the contents of the data, and any supplemental information sources (e.g. active IDA Pro connection).
 
Functions:
 
     
  •  int_str             \u2013              
    •  
  •  enhance             \u2013              
    Given the last pointer in a chain, attempt to characterize
     
    •  
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.int_str","title":"int_str","text":"
int_str(value: int) -> str\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.enhance","title":"enhance","text":"
enhance(\n    value: int,\n    code: bool = True,\n    safe_linking: bool = False,\n    attempt_dereference=True,\n    enhance_string_len: int = None,\n) -> str\n
 
Given the last pointer in a chain, attempt to characterize
 
Note that 'the last pointer in a chain' may not at all actually be a pointer.
 
Additionally, optimizations are made based on various sources of data for 'value'. For example, if it is set to RWX, we try to get information on whether it resides on the stack, or in a RW section that happens to be RWX, to determine which order to print the fields.
 
Parameters:
 
     
  •  value               (int)           \u2013            
    Value to enhance
     
    •  
  •  code               (bool, default:                   True )           \u2013            
    Hint that indicates the value may be an instruction
     
    •  
  •  safe_linking               (bool, default:                   False )           \u2013            
    Whether this chain use safe-linking
     
    •  
  •  enhance_string_len               (int, default:                   None )           \u2013            
    The length of string to display for enhancement of the last pointer
     
    •  
"},{"location":"reference/pwndbg/exception/","title":"exception","text":""},{"location":"reference/pwndbg/exception/#pwndbg.exception","title":"exception","text":"
Common exception handling.
 
Functions:
 
     
  •  print_exception             \u2013              
    •  
  •  inform_report_issue             \u2013              
    Informs user that he can report an issue.
     
    •  
  •  inform_verbose_and_debug             \u2013              
    •  
  •  handle             \u2013              
    Displays an exception to the user, optionally displaying a full traceback
     
    •  
  •  set_trace             \u2013              
    Enable sane debugging in Pwndbg by switching to the \"real\" stdio.
     
    •  
  •  update             \u2013              
    •  
 
Attributes:
 
     
  •  verbose           \u2013            
    •  
  •  debug           \u2013            
    •  
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.verbose","title":"verbose  module-attribute","text":"
verbose = add_param(\n    \"exception-verbose\",\n    False,\n    \"print a full stacktrace for exceptions raised in Pwndbg commands\",\n)\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.debug","title":"debug  module-attribute","text":"
debug = add_param(\n    \"exception-debugger\",\n    False,\n    \"whether to debug exceptions raised in Pwndbg commands\",\n)\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.print_exception","title":"print_exception","text":"
print_exception(exception_msg) -> None\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_report_issue","title":"inform_report_issue","text":"
inform_report_issue(exception_msg) -> None\n
 
Informs user that he can report an issue. The use of caching makes it reporting only once for a given exception message.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_verbose_and_debug","title":"inform_verbose_and_debug","text":"
inform_verbose_and_debug() -> None\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.handle","title":"handle","text":"
handle(name='Error')\n
 
Displays an exception to the user, optionally displaying a full traceback and spawning an interactive post-moretem debugger.
 Notes 
     
  • set exception-verbose on enables stack traces.
    •  
  • set exception-debugger on enables the post-mortem debugger.
    •  
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.set_trace","title":"set_trace","text":"
set_trace() -> None\n
 
Enable sane debugging in Pwndbg by switching to the \"real\" stdio.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/gdblib/","title":"gdblib","text":""},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib","title":"gdblib","text":"
Library for handling GDB logic. Being removed in favour of aglib.
 
Modules:
 
     
  •  bpoint           \u2013            
    •  
  •  config           \u2013            
    Dynamic configuration system for pwndbg, using GDB's built-in Parameter
     
    •  
  •  events           \u2013            
    Enables callbacks into functions to be automatically invoked
     
    •  
  •  functions           \u2013            
    Put all functions defined for gdb in here.
     
    •  
  •  got           \u2013            
    Global Offset Table Tracker
     
    •  
  •  hooks           \u2013            
    •  
  •  info           \u2013            
    Runs a few useful commands which are available under \"info\".
     
    •  
  •  prompt           \u2013            
    •  
  •  ptmalloc2_tracking           \u2013            
    Heap Tracking
     
    •  
  •  scheduler           \u2013            
    •  
  •  shellcode           \u2013            
    Shellcode
     
    •  
  •  symbol           \u2013            
    Looking up addresses for function names / symbols, and
     
    •  
  •  tui           \u2013            
    •  
  •  vmmap           \u2013            
    Routines to enumerate mapped memory, and attempt to associate
     
    •  
 
Functions:
 
     
  •  load_gdblib             \u2013              
    Import all gdblib modules that need to run code on import
     
    •  
 
Attributes:
 
     
  •  regs           \u2013            
    •  
  •  __all__           \u2013            
    •  
  •  gdb_version           \u2013            
    •  
  •  msg           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.regs","title":"regs  module-attribute","text":"
regs = None\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.__all__","title":"__all__  module-attribute","text":"
__all__ = ()\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.gdb_version","title":"gdb_version  module-attribute","text":"
gdb_version = tuple(map(int, groups()))\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.msg","title":"msg  module-attribute","text":"
msg = 'Unsupported GDB version, pwndbg only support GDB12+'\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.load_gdblib","title":"load_gdblib","text":"
load_gdblib() -> None\n
 
Import all gdblib modules that need to run code on import
"},{"location":"reference/pwndbg/gdblib/bpoint/","title":"bpoint","text":""},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint","title":"bpoint","text":"
Classes:
 
     
  •  Breakpoint           \u2013            
    Breakpoint class, similar to gdb.Breakpoint, but clears the caches
     
    •  
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint","title":"Breakpoint","text":"
               Bases: Breakpoint
 
Breakpoint class, similar to gdb.Breakpoint, but clears the caches associated with the stop event before determining whether it should stop the inferior or not.
 
Unlike gdb.Breakpoint, users of this class should override should_stop(), instead of stop(), as the latter is used to do cache invalidation.
 
Methods:
 
     
  •  stop             \u2013              
    •  
  •  should_stop             \u2013              
    This function is called whenever this breakpoint is hit in the code and
     
    •  
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint.should_stop","title":"should_stop","text":"
should_stop() -> bool\n
 
This function is called whenever this breakpoint is hit in the code and its return value determines whether the inferior will be stopped.
"},{"location":"reference/pwndbg/gdblib/config/","title":"config","text":""},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config","title":"config","text":"
Dynamic configuration system for pwndbg, using GDB's built-in Parameter mechanism.
 
To create a new pwndbg configuration point, call pwndbg.config.add_param.
 
Parameters should be declared in the module in which they are primarily used, or in this module for general-purpose parameters.
 
All pwndbg Parameter types are accessible via property access on this module, for example:
 
>>> pwndbg.config.add_param('example-value', 7, 'an example')\n>>> int(pwndbg.config.example_value)\n7\n
 
Classes:
 
     
  •  Parameter           \u2013            
    •  
 
Functions:
 
     
  •  init_params             \u2013              
    •  
 
Attributes:
 
     
  •  CLASS_MAPPING           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.CLASS_MAPPING","title":"CLASS_MAPPING  module-attribute","text":"
CLASS_MAPPING = {\n    PARAM_BOOLEAN: PARAM_BOOLEAN,\n    PARAM_AUTO_BOOLEAN: PARAM_AUTO_BOOLEAN,\n    PARAM_INTEGER: PARAM_INTEGER,\n    PARAM_ZINTEGER: PARAM_ZINTEGER,\n    PARAM_UINTEGER: PARAM_UINTEGER,\n    PARAM_ZUINTEGER: PARAM_ZUINTEGER,\n    PARAM_ZUINTEGER_UNLIMITED: PARAM_ZUINTEGER_UNLIMITED,\n    PARAM_STRING: PARAM_STRING,\n    PARAM_ENUM: PARAM_ENUM,\n    PARAM_OPTIONAL_FILENAME: PARAM_OPTIONAL_FILENAME,\n}\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter","title":"Parameter","text":"
Parameter(param: Parameter)\n
 
               Bases: Parameter
 
Methods:
 
     
  •  init_super             \u2013              
    Initializes the super class for GDB >= 9
     
    •  
  •  on_change             \u2013              
    Called when the value of the pwndbg.lib.config.Parameter changes
     
    •  
  •  get_set_string             \u2013              
    Handles the GDB set <param>
     
    •  
  •  get_show_string             \u2013              
    Handles the GDB show <param>
     
    •  
 
Attributes:
 
     
  •  set_doc           \u2013            
    •  
  •  show_doc           \u2013            
    •  
  •  __doc__           \u2013            
    •  
  •  param           \u2013            
    •  
  •  value           \u2013            
    •  
  •  native_value           \u2013            
    •  
  •  native_default           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.set_doc","title":"set_doc  instance-attribute","text":"
set_doc = 'Set ' + set_show_doc + '.'\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.show_doc","title":"show_doc  instance-attribute","text":"
show_doc = 'Show ' + set_show_doc + '.'\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.__doc__","title":"__doc__  instance-attribute","text":"
__doc__ = help_docstring or None\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.param","title":"param  instance-attribute","text":"
param = param\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.value","title":"value  instance-attribute","text":"
value = value\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_value","title":"native_value  property","text":"
native_value\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_default","title":"native_default  property","text":"
native_default\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.init_super","title":"init_super","text":"
init_super(param: Parameter) -> None\n
 
Initializes the super class for GDB >= 9
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.on_change","title":"on_change","text":"
on_change(value: Any) -> None\n
 
Called when the value of the pwndbg.lib.config.Parameter changes Transfer the value to the GDB parameter to keep them in sync.
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_set_string","title":"get_set_string","text":"
get_set_string() -> str\n
 
Handles the GDB set <param>
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_show_string","title":"get_show_string","text":"
get_show_string(svalue: str) -> str\n
 
Handles the GDB show <param>
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.init_params","title":"init_params","text":"
init_params() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/","title":"events","text":""},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events","title":"events","text":"
Enables callbacks into functions to be automatically invoked when various events occur to the debuggee (e.g. STOP on SIGINT) by using a decorator.
 
Classes:
 
     
  •  StartEvent           \u2013            
    •  
  •  HandlerPriority           \u2013            
    A priority level for an event handler, ordered from highest to lowest priority.
     
    •  
 
Functions:
 
     
  •  wrap_safe_event_handler             \u2013              
    Wraps an event handler to ensure it is only executed when the event is safe.
     
    •  
  •  pause             \u2013              
    •  
  •  unpause             \u2013              
    •  
  •  connect             \u2013              
    •  
  •  exit             \u2013              
    •  
  •  cont             \u2013              
    •  
  •  new_objfile             \u2013              
    •  
  •  stop             \u2013              
    •  
  •  start             \u2013              
    •  
  •  thread             \u2013              
    •  
  •  before_prompt             \u2013              
    •  
  •  reg_changed             \u2013              
    •  
  •  mem_changed             \u2013              
    •  
  •  log_objfiles             \u2013              
    •  
  •  invoke_event             \u2013              
    •  
  •  after_reload             \u2013              
    •  
  •  on_reload             \u2013              
    •  
 
Attributes:
 
     
  •  DISABLED           \u2013            
    •  
  •  DISABLED_DEADLOCK           \u2013            
    •  
  •  ENABLED           \u2013            
    •  
  •  debug           \u2013            
    •  
  •  gdb_workaround_stop_event           \u2013            
    •  
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  queued_events               (Deque[Callable[..., Any]])           \u2013            
    •  
  •  executing_event           \u2013            
    •  
  •  workaround_thread_conn           \u2013            
    •  
  •  registered               (dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]])           \u2013            
    •  
  •  connected           \u2013            
    •  
  •  paused           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.DISABLED","title":"DISABLED  module-attribute","text":"
DISABLED = 'disabled'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.DISABLED_DEADLOCK","title":"DISABLED_DEADLOCK  module-attribute","text":"
DISABLED_DEADLOCK = 'disabled-deadlock'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.ENABLED","title":"ENABLED  module-attribute","text":"
ENABLED = 'enabled'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.debug","title":"debug  module-attribute","text":"
debug = add_param(\n    \"debug-events\", False, \"display internal event debugging info\"\n)\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.gdb_workaround_stop_event","title":"gdb_workaround_stop_event  module-attribute","text":"
gdb_workaround_stop_event = add_param('gdb-workaround-stop-event', DISABLED, \"asynchronous stop events to improve 'commands' functionality\", help_docstring=f'\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `{DISABLED}` - Disable the workaround (default).\n+ `{DISABLED_DEADLOCK}` - Disable only deadlock detection; deadlocks may still occur.\n+ `{ENABLED}` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n    ', param_class=PARAM_ENUM, enum_sequence=[DISABLED, DISABLED_DEADLOCK, ENABLED])\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.queued_events","title":"queued_events  module-attribute","text":"
queued_events: Deque[Callable[..., Any]] = deque()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.executing_event","title":"executing_event  module-attribute","text":"
executing_event = False\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.workaround_thread_conn","title":"workaround_thread_conn  module-attribute","text":"
workaround_thread_conn = None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.registered","title":"registered  module-attribute","text":"
registered: dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]] = {\n    exited: {},\n    cont: {},\n    new_objfile: {},\n    stop: {},\n    start: {},\n    new_thread: {},\n    before_prompt: {},\n    memory_changed: {},\n    register_changed: {},\n}\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connected","title":"connected  module-attribute","text":"
connected = {}\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.paused","title":"paused  module-attribute","text":"
paused = defaultdict(bool)\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent","title":"StartEvent","text":"
StartEvent()\n
 
Methods:
 
     
  •  connect             \u2013              
    •  
  •  disconnect             \u2013              
    •  
  •  on_new_objfile             \u2013              
    •  
  •  on_exited             \u2013              
    •  
  •  on_stop             \u2013              
    •  
 
Attributes:
 
     
  •  registered               (list[Callable[..., Any]])           \u2013            
    •  
  •  running           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.registered","title":"registered  instance-attribute","text":"
registered: list[Callable[..., Any]] = []\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.running","title":"running  instance-attribute","text":"
running = False\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.connect","title":"connect","text":"
connect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.disconnect","title":"disconnect","text":"
disconnect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_new_objfile","title":"on_new_objfile","text":"
on_new_objfile() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_exited","title":"on_exited","text":"
on_exited() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_stop","title":"on_stop","text":"
on_stop() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority","title":"HandlerPriority","text":"
               Bases: Enum
 
A priority level for an event handler, ordered from highest to lowest priority.
 
Attributes:
 
     
  •  CACHE_CLEAR           \u2013            
    •  
  •  LOW           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority.CACHE_CLEAR","title":"CACHE_CLEAR  class-attribute instance-attribute","text":"
CACHE_CLEAR = auto()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority.LOW","title":"LOW  class-attribute instance-attribute","text":"
LOW = auto()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.wrap_safe_event_handler","title":"wrap_safe_event_handler","text":"
wrap_safe_event_handler(\n    event_handler: Callable[P, T], event_type: Any\n) -> Callable[P, T]\n
 
Wraps an event handler to ensure it is only executed when the event is safe. Invalid events are queued and executed later when safe.
 
Note: Avoid using gdb.post_event because of another bug in gdbserver where the gdb.newest_frame function may not work properly.
 
Workaround to fix bug in gdbserver (gdb.events.new_objfile): #2576 Workaround to fix bug in gdb (gdb.events.stop): #425
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.pause","title":"pause","text":"
pause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.unpause","title":"unpause","text":"
unpause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connect","title":"connect","text":"
connect(\n    func: Callable[[], T],\n    event_handler: Any,\n    name: str = \"\",\n    priority: HandlerPriority = LOW,\n) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.exit","title":"exit","text":"
exit(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.cont","title":"cont","text":"
cont(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.new_objfile","title":"new_objfile","text":"
new_objfile(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.stop","title":"stop","text":"
stop(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.start","title":"start","text":"
start(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.thread","title":"thread","text":"
thread(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.before_prompt","title":"before_prompt","text":"
before_prompt(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.reg_changed","title":"reg_changed","text":"
reg_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.mem_changed","title":"mem_changed","text":"
mem_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.log_objfiles","title":"log_objfiles","text":"
log_objfiles(ofile: NewObjFileEvent | None = None) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.invoke_event","title":"invoke_event","text":"
invoke_event(event: Any, *args: Any, **kwargs: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.after_reload","title":"after_reload","text":"
after_reload(fire_start: bool = True) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.on_reload","title":"on_reload","text":"
on_reload() -> None\n
"},{"location":"reference/pwndbg/gdblib/functions/","title":"functions","text":""},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions","title":"functions","text":"
Put all functions defined for gdb in here.
 
This file might be changed into a module in the future.
 
Functions:
 
     
  •  GdbFunction             \u2013              
    •  
  •  rebase             \u2013              
    Return address rebased onto the executable's mappings.
     
    •  
  •  base             \u2013              
    Return the base address of the first memory mapping containing the given name.
     
    •  
  •  hex2ptr             \u2013              
    Converts a hex string to a little-endian address and returns the address.
     
    •  
  •  argc             \u2013              
    Get the number of program arguments.
     
    •  
  •  argv             \u2013              
    Get the n-th program argument.
     
    •  
  •  environ             \u2013              
    Get an environment variable by name.
     
    •  
  •  envp             \u2013              
    Get the n-th environment variable.
     
    •  
  •  dbg_value_to_gdb             \u2013              
    •  
  •  fsbase             \u2013              
    Get the value of the FS segment register.
     
    •  
  •  gsbase             \u2013              
    Get the value of the GS segment register.
     
    •  
 
Attributes:
 
     
  •  functions               (list[_GdbFunction])           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.functions","title":"functions  module-attribute","text":"
functions: list[_GdbFunction] = []\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.GdbFunction","title":"GdbFunction","text":"
GdbFunction(only_when_running: bool = False) -> Callable[..., Any]\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.rebase","title":"rebase","text":"
rebase(addr: int | Value) -> int\n
 
Return address rebased onto the executable's mappings.
 
Example: 
pwndbg> p/x $rebase(0xd9020)\n$1 = 0x55555562d020\npwndbg> vmmap\n0x555555554000     0x55555556f000 r--p    1b000      0 /usr/bin/bash\n0x55555556f000     0x55555562d000 r-xp    be000  1b000 /usr/bin/bash\n0x55555562d000     0x55555565e000 r--p    31000  d9000 /usr/bin/bash\n[...]\npwndbg> p $rebase(0xd9020) == 0x555555554000 + 0xd9020\n$2 = 1\npwndbg> tele $rebase(0xd9020)\n00:0000\u2502  0x55555562d020 \u25c2\u2014 0x204900636f6c6c61 /* 'alloc' */\n01:0008\u2502  0x55555562d028 \u25c2\u2014 'have no name!'\n02:0010\u2502  0x55555562d030 \u25c2\u2014 0x65720021656d616e /* 'name!' */\n03:0018\u2502  0x55555562d038 \u25c2\u2014 'adline stdin'\n[...]\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.base","title":"base","text":"
base(name_pattern: str | Value)\n
 
Return the base address of the first memory mapping containing the given name.
 
Example: 
pwndbg> p/x $base(\"libc\")\n$4 = 0x7ffff7d4b000\npwndbg> vmmap libc\n    0x7ffff7d4a000     0x7ffff7d4b000 rw-p     1000  6e000 /usr/lib/libncursesw.so.6.5\n\u25ba   0x7ffff7d4b000     0x7ffff7d6f000 r--p    24000      0 /usr/lib/libc.so.6\n\u25ba   0x7ffff7d6f000     0x7ffff7ed6000 r-xp   167000  24000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7ed6000     0x7ffff7f2b000 r--p    55000 18b000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7f2b000     0x7ffff7f2f000 r--p     4000 1e0000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7f2f000     0x7ffff7f31000 rw-p     2000 1e4000 /usr/lib/libc.so.6\n    0x7ffff7f31000     0x7ffff7f39000 rw-p     8000      0 [anon_7ffff7f31]\npwndbg> tele $base(\\\"libc\\\")+0x1337\n00:0000\u2502  0x7ffff7d4c337 \u25c2\u2014 0x80480a04214000f0\n01:0008\u2502  0x7ffff7d4c33f \u25c2\u2014 0x8040c02204452040\n02:0010\u2502  0x7ffff7d4c347 \u25c2\u2014 0x20042400000200\n03:0018\u2502  0x7ffff7d4c34f \u25c2\u2014 0x20 /* ' ' */\n[...]\n
 
Beware of accidentally matching the wrong mapping. For instance, if the loaded executable contained the string \"libc\" anywhere in it's path, it would've been returned.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.hex2ptr","title":"hex2ptr","text":"
hex2ptr(hex_string: str | Value) -> int\n
 
Converts a hex string to a little-endian address and returns the address.
 
Example: 
pwndbg> p/x $hex2ptr(\"20 74 ed f7 ff 7f\")\n$1 = 0x7ffff7ed7420\npwndbg> p/x $hex2ptr(\"2074edf7ff7f\")\n$2 = 0x7ffff7ed7420\npwndbg> distance '$base(\"libc\")' '$hex2ptr(\"20 74 ed f7 ff 7f\")'\n0x7ffff7d4b000->0x7ffff7ed7420 is 0x18c420 bytes (0x31884 words)\n
 
Especially useful for quickly converting pwntools output.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argc","title":"argc","text":"
argc() -> int\n
 
Get the number of program arguments. Evaluates to argc.
 
Example: 
pwndbg> p $argc()\n$1 = 2\npwndbg> argv\n00:0000\u2502  0x7fffffffe288 \u2014\u25b8 0x7fffffffe659 \u25c2\u2014 '/usr/bin/cat'\n01:0008\u2502  0x7fffffffe290 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 'gdbinit.py'\n02:0010\u2502  0x7fffffffe298 \u25c2\u2014 0\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argv","title":"argv","text":"
argv(index: Value) -> Value\n
 
Get the n-th program argument. Evaluate argv on the supplied value.
 
Example: 
pwndbg> p $argv(0)\n$11 = (signed char *) 0x7fffffffe666 \"/usr/bin/sh\"\npwndbg> argv\n00:0000\u2502  0x7fffffffe2a8 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 '/usr/bin/sh'\n01:0008\u2502  0x7fffffffe2b0 \u25c2\u2014 0\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.environ","title":"environ","text":"
environ(env_name: Value) -> Value\n
 
Get an environment variable by name. Evaluate getenv() on the supplied value.
 
Example: 
pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffebfb \"LANG=en_US.UTF-8\"\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.envp","title":"envp","text":"
envp(index: Value) -> Value\n
 
Get the n-th environment variable. Evaluate envp on the supplied value.
 
Example: 
pwndbg> p $envp(0x3F)\n$13 = (signed char *) 0x7fffffffef7d \"LANG=en_US.UTF-8\"\npwndbg> p $envp(0x3F) == $environ(\"LANG\")\n$14 = 1\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.dbg_value_to_gdb","title":"dbg_value_to_gdb","text":"
dbg_value_to_gdb(d: Value) -> Value\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.fsbase","title":"fsbase","text":"
fsbase(offset: Value = Value(0)) -> int\n
 
Get the value of the FS segment register. Only valid on x86(-64).
 
Example: 
pwndbg> p/x $fsbase()\n$3 = 0x7ffff7cdab80\npwndbg> p $fs_base == $fsbase()\n$4 = 1\npwndbg> x/gx $fsbase(0x28)\n0x7ffff7cdaba8:     0x4da926e1668e5a00\npwndbg> x/gx $fsbase(0x30)\n0x7ffff7cdabb0:     0x190a86d93bccf0ad\npwndbg> tls\nThread Local Storage (TLS) base: 0x7ffff7cdab80\nTLS is located at:\n    0x7ffff7cda000     0x7ffff7cdc000 rw-p     2000      0 [anon_7ffff7cda]\nDumping the address:\ntcbhead_t @ 0x7ffff7cdab80\n    0x00007ffff7cdab80 +0x0000 tcb                  : 0x7ffff7cdab80\n    0x00007ffff7cdab88 +0x0008 dtv                  : 0x7ffff7cdb4f0\n    0x00007ffff7cdab90 +0x0010 self                 : 0x7ffff7cdab80\n    0x00007ffff7cdab98 +0x0018 multiple_threads     : 0x0\n    0x00007ffff7cdab9c +0x001c gscope_flag          : 0x0\n    0x00007ffff7cdaba0 +0x0020 sysinfo              : 0x0\n    0x00007ffff7cdaba8 +0x0028 stack_guard          : 0x4da926e1668e5a00\n    0x00007ffff7cdabb0 +0x0030 pointer_guard        : 0x190a86d93bccf0ad\n    [...]\npwndbg> canary\n[...]\nCanary    = 0x4da926e1668e5a00 (may be incorrect on != glibc)\n[...]\n
 FS will usually point to the start of the TLS. If you're not providing an offset, it is usually easier to use GDB's builtin $fs_base variable.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.gsbase","title":"gsbase","text":"
gsbase(offset: Value = Value(0)) -> int\n
 
Get the value of the GS segment register. Only valid on x86(-64).
 
Example: 
pwndbg> p/x $gsbase()\n$1 = 0x0\n
 The value of the GS register is more interesting when doing kernel debugging: 
pwndbg> p/x $gsbase()\n$1 = 0xffff999287a00000\npwndbg> tele $gsbase()\n00:0000\u2502  0xffff999287a00000 \u25c2\u2014 0\n... \u2193     4 skipped\n05:0028\u2502  0xffff999287a00028 \u25c2\u2014 0xd6aa9b336d52a400\n06:0030\u2502  0xffff999287a00030 \u25c2\u2014 0\n07:0038\u2502  0xffff999287a00038 \u25c2\u2014 0\npwndbg> p $gsbase() == $gs_base\n$2 = 1\n
 If you're not providing an offset, it is usually easier to use GDB's builtin $gs_base variable.
"},{"location":"reference/pwndbg/gdblib/got/","title":"got","text":""},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got","title":"got","text":"
Global Offset Table Tracker
 
Subsystem for tracking accesses to external function calls made through pointers in an inferior's Global Offset Table, such as those made by the stubs in the Procedure Linkage Table.
 
Currently, it does this by attatching watchpoints to the entries in the GOT and taking note of where the call came from, but it could be done much faster by injecting our own code into the program space to track this.
 
Classes:
 
     
  •  RelocTypes           \u2013            
    This class contains all the relocation type constants so that one may
     
    •  
  •  TrapAllocator           \u2013            
    Utility that allocates and manages executable addresses in the space of the
     
    •  
  •  Patcher           \u2013            
    Watches for changes made by program code to the GOT and fixes them up.
     
    •  
  •  Tracker           \u2013            
    Class that tracks the accesses made to the entries in the GOT.
     
    •  
 
Functions:
 
     
  •  is_mmap_error             \u2013              
    Checks whether the return value of an mmap of indicates an error.
     
    •  
  •  display_name             \u2013              
    Return the display name for a symbol or objfile.
     
    •  
  •  all_tracked_entries             \u2013              
    Return an iterator over all of the GOT whose accesses are being tracked.
     
    •  
  •  tracked_entry_by_address             \u2013              
    Return the tracker associated with the entry at the given address, if any.
     
    •  
  •  enable_got_call_tracking             \u2013              
    Enable the analysis of calls made through the GOT.
     
    •  
  •  disable_got_call_tracking             \u2013              
    Disable the analysis of calls made through the GOT.
     
    •  
  •  jump_slots_for             \u2013              
    Returns the jump slot addresses described by the given dynamic section.
     
    •  
 
Attributes:
 
     
  •  JUMP_SLOTS           \u2013            
    •  
  •  IRELATIVE_SLOTS           \u2013            
    •  
  •  TRAP_ALLOCATOR           \u2013            
    •  
  •  GOT_TRACKING           \u2013            
    •  
  •  INSTALLED_WATCHPOINTS               (dict[int, tuple[Tracker, Patcher]])           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.JUMP_SLOTS","title":"JUMP_SLOTS  module-attribute","text":"
JUMP_SLOTS = {\n    \"x86-64\": {R_X86_64_JUMP_SLOT},\n    \"i386\": {R_386_JMP_SLOT},\n    \"aarch64\": {R_AARCH64_JUMP_SLOT},\n    \"mips\": {R_MIPS_JUMP_SLOT},\n    \"powerpc\": {R_PPC_JMP_SLOT},\n    \"sparc\": {R_SPARC_JMP_SLOT},\n    \"arm\": {R_ARM_JUMP_SLOT},\n    \"armcm\": {R_ARM_JUMP_SLOT},\n    \"rv32\": {R_RISCV_JUMP_SLOT},\n    \"rv64\": {R_RISCV_JUMP_SLOT},\n}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.IRELATIVE_SLOTS","title":"IRELATIVE_SLOTS  module-attribute","text":"
IRELATIVE_SLOTS = {\n    \"x86-64\": {R_X86_64_IRELATIVE},\n    \"i386\": {R_386_IRELATIVE},\n    \"aarch64\": {R_AARCH64_P32_IRELATIVE, R_AARCH64_IRELATIVE},\n    \"mips\": set(),\n    \"powerpc\": {R_PPC_IRELATIVE},\n    \"sparc\": {R_SPARC_IRELATIVE},\n    \"arm\": {R_ARM_IRELATIVE},\n    \"armcm\": {R_ARM_IRELATIVE},\n    \"rv32\": {R_RISCV_IRELATIVE},\n    \"rv64\": {R_RISCV_IRELATIVE},\n}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TRAP_ALLOCATOR","title":"TRAP_ALLOCATOR  module-attribute","text":"
TRAP_ALLOCATOR = TrapAllocator()\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.GOT_TRACKING","title":"GOT_TRACKING  module-attribute","text":"
GOT_TRACKING = False\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.INSTALLED_WATCHPOINTS","title":"INSTALLED_WATCHPOINTS  module-attribute","text":"
INSTALLED_WATCHPOINTS: dict[int, tuple[Tracker, Patcher]] = {}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes","title":"RelocTypes","text":"
This class contains all the relocation type constants so that one may interpret the relocations types present in the DYNAMIC segment. These constants are defined in each of the processors' SystemV R4 psABI document, or equivalent, and should stay the same across all implementations of libc on systems that adhere to that ABI, such as Linux.
 
Most of these were sourced from GLibc, which conveniently lists all of the relocations types in a single file1.
 
Attributes:
 
     
  •  R_RISCV_JUMP_SLOT           \u2013            
    •  
  •  R_X86_64_JUMP_SLOT           \u2013            
    •  
  •  R_386_JMP_SLOT           \u2013            
    •  
  •  R_CRIS_JUMP_SLOT           \u2013            
    •  
  •  R_390_JMP_SLOT           \u2013            
    •  
  •  R_CKCORE_JUMP_SLOT           \u2013            
    •  
  •  R_TILEPRO_JMP_SLOT           \u2013            
    •  
  •  R_MICROBLAZE_JUMP_SLOT           \u2013            
    •  
  •  R_TILEGX_JMP_SLOT           \u2013            
    •  
  •  R_OR1K_JMP_SLOT           \u2013            
    •  
  •  R_68K_JMP_SLOT           \u2013            
    •  
  •  R_SPARC_JMP_SLOT           \u2013            
    •  
  •  R_PPC_JMP_SLOT           \u2013            
    •  
  •  R_PPC64_JMP_SLOT           \u2013            
    •  
  •  R_ARM_JUMP_SLOT           \u2013            
    •  
  •  R_MN10300_JMP_SLOT           \u2013            
    •  
  •  R_ALPHA_JMP_SLOT           \u2013            
    •  
  •  R_NIOS2_JUMP_SLOT           \u2013            
    •  
  •  R_NDS32_JMP_SLOT           \u2013            
    •  
  •  R_METAG_JMP_SLOT           \u2013            
    •  
  •  R_M32R_JMP_SLOT           \u2013            
    •  
  •  R_ARC_JMP_SLOT           \u2013            
    •  
  •  R_MIPS_JUMP_SLOT           \u2013            
    •  
  •  R_SH_JMP_SLOT           \u2013            
    •  
  •  R_AARCH64_JUMP_SLOT           \u2013            
    •  
  •  R_X86_64_IRELATIVE           \u2013            
    •  
  •  R_386_IRELATIVE           \u2013            
    •  
  •  R_RISCV_IRELATIVE           \u2013            
    •  
  •  R_390_IRELATIVE           \u2013            
    •  
  •  R_ARM_IRELATIVE           \u2013            
    •  
  •  R_AARCH64_P32_IRELATIVE           \u2013            
    •  
  •  R_PPC_IRELATIVE           \u2013            
    •  
  •  R_PPC64_IRELATIVE           \u2013            
    •  
  •  R_SPARC_IRELATIVE           \u2013            
    •  
  •  R_AARCH64_IRELATIVE           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_RISCV_JUMP_SLOT","title":"R_RISCV_JUMP_SLOT  class-attribute instance-attribute","text":"
R_RISCV_JUMP_SLOT = 5\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_JUMP_SLOT","title":"R_X86_64_JUMP_SLOT  class-attribute instance-attribute","text":"
R_X86_64_JUMP_SLOT = 7\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_JMP_SLOT","title":"R_386_JMP_SLOT  class-attribute instance-attribute","text":"
R_386_JMP_SLOT = 7\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CRIS_JUMP_SLOT","title":"R_CRIS_JUMP_SLOT  class-attribute instance-attribute","text":"
R_CRIS_JUMP_SLOT = 11\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_JMP_SLOT","title":"R_390_JMP_SLOT  class-attribute instance-attribute","text":"
R_390_JMP_SLOT = 11\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CKCORE_JUMP_SLOT","title":"R_CKCORE_JUMP_SLOT  class-attribute instance-attribute","text":"
R_CKCORE_JUMP_SLOT = 12\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEPRO_JMP_SLOT","title":"R_TILEPRO_JMP_SLOT  class-attribute instance-attribute","text":"
R_TILEPRO_JMP_SLOT = 12\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MICROBLAZE_JUMP_SLOT","title":"R_MICROBLAZE_JUMP_SLOT  class-attribute instance-attribute","text":"
R_MICROBLAZE_JUMP_SLOT = 17\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEGX_JMP_SLOT","title":"R_TILEGX_JMP_SLOT  class-attribute instance-attribute","text":"
R_TILEGX_JMP_SLOT = 18\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_OR1K_JMP_SLOT","title":"R_OR1K_JMP_SLOT  class-attribute instance-attribute","text":"
R_OR1K_JMP_SLOT = 20\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_68K_JMP_SLOT","title":"R_68K_JMP_SLOT  class-attribute instance-attribute","text":"
R_68K_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_JMP_SLOT","title":"R_SPARC_JMP_SLOT  class-attribute instance-attribute","text":"
R_SPARC_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_JMP_SLOT","title":"R_PPC_JMP_SLOT  class-attribute instance-attribute","text":"
R_PPC_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_JMP_SLOT","title":"R_PPC64_JMP_SLOT  class-attribute instance-attribute","text":"
R_PPC64_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_JUMP_SLOT","title":"R_ARM_JUMP_SLOT  class-attribute instance-attribute","text":"
R_ARM_JUMP_SLOT = 22\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MN10300_JMP_SLOT","title":"R_MN10300_JMP_SLOT  class-attribute instance-attribute","text":"
R_MN10300_JMP_SLOT = 22\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ALPHA_JMP_SLOT","title":"R_ALPHA_JMP_SLOT  class-attribute instance-attribute","text":"
R_ALPHA_JMP_SLOT = 26\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NIOS2_JUMP_SLOT","title":"R_NIOS2_JUMP_SLOT  class-attribute instance-attribute","text":"
R_NIOS2_JUMP_SLOT = 38\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NDS32_JMP_SLOT","title":"R_NDS32_JMP_SLOT  class-attribute instance-attribute","text":"
R_NDS32_JMP_SLOT = 41\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_METAG_JMP_SLOT","title":"R_METAG_JMP_SLOT  class-attribute instance-attribute","text":"
R_METAG_JMP_SLOT = 44\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_M32R_JMP_SLOT","title":"R_M32R_JMP_SLOT  class-attribute instance-attribute","text":"
R_M32R_JMP_SLOT = 52\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARC_JMP_SLOT","title":"R_ARC_JMP_SLOT  class-attribute instance-attribute","text":"
R_ARC_JMP_SLOT = 55\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MIPS_JUMP_SLOT","title":"R_MIPS_JUMP_SLOT  class-attribute instance-attribute","text":"
R_MIPS_JUMP_SLOT = 127\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SH_JMP_SLOT","title":"R_SH_JMP_SLOT  class-attribute instance-attribute","text":"
R_SH_JMP_SLOT = 164\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_JUMP_SLOT","title":"R_AARCH64_JUMP_SLOT  class-attribute instance-attribute","text":"
R_AARCH64_JUMP_SLOT = 1026\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_IRELATIVE","title":"R_X86_64_IRELATIVE  class-attribute instance-attribute","text":"
R_X86_64_IRELATIVE = 37\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_IRELATIVE","title":"R_386_IRELATIVE  class-attribute instance-attribute","text":"
R_386_IRELATIVE = 42\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_RISCV_IRELATIVE","title":"R_RISCV_IRELATIVE  class-attribute instance-attribute","text":"
R_RISCV_IRELATIVE = 58\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_IRELATIVE","title":"R_390_IRELATIVE  class-attribute instance-attribute","text":"
R_390_IRELATIVE = 61\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_IRELATIVE","title":"R_ARM_IRELATIVE  class-attribute instance-attribute","text":"
R_ARM_IRELATIVE = 160\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_P32_IRELATIVE","title":"R_AARCH64_P32_IRELATIVE  class-attribute instance-attribute","text":"
R_AARCH64_P32_IRELATIVE = 188\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_IRELATIVE","title":"R_PPC_IRELATIVE  class-attribute instance-attribute","text":"
R_PPC_IRELATIVE = 248\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_IRELATIVE","title":"R_PPC64_IRELATIVE  class-attribute instance-attribute","text":"
R_PPC64_IRELATIVE = 248\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_IRELATIVE","title":"R_SPARC_IRELATIVE  class-attribute instance-attribute","text":"
R_SPARC_IRELATIVE = 249\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_IRELATIVE","title":"R_AARCH64_IRELATIVE  class-attribute instance-attribute","text":"
R_AARCH64_IRELATIVE = 1032\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator","title":"TrapAllocator","text":"
TrapAllocator()\n
 
Utility that allocates and manages executable addresses in the space of the executing program that we can trap.
 
Methods:
 
     
  •  alloc             \u2013              
    Allocates a new address to where program execution can be diverted.
     
    •  
  •  free             \u2013              
    Indicates that an address obtained from alloc() can be recycled.
     
    •  
  •  clear             \u2013              
    Deletes all memory mappings and frees all addresses.
     
    •  
 
Attributes:
 
     
  •  block_capacity           \u2013            
    •  
  •  slot_size           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.block_capacity","title":"block_capacity  class-attribute instance-attribute","text":"
block_capacity = 4096\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.slot_size","title":"slot_size  class-attribute instance-attribute","text":"
slot_size = 8\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.alloc","title":"alloc","text":"
alloc()\n
 
Allocates a new address to where program execution can be diverted.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.free","title":"free","text":"
free(address) -> None\n
 
Indicates that an address obtained from alloc() can be recycled.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.clear","title":"clear","text":"
clear()\n
 
Deletes all memory mappings and frees all addresses.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher","title":"Patcher","text":"
Patcher(entry, tracker)\n
 
               Bases: Breakpoint
 
Watches for changes made by program code to the GOT and fixes them up.
 
This class is paired with Tracker, and instances of both classes always function together.
 
Methods:
 
     
  •  should_stop             \u2013              
    •  
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  silent           \u2013            
    •  
  •  entry           \u2013            
    •  
  •  tracker           \u2013            
    •  
  •  init           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.silent","title":"silent  instance-attribute","text":"
silent = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.entry","title":"entry  class-attribute instance-attribute","text":"
entry = entry\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.tracker","title":"tracker  class-attribute instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.init","title":"init  instance-attribute","text":"
init = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.should_stop","title":"should_stop","text":"
should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker","title":"Tracker","text":"
Tracker()\n
 
               Bases: Breakpoint
 
Class that tracks the accesses made to the entries in the GOT.
 
This class is paired with Patcher, and instances of both classes always function together.
 
Methods:
 
     
  •  delete             \u2013              
    •  
  •  should_stop             \u2013              
    •  
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  total_hits           \u2013            
    •  
  •  target           \u2013            
    •  
  •  dynamic_section           \u2013            
    •  
  •  relocation_fn           \u2013            
    •  
  •  relocation_index           \u2013            
    •  
  •  link_map_entry           \u2013            
    •  
  •  trapped_address           \u2013            
    •  
  •  hits               (dict[tuple[int, ...], int])           \u2013            
    •  
  •  silent           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.total_hits","title":"total_hits  class-attribute instance-attribute","text":"
total_hits = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.target","title":"target  class-attribute instance-attribute","text":"
target = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.dynamic_section","title":"dynamic_section  class-attribute instance-attribute","text":"
dynamic_section = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_fn","title":"relocation_fn  class-attribute instance-attribute","text":"
relocation_fn = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_index","title":"relocation_index  class-attribute instance-attribute","text":"
relocation_index = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.link_map_entry","title":"link_map_entry  class-attribute instance-attribute","text":"
link_map_entry = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.trapped_address","title":"trapped_address  class-attribute instance-attribute","text":"
trapped_address = alloc()\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.hits","title":"hits  class-attribute instance-attribute","text":"
hits: dict[tuple[int, ...], int] = {}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.silent","title":"silent  instance-attribute","text":"
silent = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.delete","title":"delete","text":"
delete() -> None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.should_stop","title":"should_stop","text":"
should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.is_mmap_error","title":"is_mmap_error","text":"
is_mmap_error(ptr: int)\n
 
Checks whether the return value of an mmap of indicates an error.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.display_name","title":"display_name","text":"
display_name(name, basename=False)\n
 
Return the display name for a symbol or objfile.
 
Ideally, we'd like to display all of the names of the symbols as text, but there is really nothing stopping symbol names from being stored in some fairly wacky encoding or really from having names that aren't text at all.
 
We should try our best to turn whatever the symbol name is into text, but not so much that non-text entries or entries in unknown encodings become unrecognizable.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.all_tracked_entries","title":"all_tracked_entries","text":"
all_tracked_entries()\n
 
Return an iterator over all of the GOT whose accesses are being tracked.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.tracked_entry_by_address","title":"tracked_entry_by_address","text":"
tracked_entry_by_address(address)\n
 
Return the tracker associated with the entry at the given address, if any.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.enable_got_call_tracking","title":"enable_got_call_tracking","text":"
enable_got_call_tracking(disable_hardware_whatchpoints=True) -> None\n
 
Enable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.disable_got_call_tracking","title":"disable_got_call_tracking","text":"
disable_got_call_tracking() -> None\n
 
Disable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.jump_slots_for","title":"jump_slots_for","text":"
jump_slots_for(dynamic)\n
 
Returns the jump slot addresses described by the given dynamic section.
"},{"location":"reference/pwndbg/gdblib/hooks/","title":"hooks","text":""},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks","title":"hooks","text":"
Functions:
 
     
  •  update_typeinfo             \u2013              
    •  
  •  update_arch             \u2013              
    •  
  •  reset_config             \u2013              
    •  
  •  on_start             \u2013              
    •  
  •  on_stop             \u2013              
    •  
  •  on_exit             \u2013              
    •  
  •  init             \u2013              
    Calls all GDB hook functions that need to be called when GDB/pwndbg
     
    •  
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.update_typeinfo","title":"update_typeinfo","text":"
update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.update_arch","title":"update_arch","text":"
update_arch() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.reset_config","title":"reset_config","text":"
reset_config() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_start","title":"on_start","text":"
on_start() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_stop","title":"on_stop","text":"
on_stop() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_exit","title":"on_exit","text":"
on_exit() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.init","title":"init","text":"
init() -> None\n
 
Calls all GDB hook functions that need to be called when GDB/pwndbg itself is loaded, as opposed to when an actual hook event occurs
"},{"location":"reference/pwndbg/gdblib/info/","title":"info","text":""},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info","title":"info","text":"
Runs a few useful commands which are available under \"info\".
 
Functions:
 
     
  •  proc_mappings             \u2013              
    •  
  •  auxv             \u2013              
    •  
  •  files             \u2013              
    •  
  •  target             \u2013              
    •  
  •  sharedlibrary             \u2013              
    •  
  •  parsed_sharedlibrary             \u2013              
    Returns a dictionary of shared libraries with their .text section from and to addresses.
     
    •  
  •  sharedlibrary_paths             \u2013              
    Get the paths of all shared libraries loaded in the process by parsing the output of \"info sharedlibrary\".
     
    •  
  •  address             \u2013              
    •  
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.proc_mappings","title":"proc_mappings","text":"
proc_mappings() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.auxv","title":"auxv","text":"
auxv() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.files","title":"files","text":"
files() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.target","title":"target","text":"
target() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary","title":"sharedlibrary","text":"
sharedlibrary() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.parsed_sharedlibrary","title":"parsed_sharedlibrary","text":"
parsed_sharedlibrary() -> dict[str, tuple[int, int]]\n
 
Returns a dictionary of shared libraries with their .text section from and to addresses.
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary_paths","title":"sharedlibrary_paths","text":"
sharedlibrary_paths() -> list[str]\n
 
Get the paths of all shared libraries loaded in the process by parsing the output of \"info sharedlibrary\".
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.address","title":"address","text":"
address(symbol: str) -> int | None\n
"},{"location":"reference/pwndbg/gdblib/prompt/","title":"prompt","text":""},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt","title":"prompt","text":"
Functions:
 
     
  •  initial_hook             \u2013              
    •  
  •  show_hint             \u2013              
    •  
  •  thread_is_stopped             \u2013              
    This detects whether selected thread is stopped.
     
    •  
  •  prompt_hook             \u2013              
    •  
  •  reset_context_shown             \u2013              
    •  
  •  set_prompt             \u2013              
    •  
 
Attributes:
 
     
  •  show_tip           \u2013            
    •  
  •  cur               (tuple[Inferior, InferiorThread] | None)           \u2013            
    •  
  •  context_shown           \u2013            
    •  
  •  last_alive_state           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.show_tip","title":"show_tip  module-attribute","text":"
show_tip = add_param(\n    \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.cur","title":"cur  module-attribute","text":"
cur: tuple[Inferior, InferiorThread] | None = None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.context_shown","title":"context_shown  module-attribute","text":"
context_shown = False\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.last_alive_state","title":"last_alive_state  module-attribute","text":"
last_alive_state = False\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.initial_hook","title":"initial_hook","text":"
initial_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.show_hint","title":"show_hint","text":"
show_hint() -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.thread_is_stopped","title":"thread_is_stopped","text":"
thread_is_stopped() -> bool\n
 
This detects whether selected thread is stopped. It is not stopped in situations when gdb is executing commands that are attached to a breakpoint by command command.
 
For more info see issue #229 ( #299 ) :return: Whether gdb executes commands attached to bp with command command.
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.prompt_hook","title":"prompt_hook","text":"
prompt_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.reset_context_shown","title":"reset_context_shown","text":"
reset_context_shown(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.set_prompt","title":"set_prompt","text":"
set_prompt() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/","title":"ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"
Heap Tracking
 
This module implements runtime tracking of the heap, allowing pwndbg to detect heap related misbehavior coming from an inferior in real time, which lets us catch UAF bugs, double frees (and more), and report them to the user.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--approach","title":"Approach","text":"
The approach used starting with using breakpoints to hook into the following libc symbols: malloc, free, calloc, and realloc. Each hook has a reference to a shared instance of the Tracker class, which is responsible for handling the tracking of the chunks of memory from the heap.
 
The tracker keeps two sorted maps of chunks, for freed and in use chunks, keyed by their base address. Newly allocated chunks are added to the map of in use chunks right before an allocating call returns, and newly freed chunks are moved from the map of in use chunks to the map of free ones right before a freeing call returns. The tracker is also responsible for installing watchpoints for free chunks when they're added to the free chunk map and deleting them when their corresponding chunks are removed from the map.
 
Additionally, because going through the data structures inside of libc to determine whether a chunk is free or not is, more often than not, a fairly slow operation, this module will only do so when it determines its view of the chunks has diverged from the one in libc in a way that would affect behavior. When such a diffence is detected, this module will rebuild the chunk maps in the range it determines to have been affected.
 
Currently, the way it does this is by deleting and querying from libc the new status of all chunks that overlap the region of a new allocation when it detects that allocation overlaps chunks it previously considered free.
 
This approach lets us avoid a lot of the following linked lists that comes with trying to answer the allocation status of a chunk, by keeping at hand as much known-good information as possible about them. Keep in mind that, although it is much faster than going to libc every time we need to know the allocation status of a chunk, this approach does have drawbacks when it comes to memory usage.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--compatibility","title":"Compatibility","text":"
Currently module assumes the inferior is using GLibc.
 
There are points along the code in this module where the assumptions it makes are explicitly documented and checked to be valid for the current inferior, so that it may be immediately clear to the user that something has gone wrong if they happen to not be valid. However, be aware that there may be assumptions that were not made explicit.
 
Classes:
 
     
  •  FreeChunkWatchpoint           \u2013            
    •  
  •  AllocChunkWatchpoint           \u2013            
    •  
  •  Chunk           \u2013            
    •  
  •  Tracker           \u2013            
    •  
  •  MallocEnterBreakpoint           \u2013            
    •  
  •  CallocEnterBreakpoint           \u2013            
    •  
  •  AllocExitBreakpoint           \u2013            
    •  
  •  ReallocEnterBreakpoint           \u2013            
    •  
  •  ReallocExitBreakpoint           \u2013            
    •  
  •  FreeEnterBreakpoint           \u2013            
    •  
  •  FreeExitBreakpoint           \u2013            
    •  
 
Functions:
 
     
  •  is_enabled             \u2013              
    Whether the heap tracker in enabled.
     
    •  
  •  resolve_address             \u2013              
    Checks whether a given symbol is available and part of libc, and returns its
     
    •  
  •  get_chunk             \u2013              
    Reads a chunk from a given address.
     
    •  
  •  in_program_code_stack             \u2013              
    •  
  •  install             \u2013              
    •  
  •  uninstall             \u2013              
    •  
 
Attributes:
 
     
  •  LIBC_NAME           \u2013            
    •  
  •  MALLOC_NAME           \u2013            
    •  
  •  CALLOC_NAME           \u2013            
    •  
  •  REALLOC_NAME           \u2013            
    •  
  •  FREE_NAME           \u2013            
    •  
  •  last_issue               (str | None)           \u2013            
    •  
  •  PRINT_DEBUG           \u2013            
    •  
  •  PTRS_COLORS           \u2013            
    •  
  •  DEFERED_DELETE               (list[Breakpoint])           \u2013            
    •  
  •  malloc_enter           \u2013            
    •  
  •  calloc_enter           \u2013            
    •  
  •  realloc_enter           \u2013            
    •  
  •  free_enter           \u2013            
    •  
  •  stop_on_error           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.LIBC_NAME","title":"LIBC_NAME  module-attribute","text":"
LIBC_NAME = 'libc.so.6'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MALLOC_NAME","title":"MALLOC_NAME  module-attribute","text":"
MALLOC_NAME = 'malloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CALLOC_NAME","title":"CALLOC_NAME  module-attribute","text":"
CALLOC_NAME = 'calloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.REALLOC_NAME","title":"REALLOC_NAME  module-attribute","text":"
REALLOC_NAME = 'realloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FREE_NAME","title":"FREE_NAME  module-attribute","text":"
FREE_NAME = 'free'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.last_issue","title":"last_issue  module-attribute","text":"
last_issue: str | None = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.PRINT_DEBUG","title":"PRINT_DEBUG  module-attribute","text":"
PRINT_DEBUG = False\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.PTRS_COLORS","title":"PTRS_COLORS  module-attribute","text":"
PTRS_COLORS = (\n    red,\n    green,\n    yellow,\n    blue,\n    purple,\n    cyan,\n    light_gray,\n    gray,\n    light_red,\n    light_green,\n    light_yellow,\n    light_blue,\n    light_purple,\n    light_cyan,\n)\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.DEFERED_DELETE","title":"DEFERED_DELETE  module-attribute","text":"
DEFERED_DELETE: list[Breakpoint] = []\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.malloc_enter","title":"malloc_enter  module-attribute","text":"
malloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.calloc_enter","title":"calloc_enter  module-attribute","text":"
calloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.realloc_enter","title":"realloc_enter  module-attribute","text":"
realloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.free_enter","title":"free_enter  module-attribute","text":"
free_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.stop_on_error","title":"stop_on_error  module-attribute","text":"
stop_on_error = True\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint","title":"FreeChunkWatchpoint","text":"
FreeChunkWatchpoint(chunk: Chunk, tracker: Tracker)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  chunk           \u2013            
    •  
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.chunk","title":"chunk  instance-attribute","text":"
chunk = chunk\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.stop","title":"stop","text":"
stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint","title":"AllocChunkWatchpoint","text":"
AllocChunkWatchpoint(chunk: Chunk)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  chunk           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint.chunk","title":"chunk  instance-attribute","text":"
chunk = chunk\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk","title":"Chunk","text":"
Chunk(address: int, size: int, requested_size: int, flags: int)\n
 
Attributes:
 
     
  •  address           \u2013            
    •  
  •  size           \u2013            
    •  
  •  requested_size           \u2013            
    •  
  •  flags           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.size","title":"size  instance-attribute","text":"
size = size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.requested_size","title":"requested_size  instance-attribute","text":"
requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.flags","title":"flags  instance-attribute","text":"
flags = flags\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker","title":"Tracker","text":"
Tracker()\n
 
Methods:
 
     
  •  is_performing_memory_management             \u2013              
    •  
  •  enter_memory_management             \u2013              
    •  
  •  exit_memory_management             \u2013              
    •  
  •  colorize_ptr             \u2013              
    Returns colored string of the provided pointer/address
     
    •  
  •  malloc             \u2013              
    •  
  •  free             \u2013              
    •  
 
Attributes:
 
     
  •  free_chunks               (SortedDict[int, Chunk])           \u2013            
    •  
  •  alloc_chunks               (SortedDict[int, Chunk])           \u2013            
    •  
  •  free_watchpoints               (dict[int, FreeChunkWatchpoint])           \u2013            
    •  
  •  memory_management_calls               (dict[int, bool])           \u2013            
    •  
  •  colorized_heap_ptrs               (dict[int, str])           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free_chunks","title":"free_chunks  instance-attribute","text":"
free_chunks: SortedDict[int, Chunk] = SortedDict()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.alloc_chunks","title":"alloc_chunks  instance-attribute","text":"
alloc_chunks: SortedDict[int, Chunk] = SortedDict()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free_watchpoints","title":"free_watchpoints  instance-attribute","text":"
free_watchpoints: dict[int, FreeChunkWatchpoint] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.memory_management_calls","title":"memory_management_calls  instance-attribute","text":"
memory_management_calls: dict[int, bool] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.colorized_heap_ptrs","title":"colorized_heap_ptrs  instance-attribute","text":"
colorized_heap_ptrs: dict[int, str] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.is_performing_memory_management","title":"is_performing_memory_management","text":"
is_performing_memory_management()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.enter_memory_management","title":"enter_memory_management","text":"
enter_memory_management(name: str) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.exit_memory_management","title":"exit_memory_management","text":"
exit_memory_management() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.colorize_ptr","title":"colorize_ptr","text":"
colorize_ptr(ptr: int) -> str\n
 
Returns colored string of the provided pointer/address
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.malloc","title":"malloc","text":"
malloc(chunk: Chunk) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free","title":"free","text":"
free(address: int) -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint","title":"MallocEnterBreakpoint","text":"
MallocEnterBreakpoint(address, tracker)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint","title":"CallocEnterBreakpoint","text":"
CallocEnterBreakpoint(address, tracker)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint","title":"AllocExitBreakpoint","text":"
AllocExitBreakpoint(tracker, requested_size, name)\n
 
               Bases: FinishBreakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
  •  out_of_scope             \u2013              
    •  
 
Attributes:
 
     
  •  requested_size           \u2013            
    •  
  •  tracker           \u2013            
    •  
  •  name           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.requested_size","title":"requested_size  instance-attribute","text":"
requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.name","title":"name  instance-attribute","text":"
name = name\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"
out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint","title":"ReallocEnterBreakpoint","text":"
ReallocEnterBreakpoint(address, tracker)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint","title":"ReallocExitBreakpoint","text":"
ReallocExitBreakpoint(tracker, freed_ptr, requested_size)\n
 
               Bases: FinishBreakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
  •  out_of_scope             \u2013              
    •  
 
Attributes:
 
     
  •  freed_ptr           \u2013            
    •  
  •  freed_str           \u2013            
    •  
  •  requested_size           \u2013            
    •  
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.freed_ptr","title":"freed_ptr  instance-attribute","text":"
freed_ptr = freed_ptr\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.freed_str","title":"freed_str  instance-attribute","text":"
freed_str = colorize_ptr(freed_ptr)\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.requested_size","title":"requested_size  instance-attribute","text":"
requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.stop","title":"stop","text":"
stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"
out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint","title":"FreeEnterBreakpoint","text":"
FreeEnterBreakpoint(address, tracker)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint","title":"FreeExitBreakpoint","text":"
FreeExitBreakpoint(tracker, ptr)\n
 
               Bases: FinishBreakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
  •  out_of_scope             \u2013              
    •  
 
Attributes:
 
     
  •  ptr           \u2013            
    •  
  •  ptr_str           \u2013            
    •  
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.ptr","title":"ptr  instance-attribute","text":"
ptr = ptr\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.ptr_str","title":"ptr_str  instance-attribute","text":"
ptr_str = colorize_ptr(ptr)\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.stop","title":"stop","text":"
stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.out_of_scope","title":"out_of_scope","text":"
out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.is_enabled","title":"is_enabled","text":"
is_enabled() -> bool\n
 
Whether the heap tracker in enabled.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.resolve_address","title":"resolve_address","text":"
resolve_address(name: str) -> int | None\n
 
Checks whether a given symbol is available and part of libc, and returns its address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.get_chunk","title":"get_chunk","text":"
get_chunk(address, requested_size)\n
 
Reads a chunk from a given address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.in_program_code_stack","title":"in_program_code_stack","text":"
in_program_code_stack() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.install","title":"install","text":"
install(disable_hardware_watchpoints=True) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.uninstall","title":"uninstall","text":"
uninstall() -> None\n
"},{"location":"reference/pwndbg/gdblib/scheduler/","title":"scheduler","text":""},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler","title":"scheduler","text":"
Functions:
 
     
  •  lock_scheduler             \u2013              
    This context manager can be used to run GDB commands with threads scheduling
     
    •  
  •  parse_and_eval_with_scheduler_lock             \u2013              
    •  
"},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler.lock_scheduler","title":"lock_scheduler","text":"
lock_scheduler() -> Iterator[None]\n
 
This context manager can be used to run GDB commands with threads scheduling being locked which means that other threads will be stopped during execution.
 
This is useful to prevent bugs where e.g.: gdb.parse_and_eval(\"(int)foo()\") would execute foo() on the current debugee thread but would also unlock other threads for being executed and those other threads may for example hit a breakpoint we set previously which would be confusing for the user.
 
See also: https://sourceware.org/gdb/onlinedocs/gdb/All_002dStop-Mode.html
"},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler.parse_and_eval_with_scheduler_lock","title":"parse_and_eval_with_scheduler_lock","text":"
parse_and_eval_with_scheduler_lock(expr: str) -> Value\n
"},{"location":"reference/pwndbg/gdblib/shellcode/","title":"shellcode","text":""},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode","title":"shellcode","text":"
Shellcode
 
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
 
Functions:
 
     
  •  exec_syscall             \u2013              
    Tries executing the given syscall in the context of the inferior.
     
    •  
  •  exec_shellcode             \u2013              
    Tries executing the given blob of machine code in the current context of the
     
    •  
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_syscall","title":"exec_syscall","text":"
exec_syscall(\n    syscall,\n    arg0=None,\n    arg1=None,\n    arg2=None,\n    arg3=None,\n    arg4=None,\n    arg5=None,\n    arg6=None,\n    disable_breakpoints=False,\n)\n
 
Tries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode","title":"exec_shellcode","text":"
exec_shellcode(\n    blob, restore_context=True, capture=None, disable_breakpoints=False\n)\n
 
Tries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
 
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode--safety","title":"Safety","text":"
Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/gdblib/symbol/","title":"symbol","text":""},{"location":"reference/pwndbg/gdblib/symbol/#pwndbg.gdblib.symbol","title":"symbol","text":"
Looking up addresses for function names / symbols, and vice-versa.
 
Uses IDA when available if there isn't sufficient symbol information available.
 
Functions:
 
     
  •  selected_frame_source_absolute_filename             \u2013              
    Retrieve the symbol table\u2019s source absolute file name from the selected frame.
     
    •  
"},{"location":"reference/pwndbg/gdblib/symbol/#pwndbg.gdblib.symbol.selected_frame_source_absolute_filename","title":"selected_frame_source_absolute_filename","text":"
selected_frame_source_absolute_filename()\n
 
Retrieve the symbol table\u2019s source absolute file name from the selected frame.
 
In case of missing symbol table or frame information, None is returned.
"},{"location":"reference/pwndbg/gdblib/tui/","title":"tui","text":""},{"location":"reference/pwndbg/gdblib/tui/#pwndbg.gdblib.tui","title":"tui","text":"
Modules:
 
     
  •  context           \u2013            
    •  
  •  control           \u2013            
    •  
 
Functions:
 
     
  •  setup             \u2013              
    •  
"},{"location":"reference/pwndbg/gdblib/tui/#pwndbg.gdblib.tui.setup","title":"setup","text":"
setup() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/","title":"context","text":""},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context","title":"context","text":"
Classes:
 
     
  •  ContextTUIWindow           \u2013            
    •  
 
Attributes:
 
     
  •  sections           \u2013            
    •  
  •  target_func               (Callable[..., _Window])           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.sections","title":"sections  module-attribute","text":"
sections = ['legend'] + [(replace('context_', '')) for section in (values())]\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.target_func","title":"target_func  module-attribute","text":"
target_func: Callable[..., _Window] = (\n    lambda window, section_name=section_name: ContextTUIWindow(\n        window, section_name\n    )\n)\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow","title":"ContextTUIWindow","text":"
ContextTUIWindow(tui_window: 'gdb.TuiWindow', section: str)\n
 
Methods:
 
     
  •  close             \u2013              
    •  
  •  render             \u2013              
    •  
  •  hscroll             \u2013              
    •  
  •  vscroll             \u2013              
    •  
  •  click             \u2013              
    •  
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.___ansi_substr","title":"___ansi_substr  class-attribute instance-attribute","text":"
___ansi_substr = _ansi_substr\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.close","title":"close","text":"
close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.render","title":"render","text":"
render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.hscroll","title":"hscroll","text":"
hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.vscroll","title":"vscroll","text":"
vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.click","title":"click","text":"
click(x: int, y: int, button: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/","title":"control","text":""},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control","title":"control","text":"
Classes:
 
     
  •  ControlTUIWindow           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow","title":"ControlTUIWindow","text":"
ControlTUIWindow(tui_window: 'gdb.TuiWindow')\n
 
Methods:
 
     
  •  close             \u2013              
    •  
  •  render             \u2013              
    •  
  •  hscroll             \u2013              
    •  
  •  vscroll             \u2013              
    •  
  •  click             \u2013              
    •  
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.close","title":"close","text":"
close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.render","title":"render","text":"
render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.hscroll","title":"hscroll","text":"
hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.vscroll","title":"vscroll","text":"
vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.click","title":"click","text":"
click(x: int, y: int, button: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/vmmap/","title":"vmmap","text":""},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap","title":"vmmap","text":"
Routines to enumerate mapped memory, and attempt to associate address ranges with various ELF files and permissions.
 
The reason that we need robustness is that not every operating system has /proc/$$/maps, which backs 'info proc mapping'.
 
Functions:
 
     
  •  is_corefile             \u2013              
    For example output use:
     
    •  
  •  get_known_maps             \u2013              
    Similar to vmmap.get(), except only returns maps in cases where
     
    •  
  •  coredump_maps             \u2013              
    Parses info proc mappings and maintenance info sections
     
    •  
  •  parse_info_proc_mappings_line             \u2013              
    Parse a line from info proc mappings and return a pwndbg.lib.memory.Page
     
    •  
  •  info_proc_maps             \u2013              
    Parse the result of info proc mappings.
     
    •  
  •  proc_tid_maps             \u2013              
    Parse the contents of /proc/$TID/maps on the server.
     
    •  
  •  info_sharedlibrary             \u2013              
    Parses the output of info sharedlibrary.
     
    •  
  •  info_files             \u2013              
    •  
  •  info_auxv             \u2013              
    Extracts the name of the executable from the output of the command
     
    •  
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.is_corefile","title":"is_corefile","text":"
is_corefile() -> bool\n
 For example output use 
gdb ./tests/binaries/crash_simple.out -ex run -ex 'generate-core-file ./core' -ex 'quit'
 And then use 
gdb ./tests/binaries/crash_simple.out -core ./core -ex 'info target'
 
And:     gdb -core ./core
 
As the two differ in output slighty.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.get_known_maps","title":"get_known_maps","text":"
get_known_maps() -> tuple[Page, ...] | None\n
 
Similar to vmmap.get(), except only returns maps in cases where the mappings are known, like if it's a coredump, or if process mappings are available.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.coredump_maps","title":"coredump_maps","text":"
coredump_maps() -> tuple[Page, ...]\n
 
Parses info proc mappings and maintenance info sections and tries to make sense out of the result :)
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.parse_info_proc_mappings_line","title":"parse_info_proc_mappings_line","text":"
parse_info_proc_mappings_line(\n    line: str, perms_available: bool, parse_flags: bool\n) -> Page | None\n
 
Parse a line from info proc mappings and return a pwndbg.lib.memory.Page object if the line is valid.
 Example lines 
0x4c3000           0x4c5000     0x2000    0xc2000  rw-p   /root/hello_world/main 0x4c5000           0x4cb000     0x6000        0x0  rw-p
 
The objfile column might be empty, and the permissions column is only present in GDB versions >= 12.1 bminor/binutils-gdb@29ef4c0
 
Parameters:
 
     
  •  line               (str)           \u2013            
    A line from info proc mappings.
     
    •  
 
Returns:
 
     
  •  Page | None           \u2013            
    A pwndbg.lib.memory.Page object or None.
     
    •  
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_proc_maps","title":"info_proc_maps","text":"
info_proc_maps(parse_flags=True) -> tuple[Page, ...]\n
 
Parse the result of info proc mappings.
 
Example output:
 
    Start Addr           End Addr       Size     Offset  Perms  objfile\n      0x400000           0x401000     0x1000        0x0  r--p   /root/hello_world/main\n      0x401000           0x497000    0x96000     0x1000  r-xp   /root/hello_world/main\n      0x497000           0x4be000    0x27000    0x97000  r--p   /root/hello_world/main\n      0x4be000           0x4c3000     0x5000    0xbd000  r--p   /root/hello_world/main\n      0x4c3000           0x4c5000     0x2000    0xc2000  rw-p   /root/hello_world/main\n      0x4c5000           0x4cb000     0x6000        0x0  rw-p\n      0x4cb000           0x4ed000    0x22000        0x0  rw-p   [heap]\n0x7ffff7ff9000     0x7ffff7ffd000     0x4000        0x0  r--p   [vvar]\n0x7ffff7ffd000     0x7ffff7fff000     0x2000        0x0  r-xp   [vdso]\n0x7ffffffde000     0x7ffffffff000    0x21000        0x0  rw-p   [stack]\n
 
0xffffffffff600000 0xffffffffff601000     0x1000        0x0  --xp   [vsyscall]
 
Note: this may return no pages due to a bug/behavior of GDB. See https://sourceware.org/bugzilla/show_bug.cgi?id=31207 for more information.
 
Returns:
 
     
  •  Page           \u2013            
    A tuple of pwndbg.lib.memory.Page objects or an empty tuple if
     
    •  
  •  ...           \u2013            
    info proc mapping is not supported on the target.
     
    •  
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.proc_tid_maps","title":"proc_tid_maps","text":"
proc_tid_maps() -> tuple[Page, ...] | None\n
 
Parse the contents of /proc/$TID/maps on the server. (TID == Thread Identifier. We do not use PID since it may not be correct)
 
Returns:
 
     
  •  tuple[Page, ...] | None           \u2013            
    A tuple of pwndbg.lib.memory.Page objects or None if
     
    •  
  •  tuple[Page, ...] | None           \u2013            
    /proc/$tid/maps doesn't exist or when we debug a qemu-user target
     
    •  
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_sharedlibrary","title":"info_sharedlibrary","text":"
info_sharedlibrary() -> tuple[Page, ...]\n
 
Parses the output of info sharedlibrary.
 
Specifically, all we really want is any valid pointer into each library, and the path to the library on disk.
 
With this information, we can use the ELF parser to get all of the page permissions for every mapped page in the ELF.
 
Returns:
 
     
  •  tuple[Page, ...]           \u2013            
    A list of pwndbg.lib.memory.Page objects.
     
    •  
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_files","title":"info_files","text":"
info_files() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_auxv","title":"info_auxv","text":"
info_auxv(skip_exe: bool = False) -> tuple[Page, ...]\n
 
Extracts the name of the executable from the output of the command \"info auxv\". Note that if the executable path is a symlink, it is not dereferenced by info auxv and we also don't dereference it.
 
Parameters:
 
     
  •  skip_exe               (bool, default:                   False )           \u2013            
    Do not return any mappings that belong to the exe.
     
    •  
 
Returns:
 
     
  •  tuple[Page, ...]           \u2013            
    A list of pwndbg.lib.memory.Page objects.
     
    •  
"},{"location":"reference/pwndbg/ghidra/","title":"ghidra","text":""},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra","title":"ghidra","text":"
Ghidra integration.
 
Functions:
 
     
  •  decompile             \u2013              
    Return the source of the given function decompiled by ghidra.
     
    •  
 
Attributes:
 
     
  •  decompiler           \u2013            
    •  
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.decompiler","title":"decompiler  module-attribute","text":"
decompiler = add_param(\n    \"decompiler\",\n    \"radare2\",\n    \"framework that your ghidra plugin installed\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"radare2\", \"rizin\"],\n)\n
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.decompile","title":"decompile","text":"
decompile(func=None)\n
 
Return the source of the given function decompiled by ghidra.
 
If no function is given, decompile the function within the current pc. This function requires radare2, r2pipe and r2ghidra, or their related rizin counterparts.
 
Raises Exception if any fatal error occurs.
"},{"location":"reference/pwndbg/glibc/","title":"glibc","text":""},{"location":"reference/pwndbg/glibc/#pwndbg.glibc","title":"glibc","text":"
Get information about the GLibc
 
Functions:
 
     
  •  set_glibc_version             \u2013              
    •  
  •  get_version             \u2013              
    •  
  •  get_libc_filename_from_info_sharedlibrary             \u2013              
    Get the filename of the libc by parsing the output of info sharedlibrary.
     
    •  
  •  dump_elf_data_section             \u2013              
    Dump .data section of libc ELF file
     
    •  
  •  dump_relocations_by_section_name             \u2013              
    Dump relocations of a section by section name of libc ELF file
     
    •  
  •  get_section_address_by_name             \u2013              
    Find section address of libc by section name
     
    •  
  •  OnlyWhenGlibcLoaded             \u2013              
    •  
  •  check_safe_linking             \u2013              
    Safe-linking is a glibc 2.32 mitigation; see:
     
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  safe_lnk           \u2013            
    •  
  •  glibc_version           \u2013            
    •  
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.safe_lnk","title":"safe_lnk  module-attribute","text":"
safe_lnk = add_param(\n    \"safe-linking\",\n    None,\n    \"whether glibc uses safe-linking\",\n    param_class=PARAM_AUTO_BOOLEAN,\n)\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.glibc_version","title":"glibc_version  module-attribute","text":"
glibc_version = add_param(\n    \"glibc\",\n    \"\",\n    \"glibc version for heap heuristics resolution (e.g. 2.31)\",\n    scope=heap,\n)\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.set_glibc_version","title":"set_glibc_version","text":"
set_glibc_version() -> None\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_version","title":"get_version","text":"
get_version() -> tuple[int, ...] | None\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_libc_filename_from_info_sharedlibrary","title":"get_libc_filename_from_info_sharedlibrary","text":"
get_libc_filename_from_info_sharedlibrary() -> str | None\n
 
Get the filename of the libc by parsing the output of info sharedlibrary.
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_elf_data_section","title":"dump_elf_data_section","text":"
dump_elf_data_section() -> tuple[int, int, bytes] | None\n
 
Dump .data section of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"
dump_relocations_by_section_name(\n    section_name: str,\n) -> tuple[Relocation, ...] | None\n
 
Dump relocations of a section by section name of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_section_address_by_name","title":"get_section_address_by_name","text":"
get_section_address_by_name(section_name: str) -> int\n
 
Find section address of libc by section name
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.OnlyWhenGlibcLoaded","title":"OnlyWhenGlibcLoaded","text":"
OnlyWhenGlibcLoaded(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.check_safe_linking","title":"check_safe_linking","text":"
check_safe_linking() -> bool\n
 
Safe-linking is a glibc 2.32 mitigation; see: - https://lanph3re.blogspot.com/2020/08/blog-post.html - https://research.checkpoint.com/2020/safe-linking-eliminating-a-20-year-old-malloc-exploit-primitive/
"},{"location":"reference/pwndbg/hexdump/","title":"hexdump","text":""},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump","title":"hexdump","text":"
Hexdump implementation, ~= stolen from pwntools.
 
Functions:
 
     
  •  groupby             \u2013              
    •  
  •  load_color_scheme             \u2013              
    •  
  •  hexdump             \u2013              
    •  
 
Attributes:
 
     
  •  color_scheme           \u2013            
    •  
  •  printable           \u2013            
    •  
  •  config_colorize_ascii           \u2013            
    •  
  •  config_separator           \u2013            
    •  
  •  config_byte_separator           \u2013            
    •  
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.color_scheme","title":"color_scheme  module-attribute","text":"
color_scheme = None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.printable","title":"printable  module-attribute","text":"
printable = None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_colorize_ascii","title":"config_colorize_ascii  module-attribute","text":"
config_colorize_ascii = add_param(\n    \"hexdump-colorize-ascii\",\n    True,\n    \"whether to colorize the hexdump command ascii section\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_separator","title":"config_separator  module-attribute","text":"
config_separator = add_param(\n    \"hexdump-ascii-block-separator\",\n    \"\u2502\",\n    \"block separator char of the hexdump command\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_byte_separator","title":"config_byte_separator  module-attribute","text":"
config_byte_separator = add_param(\n    \"hexdump-byte-separator\",\n    \" \",\n    \"separator of single bytes in hexdump (does NOT affect group separator)\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.groupby","title":"groupby","text":"
groupby(width: int, array, fill=None)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.load_color_scheme","title":"load_color_scheme","text":"
load_color_scheme() -> None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.hexdump","title":"hexdump","text":"
hexdump(\n    data: bytes,\n    address: int = 0,\n    width: int = 16,\n    group_width: int = 4,\n    flip_group_endianness: bool = False,\n    skip: bool = True,\n    offset: int = 0,\n    size: int = 0,\n    count: int = 0,\n    repeat: bool = False,\n    dX_call: bool = False,\n)\n
"},{"location":"reference/pwndbg/integration/","title":"integration","text":""},{"location":"reference/pwndbg/integration/#pwndbg.integration","title":"integration","text":"
Decompiler integration.
 
Modules:
 
     
  •  binja           \u2013            
    Talks to an XMLRPC server running inside of an active Binary Ninja instance,
     
    •  
  •  ida           \u2013            
    Talks to an XMLRPC server running inside of an active IDA Pro instance,
     
    •  
 
Classes:
 
     
  •  IntegrationProvider           \u2013            
    A class representing an integration that provides intelligence external to GDB.
     
    •  
  •  ConfigurableProvider           \u2013            
    A wrapper around an IntegrationProvider that skips calling functions if disabled in config.
     
    •  
 
Functions:
 
     
  •  set_provider             \u2013              
    Call this from provider-specific code whenever you establish a connection.
     
    •  
  •  unset_provider             \u2013              
    Call this from provider-specific code whenever a connection stops.
     
    •  
 
Attributes:
 
     
  •  provider_name           \u2013            
    •  
  •  symbol_lookup           \u2013            
    •  
  •  smart_enhance           \u2013            
    •  
  •  function_lookup           \u2013            
    •  
  •  provider               (IntegrationProvider)           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.provider_name","title":"provider_name  module-attribute","text":"
provider_name = add_param(\n    \"integration-provider\",\n    \"none\",\n    \"which provider to use for integration features\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"none\", \"binja\", \"ida\"],\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.symbol_lookup","title":"symbol_lookup  module-attribute","text":"
symbol_lookup = add_param(\n    \"integration-symbol-lookup\",\n    True,\n    \"whether to use integration to look up unknown symbols\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.smart_enhance","title":"smart_enhance  module-attribute","text":"
smart_enhance = add_param(\n    \"integration-smart-enhance\",\n    True,\n    \"use integration to determine when to disassemble during enhancing\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.function_lookup","title":"function_lookup  module-attribute","text":"
function_lookup = add_param(\n    \"integration-function-lookup\",\n    True,\n    \"use integration to look up function type signatures\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.provider","title":"provider  module-attribute","text":"
provider: IntegrationProvider = IntegrationProvider()\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider","title":"IntegrationProvider","text":"
A class representing an integration that provides intelligence external to GDB.
 
Methods:
 
     
  •  get_symbol             \u2013              
    Get a symbol at an address, or an offset from a symbol.
     
    •  
  •  get_versions             \u2013              
    Gets any version strings relevant to the integration,
     
    •  
  •  is_in_function             \u2013              
    Checks if integration thinks that an address is in a function,
     
    •  
  •  get_comment_lines             \u2013              
    Gets any comments attached to an instruction.
     
    •  
  •  decompile             \u2013              
    Decompiles the code near an address given a line count.
     
    •  
  •  get_func_type             \u2013              
    Gets the type signature of a function, used for argument labeling.
     
    •  
  •  get_stack_var_name             \u2013              
    Gets the name of a stack variable based on only the address of the variable.
     
    •  
  •  disable             \u2013              
    Notify the provider that it should disable itself.
     
    •  
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_symbol","title":"get_symbol","text":"
get_symbol(addr: int) -> str | None\n
 
Get a symbol at an address, or an offset from a symbol.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_versions","title":"get_versions","text":"
get_versions() -> tuple[str, ...]\n
 
Gets any version strings relevant to the integration, which are used when displaying the version command.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.is_in_function","title":"is_in_function","text":"
is_in_function(addr: int) -> bool\n
 
Checks if integration thinks that an address is in a function, which is used to determine if tel should try to disassemble something.
 
If uncertain, it's better to default to True than to False.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_comment_lines","title":"get_comment_lines","text":"
get_comment_lines(addr: int) -> list[str]\n
 
Gets any comments attached to an instruction.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.decompile","title":"decompile","text":"
decompile(addr: int, lines: int) -> list[str] | None\n
 
Decompiles the code near an address given a line count.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_func_type","title":"get_func_type","text":"
get_func_type(addr: int) -> Function | None\n
 
Gets the type signature of a function, used for argument labeling.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_stack_var_name","title":"get_stack_var_name","text":"
get_stack_var_name(addr: int) -> str | None\n
 
Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.disable","title":"disable","text":"
disable() -> None\n
 
Notify the provider that it should disable itself.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider","title":"ConfigurableProvider  dataclass","text":"
ConfigurableProvider(inner: IntegrationProvider)\n
 
               Bases: IntegrationProvider
 
A wrapper around an IntegrationProvider that skips calling functions if disabled in config.
 
Methods:
 
     
  •  get_symbol             \u2013              
    •  
  •  get_versions             \u2013              
    •  
  •  is_in_function             \u2013              
    •  
  •  get_comment_lines             \u2013              
    •  
  •  decompile             \u2013              
    •  
  •  get_func_type             \u2013              
    •  
  •  get_stack_var_name             \u2013              
    •  
  •  disable             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (IntegrationProvider)           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.inner","title":"inner  instance-attribute","text":"
inner: IntegrationProvider\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_symbol","title":"get_symbol","text":"
get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_versions","title":"get_versions","text":"
get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.is_in_function","title":"is_in_function","text":"
is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_comment_lines","title":"get_comment_lines","text":"
get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.decompile","title":"decompile","text":"
decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_func_type","title":"get_func_type","text":"
get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_stack_var_name","title":"get_stack_var_name","text":"
get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.disable","title":"disable","text":"
disable() -> None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.set_provider","title":"set_provider","text":"
set_provider(prov: IntegrationProvider) -> None\n
 
Call this from provider-specific code whenever you establish a connection.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.unset_provider","title":"unset_provider","text":"
unset_provider() -> None\n
 
Call this from provider-specific code whenever a connection stops.
"},{"location":"reference/pwndbg/integration/binja/","title":"binja","text":""},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja","title":"binja","text":"
Talks to an XMLRPC server running inside of an active Binary Ninja instance, in order to query it about the database. Allows symbol resolution and interactive debugging.
 
Classes:
 
     
  •  DarkTheme           \u2013            
    •  
  •  LightTheme           \u2013            
    •  
  •  BinjaProvider           \u2013            
    •  
 
Functions:
 
     
  •  binja_config_changed             \u2013              
    •  
  •  ensure_disabled             \u2013              
    •  
  •  try_init_bn_rpc_client             \u2013              
    Try to connect to the Binary Ninja RPC client.
     
    •  
  •  enabledBinja             \u2013              
    If we have a connection to binary ninja, call the function.
     
    •  
  •  establish_connection             \u2013              
    If we already had a connection, or succeed in creating a new one, return True.
     
    •  
  •  withBinja             \u2013              
    Try to connect to Binary Ninja before running the decorated function.
     
    •  
  •  l2r             \u2013              
    •  
  •  r2l             \u2013              
    •  
  •  base             \u2013              
    •  
  •  auto_update_pc             \u2013              
    •  
  •  auto_update_bp             \u2013              
    •  
  •  auto_clear_pc             \u2013              
    •  
  •  navigate_to             \u2013              
    •  
  •  bn_to_pygment_tok             \u2013              
    •  
  •  bn_to_pygment_theme             \u2013              
    •  
 
Attributes:
 
     
  •  bn_rpc_host           \u2013            
    •  
  •  bn_rpc_port           \u2013            
    •  
  •  bn_timeout           \u2013            
    •  
  •  bn_autosync           \u2013            
    •  
  •  bn_il_level           \u2013            
    •  
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  K           \u2013            
    •  
  •  themes           \u2013            
    •  
  •  style           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_rpc_host","title":"bn_rpc_host  module-attribute","text":"
bn_rpc_host = add_param(\n    \"bn-rpc-host\", \"127.0.0.1\", \"Binary Ninja XML-RPC server host\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_rpc_port","title":"bn_rpc_port  module-attribute","text":"
bn_rpc_port = add_param(\n    \"bn-rpc-port\", 43717, \"Binary Ninja XML-RPC server port\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_timeout","title":"bn_timeout  module-attribute","text":"
bn_timeout = add_param(\n    \"bn-timeout\", 2, \"time to wait for Binary Ninja XML-RPC, in seconds\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_autosync","title":"bn_autosync  module-attribute","text":"
bn_autosync = add_param(\n    \"bn-autosync\", False, \"whether to automatically run bn-sync every step\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_il_level","title":"bn_il_level  module-attribute","text":"
bn_il_level = add_param(\n    \"bn-il-level\",\n    \"hlil\",\n    \"the IL level to use when displaying Binary Ninja decompilation\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"disasm\", \"llil\", \"mlil\", \"hlil\"],\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.K","title":"K  module-attribute","text":"
K = TypeVar('K')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.themes","title":"themes  module-attribute","text":"
themes = {}\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.style","title":"style  module-attribute","text":"
style = add_param(\n    \"bn-decomp-style\",\n    \"dark\",\n    \"decompilation highlight theme for Binary Ninja\",\n    param_class=PARAM_ENUM,\n    enum_sequence=list(keys()),\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.DarkTheme","title":"DarkTheme","text":"
               Bases: Style
 
Attributes:
 
     
  •  styles           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.DarkTheme.styles","title":"styles  class-attribute instance-attribute","text":"
styles = bn_to_pygment_theme(\n    {\n        \"TextToken\": \"#e0e0e0\",\n        \"InstructionToken\": \"#eddfb3\",\n        \"OperandSeparatorToken\": \"#e0e0e0\",\n        \"RegisterToken\": \"#e0e0e0\",\n        \"IntegerToken\": \"#a2d9af\",\n        \"PossibleAddressToken\": \"#a2d9af\",\n        \"BeginMemoryOperandToken\": \"#e0e0e0\",\n        \"EndMemoryOperandToken\": \"#e0e0e0\",\n        \"FloatingPointToken\": \"#a2d9af\",\n        \"AnnotationToken\": \"#dac4d1\",\n        \"CodeRelativeAddressToken\": \"#a2d9af\",\n        \"ArgumentNameToken\": \"#e0e0e0\",\n        \"HexDumpByteValueToken\": \"#e0e0e0\",\n        \"HexDumpSkippedByteToken\": \"#e0e0e0\",\n        \"HexDumpInvalidByteToken\": \"#909090\",\n        \"HexDumpTextToken\": \"#e0e0e0\",\n        \"OpcodeToken\": \"#909090\",\n        \"StringToken\": \"#dac4d1\",\n        \"CharacterConstantToken\": \"#dac4d1\",\n        \"KeywordToken\": \"#eddfb3\",\n        \"TypeNameToken\": \"#edbd81\",\n        \"FieldNameToken\": \"#b0dde4\",\n        \"NameSpaceToken\": \"#80c6e9\",\n        \"NameSpaceSeparatorToken\": \"#80c6e9\",\n        \"TagToken\": \"#e0e0e0\",\n        \"StructOffsetToken\": \"#b0dde4\",\n        \"StructOffsetByteValueToken\": \"#e0e0e0\",\n        \"StructureHexDumpTextToken\": \"#e0e0e0\",\n        \"GotoLabelToken\": \"#80c6e9\",\n        \"CommentToken\": \"#dac4d1\",\n        \"PossibleValueToken\": \"#e0e0e0\",\n        \"PossibleValueTypeToken\": \"#e0e0e0\",\n        \"ArrayIndexToken\": \"#a2d9af\",\n        \"IndentationToken\": \"#5d5d5d\",\n        \"UnknownMemoryToken\": \"#909090\",\n        \"EnumerationMemberToken\": \"#eddfb3\",\n        \"OperationToken\": \"#89a4b1\",\n        \"BaseStructureNameToken\": \"#dac4d1\",\n        \"BaseStructureSeparatorToken\": \"#dac4d1\",\n        \"BraceToken\": \"#e0e0e0\",\n        \"CodeSymbolToken\": \"#80c6e9\",\n        \"DataSymbolToken\": \"#8ee6ed\",\n        \"LocalVariableToken\": \"#e0e0e0\",\n        \"ImportToken\": \"#edbd81\",\n        \"AddressDisplayToken\": \"#a2d9af\",\n        \"IndirectImportToken\": \"#edbd81\",\n        \"ExternalSymbolToken\": \"#edbd81\",\n        \"StackVariableToken\": \"#c1dcc7\",\n        \"AddressSeparatorToken\": \"#e0e0e0\",\n    }\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.LightTheme","title":"LightTheme","text":"
               Bases: Style
 
Attributes:
 
     
  •  styles           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.LightTheme.styles","title":"styles  class-attribute instance-attribute","text":"
styles = bn_to_pygment_theme(\n    {\n        \"TextToken\": \"#1f1f1f\",\n        \"InstructionToken\": \"#8d8d2d\",\n        \"OperandSeparatorToken\": \"#1f1f1f\",\n        \"RegisterToken\": \"#1f1f1f\",\n        \"IntegerToken\": \"#30820d\",\n        \"PossibleAddressToken\": \"#30820d\",\n        \"BeginMemoryOperandToken\": \"#1f1f1f\",\n        \"EndMemoryOperandToken\": \"#1f1f1f\",\n        \"FloatingPointToken\": \"#30820d\",\n        \"AnnotationToken\": \"#bf2624\",\n        \"CodeRelativeAddressToken\": \"#30820d\",\n        \"ArgumentNameToken\": \"#1f1f1f\",\n        \"HexDumpByteValueToken\": \"#1f1f1f\",\n        \"HexDumpSkippedByteToken\": \"#1f1f1f\",\n        \"HexDumpInvalidByteToken\": \"#7a7a7a\",\n        \"HexDumpTextToken\": \"#1f1f1f\",\n        \"OpcodeToken\": \"#7a7a7a\",\n        \"StringToken\": \"#203635\",\n        \"CharacterConstantToken\": \"#203635\",\n        \"KeywordToken\": \"#8d8d2d\",\n        \"TypeNameToken\": \"#e07c35\",\n        \"FieldNameToken\": \"#35dae0\",\n        \"NameSpaceToken\": \"#00a4c7\",\n        \"NameSpaceSeparatorToken\": \"#00a4c7\",\n        \"TagToken\": \"#1f1f1f\",\n        \"StructOffsetToken\": \"#35dae0\",\n        \"StructOffsetByteValueToken\": \"#1f1f1f\",\n        \"StructureHexDumpTextToken\": \"#1f1f1f\",\n        \"GotoLabelToken\": \"#00a4c7\",\n        \"CommentToken\": \"#bf2624\",\n        \"PossibleValueToken\": \"#1f1f1f\",\n        \"PossibleValueTypeToken\": \"#1f1f1f\",\n        \"ArrayIndexToken\": \"#30820d\",\n        \"IndentationToken\": \"#bcbcbc\",\n        \"UnknownMemoryToken\": \"#7a7a7a\",\n        \"EnumerationMemberToken\": \"#8d8d2d\",\n        \"OperationToken\": \"#5b848d\",\n        \"BaseStructureNameToken\": \"#bf2624\",\n        \"BaseStructureSeparatorToken\": \"#bf2624\",\n        \"BraceToken\": \"#1f1f1f\",\n        \"CodeSymbolToken\": \"#00a4c7\",\n        \"DataSymbolToken\": \"#278cad\",\n        \"LocalVariableToken\": \"#1f1f1f\",\n        \"ImportToken\": \"#e07c35\",\n        \"AddressDisplayToken\": \"#30820d\",\n        \"IndirectImportToken\": \"#e07c35\",\n        \"ExternalSymbolToken\": \"#e07c35\",\n        \"StackVariableToken\": \"#275016\",\n        \"AddressSeparatorToken\": \"#1f1f1f\",\n    }\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider","title":"BinjaProvider","text":"
               Bases: IntegrationProvider
 
Methods:
 
     
  •  get_symbol             \u2013              
    •  
  •  get_versions             \u2013              
    •  
  •  is_in_function             \u2013              
    •  
  •  get_comment_lines             \u2013              
    •  
  •  decompile             \u2013              
    •  
  •  get_func_type             \u2013              
    •  
  •  get_stack_var_name             \u2013              
    •  
  •  disable             \u2013              
    •  
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_symbol","title":"get_symbol","text":"
get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_versions","title":"get_versions","text":"
get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.is_in_function","title":"is_in_function","text":"
is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_comment_lines","title":"get_comment_lines","text":"
get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.decompile","title":"decompile","text":"
decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_func_type","title":"get_func_type","text":"
get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_stack_var_name","title":"get_stack_var_name","text":"
get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.disable","title":"disable","text":"
disable() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.binja_config_changed","title":"binja_config_changed","text":"
binja_config_changed()\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.ensure_disabled","title":"ensure_disabled","text":"
ensure_disabled() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.try_init_bn_rpc_client","title":"try_init_bn_rpc_client","text":"
try_init_bn_rpc_client() -> bool\n
 
Try to connect to the Binary Ninja RPC client.
 
If the connection succeeds, or we were already connected, return True. Otherwise, False.
 
An appropriate message will be also printed to the user.
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.enabledBinja","title":"enabledBinja","text":"
enabledBinja(\n    fallback: K = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\n
 
If we have a connection to binary ninja, call the function.
 
Otherwise, return fallback. Thus, all functions decorated with this, that do not specify a fallback, must have \"| None\" in their return signature.
 
This will not try to open a connection if it doesn't already exist. No messages will be printed.
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.establish_connection","title":"establish_connection","text":"
establish_connection() -> bool\n
 
If we already had a connection, or succeed in creating a new one, return True. Otherwise False.
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.withBinja","title":"withBinja","text":"
withBinja(func: Callable[P, T]) -> Callable[P, T | None]\n
 
Try to connect to Binary Ninja before running the decorated function.
 
If we fail connecting, return None. Thus, all functions decorated with this must have \"| None\" in their return signature.
 
Use this for user-initiated stuff like pwndbg.commands.binja.bn_sync().
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.l2r","title":"l2r","text":"
l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.r2l","title":"r2l","text":"
r2l(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.base","title":"base","text":"
base()\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_pc","title":"auto_update_pc","text":"
auto_update_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_bp","title":"auto_update_bp","text":"
auto_update_bp() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_clear_pc","title":"auto_clear_pc","text":"
auto_clear_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.navigate_to","title":"navigate_to","text":"
navigate_to(addr: int) -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_tok","title":"bn_to_pygment_tok","text":"
bn_to_pygment_tok(tok: str) -> Any\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_theme","title":"bn_to_pygment_theme","text":"
bn_to_pygment_theme(theme: dict[str, str]) -> dict[Any, str]\n
"},{"location":"reference/pwndbg/integration/ida/","title":"ida","text":""},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida","title":"ida","text":"
Talks to an XMLRPC server running inside of an active IDA Pro instance, in order to query it about the database.  Allows symbol resolution and interactive debugging.
 
Classes:
 
     
  •  IDC           \u2013            
    •  
  •  IdaProvider           \u2013            
    •  
 
Functions:
 
     
  •  ida_config_changed             \u2013              
    •  
  •  ensure_disabled             \u2013              
    •  
  •  try_init_ida_rpc_client             \u2013              
    Try to connect to the IDA RPC client.
     
    •  
  •  enabledIDA             \u2013              
    If we have a connection to Ida, call the function.
     
    •  
  •  establish_connection             \u2013              
    If we already had a connection, or succeed in creating a new one, return True.
     
    •  
  •  withIDA             \u2013              
    Try to connect to Ida before running the decorated function.
     
    •  
  •  withHexrays             \u2013              
    •  
  •  takes_address             \u2013              
    •  
  •  returns_address             \u2013              
    •  
  •  l2r             \u2013              
    •  
  •  r2l             \u2013              
    •  
  •  remote             \u2013              
    Runs the provided function in IDA's interpreter.
     
    •  
  •  base             \u2013              
    •  
  •  Comment             \u2013              
    •  
  •  Name             \u2013              
    •  
  •  GetFuncOffset             \u2013              
    •  
  •  GetFuncAttr             \u2013              
    •  
  •  GetType             \u2013              
    •  
  •  here             \u2013              
    •  
  •  Jump             \u2013              
    •  
  •  Anterior             \u2013              
    •  
  •  GetBreakpoints             \u2013              
    •  
  •  GetBptQty             \u2013              
    •  
  •  GetBptEA             \u2013              
    •  
  •  UpdateBreakpoints             \u2013              
    •  
  •  SetColor             \u2013              
    •  
  •  Auto_Color_PC             \u2013              
    •  
  •  Auto_UnColor_PC             \u2013              
    •  
  •  LocByName             \u2013              
    •  
  •  PrevHead             \u2013              
    •  
  •  NextHead             \u2013              
    •  
  •  GetFunctionName             \u2013              
    •  
  •  GetFlags             \u2013              
    •  
  •  isASCII             \u2013              
    •  
  •  ArgCount             \u2013              
    •  
  •  SaveBase             \u2013              
    •  
  •  GetIdbPath             \u2013              
    •  
  •  has_cached_cfunc             \u2013              
    •  
  •  decompile             \u2013              
    •  
  •  decompile_context             \u2013              
    •  
  •  get_ida_versions             \u2013              
    •  
  •  GetStrucQty             \u2013              
    •  
  •  GetStrucId             \u2013              
    •  
  •  GetStrucName             \u2013              
    •  
  •  GetStrucSize             \u2013              
    •  
  •  GetFrameId             \u2013              
    •  
  •  GetMemberQty             \u2013              
    •  
  •  GetMemberSize             \u2013              
    •  
  •  GetMemberId             \u2013              
    •  
  •  GetMemberName             \u2013              
    •  
  •  GetMemberOffset             \u2013              
    •  
  •  GetMemberFlag             \u2013              
    •  
  •  GetStrucNextOff             \u2013              
    •  
  •  print_member             \u2013              
    •  
  •  print_structs             \u2013              
    •  
 
Attributes:
 
     
  •  ida_rpc_host           \u2013            
    •  
  •  ida_rpc_port           \u2013            
    •  
  •  ida_timeout           \u2013            
    •  
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  colored_pc           \u2013            
    •  
  •  idc           \u2013            
    •  
  •  ida_replacements           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_rpc_host","title":"ida_rpc_host  module-attribute","text":"
ida_rpc_host = add_param(\n    \"ida-rpc-host\", \"127.0.0.1\", \"ida xmlrpc server address\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_rpc_port","title":"ida_rpc_port  module-attribute","text":"
ida_rpc_port = add_param('ida-rpc-port', 43718, 'ida xmlrpc server port')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_timeout","title":"ida_timeout  module-attribute","text":"
ida_timeout = add_param(\n    \"ida-timeout\", 2, \"time to wait for ida xmlrpc in seconds\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.colored_pc","title":"colored_pc  module-attribute","text":"
colored_pc = None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.idc","title":"idc  module-attribute","text":"
idc = IDC()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_replacements","title":"ida_replacements  module-attribute","text":"
ida_replacements = {\n    \"__int64\": \"signed long long int\",\n    \"__int32\": \"signed int\",\n    \"__int16\": \"signed short\",\n    \"__int8\": \"signed char\",\n    \"__uint64\": \"unsigned long long int\",\n    \"__uint32\": \"unsigned int\",\n    \"__uint16\": \"unsigned short\",\n    \"__uint8\": \"unsigned char\",\n    \"_BOOL_1\": \"unsigned char\",\n    \"_BOOL_2\": \"unsigned short\",\n    \"_BOOL_4\": \"unsigned int\",\n    \"_BYTE\": \"unsigned char\",\n    \"_WORD\": \"unsigned short\",\n    \"_DWORD\": \"unsigned int\",\n    \"_QWORD\": \"unsigned long long\",\n    \"__pure\": \"\",\n    \"__hidden\": \"\",\n    \"__return_ptr\": \"\",\n    \"__struct_ptr\": \"\",\n    \"__array_ptr\": \"\",\n    \"__fastcall\": \"\",\n    \"__cdecl\": \"\",\n    \"__thiscall\": \"\",\n    \"__userpurge\": \"\",\n}\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IDC","title":"IDC","text":"
Attributes:
 
     
  •  query           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IDC.query","title":"query  class-attribute instance-attribute","text":"
query = (\n    \"{k:v for k,v in globals()['idc'].__dict__.items() if isinstance(v, int)}\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider","title":"IdaProvider","text":"
               Bases: IntegrationProvider
 
Methods:
 
     
  •  get_symbol             \u2013              
    •  
  •  get_versions             \u2013              
    •  
  •  is_in_function             \u2013              
    •  
  •  get_comment_lines             \u2013              
    •  
  •  decompile             \u2013              
    •  
  •  get_func_type             \u2013              
    •  
  •  disable             \u2013              
    •  
  •  get_stack_var_name             \u2013              
    Gets the name of a stack variable based on only the address of the variable.
     
    •  
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_symbol","title":"get_symbol","text":"
get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_versions","title":"get_versions","text":"
get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.is_in_function","title":"is_in_function","text":"
is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_comment_lines","title":"get_comment_lines","text":"
get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.decompile","title":"decompile","text":"
decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_func_type","title":"get_func_type","text":"
get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.disable","title":"disable","text":"
disable() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_stack_var_name","title":"get_stack_var_name","text":"
get_stack_var_name(addr: int) -> str | None\n
 
Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_config_changed","title":"ida_config_changed","text":"
ida_config_changed() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ensure_disabled","title":"ensure_disabled","text":"
ensure_disabled() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.try_init_ida_rpc_client","title":"try_init_ida_rpc_client","text":"
try_init_ida_rpc_client() -> bool\n
 
Try to connect to the IDA RPC client.
 
If the connection succeeds, or we were already connected, return True. Otherwise, False.
 
An appropriate message will be also printed to the user.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.enabledIDA","title":"enabledIDA","text":"
enabledIDA(func: Callable[P, T]) -> Callable[P, T | None]\n
 
If we have a connection to Ida, call the function.
 
Otherwise, return None. Thus, all functions decorated with this must have \"| None\" in their return signature.
 
This will not try to open a connection if it doesn't already exist. No messages will be printed.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.establish_connection","title":"establish_connection","text":"
establish_connection() -> bool\n
 
If we already had a connection, or succeed in creating a new one, return True. Otherwise False.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withIDA","title":"withIDA","text":"
withIDA(func: Callable[P, T]) -> Callable[P, T | None]\n
 
Try to connect to Ida before running the decorated function.
 
If we fail connecting to Ida, return None. Thus, all functions decorated with this must have \"| None\" in their return signature.
 
Use this for user-initiated stuff like pwndbg.commands.ida.save_ida().
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withHexrays","title":"withHexrays","text":"
withHexrays(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.takes_address","title":"takes_address","text":"
takes_address(\n    function: Callable[Concatenate[int, P], T],\n) -> Callable[Concatenate[int, P], T]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.returns_address","title":"returns_address","text":"
returns_address(function: Callable[P, int]) -> Callable[P, int]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.l2r","title":"l2r","text":"
l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.r2l","title":"r2l","text":"
r2l(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.remote","title":"remote","text":"
remote(function) -> None\n
 
Runs the provided function in IDA's interpreter.
 
The function must be self-contained and not reference any global variables.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.base","title":"base","text":"
base()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Comment","title":"Comment","text":"
Comment(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Name","title":"Name","text":"
Name(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFuncOffset","title":"GetFuncOffset","text":"
GetFuncOffset(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFuncAttr","title":"GetFuncAttr","text":"
GetFuncAttr(addr: int, attr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetType","title":"GetType","text":"
GetType(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.here","title":"here","text":"
here() -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Jump","title":"Jump","text":"
Jump(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Anterior","title":"Anterior","text":"
Anterior(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBreakpoints","title":"GetBreakpoints","text":"
GetBreakpoints()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptQty","title":"GetBptQty","text":"
GetBptQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptEA","title":"GetBptEA","text":"
GetBptEA(i: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.UpdateBreakpoints","title":"UpdateBreakpoints","text":"
UpdateBreakpoints() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SetColor","title":"SetColor","text":"
SetColor(pc, color)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_Color_PC","title":"Auto_Color_PC","text":"
Auto_Color_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_UnColor_PC","title":"Auto_UnColor_PC","text":"
Auto_UnColor_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.LocByName","title":"LocByName","text":"
LocByName(name) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.PrevHead","title":"PrevHead","text":"
PrevHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.NextHead","title":"NextHead","text":"
NextHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFunctionName","title":"GetFunctionName","text":"
GetFunctionName(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFlags","title":"GetFlags","text":"
GetFlags(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.isASCII","title":"isASCII","text":"
isASCII(flags)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ArgCount","title":"ArgCount","text":"
ArgCount(address) -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SaveBase","title":"SaveBase","text":"
SaveBase(path: str)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetIdbPath","title":"GetIdbPath","text":"
GetIdbPath()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.has_cached_cfunc","title":"has_cached_cfunc","text":"
has_cached_cfunc(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile","title":"decompile","text":"
decompile(addr) -> str | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile_context","title":"decompile_context","text":"
decompile_context(pc, context_lines) -> str | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.get_ida_versions","title":"get_ida_versions","text":"
get_ida_versions() -> dict[str, str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucQty","title":"GetStrucQty","text":"
GetStrucQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucId","title":"GetStrucId","text":"
GetStrucId(idx)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucName","title":"GetStrucName","text":"
GetStrucName(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucSize","title":"GetStrucSize","text":"
GetStrucSize(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFrameId","title":"GetFrameId","text":"
GetFrameId(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberQty","title":"GetMemberQty","text":"
GetMemberQty(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberSize","title":"GetMemberSize","text":"
GetMemberSize(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberId","title":"GetMemberId","text":"
GetMemberId(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberName","title":"GetMemberName","text":"
GetMemberName(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberOffset","title":"GetMemberOffset","text":"
GetMemberOffset(sid, member_name)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberFlag","title":"GetMemberFlag","text":"
GetMemberFlag(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucNextOff","title":"GetStrucNextOff","text":"
GetStrucNextOff(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_member","title":"print_member","text":"
print_member(sid, offset) -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_structs","title":"print_structs","text":"
print_structs() -> None\n
"},{"location":"reference/pwndbg/lib/","title":"lib","text":""},{"location":"reference/pwndbg/lib/#pwndbg.lib","title":"lib","text":"
Library for non-debugger-dependant functionality.
 
Modules:
 
     
  •  abi           \u2013            
    •  
  •  android           \u2013            
    •  
  •  arch           \u2013            
    •  
  •  cache           \u2013            
    Caches return values until some event in the inferior happens,
     
    •  
  •  common           \u2013            
    •  
  •  config           \u2013            
    •  
  •  disasm           \u2013            
    •  
  •  elftypes           \u2013            
    •  
  •  exception           \u2013            
    •  
  •  funcparser           \u2013            
    •  
  •  functions           \u2013            
    •  
  •  functions_data           \u2013            
    •  
  •  heap           \u2013            
    •  
  •  kernel           \u2013            
    •  
  •  memory           \u2013            
    Reading, writing, and describing memory.
     
    •  
  •  net           \u2013            
    Re-implements some psutil functionality to be able to get information from
     
    •  
  •  pretty_print           \u2013            
    •  
  •  regs           \u2013            
    Reading register value from the inferior, and provides a
     
    •  
  •  stdio           \u2013            
    Provides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout
     
    •  
  •  strings           \u2013            
    •  
  •  tempfile           \u2013            
    Common helper and cache for pwndbg tempdir
     
    •  
  •  tips           \u2013            
    •  
  •  version           \u2013            
    •  
  •  which           \u2013            
    •  
  •  zig           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/abi/","title":"abi","text":""},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi","title":"abi","text":"
Classes:
 
     
  •  ABI           \u2013            
    Encapsulates information about a calling convention.
     
    •  
  •  SyscallABI           \u2013            
    The syscall ABI treats the syscall number as the zeroth argument,
     
    •  
  •  SigreturnABI           \u2013            
    The sigreturn ABI is similar to the syscall ABI, except that
     
    •  
 
Attributes:
 
     
  •  linux_i386           \u2013            
    •  
  •  linux_amd64           \u2013            
    •  
  •  linux_arm           \u2013            
    •  
  •  linux_aarch64           \u2013            
    •  
  •  linux_mips           \u2013            
    •  
  •  linux_mips64           \u2013            
    •  
  •  linux_ppc           \u2013            
    •  
  •  linux_ppc64           \u2013            
    •  
  •  linux_riscv32           \u2013            
    •  
  •  linux_riscv64           \u2013            
    •  
  •  linux_i386_syscall           \u2013            
    •  
  •  linux_amd64_syscall           \u2013            
    •  
  •  linux_arm_syscall           \u2013            
    •  
  •  linux_aarch64_syscall           \u2013            
    •  
  •  linux_mips_syscall           \u2013            
    •  
  •  linux_mips64_syscall           \u2013            
    •  
  •  linux_ppc_syscall           \u2013            
    •  
  •  linux_ppc64_syscall           \u2013            
    •  
  •  linux_riscv32_syscall           \u2013            
    •  
  •  linux_riscv64_syscall           \u2013            
    •  
  •  linux_i386_sigreturn           \u2013            
    •  
  •  linux_amd64_sigreturn           \u2013            
    •  
  •  linux_arm_sigreturn           \u2013            
    •  
  •  linux_i386_srop           \u2013            
    •  
  •  linux_amd64_srop           \u2013            
    •  
  •  linux_arm_srop           \u2013            
    •  
  •  DEFAULT_ABIS               (dict[tuple[int, str, str], ABI])           \u2013            
    •  
  •  SYSCALL_ABIS               (dict[tuple[int, str, str], SyscallABI])           \u2013            
    •  
  •  SIGRETURN_ABIS               (dict[tuple[int, str, str], SigreturnABI])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386","title":"linux_i386  module-attribute","text":"
linux_i386 = ABI((), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64","title":"linux_amd64  module-attribute","text":"
linux_amd64 = ABI(('rdi', 'rsi', 'rdx', 'rcx', 'r8', 'r9'), 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm","title":"linux_arm  module-attribute","text":"
linux_arm = ABI(('r0', 'r1', 'r2', 'r3'), 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64","title":"linux_aarch64  module-attribute","text":"
linux_aarch64 = ABI(('x0', 'x1', 'x2', 'x3', 'x4', 'x5', 'x6', 'x7'), 16, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips","title":"linux_mips  module-attribute","text":"
linux_mips = ABI(('$a0', '$a1', '$a2', '$a3'), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64","title":"linux_mips64  module-attribute","text":"
linux_mips64 = ABI(\n    (\"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\", \"$a6\", \"$a7\"), 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc","title":"linux_ppc  module-attribute","text":"
linux_ppc = ABI(('r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64","title":"linux_ppc64  module-attribute","text":"
linux_ppc64 = ABI(('r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'), 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32","title":"linux_riscv32  module-attribute","text":"
linux_riscv32 = ABI(('a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64","title":"linux_riscv64  module-attribute","text":"
linux_riscv64 = ABI(('a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'), 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_syscall","title":"linux_i386_syscall  module-attribute","text":"
linux_i386_syscall = SyscallABI(\n    (\"eax\", \"ebx\", \"ecx\", \"edx\", \"esi\", \"edi\", \"ebp\"), 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_syscall","title":"linux_amd64_syscall  module-attribute","text":"
linux_amd64_syscall = SyscallABI(\n    (\"rax\", \"rdi\", \"rsi\", \"rdx\", \"r10\", \"r8\", \"r9\"), 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_syscall","title":"linux_arm_syscall  module-attribute","text":"
linux_arm_syscall = SyscallABI(\n    (\"r7\", \"r0\", \"r1\", \"r2\", \"r3\", \"r4\", \"r5\", \"r6\"), 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64_syscall","title":"linux_aarch64_syscall  module-attribute","text":"
linux_aarch64_syscall = SyscallABI(\n    (\"x8\", \"x0\", \"x1\", \"x2\", \"x3\", \"x4\", \"x5\"), 16, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips_syscall","title":"linux_mips_syscall  module-attribute","text":"
linux_mips_syscall = SyscallABI(('$v0', '$a0', '$a1', '$a2', '$a3'), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64_syscall","title":"linux_mips64_syscall  module-attribute","text":"
linux_mips64_syscall = SyscallABI(\n    (\"$v0\", \"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\"), 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc_syscall","title":"linux_ppc_syscall  module-attribute","text":"
linux_ppc_syscall = SyscallABI(\n    (\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\"), 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64_syscall","title":"linux_ppc64_syscall  module-attribute","text":"
linux_ppc64_syscall = SyscallABI(\n    (\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\"), 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32_syscall","title":"linux_riscv32_syscall  module-attribute","text":"
linux_riscv32_syscall = SyscallABI(\n    (\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"), 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64_syscall","title":"linux_riscv64_syscall  module-attribute","text":"
linux_riscv64_syscall = SyscallABI(\n    (\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"), 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_sigreturn","title":"linux_i386_sigreturn  module-attribute","text":"
linux_i386_sigreturn = SigreturnABI(('eax',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_sigreturn","title":"linux_amd64_sigreturn  module-attribute","text":"
linux_amd64_sigreturn = SigreturnABI(('rax',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_sigreturn","title":"linux_arm_sigreturn  module-attribute","text":"
linux_arm_sigreturn = SigreturnABI(('r7',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_srop","title":"linux_i386_srop  module-attribute","text":"
linux_i386_srop = ABI(('eax',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_srop","title":"linux_amd64_srop  module-attribute","text":"
linux_amd64_srop = ABI(('rax',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_srop","title":"linux_arm_srop  module-attribute","text":"
linux_arm_srop = ABI(('r7',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.DEFAULT_ABIS","title":"DEFAULT_ABIS  module-attribute","text":"
DEFAULT_ABIS: dict[tuple[int, str, str], ABI] = {\n    (32, \"i386\", \"linux\"): linux_i386,\n    (64, \"x86-64\", \"linux\"): linux_amd64,\n    (64, \"aarch64\", \"linux\"): linux_aarch64,\n    (32, \"arm\", \"linux\"): linux_arm,\n    (32, \"thumb\", \"linux\"): linux_arm,\n    (32, \"mips\", \"linux\"): linux_mips,\n    (64, \"mips\", \"linux\"): linux_mips64,\n    (32, \"powerpc\", \"linux\"): linux_ppc,\n    (64, \"powerpc\", \"linux\"): linux_ppc64,\n    (32, \"rv32\", \"linux\"): linux_riscv32,\n    (64, \"rv64\", \"linux\"): linux_riscv64,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SYSCALL_ABIS","title":"SYSCALL_ABIS  module-attribute","text":"
SYSCALL_ABIS: dict[tuple[int, str, str], SyscallABI] = {\n    (32, \"i386\", \"linux\"): linux_i386_syscall,\n    (64, \"x86-64\", \"linux\"): linux_amd64_syscall,\n    (64, \"aarch64\", \"linux\"): linux_aarch64_syscall,\n    (32, \"arm\", \"linux\"): linux_arm_syscall,\n    (32, \"thumb\", \"linux\"): linux_arm_syscall,\n    (32, \"mips\", \"linux\"): linux_mips_syscall,\n    (64, \"mips\", \"linux\"): linux_mips64_syscall,\n    (32, \"powerpc\", \"linux\"): linux_ppc_syscall,\n    (64, \"powerpc\", \"linux\"): linux_ppc64_syscall,\n    (32, \"rv32\", \"linux\"): linux_riscv32_syscall,\n    (64, \"rv64\", \"linux\"): linux_riscv64_syscall,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SIGRETURN_ABIS","title":"SIGRETURN_ABIS  module-attribute","text":"
SIGRETURN_ABIS: dict[tuple[int, str, str], SigreturnABI] = {\n    (32, \"i386\", \"linux\"): linux_i386_sigreturn,\n    (64, \"x86-64\", \"linux\"): linux_amd64_sigreturn,\n    (32, \"arm\", \"linux\"): linux_arm_sigreturn,\n    (32, \"thumb\", \"linux\"): linux_arm_sigreturn,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI","title":"ABI","text":"
ABI(regs: tuple[str, ...], align: int, minimum: int)\n
 
Encapsulates information about a calling convention.
 
Attributes:
 
     
  •  returns           \u2013            
    •  
  •  register_arguments               (tuple[str, ...])           \u2013            
    •  
  •  arg_alignment           \u2013            
    •  
  •  stack_minimum           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.returns","title":"returns  class-attribute instance-attribute","text":"
returns = True\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.register_arguments","title":"register_arguments  class-attribute instance-attribute","text":"
register_arguments: tuple[str, ...] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.arg_alignment","title":"arg_alignment  class-attribute instance-attribute","text":"
arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.stack_minimum","title":"stack_minimum  class-attribute instance-attribute","text":"
stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI","title":"SyscallABI","text":"
SyscallABI(register_arguments: tuple[str, ...], *a: Any, **kw: Any)\n
 
               Bases: ABI
 
The syscall ABI treats the syscall number as the zeroth argument, which must be loaded into the specified register.
 
Attributes:
 
     
  •  syscall_register           \u2013            
    •  
  •  register_arguments               (tuple[str, ...])           \u2013            
    •  
  •  arg_alignment           \u2013            
    •  
  •  stack_minimum           \u2013            
    •  
  •  returns           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.syscall_register","title":"syscall_register  instance-attribute","text":"
syscall_register = register_arguments[0]\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.register_arguments","title":"register_arguments  class-attribute instance-attribute","text":"
register_arguments: tuple[str, ...] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.arg_alignment","title":"arg_alignment  class-attribute instance-attribute","text":"
arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.stack_minimum","title":"stack_minimum  class-attribute instance-attribute","text":"
stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.returns","title":"returns  class-attribute instance-attribute","text":"
returns = True\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI","title":"SigreturnABI","text":"
SigreturnABI(register_arguments: tuple[str, ...], *a: Any, **kw: Any)\n
 
               Bases: SyscallABI
 
The sigreturn ABI is similar to the syscall ABI, except that both PC and SP are loaded from the stack.  Because of this, there is no 'return' slot necessary on the stack.
 
Attributes:
 
     
  •  returns           \u2013            
    •  
  •  register_arguments               (tuple[str, ...])           \u2013            
    •  
  •  arg_alignment           \u2013            
    •  
  •  stack_minimum           \u2013            
    •  
  •  syscall_register           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.returns","title":"returns  class-attribute instance-attribute","text":"
returns = False\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.register_arguments","title":"register_arguments  class-attribute instance-attribute","text":"
register_arguments: tuple[str, ...] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.arg_alignment","title":"arg_alignment  class-attribute instance-attribute","text":"
arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.stack_minimum","title":"stack_minimum  class-attribute instance-attribute","text":"
stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.syscall_register","title":"syscall_register  instance-attribute","text":"
syscall_register = register_arguments[0]\n
"},{"location":"reference/pwndbg/lib/android/","title":"android","text":""},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android","title":"android","text":"
Functions:
 
     
  •  aid_name             \u2013              
    •  
 
Attributes:
 
     
  •  KNOWN_AIDS           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android.KNOWN_AIDS","title":"KNOWN_AIDS  module-attribute","text":"
KNOWN_AIDS = {\n    0: \"AID_ROOT\",\n    1000: \"AID_SYSTEM\",\n    1001: \"AID_RADIO\",\n    1002: \"AID_BLUETOOTH\",\n    1003: \"AID_GRAPHICS\",\n    1004: \"AID_INPUT\",\n    1005: \"AID_AUDIO\",\n    1006: \"AID_CAMERA\",\n    1007: \"AID_LOG\",\n    1008: \"AID_COMPASS\",\n    1009: \"AID_MOUNT\",\n    1010: \"AID_WIFI\",\n    1011: \"AID_ADB\",\n    1012: \"AID_INSTALL\",\n    1013: \"AID_MEDIA\",\n    1014: \"AID_DHCP\",\n    1015: \"AID_SDCARD_RW\",\n    1016: \"AID_VPN\",\n    1017: \"AID_KEYSTORE\",\n    1018: \"AID_USB\",\n    1019: \"AID_DRM\",\n    1020: \"AID_MDNSR\",\n    1021: \"AID_GPS\",\n    1022: \"AID_UNUSED1\",\n    1023: \"AID_MEDIA_RW\",\n    1024: \"AID_MTP\",\n    1025: \"AID_UNUSED2\",\n    1026: \"AID_DRMRPC\",\n    1027: \"AID_NFC\",\n    1028: \"AID_SDCARD_R\",\n    1029: \"AID_CLAT\",\n    1030: \"AID_LOOP_RADIO\",\n    1031: \"AID_MEDIA_DRM\",\n    1032: \"AID_PACKAGE_INFO\",\n    1033: \"AID_SDCARD_PICS\",\n    1034: \"AID_SDCARD_AV\",\n    1035: \"AID_SDCARD_ALL\",\n    1036: \"AID_LOGD\",\n    1037: \"AID_SHARED_RELRO\",\n    1038: \"AID_DBUS\",\n    1039: \"AID_TLSDATE\",\n    1040: \"AID_MEDIA_EX\",\n    1041: \"AID_AUDIOSERVER\",\n    1042: \"AID_METRICS_COLL\",\n    1043: \"AID_METRICSD\",\n    1044: \"AID_WEBSERV\",\n    1045: \"AID_DEBUGGERD\",\n    1046: \"AID_MEDIA_CODEC\",\n    1047: \"AID_CAMERASERVER\",\n    1048: \"AID_FIREWALL\",\n    1049: \"AID_TRUNKS\",\n    1050: \"AID_NVRAM\",\n    2001: \"AID_CACHE\",\n    2002: \"AID_DIAG\",\n    2900: \"AID_OEM_RESERVED_START\",\n    2999: \"AID_OEM_RESERVED_END\",\n    3001: \"AID_NET_BT_ADMIN\",\n    3002: \"AID_NET_BT\",\n    3003: \"AID_INET\",\n    3004: \"AID_NET_RAW\",\n    3005: \"AID_NET_ADMIN\",\n    3006: \"AID_NET_BW_STATS\",\n    3007: \"AID_NET_BW_ACCT\",\n    3008: \"AID_NET_BT_STACK\",\n    3009: \"AID_READPROC\",\n    3010: \"AID_WAKELOCK\",\n    5000: \"AID_OEM_RESERVED_2_START\",\n    5999: \"AID_OEM_RESERVED_2_END\",\n    9997: \"AID_EVERYBODY\",\n    9998: \"AID_MISC\",\n    9999: \"AID_NOBODY\",\n    10000: \"AID_APP\",\n    50000: \"AID_SHARED_GID_START\",\n    59999: \"AID_SHARED_GID_END\",\n    99000: \"AID_ISOLATED_START\",\n    99999: \"AID_ISOLATED_END\",\n    100000: \"AID_USER\",\n}\n
"},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android.aid_name","title":"aid_name","text":"
aid_name(uid: int) -> str\n
"},{"location":"reference/pwndbg/lib/arch/","title":"arch","text":""},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch","title":"arch","text":"
Classes:
 
     
  •  Platform           \u2013            
    •  
  •  ArchAttribute           \u2013            
    •  
  •  ArchDefinition           \u2013            
    •  
 
Attributes:
 
     
  •  PWNDBG_SUPPORTED_ARCHITECTURES_TYPE           \u2013            
    •  
  •  PWNDBG_SUPPORTED_ARCHITECTURES               (list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE])           \u2013            
    •  
  •  PWNLIB_ARCH_MAPPINGS           \u2013            
    •  
  •  PWNLIB_PLATFORM_MAPPINGS               (dict[Platform, str])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNDBG_SUPPORTED_ARCHITECTURES_TYPE","title":"PWNDBG_SUPPORTED_ARCHITECTURES_TYPE  module-attribute","text":"
PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = Literal[\n    \"x86-64\",\n    \"i386\",\n    \"i8086\",\n    \"mips\",\n    \"aarch64\",\n    \"arm\",\n    \"armcm\",\n    \"rv32\",\n    \"rv64\",\n    \"sparc\",\n    \"powerpc\",\n    \"loongarch64\",\n    \"s390x\",\n]\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNDBG_SUPPORTED_ARCHITECTURES","title":"PWNDBG_SUPPORTED_ARCHITECTURES  module-attribute","text":"
PWNDBG_SUPPORTED_ARCHITECTURES: list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE] = (\n    list(get_args(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE))\n)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNLIB_ARCH_MAPPINGS","title":"PWNLIB_ARCH_MAPPINGS  module-attribute","text":"
PWNLIB_ARCH_MAPPINGS = {\n    \"x86-64\": \"amd64\",\n    \"i386\": \"i386\",\n    \"i8086\": \"none\",\n    \"mips\": \"mips\",\n    \"aarch64\": \"aarch64\",\n    \"arm\": \"arm\",\n    \"armcm\": \"thumb\",\n    \"rv32\": \"riscv32\",\n    \"rv64\": \"riscv64\",\n    \"powerpc\": \"powerpc\",\n    \"sparc\": \"sparc\",\n    \"loongarch64\": \"none\",\n    \"s390x\": \"s390\",\n}\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNLIB_PLATFORM_MAPPINGS","title":"PWNLIB_PLATFORM_MAPPINGS  module-attribute","text":"
PWNLIB_PLATFORM_MAPPINGS: dict[Platform, str] = {\n    LINUX: \"linux\",\n    DARWIN: \"darwin\",\n}\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform","title":"Platform","text":"
               Bases: Enum
 
Attributes:
 
     
  •  LINUX           \u2013            
    •  
  •  DARWIN           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform.LINUX","title":"LINUX  class-attribute instance-attribute","text":"
LINUX = (auto(),)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform.DARWIN","title":"DARWIN  class-attribute instance-attribute","text":"
DARWIN = (auto(),)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute","title":"ArchAttribute","text":"
ArchAttribute(_, cs_mode)\n
 
               Bases: Enum
 
Attributes:
 
     
  •  MIPS_ISA_1           \u2013            
    •  
  •  MIPS_ISA_2           \u2013            
    •  
  •  MIPS_ISA_3           \u2013            
    •  
  •  MIPS_ISA_4           \u2013            
    •  
  •  MIPS_ISA_5           \u2013            
    •  
  •  MIPS_ISA_32           \u2013            
    •  
  •  MIPS_ISA_32R2           \u2013            
    •  
  •  MIPS_ISA_32R3           \u2013            
    •  
  •  MIPS_ISA_32R5           \u2013            
    •  
  •  MIPS_ISA_32R6           \u2013            
    •  
  •  MIPS_ISA_64           \u2013            
    •  
  •  MIPS_ISA_64R2           \u2013            
    •  
  •  MIPS_ISA_64R3           \u2013            
    •  
  •  MIPS_ISA_64R5           \u2013            
    •  
  •  MIPS_ISA_64R6           \u2013            
    •  
  •  MIPS_ISA_MICRO           \u2013            
    •  
  •  MIPS_ISA_NANO           \u2013            
    •  
  •  cs_mode           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_1","title":"MIPS_ISA_1  class-attribute instance-attribute","text":"
MIPS_ISA_1 = (auto(), CS_MODE_MIPS1)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_2","title":"MIPS_ISA_2  class-attribute instance-attribute","text":"
MIPS_ISA_2 = (auto(), CS_MODE_MIPS2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_3","title":"MIPS_ISA_3  class-attribute instance-attribute","text":"
MIPS_ISA_3 = (auto(), CS_MODE_MIPS3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_4","title":"MIPS_ISA_4  class-attribute instance-attribute","text":"
MIPS_ISA_4 = (auto(), CS_MODE_MIPS4)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_5","title":"MIPS_ISA_5  class-attribute instance-attribute","text":"
MIPS_ISA_5 = (auto(), CS_MODE_MIPS5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32","title":"MIPS_ISA_32  class-attribute instance-attribute","text":"
MIPS_ISA_32 = (auto(), CS_MODE_MIPS32)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R2","title":"MIPS_ISA_32R2  class-attribute instance-attribute","text":"
MIPS_ISA_32R2 = (auto(), CS_MODE_MIPS32R2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R3","title":"MIPS_ISA_32R3  class-attribute instance-attribute","text":"
MIPS_ISA_32R3 = (auto(), CS_MODE_MIPS32R3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R5","title":"MIPS_ISA_32R5  class-attribute instance-attribute","text":"
MIPS_ISA_32R5 = (auto(), CS_MODE_MIPS32R5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R6","title":"MIPS_ISA_32R6  class-attribute instance-attribute","text":"
MIPS_ISA_32R6 = (auto(), CS_MODE_MIPS32R6)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64","title":"MIPS_ISA_64  class-attribute instance-attribute","text":"
MIPS_ISA_64 = (auto(), CS_MODE_MIPS64)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R2","title":"MIPS_ISA_64R2  class-attribute instance-attribute","text":"
MIPS_ISA_64R2 = (auto(), CS_MODE_MIPS64R2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R3","title":"MIPS_ISA_64R3  class-attribute instance-attribute","text":"
MIPS_ISA_64R3 = (auto(), CS_MODE_MIPS64R3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R5","title":"MIPS_ISA_64R5  class-attribute instance-attribute","text":"
MIPS_ISA_64R5 = (auto(), CS_MODE_MIPS64R5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R6","title":"MIPS_ISA_64R6  class-attribute instance-attribute","text":"
MIPS_ISA_64R6 = (auto(), CS_MODE_MIPS64R6)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_MICRO","title":"MIPS_ISA_MICRO  class-attribute instance-attribute","text":"
MIPS_ISA_MICRO = (auto(), CS_MODE_MICRO)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_NANO","title":"MIPS_ISA_NANO  class-attribute instance-attribute","text":"
MIPS_ISA_NANO = (auto(), CS_MODE_NANOMIPS)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.cs_mode","title":"cs_mode  instance-attribute","text":"
cs_mode = cs_mode\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition","title":"ArchDefinition  dataclass","text":"
ArchDefinition(\n    name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n    ptrsize: int,\n    endian: Literal[\"little\", \"big\"],\n    platform: Platform,\n    attributes: list[ArchAttribute] = list(),\n)\n
 
Attributes:
 
     
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (Literal['little', 'big'])           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.endian","title":"endian  instance-attribute","text":"
endian: Literal['little', 'big']\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.attributes","title":"attributes  class-attribute instance-attribute","text":"
attributes: list[ArchAttribute] = field(default_factory=list)\n
"},{"location":"reference/pwndbg/lib/cache/","title":"cache","text":""},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache","title":"cache","text":"
Caches return values until some event in the inferior happens, e.g. execution stops because of a SIGINT or breakpoint, or a new library/objfile are loaded, etc.
 
Classes:
 
     
  •  DebugCacheDict           \u2013            
    •  
  •  CachedFunction           \u2013            
    •  
 
Functions:
 
     
  •  connect_clear_caching_events             \u2013              
    Connect given debugger event hooks to correspoonding _CacheUntilEvent instances
     
    •  
  •  cache_until             \u2013              
    •  
  •  clear_caches             \u2013              
    •  
  •  clear_cache             \u2013              
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
  •  P           \u2013            
    •  
  •  debug           \u2013            
    •  
  •  debug_name           \u2013            
    •  
  •  Cache           \u2013            
    •  
  •  IS_CACHING           \u2013            
    •  
  •  IS_CACHING_DISABLED_FOR               (dict[str, bool])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.T","title":"T  module-attribute","text":"
T = TypeVar('T', covariant=True)\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug","title":"debug  module-attribute","text":"
debug = NO_DEBUG\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug_name","title":"debug_name  module-attribute","text":"
debug_name = 'regs'\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.Cache","title":"Cache  module-attribute","text":"
Cache = Union[Dict[Tuple[Any, ...], Any], DebugCacheDict]\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING","title":"IS_CACHING  module-attribute","text":"
IS_CACHING = True\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING_DISABLED_FOR","title":"IS_CACHING_DISABLED_FOR  module-attribute","text":"
IS_CACHING_DISABLED_FOR: dict[str, bool] = {\n    \"stop\": False,\n    \"exit\": False,\n    \"objfile\": False,\n    \"start\": False,\n    \"cont\": False,\n    \"thread\": False,\n    \"prompt\": False,\n    \"forever\": False,\n}\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict","title":"DebugCacheDict","text":"
DebugCacheDict(func: Callable[P, T], *args: Any, **kwargs: Any)\n
 
               Bases: UserDict
 
Methods:
 
     
  •  __getitem__             \u2013              
    •  
  •  __setitem__             \u2013              
    •  
  •  clear             \u2013              
    •  
 
Attributes:
 
     
  •  hits           \u2013            
    •  
  •  misses           \u2013            
    •  
  •  func           \u2013            
    •  
  •  name           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.hits","title":"hits  instance-attribute","text":"
hits = 0\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.misses","title":"misses  instance-attribute","text":"
misses = 0\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.func","title":"func  instance-attribute","text":"
func = func\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.name","title":"name  instance-attribute","text":"
name = f'{split('.')[-1]}.{__name__}'\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__getitem__","title":"__getitem__","text":"
__getitem__(key: tuple[Any, ...]) -> Any\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__setitem__","title":"__setitem__","text":"
__setitem__(key: tuple[Any, ...], value: Any) -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.clear","title":"clear","text":"
clear() -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.CachedFunction","title":"CachedFunction","text":"
               Bases: Protocol[T]
 
Methods:
 
     
  •  __call__             \u2013              
    •  
 
Attributes:
 
     
  •  cache               (Cache)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.CachedFunction.cache","title":"cache  instance-attribute","text":"
cache: Cache\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.CachedFunction.__call__","title":"__call__","text":"
__call__(*args: Any, **kwargs: Any) -> T\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.connect_clear_caching_events","title":"connect_clear_caching_events","text":"
connect_clear_caching_events(\n    event_dicts: dict[str, tuple[Any, ...]], **kwargs: Any\n) -> None\n
 
Connect given debugger event hooks to correspoonding _CacheUntilEvent instances
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.cache_until","title":"cache_until","text":"
cache_until(\n    *event_names: str,\n) -> Callable[[Callable[P, T]], CachedFunction[T]]\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_caches","title":"clear_caches","text":"
clear_caches() -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_cache","title":"clear_cache","text":"
clear_cache(cache_name: str) -> None\n
"},{"location":"reference/pwndbg/lib/common/","title":"common","text":""},{"location":"reference/pwndbg/lib/common/#pwndbg.lib.common","title":"common","text":"
Functions:
 
     
  •  hex2ptr_common             \u2013              
    Converts a hex string to a little-endian integer address.
     
    •  
"},{"location":"reference/pwndbg/lib/common/#pwndbg.lib.common.hex2ptr_common","title":"hex2ptr_common","text":"
hex2ptr_common(arg: str) -> int\n
 
Converts a hex string to a little-endian integer address.
"},{"location":"reference/pwndbg/lib/config/","title":"config","text":""},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config","title":"config","text":"
Classes:
 
     
  •  Scope           \u2013            
    •  
  •  Parameter           \u2013            
    •  
  •  Config           \u2013            
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
  •  PARAM_BOOLEAN           \u2013            
    •  
  •  PARAM_AUTO_BOOLEAN           \u2013            
    •  
  •  PARAM_INTEGER           \u2013            
    •  
  •  PARAM_ZINTEGER           \u2013            
    •  
  •  PARAM_UINTEGER           \u2013            
    •  
  •  PARAM_ZUINTEGER           \u2013            
    •  
  •  PARAM_ZUINTEGER_UNLIMITED           \u2013            
    •  
  •  PARAM_STRING           \u2013            
    •  
  •  PARAM_ENUM           \u2013            
    •  
  •  PARAM_OPTIONAL_FILENAME           \u2013            
    •  
  •  PARAM_CLASSES           \u2013            
    •  
  •  HELP_DEFAULT_PREFIX           \u2013            
    •  
  •  HELP_VALID_VALUES_PREFIX           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_BOOLEAN","title":"PARAM_BOOLEAN  module-attribute","text":"
PARAM_BOOLEAN = 0\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_AUTO_BOOLEAN","title":"PARAM_AUTO_BOOLEAN  module-attribute","text":"
PARAM_AUTO_BOOLEAN = 1\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_INTEGER","title":"PARAM_INTEGER  module-attribute","text":"
PARAM_INTEGER = 2\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZINTEGER","title":"PARAM_ZINTEGER  module-attribute","text":"
PARAM_ZINTEGER = 3\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_UINTEGER","title":"PARAM_UINTEGER  module-attribute","text":"
PARAM_UINTEGER = 4\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER","title":"PARAM_ZUINTEGER  module-attribute","text":"
PARAM_ZUINTEGER = 5\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER_UNLIMITED","title":"PARAM_ZUINTEGER_UNLIMITED  module-attribute","text":"
PARAM_ZUINTEGER_UNLIMITED = 6\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_STRING","title":"PARAM_STRING  module-attribute","text":"
PARAM_STRING = 7\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ENUM","title":"PARAM_ENUM  module-attribute","text":"
PARAM_ENUM = 8\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_OPTIONAL_FILENAME","title":"PARAM_OPTIONAL_FILENAME  module-attribute","text":"
PARAM_OPTIONAL_FILENAME = 9\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_CLASSES","title":"PARAM_CLASSES  module-attribute","text":"
PARAM_CLASSES = {bool: PARAM_BOOLEAN, int: PARAM_ZINTEGER, str: PARAM_STRING}\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.HELP_DEFAULT_PREFIX","title":"HELP_DEFAULT_PREFIX  module-attribute","text":"
HELP_DEFAULT_PREFIX = 'Default:'\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.HELP_VALID_VALUES_PREFIX","title":"HELP_VALID_VALUES_PREFIX  module-attribute","text":"
HELP_VALID_VALUES_PREFIX = 'Valid values:'\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope","title":"Scope","text":"
               Bases: Enum
 
Attributes:
 
     
  •  config           \u2013            
    •  
  •  theme           \u2013            
    •  
  •  heap           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.config","title":"config  class-attribute instance-attribute","text":"
config = 1\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.theme","title":"theme  class-attribute instance-attribute","text":"
theme = 2\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.heap","title":"heap  class-attribute instance-attribute","text":"
heap = 3\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter","title":"Parameter","text":"
Parameter(\n    name: str,\n    default: Any,\n    set_show_doc: str,\n    *,\n    help_docstring: str = \"\",\n    param_class: int | None = None,\n    enum_sequence: Sequence[str] | None = None,\n    scope: Scope = config,\n)\n
 
Methods:
 
     
  •  add_update_listener             \u2013              
    •  
  •  revert_default             \u2013              
    •  
  •  attr_name             \u2013              
    Returns the attribute name associated with this config option,
     
    •  
  •  __getattr__             \u2013              
    •  
  •  pretty_val             \u2013              
    Convert a value this object could contain to its pretty string representation.
     
    •  
  •  pretty             \u2013              
    •  
  •  pretty_default             \u2013              
    •  
  •  __int__             \u2013              
    •  
  •  __str__             \u2013              
    •  
  •  __bool__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
  •  __lt__             \u2013              
    •  
  •  __add__             \u2013              
    •  
  •  __radd__             \u2013              
    •  
  •  __sub__             \u2013              
    •  
  •  __rsub__             \u2013              
    •  
  •  __mul__             \u2013              
    •  
  •  __rmul__             \u2013              
    •  
  •  __div__             \u2013              
    •  
  •  __floordiv__             \u2013              
    •  
  •  __pow__             \u2013              
    •  
  •  __mod__             \u2013              
    •  
  •  __len__             \u2013              
    •  
 
Attributes:
 
     
  •  name           \u2013            
    •  
  •  default           \u2013            
    •  
  •  param_class           \u2013            
    •  
  •  set_show_doc           \u2013            
    •  
  •  help_docstring           \u2013            
    •  
  •  enum_sequence           \u2013            
    •  
  •  scope           \u2013            
    •  
  •  update_listeners               (list[Callable[[Any], None]])           \u2013            
    •  
  •  value               (Any)           \u2013            
    •  
  •  is_changed               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.name","title":"name  instance-attribute","text":"
name = name\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.default","title":"default  instance-attribute","text":"
default = default\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.param_class","title":"param_class  instance-attribute","text":"
param_class = param_class or PARAM_CLASSES[type(default)]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.set_show_doc","title":"set_show_doc  instance-attribute","text":"
set_show_doc = set_show_doc\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.help_docstring","title":"help_docstring  instance-attribute","text":"
help_docstring = help_docstring\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.enum_sequence","title":"enum_sequence  instance-attribute","text":"
enum_sequence = enum_sequence\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.scope","title":"scope  instance-attribute","text":"
scope = scope\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.update_listeners","title":"update_listeners  instance-attribute","text":"
update_listeners: list[Callable[[Any], None]] = []\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.value","title":"value  property writable","text":"
value: Any\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.is_changed","title":"is_changed  property","text":"
is_changed: bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.add_update_listener","title":"add_update_listener","text":"
add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.revert_default","title":"revert_default","text":"
revert_default() -> None\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.attr_name","title":"attr_name","text":"
attr_name() -> str\n
 
Returns the attribute name associated with this config option, i.e. my-config has the attribute name my_config
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_val","title":"pretty_val","text":"
pretty_val(val: Any) -> str\n
 
Convert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty","title":"pretty","text":"
pretty() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_default","title":"pretty_default","text":"
pretty_default() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__int__","title":"__int__","text":"
__int__() -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__bool__","title":"__bool__","text":"
__bool__() -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__eq__","title":"__eq__","text":"
__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__lt__","title":"__lt__","text":"
__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__add__","title":"__add__","text":"
__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__radd__","title":"__radd__","text":"
__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__sub__","title":"__sub__","text":"
__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rsub__","title":"__rsub__","text":"
__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mul__","title":"__mul__","text":"
__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rmul__","title":"__rmul__","text":"
__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__div__","title":"__div__","text":"
__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__floordiv__","title":"__floordiv__","text":"
__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__pow__","title":"__pow__","text":"
__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mod__","title":"__mod__","text":"
__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__len__","title":"__len__","text":"
__len__() -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config","title":"Config","text":"
Config()\n
 
Methods:
 
     
  •  add_param             \u2013              
    •  
  •  add_param_obj             \u2013              
    •  
  •  trigger             \u2013              
    •  
  •  get_params             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  __setattr__             \u2013              
    •  
 
Attributes:
 
     
  •  params               (dict[str, Parameter])           \u2013            
    •  
  •  triggers               (DefaultDict[str, list[Callable[..., Any]]])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.params","title":"params  instance-attribute","text":"
params: dict[str, Parameter] = {}\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.triggers","title":"triggers  instance-attribute","text":"
triggers: DefaultDict[str, list[Callable[..., Any]]] = defaultdict(list)\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param","title":"add_param","text":"
add_param(\n    name: str,\n    default: Any,\n    set_show_doc: str,\n    *,\n    help_docstring: str = \"\",\n    param_class: int | None = None,\n    enum_sequence: Sequence[str] | None = None,\n    scope: Scope = config,\n) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param_obj","title":"add_param_obj","text":"
add_param_obj(p: Parameter) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.trigger","title":"trigger","text":"
trigger(*params: Parameter) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.get_params","title":"get_params","text":"
get_params(scope: Scope) -> list[Parameter]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__getattr__","title":"__getattr__","text":"
__getattr__(name: str) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__setattr__","title":"__setattr__","text":"
__setattr__(attr, val)\n
"},{"location":"reference/pwndbg/lib/disasm/","title":"disasm","text":""},{"location":"reference/pwndbg/lib/disasm/#pwndbg.lib.disasm","title":"disasm","text":"
Modules:
 
     
  •  helpers           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/disasm/helpers/","title":"helpers","text":""},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers","title":"helpers","text":"
Functions:
 
     
  •  to_signed             \u2013              
    Returns the signed number associated with the two's-complement binary representation of unsigned
     
    •  
  •  logical_shift_left             \u2013              
    •  
  •  logical_shift_right             \u2013              
    n is truncated to the width of bit_width before the operation takes place.
     
    •  
  •  rotate_right             \u2013              
    n is truncated to the width of bit_width before the operation takes place.
     
    •  
  •  arithmetic_shift_right             \u2013              
    This returns the value represented by the two's-complement binary representation of the final result.
     
    •  
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.to_signed","title":"to_signed","text":"
to_signed(unsigned: int, bit_width: int)\n
 
Returns the signed number associated with the two's-complement binary representation of unsigned
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_left","title":"logical_shift_left","text":"
logical_shift_left(n: int, shift_amt: int, bit_width: int)\n
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_right","title":"logical_shift_right","text":"
logical_shift_right(n: int, shift_amt: int, bit_width: int)\n
 
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.rotate_right","title":"rotate_right","text":"
rotate_right(n: int, shift_amt: int, bit_width: int)\n
 
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.arithmetic_shift_right","title":"arithmetic_shift_right","text":"
arithmetic_shift_right(n: int, shift_amt: int, bit_width: int)\n
 
This returns the value represented by the two's-complement binary representation of the final result. This means the result could be negative (if the top bit of the input is negative)
 
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/elftypes/","title":"elftypes","text":""},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes","title":"elftypes","text":"
Classes:
 
     
  •  constants           \u2013            
    •  
  •  Elf32_Ehdr           \u2013            
    •  
  •  Elf64_Ehdr           \u2013            
    •  
  •  Elf32_Phdr           \u2013            
    •  
  •  Elf64_Phdr           \u2013            
    •  
  •  AUXV           \u2013            
    •  
 
Attributes:
 
     
  •  Elf32_Addr           \u2013            
    •  
  •  Elf32_Half           \u2013            
    •  
  •  Elf32_Off           \u2013            
    •  
  •  Elf32_Sword           \u2013            
    •  
  •  Elf32_Word           \u2013            
    •  
  •  Elf64_Addr           \u2013            
    •  
  •  Elf64_Half           \u2013            
    •  
  •  Elf64_SHalf           \u2013            
    •  
  •  Elf64_Off           \u2013            
    •  
  •  Elf64_Sword           \u2013            
    •  
  •  Elf64_Word           \u2013            
    •  
  •  Elf64_Xword           \u2013            
    •  
  •  Elf64_Sxword           \u2013            
    •  
  •  AT_CONSTANTS               (dict[int, str])           \u2013            
    •  
  •  AT_CONSTANT_NAMES           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Addr","title":"Elf32_Addr  module-attribute","text":"
Elf32_Addr = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Half","title":"Elf32_Half  module-attribute","text":"
Elf32_Half = c_uint16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Off","title":"Elf32_Off  module-attribute","text":"
Elf32_Off = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Sword","title":"Elf32_Sword  module-attribute","text":"
Elf32_Sword = c_int32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Word","title":"Elf32_Word  module-attribute","text":"
Elf32_Word = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Addr","title":"Elf64_Addr  module-attribute","text":"
Elf64_Addr = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Half","title":"Elf64_Half  module-attribute","text":"
Elf64_Half = c_uint16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_SHalf","title":"Elf64_SHalf  module-attribute","text":"
Elf64_SHalf = c_int16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Off","title":"Elf64_Off  module-attribute","text":"
Elf64_Off = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sword","title":"Elf64_Sword  module-attribute","text":"
Elf64_Sword = c_int32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Word","title":"Elf64_Word  module-attribute","text":"
Elf64_Word = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Xword","title":"Elf64_Xword  module-attribute","text":"
Elf64_Xword = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sxword","title":"Elf64_Sxword  module-attribute","text":"
Elf64_Sxword = c_int64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANTS","title":"AT_CONSTANTS  module-attribute","text":"
AT_CONSTANTS: dict[int, str] = {\n    0: \"AT_NULL\",\n    1: \"AT_IGNORE\",\n    2: \"AT_EXECFD\",\n    3: \"AT_PHDR\",\n    4: \"AT_PHENT\",\n    5: \"AT_PHNUM\",\n    6: \"AT_PAGESZ\",\n    7: \"AT_BASE\",\n    8: \"AT_FLAGS\",\n    9: \"AT_ENTRY\",\n    10: \"AT_NOTELF\",\n    11: \"AT_UID\",\n    12: \"AT_EUID\",\n    13: \"AT_GID\",\n    14: \"AT_EGID\",\n    15: \"AT_PLATFORM\",\n    16: \"AT_HWCAP\",\n    17: \"AT_CLKTCK\",\n    18: \"AT_FPUCW\",\n    19: \"AT_DCACHEBSIZE\",\n    20: \"AT_ICACHEBSIZE\",\n    21: \"AT_UCACHEBSIZE\",\n    22: \"AT_IGNOREPPC\",\n    23: \"AT_SECURE\",\n    24: \"AT_BASE_PLATFORM\",\n    25: \"AT_RANDOM\",\n    26: \"AT_HWCAP2\",\n    27: \"AT_RSEQ_FEATURE_SIZE\",\n    28: \"AT_RSEQ_ALIGN\",\n    29: \"AT_HWCAP3\",\n    30: \"AT_HWCAP4\",\n    31: \"AT_EXECFN\",\n    32: \"AT_SYSINFO\",\n    33: \"AT_SYSINFO_EHDR\",\n    34: \"AT_L1I_CACHESHAPE\",\n    35: \"AT_L1D_CACHESHAPE\",\n    36: \"AT_L2_CACHESHAPE\",\n    37: \"AT_L3_CACHESHAPE\",\n    40: \"AT_L1I_CACHESIZE\",\n    41: \"AT_L1I_CACHEGEOMETRY\",\n    42: \"AT_L1D_CACHESIZE\",\n    43: \"AT_L1D_CACHEGEOMETRY\",\n    44: \"AT_L2_CACHESIZE\",\n    45: \"AT_L2_CACHEGEOMETRY\",\n    46: \"AT_L3_CACHESIZE\",\n    47: \"AT_L3_CACHEGEOMETRY\",\n    51: \"AT_MINSIGSTKSZ\",\n}\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANT_NAMES","title":"AT_CONSTANT_NAMES  module-attribute","text":"
AT_CONSTANT_NAMES = {v: _Cfor (k, v) in (items())}\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants","title":"constants","text":"
Attributes:
 
     
  •  EI_MAG0           \u2013            
    •  
  •  EI_MAG1           \u2013            
    •  
  •  EI_MAG2           \u2013            
    •  
  •  EI_MAG3           \u2013            
    •  
  •  EI_CLASS           \u2013            
    •  
  •  EI_DATA           \u2013            
    •  
  •  EI_VERSION           \u2013            
    •  
  •  EI_OSABI           \u2013            
    •  
  •  EI_ABIVERSION           \u2013            
    •  
  •  EI_PAD           \u2013            
    •  
  •  EI_NIDENT           \u2013            
    •  
  •  ELFMAG0           \u2013            
    •  
  •  ELFMAG1           \u2013            
    •  
  •  ELFMAG2           \u2013            
    •  
  •  ELFMAG3           \u2013            
    •  
  •  ELFCLASSNONE           \u2013            
    •  
  •  ELFCLASS32           \u2013            
    •  
  •  ELFCLASS64           \u2013            
    •  
  •  ELFDATANONE           \u2013            
    •  
  •  ELFDATA2LSB           \u2013            
    •  
  •  ELFDATA2MSB           \u2013            
    •  
  •  PT_NULL           \u2013            
    •  
  •  PT_LOAD           \u2013            
    •  
  •  PT_DYNAMIC           \u2013            
    •  
  •  PT_INTERP           \u2013            
    •  
  •  PT_NOTE           \u2013            
    •  
  •  PT_SHLIB           \u2013            
    •  
  •  PT_PHDR           \u2013            
    •  
  •  PT_TLS           \u2013            
    •  
  •  ET_NONE           \u2013            
    •  
  •  ET_REL           \u2013            
    •  
  •  ET_EXEC           \u2013            
    •  
  •  ET_DYN           \u2013            
    •  
  •  ET_CORE           \u2013            
    •  
  •  DT_NULL           \u2013            
    •  
  •  DT_NEEDED           \u2013            
    •  
  •  DT_PLTRELSZ           \u2013            
    •  
  •  DT_PLTGOT           \u2013            
    •  
  •  DT_HASH           \u2013            
    •  
  •  DT_STRTAB           \u2013            
    •  
  •  DT_SYMTAB           \u2013            
    •  
  •  DT_RELA           \u2013            
    •  
  •  DT_RELASZ           \u2013            
    •  
  •  DT_RELAENT           \u2013            
    •  
  •  DT_STRSZ           \u2013            
    •  
  •  DT_SYMENT           \u2013            
    •  
  •  DT_INIT           \u2013            
    •  
  •  DT_FINI           \u2013            
    •  
  •  DT_SONAME           \u2013            
    •  
  •  DT_RPATH           \u2013            
    •  
  •  DT_SYMBOLIC           \u2013            
    •  
  •  DT_REL           \u2013            
    •  
  •  DT_RELSZ           \u2013            
    •  
  •  DT_RELENT           \u2013            
    •  
  •  DT_PLTREL           \u2013            
    •  
  •  DT_DEBUG           \u2013            
    •  
  •  DT_TEXTREL           \u2013            
    •  
  •  DT_JMPREL           \u2013            
    •  
  •  DT_ENCODING           \u2013            
    •  
  •  SHT_NULL           \u2013            
    •  
  •  SHT_PROGBITS           \u2013            
    •  
  •  SHT_SYMTAB           \u2013            
    •  
  •  SHT_STRTAB           \u2013            
    •  
  •  SHT_RELA           \u2013            
    •  
  •  SHT_HASH           \u2013            
    •  
  •  SHT_DYNAMIC           \u2013            
    •  
  •  SHT_NOTE           \u2013            
    •  
  •  SHT_NOBITS           \u2013            
    •  
  •  SHT_REL           \u2013            
    •  
  •  SHT_SHLIB           \u2013            
    •  
  •  SHT_DYNSYM           \u2013            
    •  
  •  SHT_NUM           \u2013            
    •  
  •  STT_NOTYPE           \u2013            
    •  
  •  STT_OBJECT           \u2013            
    •  
  •  STT_FUNC           \u2013            
    •  
  •  STT_SECTION           \u2013            
    •  
  •  STT_FILE           \u2013            
    •  
  •  STT_COMMON           \u2013            
    •  
  •  STT_TLS           \u2013            
    •  
  •  NT_PRSTATUS           \u2013            
    •  
  •  NT_PRFPREG           \u2013            
    •  
  •  NT_PRPSINFO           \u2013            
    •  
  •  NT_TASKSTRUCT           \u2013            
    •  
  •  NT_AUXV           \u2013            
    •  
  •  NT_SIGINFO           \u2013            
    •  
  •  NT_FILE           \u2013            
    •  
  •  NT_PRXFPREG           \u2013            
    •  
  •  NT_PPC_VMX           \u2013            
    •  
  •  NT_PPC_SPE           \u2013            
    •  
  •  NT_PPC_VSX           \u2013            
    •  
  •  NT_386_TLS           \u2013            
    •  
  •  NT_386_IOPERM           \u2013            
    •  
  •  NT_X86_XSTATE           \u2013            
    •  
  •  NT_S390_HIGH_GPRS           \u2013            
    •  
  •  NT_S390_TIMER           \u2013            
    •  
  •  NT_S390_TODCMP           \u2013            
    •  
  •  NT_S390_TODPREG           \u2013            
    •  
  •  NT_S390_CTRS           \u2013            
    •  
  •  NT_S390_PREFIX           \u2013            
    •  
  •  NT_S390_LAST_BREAK           \u2013            
    •  
  •  NT_S390_SYSTEM_CALL           \u2013            
    •  
  •  NT_S390_TDB           \u2013            
    •  
  •  NT_ARM_VFP           \u2013            
    •  
  •  NT_ARM_TLS           \u2013            
    •  
  •  NT_ARM_HW_BREAK           \u2013            
    •  
  •  NT_ARM_HW_WATCH           \u2013            
    •  
  •  NT_METAG_CBUF           \u2013            
    •  
  •  NT_METAG_RPIPE           \u2013            
    •  
  •  NT_METAG_TLS           \u2013            
    •  
  •  AT_NULL           \u2013            
    •  
  •  AT_IGNORE           \u2013            
    •  
  •  AT_EXECFD           \u2013            
    •  
  •  AT_PHDR           \u2013            
    •  
  •  AT_PHENT           \u2013            
    •  
  •  AT_PHNUM           \u2013            
    •  
  •  AT_PAGESZ           \u2013            
    •  
  •  AT_BASE           \u2013            
    •  
  •  AT_FLAGS           \u2013            
    •  
  •  AT_ENTRY           \u2013            
    •  
  •  AT_NOTELF           \u2013            
    •  
  •  AT_UID           \u2013            
    •  
  •  AT_EUID           \u2013            
    •  
  •  AT_GID           \u2013            
    •  
  •  AT_EGID           \u2013            
    •  
  •  AT_PLATFORM           \u2013            
    •  
  •  AT_HWCAP           \u2013            
    •  
  •  AT_CLKTCK           \u2013            
    •  
  •  AT_FPUCW           \u2013            
    •  
  •  AT_DCACHEBSIZE           \u2013            
    •  
  •  AT_ICACHEBSIZE           \u2013            
    •  
  •  AT_UCACHEBSIZE           \u2013            
    •  
  •  AT_IGNOREPPC           \u2013            
    •  
  •  AT_SECURE           \u2013            
    •  
  •  AT_BASE_PLATFORM           \u2013            
    •  
  •  AT_RANDOM           \u2013            
    •  
  •  AT_EXECFN           \u2013            
    •  
  •  AT_SYSINFO           \u2013            
    •  
  •  AT_SYSINFO_EHDR           \u2013            
    •  
  •  AT_L1I_CACHESHAPE           \u2013            
    •  
  •  AT_L1D_CACHESHAPE           \u2013            
    •  
  •  AT_L2_CACHESHAPE           \u2013            
    •  
  •  AT_L3_CACHESHAPE           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG0","title":"EI_MAG0  class-attribute instance-attribute","text":"
EI_MAG0 = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG1","title":"EI_MAG1  class-attribute instance-attribute","text":"
EI_MAG1 = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG2","title":"EI_MAG2  class-attribute instance-attribute","text":"
EI_MAG2 = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG3","title":"EI_MAG3  class-attribute instance-attribute","text":"
EI_MAG3 = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_CLASS","title":"EI_CLASS  class-attribute instance-attribute","text":"
EI_CLASS = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_DATA","title":"EI_DATA  class-attribute instance-attribute","text":"
EI_DATA = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_VERSION","title":"EI_VERSION  class-attribute instance-attribute","text":"
EI_VERSION = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_OSABI","title":"EI_OSABI  class-attribute instance-attribute","text":"
EI_OSABI = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_ABIVERSION","title":"EI_ABIVERSION  class-attribute instance-attribute","text":"
EI_ABIVERSION = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_PAD","title":"EI_PAD  class-attribute instance-attribute","text":"
EI_PAD = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_NIDENT","title":"EI_NIDENT  class-attribute instance-attribute","text":"
EI_NIDENT = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG0","title":"ELFMAG0  class-attribute instance-attribute","text":"
ELFMAG0 = 127\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG1","title":"ELFMAG1  class-attribute instance-attribute","text":"
ELFMAG1 = ord('E')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG2","title":"ELFMAG2  class-attribute instance-attribute","text":"
ELFMAG2 = ord('L')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG3","title":"ELFMAG3  class-attribute instance-attribute","text":"
ELFMAG3 = ord('F')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASSNONE","title":"ELFCLASSNONE  class-attribute instance-attribute","text":"
ELFCLASSNONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS32","title":"ELFCLASS32  class-attribute instance-attribute","text":"
ELFCLASS32 = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS64","title":"ELFCLASS64  class-attribute instance-attribute","text":"
ELFCLASS64 = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATANONE","title":"ELFDATANONE  class-attribute instance-attribute","text":"
ELFDATANONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2LSB","title":"ELFDATA2LSB  class-attribute instance-attribute","text":"
ELFDATA2LSB = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2MSB","title":"ELFDATA2MSB  class-attribute instance-attribute","text":"
ELFDATA2MSB = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NULL","title":"PT_NULL  class-attribute instance-attribute","text":"
PT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_LOAD","title":"PT_LOAD  class-attribute instance-attribute","text":"
PT_LOAD = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_DYNAMIC","title":"PT_DYNAMIC  class-attribute instance-attribute","text":"
PT_DYNAMIC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_INTERP","title":"PT_INTERP  class-attribute instance-attribute","text":"
PT_INTERP = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NOTE","title":"PT_NOTE  class-attribute instance-attribute","text":"
PT_NOTE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_SHLIB","title":"PT_SHLIB  class-attribute instance-attribute","text":"
PT_SHLIB = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_PHDR","title":"PT_PHDR  class-attribute instance-attribute","text":"
PT_PHDR = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_TLS","title":"PT_TLS  class-attribute instance-attribute","text":"
PT_TLS = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_NONE","title":"ET_NONE  class-attribute instance-attribute","text":"
ET_NONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_REL","title":"ET_REL  class-attribute instance-attribute","text":"
ET_REL = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_EXEC","title":"ET_EXEC  class-attribute instance-attribute","text":"
ET_EXEC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_DYN","title":"ET_DYN  class-attribute instance-attribute","text":"
ET_DYN = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_CORE","title":"ET_CORE  class-attribute instance-attribute","text":"
ET_CORE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NULL","title":"DT_NULL  class-attribute instance-attribute","text":"
DT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NEEDED","title":"DT_NEEDED  class-attribute instance-attribute","text":"
DT_NEEDED = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTRELSZ","title":"DT_PLTRELSZ  class-attribute instance-attribute","text":"
DT_PLTRELSZ = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTGOT","title":"DT_PLTGOT  class-attribute instance-attribute","text":"
DT_PLTGOT = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_HASH","title":"DT_HASH  class-attribute instance-attribute","text":"
DT_HASH = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRTAB","title":"DT_STRTAB  class-attribute instance-attribute","text":"
DT_STRTAB = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMTAB","title":"DT_SYMTAB  class-attribute instance-attribute","text":"
DT_SYMTAB = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELA","title":"DT_RELA  class-attribute instance-attribute","text":"
DT_RELA = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELASZ","title":"DT_RELASZ  class-attribute instance-attribute","text":"
DT_RELASZ = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELAENT","title":"DT_RELAENT  class-attribute instance-attribute","text":"
DT_RELAENT = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRSZ","title":"DT_STRSZ  class-attribute instance-attribute","text":"
DT_STRSZ = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMENT","title":"DT_SYMENT  class-attribute instance-attribute","text":"
DT_SYMENT = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_INIT","title":"DT_INIT  class-attribute instance-attribute","text":"
DT_INIT = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_FINI","title":"DT_FINI  class-attribute instance-attribute","text":"
DT_FINI = 13\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SONAME","title":"DT_SONAME  class-attribute instance-attribute","text":"
DT_SONAME = 14\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RPATH","title":"DT_RPATH  class-attribute instance-attribute","text":"
DT_RPATH = 15\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMBOLIC","title":"DT_SYMBOLIC  class-attribute instance-attribute","text":"
DT_SYMBOLIC = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_REL","title":"DT_REL  class-attribute instance-attribute","text":"
DT_REL = 17\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELSZ","title":"DT_RELSZ  class-attribute instance-attribute","text":"
DT_RELSZ = 18\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELENT","title":"DT_RELENT  class-attribute instance-attribute","text":"
DT_RELENT = 19\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTREL","title":"DT_PLTREL  class-attribute instance-attribute","text":"
DT_PLTREL = 20\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_DEBUG","title":"DT_DEBUG  class-attribute instance-attribute","text":"
DT_DEBUG = 21\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_TEXTREL","title":"DT_TEXTREL  class-attribute instance-attribute","text":"
DT_TEXTREL = 22\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_JMPREL","title":"DT_JMPREL  class-attribute instance-attribute","text":"
DT_JMPREL = 23\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_ENCODING","title":"DT_ENCODING  class-attribute instance-attribute","text":"
DT_ENCODING = 32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NULL","title":"SHT_NULL  class-attribute instance-attribute","text":"
SHT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_PROGBITS","title":"SHT_PROGBITS  class-attribute instance-attribute","text":"
SHT_PROGBITS = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SYMTAB","title":"SHT_SYMTAB  class-attribute instance-attribute","text":"
SHT_SYMTAB = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_STRTAB","title":"SHT_STRTAB  class-attribute instance-attribute","text":"
SHT_STRTAB = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_RELA","title":"SHT_RELA  class-attribute instance-attribute","text":"
SHT_RELA = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_HASH","title":"SHT_HASH  class-attribute instance-attribute","text":"
SHT_HASH = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNAMIC","title":"SHT_DYNAMIC  class-attribute instance-attribute","text":"
SHT_DYNAMIC = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOTE","title":"SHT_NOTE  class-attribute instance-attribute","text":"
SHT_NOTE = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOBITS","title":"SHT_NOBITS  class-attribute instance-attribute","text":"
SHT_NOBITS = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_REL","title":"SHT_REL  class-attribute instance-attribute","text":"
SHT_REL = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SHLIB","title":"SHT_SHLIB  class-attribute instance-attribute","text":"
SHT_SHLIB = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNSYM","title":"SHT_DYNSYM  class-attribute instance-attribute","text":"
SHT_DYNSYM = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NUM","title":"SHT_NUM  class-attribute instance-attribute","text":"
SHT_NUM = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_NOTYPE","title":"STT_NOTYPE  class-attribute instance-attribute","text":"
STT_NOTYPE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_OBJECT","title":"STT_OBJECT  class-attribute instance-attribute","text":"
STT_OBJECT = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FUNC","title":"STT_FUNC  class-attribute instance-attribute","text":"
STT_FUNC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_SECTION","title":"STT_SECTION  class-attribute instance-attribute","text":"
STT_SECTION = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FILE","title":"STT_FILE  class-attribute instance-attribute","text":"
STT_FILE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_COMMON","title":"STT_COMMON  class-attribute instance-attribute","text":"
STT_COMMON = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_TLS","title":"STT_TLS  class-attribute instance-attribute","text":"
STT_TLS = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRSTATUS","title":"NT_PRSTATUS  class-attribute instance-attribute","text":"
NT_PRSTATUS = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRFPREG","title":"NT_PRFPREG  class-attribute instance-attribute","text":"
NT_PRFPREG = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRPSINFO","title":"NT_PRPSINFO  class-attribute instance-attribute","text":"
NT_PRPSINFO = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_TASKSTRUCT","title":"NT_TASKSTRUCT  class-attribute instance-attribute","text":"
NT_TASKSTRUCT = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_AUXV","title":"NT_AUXV  class-attribute instance-attribute","text":"
NT_AUXV = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_SIGINFO","title":"NT_SIGINFO  class-attribute instance-attribute","text":"
NT_SIGINFO = 1397311305\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_FILE","title":"NT_FILE  class-attribute instance-attribute","text":"
NT_FILE = 1179208773\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRXFPREG","title":"NT_PRXFPREG  class-attribute instance-attribute","text":"
NT_PRXFPREG = 1189489535\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VMX","title":"NT_PPC_VMX  class-attribute instance-attribute","text":"
NT_PPC_VMX = 256\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_SPE","title":"NT_PPC_SPE  class-attribute instance-attribute","text":"
NT_PPC_SPE = 257\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VSX","title":"NT_PPC_VSX  class-attribute instance-attribute","text":"
NT_PPC_VSX = 258\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_TLS","title":"NT_386_TLS  class-attribute instance-attribute","text":"
NT_386_TLS = 512\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_IOPERM","title":"NT_386_IOPERM  class-attribute instance-attribute","text":"
NT_386_IOPERM = 513\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_X86_XSTATE","title":"NT_X86_XSTATE  class-attribute instance-attribute","text":"
NT_X86_XSTATE = 514\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_HIGH_GPRS","title":"NT_S390_HIGH_GPRS  class-attribute instance-attribute","text":"
NT_S390_HIGH_GPRS = 768\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TIMER","title":"NT_S390_TIMER  class-attribute instance-attribute","text":"
NT_S390_TIMER = 769\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODCMP","title":"NT_S390_TODCMP  class-attribute instance-attribute","text":"
NT_S390_TODCMP = 770\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODPREG","title":"NT_S390_TODPREG  class-attribute instance-attribute","text":"
NT_S390_TODPREG = 771\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_CTRS","title":"NT_S390_CTRS  class-attribute instance-attribute","text":"
NT_S390_CTRS = 772\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_PREFIX","title":"NT_S390_PREFIX  class-attribute instance-attribute","text":"
NT_S390_PREFIX = 773\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_LAST_BREAK","title":"NT_S390_LAST_BREAK  class-attribute instance-attribute","text":"
NT_S390_LAST_BREAK = 774\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_SYSTEM_CALL","title":"NT_S390_SYSTEM_CALL  class-attribute instance-attribute","text":"
NT_S390_SYSTEM_CALL = 775\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TDB","title":"NT_S390_TDB  class-attribute instance-attribute","text":"
NT_S390_TDB = 776\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_VFP","title":"NT_ARM_VFP  class-attribute instance-attribute","text":"
NT_ARM_VFP = 1024\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_TLS","title":"NT_ARM_TLS  class-attribute instance-attribute","text":"
NT_ARM_TLS = 1025\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_BREAK","title":"NT_ARM_HW_BREAK  class-attribute instance-attribute","text":"
NT_ARM_HW_BREAK = 1026\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_WATCH","title":"NT_ARM_HW_WATCH  class-attribute instance-attribute","text":"
NT_ARM_HW_WATCH = 1027\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_CBUF","title":"NT_METAG_CBUF  class-attribute instance-attribute","text":"
NT_METAG_CBUF = 1280\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_RPIPE","title":"NT_METAG_RPIPE  class-attribute instance-attribute","text":"
NT_METAG_RPIPE = 1281\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_TLS","title":"NT_METAG_TLS  class-attribute instance-attribute","text":"
NT_METAG_TLS = 1282\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NULL","title":"AT_NULL  class-attribute instance-attribute","text":"
AT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNORE","title":"AT_IGNORE  class-attribute instance-attribute","text":"
AT_IGNORE = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFD","title":"AT_EXECFD  class-attribute instance-attribute","text":"
AT_EXECFD = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHDR","title":"AT_PHDR  class-attribute instance-attribute","text":"
AT_PHDR = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHENT","title":"AT_PHENT  class-attribute instance-attribute","text":"
AT_PHENT = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHNUM","title":"AT_PHNUM  class-attribute instance-attribute","text":"
AT_PHNUM = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PAGESZ","title":"AT_PAGESZ  class-attribute instance-attribute","text":"
AT_PAGESZ = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE","title":"AT_BASE  class-attribute instance-attribute","text":"
AT_BASE = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FLAGS","title":"AT_FLAGS  class-attribute instance-attribute","text":"
AT_FLAGS = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ENTRY","title":"AT_ENTRY  class-attribute instance-attribute","text":"
AT_ENTRY = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NOTELF","title":"AT_NOTELF  class-attribute instance-attribute","text":"
AT_NOTELF = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UID","title":"AT_UID  class-attribute instance-attribute","text":"
AT_UID = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EUID","title":"AT_EUID  class-attribute instance-attribute","text":"
AT_EUID = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_GID","title":"AT_GID  class-attribute instance-attribute","text":"
AT_GID = 13\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EGID","title":"AT_EGID  class-attribute instance-attribute","text":"
AT_EGID = 14\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PLATFORM","title":"AT_PLATFORM  class-attribute instance-attribute","text":"
AT_PLATFORM = 15\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_HWCAP","title":"AT_HWCAP  class-attribute instance-attribute","text":"
AT_HWCAP = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_CLKTCK","title":"AT_CLKTCK  class-attribute instance-attribute","text":"
AT_CLKTCK = 17\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FPUCW","title":"AT_FPUCW  class-attribute instance-attribute","text":"
AT_FPUCW = 18\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_DCACHEBSIZE","title":"AT_DCACHEBSIZE  class-attribute instance-attribute","text":"
AT_DCACHEBSIZE = 19\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ICACHEBSIZE","title":"AT_ICACHEBSIZE  class-attribute instance-attribute","text":"
AT_ICACHEBSIZE = 20\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UCACHEBSIZE","title":"AT_UCACHEBSIZE  class-attribute instance-attribute","text":"
AT_UCACHEBSIZE = 21\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNOREPPC","title":"AT_IGNOREPPC  class-attribute instance-attribute","text":"
AT_IGNOREPPC = 22\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SECURE","title":"AT_SECURE  class-attribute instance-attribute","text":"
AT_SECURE = 23\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORM  class-attribute instance-attribute","text":"
AT_BASE_PLATFORM = 24\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_RANDOM","title":"AT_RANDOM  class-attribute instance-attribute","text":"
AT_RANDOM = 25\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFN","title":"AT_EXECFN  class-attribute instance-attribute","text":"
AT_EXECFN = 31\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO","title":"AT_SYSINFO  class-attribute instance-attribute","text":"
AT_SYSINFO = 32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDR  class-attribute instance-attribute","text":"
AT_SYSINFO_EHDR = 33\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1I_CACHESHAPE","title":"AT_L1I_CACHESHAPE  class-attribute instance-attribute","text":"
AT_L1I_CACHESHAPE = 34\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1D_CACHESHAPE","title":"AT_L1D_CACHESHAPE  class-attribute instance-attribute","text":"
AT_L1D_CACHESHAPE = 35\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L2_CACHESHAPE","title":"AT_L2_CACHESHAPE  class-attribute instance-attribute","text":"
AT_L2_CACHESHAPE = 36\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L3_CACHESHAPE","title":"AT_L3_CACHESHAPE  class-attribute instance-attribute","text":"
AT_L3_CACHESHAPE = 37\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Ehdr","title":"Elf32_Ehdr","text":"
               Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Ehdr","title":"Elf64_Ehdr","text":"
               Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Phdr","title":"Elf32_Phdr","text":"
               Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Phdr","title":"Elf64_Phdr","text":"
               Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV","title":"AUXV","text":"
               Bases: dict[str, int | str]
 
Methods:
 
     
  •  set             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  AT_PHDR               (int | None)           \u2013            
    •  
  •  AT_BASE               (int | None)           \u2013            
    •  
  •  AT_PLATFORM               (str | None)           \u2013            
    •  
  •  AT_BASE_PLATFORM               (str | None)           \u2013            
    •  
  •  AT_ENTRY               (int | None)           \u2013            
    •  
  •  AT_RANDOM               (int | None)           \u2013            
    •  
  •  AT_EXECFN               (str | None)           \u2013            
    •  
  •  AT_SYSINFO               (int | None)           \u2013            
    •  
  •  AT_SYSINFO_EHDR               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_PHDR","title":"AT_PHDR  instance-attribute","text":"
AT_PHDR: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE","title":"AT_BASE  instance-attribute","text":"
AT_BASE: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_PLATFORM","title":"AT_PLATFORM  instance-attribute","text":"
AT_PLATFORM: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORM  instance-attribute","text":"
AT_BASE_PLATFORM: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_ENTRY","title":"AT_ENTRY  instance-attribute","text":"
AT_ENTRY: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_RANDOM","title":"AT_RANDOM  instance-attribute","text":"
AT_RANDOM: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_EXECFN","title":"AT_EXECFN  instance-attribute","text":"
AT_EXECFN: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO","title":"AT_SYSINFO  instance-attribute","text":"
AT_SYSINFO: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDR  instance-attribute","text":"
AT_SYSINFO_EHDR: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.set","title":"set","text":"
set(const: int, value: int) -> None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__getattr__","title":"__getattr__","text":"
__getattr__(attr: str) -> int | str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/exception/","title":"exception","text":""},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception","title":"exception","text":"
Classes:
 
     
  •  IndentContextManager           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager","title":"IndentContextManager","text":"
IndentContextManager()\n
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
  •  print             \u2013              
    •  
  •  addr_hex             \u2013              
    •  
  •  aux_hex             \u2013              
    •  
  •  prefix             \u2013              
    •  
 
Attributes:
 
     
  •  indent           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.indent","title":"indent  instance-attribute","text":"
indent = 0\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.__enter__","title":"__enter__","text":"
__enter__() -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.__exit__","title":"__exit__","text":"
__exit__(\n    exc_type: type[BaseException] | None,\n    exc_value: BaseException | None,\n    exc_tb: TracebackType | None,\n) -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.print","title":"print","text":"
print(*a, **kw) -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.addr_hex","title":"addr_hex","text":"
addr_hex(val: int) -> str\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.aux_hex","title":"aux_hex","text":"
aux_hex(val: int) -> str\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.prefix","title":"prefix","text":"
prefix(s: str)\n
"},{"location":"reference/pwndbg/lib/funcparser/","title":"funcparser","text":""},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser","title":"funcparser","text":"
Functions:
 
     
  •  extractTypeAndName             \u2013              
    •  
  •  Stringify             \u2013              
    •  
  •  ExtractFuncDecl             \u2013              
    •  
  •  ExtractAllFuncDecls             \u2013              
    •  
  •  ExtractFuncDeclFromSource             \u2013              
    •  
 
Attributes:
 
     
  •  CAstNode           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.CAstNode","title":"CAstNode  module-attribute","text":"
CAstNode = Union[\n    EllipsisParam, PtrDecl, ArrayDecl, FuncDecl, Struct, Union, Enum\n]\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.extractTypeAndName","title":"extractTypeAndName","text":"
extractTypeAndName(\n    n: CAstNode, defaultName: str | None = None\n) -> tuple[str, int, str] | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.Stringify","title":"Stringify","text":"
Stringify(X: Function | Argument) -> str\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDecl","title":"ExtractFuncDecl","text":"
ExtractFuncDecl(node: CAstNode, verbose: bool = False) -> Function | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractAllFuncDecls","title":"ExtractAllFuncDecls","text":"
ExtractAllFuncDecls(ast: CAstNode, verbose: bool = False)\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDeclFromSource","title":"ExtractFuncDeclFromSource","text":"
ExtractFuncDeclFromSource(source: str) -> Function | None\n
"},{"location":"reference/pwndbg/lib/functions/","title":"functions","text":""},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions","title":"functions","text":"
Classes:
 
     
  •  Function           \u2013            
    •  
  •  Argument           \u2013            
    •  
  •  Flag           \u2013            
    •  
  •  LazyFunctions           \u2013            
    •  
 
Functions:
 
     
  •  format_flags_argument             \u2013              
    •  
 
Attributes:
 
     
  •  functions           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.functions","title":"functions  module-attribute","text":"
functions = LazyFunctions()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function","title":"Function","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  type               (str)           \u2013            
    •  
  •  derefcnt               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  args               (list[Argument])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.type","title":"type  instance-attribute","text":"
type: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.derefcnt","title":"derefcnt  instance-attribute","text":"
derefcnt: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.args","title":"args  instance-attribute","text":"
args: list[Argument]\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument","title":"Argument","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  type               (str)           \u2013            
    •  
  •  derefcnt               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  flags               (tuple[Flag, ...] | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.type","title":"type  instance-attribute","text":"
type: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.derefcnt","title":"derefcnt  instance-attribute","text":"
derefcnt: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.flags","title":"flags  class-attribute instance-attribute","text":"
flags: tuple[Flag, ...] | None = None\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag","title":"Flag","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  value               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag.value","title":"value  instance-attribute","text":"
value: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions","title":"LazyFunctions","text":"
LazyFunctions(*args, **kw)\n
 
               Bases: Mapping[str, Function]
 
Methods:
 
     
  •  __getitem__             \u2013              
    •  
  •  __iter__             \u2013              
    •  
  •  __len__             \u2013              
    •  
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__getitem__","title":"__getitem__","text":"
__getitem__(key)\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__iter__","title":"__iter__","text":"
__iter__()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__len__","title":"__len__","text":"
__len__()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.format_flags_argument","title":"format_flags_argument","text":"
format_flags_argument(flags: tuple[Flag, ...], value: int)\n
"},{"location":"reference/pwndbg/lib/functions_data/","title":"functions_data","text":""},{"location":"reference/pwndbg/lib/functions_data/#pwndbg.lib.functions_data","title":"functions_data","text":"
Functions:
 
     
  •  load_functions             \u2013              
    •  
"},{"location":"reference/pwndbg/lib/functions_data/#pwndbg.lib.functions_data.load_functions","title":"load_functions","text":"
load_functions()\n
"},{"location":"reference/pwndbg/lib/heap/","title":"heap","text":""},{"location":"reference/pwndbg/lib/heap/#pwndbg.lib.heap","title":"heap","text":"
Modules:
 
     
  •  helpers           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/heap/helpers/","title":"helpers","text":""},{"location":"reference/pwndbg/lib/heap/helpers/#pwndbg.lib.heap.helpers","title":"helpers","text":"
Functions:
 
     
  •  find_fastbin_size             \u2013              
    •  
"},{"location":"reference/pwndbg/lib/heap/helpers/#pwndbg.lib.heap.helpers.find_fastbin_size","title":"find_fastbin_size","text":"
find_fastbin_size(\n    mem: bytes, max_size: int, step: int\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/lib/kernel/","title":"kernel","text":""},{"location":"reference/pwndbg/lib/kernel/#pwndbg.lib.kernel","title":"kernel","text":"
Modules:
 
     
  •  kconfig           \u2013            
    •  
  •  structs           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/kernel/kconfig/","title":"kconfig","text":""},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig","title":"kconfig","text":"
Classes:
 
     
  •  Kconfig           \u2013            
    •  
 
Functions:
 
     
  •  parse_config             \u2013              
    •  
  •  parse_compresed_config             \u2013              
    •  
  •  config_to_key             \u2013              
    •  
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig","title":"Kconfig","text":"
Kconfig(compressed_config: bytes | None, *args: Any, **kwargs: Any)\n
 
               Bases: UserDict
 
Methods:
 
     
  •  get_key             \u2013              
    •  
  •  __getitem__             \u2013              
    •  
  •  __contains__             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  update_with_file             \u2013              
    •  
 
Attributes:
 
     
  •  data           \u2013            
    •  
  •  CONFIG_SLUB_TINY               (bool)           \u2013            
    •  
  •  CONFIG_SLUB_CPU_PARTIAL               (bool)           \u2013            
    •  
  •  CONFIG_MEMCG               (bool)           \u2013            
    •  
  •  CONFIG_SLAB_FREELIST_RANDOM               (bool)           \u2013            
    •  
  •  CONFIG_HARDENED_USERCOPY               (bool)           \u2013            
    •  
  •  CONFIG_SLAB_FREELIST_HARDENED               (bool)           \u2013            
    •  
  •  CONFIG_NUMA               (bool)           \u2013            
    •  
  •  CONFIG_KASAN_GENERIC               (bool)           \u2013            
    •  
  •  CONFIG_KASAN               (bool)           \u2013            
    •  
  •  CONFIG_SMP               (bool)           \u2013            
    •  
  •  CONFIG_CMA               (bool)           \u2013            
    •  
  •  CONFIG_MEMORY_ISOLATION               (bool)           \u2013            
    •  
  •  CONFIG_SYSFS               (bool)           \u2013            
    •  
  •  CONFIG_DEBUG_FS               (bool)           \u2013            
    •  
  •  CONFIG_SECURITY               (bool)           \u2013            
    •  
  •  CONFIG_THREAD_INFO_IN_TASK               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.data","title":"data  instance-attribute","text":"
data = parse_compresed_config(compressed_config)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SLUB_TINY","title":"CONFIG_SLUB_TINY  property","text":"
CONFIG_SLUB_TINY: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SLUB_CPU_PARTIAL","title":"CONFIG_SLUB_CPU_PARTIAL  property","text":"
CONFIG_SLUB_CPU_PARTIAL: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_MEMCG","title":"CONFIG_MEMCG  property","text":"
CONFIG_MEMCG: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SLAB_FREELIST_RANDOM","title":"CONFIG_SLAB_FREELIST_RANDOM  property","text":"
CONFIG_SLAB_FREELIST_RANDOM: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_HARDENED_USERCOPY","title":"CONFIG_HARDENED_USERCOPY  property","text":"
CONFIG_HARDENED_USERCOPY: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SLAB_FREELIST_HARDENED","title":"CONFIG_SLAB_FREELIST_HARDENED  property","text":"
CONFIG_SLAB_FREELIST_HARDENED: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_NUMA","title":"CONFIG_NUMA  property","text":"
CONFIG_NUMA: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_KASAN_GENERIC","title":"CONFIG_KASAN_GENERIC  property","text":"
CONFIG_KASAN_GENERIC: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_KASAN","title":"CONFIG_KASAN  property","text":"
CONFIG_KASAN: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SMP","title":"CONFIG_SMP  property","text":"
CONFIG_SMP: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_CMA","title":"CONFIG_CMA  property","text":"
CONFIG_CMA: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_MEMORY_ISOLATION","title":"CONFIG_MEMORY_ISOLATION  property","text":"
CONFIG_MEMORY_ISOLATION: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SYSFS","title":"CONFIG_SYSFS  property","text":"
CONFIG_SYSFS: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_DEBUG_FS","title":"CONFIG_DEBUG_FS  property","text":"
CONFIG_DEBUG_FS: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SECURITY","title":"CONFIG_SECURITY  property","text":"
CONFIG_SECURITY: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_THREAD_INFO_IN_TASK","title":"CONFIG_THREAD_INFO_IN_TASK  property","text":"
CONFIG_THREAD_INFO_IN_TASK: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.get_key","title":"get_key","text":"
get_key(name: str) -> str | None\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getitem__","title":"__getitem__","text":"
__getitem__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__contains__","title":"__contains__","text":"
__contains__(name: object) -> bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.update_with_file","title":"update_with_file","text":"
update_with_file(file_path)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_config","title":"parse_config","text":"
parse_config(config_text: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_compresed_config","title":"parse_compresed_config","text":"
parse_compresed_config(compressed_config: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.config_to_key","title":"config_to_key","text":"
config_to_key(name: str) -> str\n
"},{"location":"reference/pwndbg/lib/kernel/structs/","title":"structs","text":""},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs","title":"structs","text":"
Classes:
 
     
  •  IDTEntry           \u2013            
    Represents an entry in the Interrupt Descriptor Table (IDT)
     
    •  
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry","title":"IDTEntry","text":"
IDTEntry(entry)\n
 
Represents an entry in the Interrupt Descriptor Table (IDT)
 
The IDTEntry class stores information about an IDT entry, including its index, offset, segment selector, descriptor privilege level (DPL), gate type, and interrupt stack table (IST) index.
 
https://wiki.osdev.org/Interrupt_Descriptor_Table
 
Attributes:
 
     
  •  offset           \u2013            
    •  
  •  segment           \u2013            
    •  
  •  dpl           \u2013            
    •  
  •  type           \u2013            
    •  
  •  ist           \u2013            
    •  
  •  present           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.offset","title":"offset  instance-attribute","text":"
offset = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.segment","title":"segment  instance-attribute","text":"
segment = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.dpl","title":"dpl  instance-attribute","text":"
dpl = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.type","title":"type  instance-attribute","text":"
type = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.ist","title":"ist  instance-attribute","text":"
ist = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.present","title":"present  instance-attribute","text":"
present = None\n
"},{"location":"reference/pwndbg/lib/memory/","title":"memory","text":""},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory","title":"memory","text":"
Reading, writing, and describing memory.
 
Classes:
 
     
  •  Page           \u2013            
    Represents the address space and page permissions of at least
     
    •  
 
Functions:
 
     
  •  round_down             \u2013              
    round_down(address, align) -> int
     
    •  
  •  round_up             \u2013              
    round_up(address, align) -> int
     
    •  
  •  format_address             \u2013              
    Format the given address as a string.
     
    •  
  •  page_align             \u2013              
    page_align(address) -> int
     
    •  
  •  page_size_align             \u2013              
    •  
  •  page_offset             \u2013              
    •  
 
Attributes:
 
     
  •  PAGE_SIZE           \u2013            
    •  
  •  PAGE_MASK           \u2013            
    •  
  •  align_down           \u2013            
    •  
  •  align_up           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.PAGE_SIZE","title":"PAGE_SIZE  module-attribute","text":"
PAGE_SIZE = 4096\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.PAGE_MASK","title":"PAGE_MASK  module-attribute","text":"
PAGE_MASK = ~(PAGE_SIZE - 1)\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_down","title":"align_down  module-attribute","text":"
align_down = round_down\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_up","title":"align_up  module-attribute","text":"
align_up = round_up\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page","title":"Page","text":"
Page(\n    start: int,\n    size: int,\n    flags: int,\n    offset: int,\n    objfile: str = \"\",\n    in_darwin_shared_cache: bool = False,\n)\n
 
Represents the address space and page permissions of at least one page of memory.
 
Methods:
 
     
  •  __str__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
  •  __contains__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
  •  __lt__             \u2013              
    •  
  •  __hash__             \u2013              
    •  
 
Attributes:
 
     
  •  vaddr           \u2013            
    •  
  •  memsz           \u2013            
    •  
  •  flags           \u2013            
    •  
  •  offset           \u2013            
    •  
  •  objfile           \u2013            
    Possible non-empty values of objfile:
     
    •  
  •  in_darwin_shared_cache               (bool)           \u2013            
    Whether this mapping is part of the Darwin Shared Cache.
     
    •  
  •  start               (int)           \u2013            
    Mapping start address.
     
    •  
  •  end               (int)           \u2013            
    Address beyond mapping. So the last effective address is self.end-1
     
    •  
  •  is_stack               (bool)           \u2013            
    •  
  •  is_memory_mapped_file               (bool)           \u2013            
    •  
  •  read               (bool)           \u2013            
    •  
  •  write               (bool)           \u2013            
    •  
  •  execute               (bool)           \u2013            
    •  
  •  rw               (bool)           \u2013            
    •  
  •  wx               (bool)           \u2013            
    •  
  •  rwx               (bool)           \u2013            
    •  
  •  is_guard               (bool)           \u2013            
    •  
  •  permstr               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.vaddr","title":"vaddr  class-attribute instance-attribute","text":"
vaddr = start\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.memsz","title":"memsz  class-attribute instance-attribute","text":"
memsz = size\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.flags","title":"flags  class-attribute instance-attribute","text":"
flags = flags\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.offset","title":"offset  class-attribute instance-attribute","text":"
offset = offset\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.objfile","title":"objfile  class-attribute instance-attribute","text":"
objfile = objfile\n
 
Possible non-empty values of objfile: - Contains square brackets \"[]\" if it's not a memory mapped file.     Examples: [stack], [vsyscall], [heap], [vdso] - A path to a file, such as /usr/lib/libc.so.6
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.in_darwin_shared_cache","title":"in_darwin_shared_cache  instance-attribute","text":"
in_darwin_shared_cache: bool = in_darwin_shared_cache\n
 
Whether this mapping is part of the Darwin Shared Cache.
 
This is an interesting property to know, as these entries may not be useful to us at all times, and having an easy way to filter them out is helpful..
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.start","title":"start  property","text":"
start: int\n
 
Mapping start address.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.end","title":"end  property","text":"
end: int\n
 
Address beyond mapping. So the last effective address is self.end-1 It is the same as displayed in /proc//maps"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_stack","title":"is_stack  property","text":"
is_stack: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_memory_mapped_file","title":"is_memory_mapped_file  property","text":"
is_memory_mapped_file: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.read","title":"read  property","text":"
read: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.write","title":"write  property","text":"
write: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.execute","title":"execute  property","text":"
execute: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rw","title":"rw  property","text":"
rw: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.wx","title":"wx  property","text":"
wx: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rwx","title":"rwx  property","text":"
rwx: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_guard","title":"is_guard  property","text":"
is_guard: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.permstr","title":"permstr  property","text":"
permstr: str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__contains__","title":"__contains__","text":"
__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__eq__","title":"__eq__","text":"
__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__lt__","title":"__lt__","text":"
__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__hash__","title":"__hash__","text":"
__hash__() -> int\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_down","title":"round_down","text":"
round_down(address: int, align: int) -> int\n
 
round_down(address, align) -> int
 
Round down address to the nearest increment of align.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_up","title":"round_up","text":"
round_up(address: int, align: int) -> int\n
 
round_up(address, align) -> int
 
Round up address to the nearest increment of align.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.format_address","title":"format_address","text":"
format_address(\n    vaddr: int,\n    memsz: int,\n    permstr: str,\n    offset: int,\n    objfile: str | None = None,\n) -> str\n
 
Format the given address as a string.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_align","title":"page_align","text":"
page_align(address: int) -> int\n
 
page_align(address) -> int
 
Round down address to the nearest page boundary.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_size_align","title":"page_size_align","text":"
page_size_align(address: int) -> int\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_offset","title":"page_offset","text":"
page_offset(address: int) -> int\n
"},{"location":"reference/pwndbg/lib/net/","title":"net","text":""},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net","title":"net","text":"
Re-implements some psutil functionality to be able to get information from remote debugging sessions.
 
Classes:
 
     
  •  inode           \u2013            
    •  
  •  Connection           \u2013            
    •  
  •  UnixSocket           \u2013            
    •  
  •  Netlink           \u2013            
    •  
 
Functions:
 
     
  •  format_host_port             \u2013              
    •  
  •  tcp             \u2013              
    •  
  •  tcp6             \u2013              
    •  
  •  unix             \u2013              
    •  
  •  netlink             \u2013              
    •  
 
Attributes:
 
     
  •  TCP_STATUSES           \u2013            
    •  
  •  NETLINK_TYPES           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.TCP_STATUSES","title":"TCP_STATUSES  module-attribute","text":"
TCP_STATUSES = {\n    \"01\": \"established\",\n    \"02\": \"syn_sent\",\n    \"03\": \"syn_recv\",\n    \"04\": \"fin_wait1\",\n    \"05\": \"fin_wait2\",\n    \"06\": \"time_wait\",\n    \"07\": \"close\",\n    \"08\": \"close_wait\",\n    \"09\": \"last_ack\",\n    \"0A\": \"listen\",\n    \"0B\": \"closing\",\n}\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.NETLINK_TYPES","title":"NETLINK_TYPES  module-attribute","text":"
NETLINK_TYPES = {\n    0: \"NETLINK_ROUTE\",\n    1: \"NETLINK_UNUSED\",\n    2: \"NETLINK_USERSOCK\",\n    3: \"NETLINK_FIREWALL\",\n    4: \"NETLINK_SOCK_DIAG\",\n    5: \"NETLINK_NFLOG\",\n    6: \"NETLINK_XFRM\",\n    7: \"NETLINK_SELINUX\",\n    8: \"NETLINK_ISCSI\",\n    9: \"NETLINK_AUDIT\",\n    10: \"NETLINK_FIB_LOOKUP\",\n    11: \"NETLINK_CONNECTOR\",\n    12: \"NETLINK_NETFILTER\",\n    13: \"NETLINK_IP6_FW\",\n    14: \"NETLINK_DNRTMSG\",\n    15: \"NETLINK_KOBJECT_UEVENT\",\n    16: \"NETLINK_GENERIC\",\n    18: \"NETLINK_SCSITRANSPORT\",\n    19: \"NETLINK_ECRYPTFS\",\n    20: \"NETLINK_RDMA\",\n    21: \"NETLINK_CRYPTO\",\n}\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.inode","title":"inode","text":"
Attributes:
 
     
  •  inode               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.inode.inode","title":"inode  class-attribute instance-attribute","text":"
inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection","title":"Connection","text":"
               Bases: inode
 
Methods:
 
     
  •  __str__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  rhost               (str | None)           \u2013            
    •  
  •  lhost               (str | None)           \u2013            
    •  
  •  rport               (int | None)           \u2013            
    •  
  •  lport               (int | None)           \u2013            
    •  
  •  inode               (int | None)           \u2013            
    •  
  •  status               (str | None)           \u2013            
    •  
  •  family               (str | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.rhost","title":"rhost  class-attribute instance-attribute","text":"
rhost: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lhost","title":"lhost  class-attribute instance-attribute","text":"
lhost: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.rport","title":"rport  class-attribute instance-attribute","text":"
rport: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lport","title":"lport  class-attribute instance-attribute","text":"
lport: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.inode","title":"inode  class-attribute instance-attribute","text":"
inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.status","title":"status  class-attribute instance-attribute","text":"
status: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.family","title":"family  class-attribute instance-attribute","text":"
family: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket","title":"UnixSocket","text":"
               Bases: inode
 
Methods:
 
     
  •  __str__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  path           \u2013            
    •  
  •  inode               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.path","title":"path  class-attribute instance-attribute","text":"
path = '(anonymous)'\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.inode","title":"inode  class-attribute instance-attribute","text":"
inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink","title":"Netlink","text":"
               Bases: inode
 
Methods:
 
     
  •  __str__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  eth               (int)           \u2013            
    •  
  •  portid               (int | None)           \u2013            
    •  
  •  inode               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.eth","title":"eth  class-attribute instance-attribute","text":"
eth: int = 0\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.portid","title":"portid  class-attribute instance-attribute","text":"
portid: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.inode","title":"inode  class-attribute instance-attribute","text":"
inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.format_host_port","title":"format_host_port","text":"
format_host_port(ip, port)\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.tcp","title":"tcp","text":"
tcp(data: str) -> list[Connection]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.tcp6","title":"tcp6","text":"
tcp6(data: str) -> list[Connection]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.unix","title":"unix","text":"
unix(data: str) -> list[UnixSocket]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.netlink","title":"netlink","text":"
netlink(data: str) -> list[Netlink]\n
"},{"location":"reference/pwndbg/lib/pretty_print/","title":"pretty_print","text":""},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print","title":"pretty_print","text":"
Classes:
 
     
  •  Property           \u2013            
    A (property name, property value) pair
     
    •  
 
Functions:
 
     
  •  int_to_string             \u2013              
    Converts an integer value to string.
     
    •  
  •  int_pair_to_string             \u2013              
    Converts an integer pair to a string pair.
     
    •  
  •  from_properties             \u2013              
    When you have (property name, property value) pairs
     
    •  
 
Attributes:
 
     
  •  max_decimal_number           \u2013            
    •  
  •  config_property_name_color           \u2013            
    •  
  •  config_property_value_color           \u2013            
    •  
  •  config_property_title_color           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.max_decimal_number","title":"max_decimal_number  module-attribute","text":"
max_decimal_number = add_param(\n    \"max-decimal-number\",\n    9,\n    \"show all numbers greater than this in hex\",\n    param_class=PARAM_ZUINTEGER_UNLIMITED,\n    help_docstring=\"\\nFor negative numbers, their absolute value is used.\\n\\nSet the parameter to 'unlimited' if you want all values in decimal.\\nSpecially, set the parameter to zero if you want all values in hex.\\n\\nThe assembly instruction operands come from capstone, and are thus\\nnot controlled by this setting. For consistency with them, leave\\nthis setting at 9 (the default).\\n\",\n)\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.config_property_name_color","title":"config_property_name_color  module-attribute","text":"
config_property_name_color = add_color_param(\n    \"prop-name-color\",\n    \"bold\",\n    \"color used to highlight the name in name-value pairs\",\n    help_docstring=\"\\nUsed heavily in mallocng commands.\\n\",\n)\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.config_property_value_color","title":"config_property_value_color  module-attribute","text":"
config_property_value_color = add_color_param(\n    \"prop-value-color\",\n    \"yellow\",\n    \"color used to highlight the value in name-value pairs\",\n    help_docstring=\"\\nUsed heavily in mallocng commands.\\n\",\n)\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.config_property_title_color","title":"config_property_title_color  module-attribute","text":"
config_property_title_color = add_color_param(\n    \"prop-title-color\",\n    \"green\",\n    \"color used to highlight the title of name-value pair groups\",\n    help_docstring=\"\\nUsed heavily in mallocng commands.\\n\",\n)\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property","title":"Property  dataclass","text":"
Property(\n    name: str,\n    value: Any,\n    alt_value: Any = None,\n    extra: str | list[str] = \"\",\n    is_addr: bool = False,\n    use_hex: bool = True,\n    name_color_func: Callable[[str], str] | None = None,\n    value_color_func: Callable[[str], str] | None = None,\n)\n
 
A (property name, property value) pair with optional extra information.
 
Used by from_properties().
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  value               (Any)           \u2013            
    •  
  •  alt_value               (Any)           \u2013            
    •  
  •  extra               (str | list[str])           \u2013            
    •  
  •  is_addr               (bool)           \u2013            
    •  
  •  use_hex               (bool)           \u2013            
    •  
  •  name_color_func               (Callable[[str], str] | None)           \u2013            
    •  
  •  value_color_func               (Callable[[str], str] | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.value","title":"value  instance-attribute","text":"
value: Any\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.alt_value","title":"alt_value  class-attribute instance-attribute","text":"
alt_value: Any = None\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.extra","title":"extra  class-attribute instance-attribute","text":"
extra: str | list[str] = ''\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.is_addr","title":"is_addr  class-attribute instance-attribute","text":"
is_addr: bool = False\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.use_hex","title":"use_hex  class-attribute instance-attribute","text":"
use_hex: bool = True\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.name_color_func","title":"name_color_func  class-attribute instance-attribute","text":"
name_color_func: Callable[[str], str] | None = None\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.value_color_func","title":"value_color_func  class-attribute instance-attribute","text":"
value_color_func: Callable[[str], str] | None = None\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.int_to_string","title":"int_to_string","text":"
int_to_string(num: int) -> str\n
 
Converts an integer value to string.
 
Decides whether to format it in decimal or hex depending on the max-decimal-number config.
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.int_pair_to_string","title":"int_pair_to_string","text":"
int_pair_to_string(num1: int, num2: int) -> tuple[str, str]\n
 
Converts an integer pair to a string pair.
 
Decides whether to format them in decimal or hex depending on the max-decimal-number config.
 
If either value should be hex, both are hex.
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.from_properties","title":"from_properties","text":"
from_properties(\n    title: str,\n    properties: list[Property],\n    *,\n    preamble: str = \"\",\n    value_offset: int = 14,\n    extra_offset: int = 16,\n    title_color_func: Callable[[str], str] | None = None,\n    name_color_func: Callable[[str], str] | None = None,\n    value_color_func: Callable[[str], str] | None = None,\n    indent_size: int = 2,\n) -> str\n
 
When you have (property name, property value) pairs that you want to print, each on a new line.
 
A common usecase is printing a struct.
 Example 
general   start:          0x7ffff7ff6040   user start:     0x7ffff7ff6040    aka p   end:            0x7ffff7ff606c    start + stride - 4   stride:         0x30              distance between adjacent slots   user size:      0x20              aka \"nominal size\", n   slack:          0x0 (0x0)         slot's unused memory / 0x10
 
Parameters:
 
     
  •  title               (str)           \u2013            
    The title of this property group. An empty string may be provided for a titleless group.
     
    •  
  •  properties               (list[Property])           \u2013            
    The list of properties to format.
     
    •  
  •  preamble               (str, default:                   '' )           \u2013            
    A string that will be printed between the title and the properties, may be used to denote the address of an object like e.g. @ 0x408000 - 0x408fe0
     
    •  
  •  value_offset               (int, default:                   14 )           \u2013            
    The number of characters from the start of the name of a property to the start of its value.
     
    •  
  •  extra_offset               (int, default:                   16 )           \u2013            
    The number of characters from the start of the value of a property to the start of its extra text.
     
    •  
  •  title_color_func               (Callable[[str], str] | None, default:                   None )           \u2013            
    The function to use to color the title.
     
    •  
  •  name_color_func               (Callable[[str], str] | None, default:                   None )           \u2013            
    The function to use to color names.
     
    •  
  •  value_color_func               (Callable[[str], str] | None, default:                   None )           \u2013            
    The function to use to color values. This function isn't applied to is_addr=True properties.
     
    •  
  •  indent_size               (int, default:                   2 )           \u2013            
    The indentation to use i.e. the offset from the title to the names.
     
    •  
"},{"location":"reference/pwndbg/lib/regs/","title":"regs","text":""},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs","title":"regs","text":"
Reading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
 
Classes:
 
     
  •  BitFlags           \u2013            
    •  
  •  AddressingRegister           \u2013            
    Represents a register that is used to store an address, e.g. cr3, gsbase, fsbase
     
    •  
  •  SegmentRegisters           \u2013            
    Represents the x86 segment register set
     
    •  
  •  KernelRegisterSet           \u2013            
    additional registers that are useful when pwning kernels
     
    •  
  •  UnicornRegisterWrite           \u2013            
    Represent a register to write to the Unicorn emulator.
     
    •  
  •  Reg           \u2013            
    •  
  •  RegisterSet           \u2013            
    •  
  •  PseudoEmulatedRegisterFile           \u2013            
    This class represents a set of registers that can be written, read, and invalidated.
     
    •  
 
Attributes:
 
     
  •  arm_cpsr_flags           \u2013            
    •  
  •  arm_xpsr_flags           \u2013            
    •  
  •  aarch64_cpsr_flags           \u2013            
    •  
  •  aarch64_sctlr_flags           \u2013            
    •  
  •  aarch64_tcr_flags           \u2013            
    •  
  •  aarch64_scr_flags           \u2013            
    •  
  •  aarch64_mmfr_flags           \u2013            
    •  
  •  arm           \u2013            
    •  
  •  armcm           \u2013            
    •  
  •  aarch64           \u2013            
    •  
  •  x86flags           \u2013            
    •  
  •  amd64_kernel           \u2013            
    •  
  •  amd64           \u2013            
    •  
  •  i386           \u2013            
    •  
  •  powerpc           \u2013            
    •  
  •  sparc           \u2013            
    •  
  •  mips           \u2013            
    •  
  •  riscv           \u2013            
    •  
  •  loongarch64           \u2013            
    •  
  •  s390x           \u2013            
    •  
  •  reg_sets               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_cpsr_flags","title":"arm_cpsr_flags  module-attribute","text":"
arm_cpsr_flags = BitFlags(\n    [\n        (\"N\", 31),\n        (\"Z\", 30),\n        (\"C\", 29),\n        (\"V\", 28),\n        (\"Q\", 27),\n        (\"J\", 24),\n        (\"T\", 5),\n        (\"E\", 9),\n        (\"A\", 8),\n        (\"I\", 7),\n        (\"F\", 6),\n    ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_xpsr_flags","title":"arm_xpsr_flags  module-attribute","text":"
arm_xpsr_flags = BitFlags(\n    [(\"N\", 31), (\"Z\", 30), (\"C\", 29), (\"V\", 28), (\"Q\", 27), (\"T\", 24)]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_cpsr_flags","title":"aarch64_cpsr_flags  module-attribute","text":"
aarch64_cpsr_flags = BitFlags(\n    [\n        (\"N\", 31),\n        (\"Z\", 30),\n        (\"C\", 29),\n        (\"V\", 28),\n        (\"Q\", 27),\n        (\"PAN\", 22),\n        (\"IL\", 20),\n        (\"D\", 9),\n        (\"A\", 8),\n        (\"I\", 7),\n        (\"F\", 6),\n        (\"EL\", 2),\n        (\"SP\", 0),\n    ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_sctlr_flags","title":"aarch64_sctlr_flags  module-attribute","text":"
aarch64_sctlr_flags = BitFlags(\n    [\n        (\"TIDCP\", 63),\n        (\"SPINTMASK\", 62),\n        (\"NMI\", 61),\n        (\"EPAN\", 57),\n        (\"ATA0\", 43),\n        (\"ATA0\", 42),\n        (\"TCF\", (40, 2)),\n        (\"TCF0\", (38, 2)),\n        (\"ITFSB\", 37),\n        (\"BT1\", 36),\n        (\"BT0\", 35),\n        (\"EnIA\", 31),\n        (\"EnIB\", 30),\n        (\"EnDA\", 27),\n        (\"UCI\", 26),\n        (\"EE\", 25),\n        (\"E0E\", 24),\n        (\"SPAN\", 23),\n        (\"TSCXT\", 20),\n        (\"WXN\", 19),\n        (\"nTWE\", 18),\n        (\"nTWI\", 16),\n        (\"UCT\", 15),\n        (\"DZE\", 14),\n        (\"EnDB\", 13),\n        (\"I\", 12),\n        (\"UMA\", 9),\n        (\"SED\", 8),\n        (\"ITD\", 7),\n        (\"nAA\", 6),\n        (\"CP15BEN\", 5),\n        (\"SA0\", 4),\n        (\"SA\", 3),\n        (\"C\", 2),\n        (\"A\", 1),\n        (\"M\", 0),\n    ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_tcr_flags","title":"aarch64_tcr_flags  module-attribute","text":"
aarch64_tcr_flags = BitFlags(\n    [(\"TG1\", (30, 31)), (\"T1SZ\", (16, 21)), (\"TG0\", (14, 15)), (\"T0SZ\", (0, 5))]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_scr_flags","title":"aarch64_scr_flags  module-attribute","text":"
aarch64_scr_flags = BitFlags(\n    [(\"HCE\", 8), (\"SMD\", 7), (\"EA\", 3), (\"FIQ\", 2), (\"IRQ\", 1), (\"NS\", 0)]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_mmfr_flags","title":"aarch64_mmfr_flags  module-attribute","text":"
aarch64_mmfr_flags = BitFlags([('VARange', (16, 19))])\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm","title":"arm  module-attribute","text":"
arm = RegisterSet(\n    retaddr=(Reg(\"lr\", 4),),\n    flags={\"cpsr\": arm_cpsr_flags},\n    gpr=(\n        Reg(\"r0\", 4),\n        Reg(\"r1\", 4),\n        Reg(\"r2\", 4),\n        Reg(\"r3\", 4),\n        Reg(\"r4\", 4),\n        Reg(\"r5\", 4),\n        Reg(\"r6\", 4),\n        Reg(\"r7\", 4),\n        Reg(\"r8\", 4),\n        Reg(\"r9\", 4),\n        Reg(\"r10\", 4),\n        Reg(\"r11\", 4),\n        Reg(\"r12\", 4),\n    ),\n    args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n    retval=\"r0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.armcm","title":"armcm  module-attribute","text":"
armcm = RegisterSet(\n    retaddr=(Reg(\"lr\", 4),),\n    flags={\"xpsr\": arm_xpsr_flags},\n    gpr=(\n        Reg(\"r0\", 4),\n        Reg(\"r1\", 4),\n        Reg(\"r2\", 4),\n        Reg(\"r3\", 4),\n        Reg(\"r4\", 4),\n        Reg(\"r5\", 4),\n        Reg(\"r6\", 4),\n        Reg(\"r7\", 4),\n        Reg(\"r8\", 4),\n        Reg(\"r9\", 4),\n        Reg(\"r10\", 4),\n        Reg(\"r11\", 4),\n        Reg(\"r12\", 4),\n    ),\n    args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n    retval=\"r0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64","title":"aarch64  module-attribute","text":"
aarch64 = RegisterSet(\n    retaddr=(Reg(\"lr\", 8),),\n    flags={\"cpsr\": aarch64_cpsr_flags},\n    extra_flags={\n        \"scr_el3\": aarch64_scr_flags,\n        \"sctlr\": aarch64_sctlr_flags,\n        \"sctlr_el2\": aarch64_sctlr_flags,\n        \"sctlr_el3\": aarch64_sctlr_flags,\n        \"spsr_el1\": aarch64_cpsr_flags,\n        \"spsr_el2\": aarch64_cpsr_flags,\n        \"spsr_el3\": aarch64_cpsr_flags,\n        \"tcr_el1\": aarch64_tcr_flags,\n        \"id_aa64mmfr2_el1\": aarch64_mmfr_flags,\n        \"ttbr0_el1\": BitFlags(),\n        \"ttbr1_el1\": BitFlags(),\n    },\n    frame=Reg(\"x29\", 8, subregisters=(Reg(\"w29\", 4, zero_extend_writes=True),)),\n    gpr=(\n        Reg(\"x0\", 8, subregisters=(Reg(\"w0\", 4, zero_extend_writes=True),)),\n        Reg(\"x1\", 8, subregisters=(Reg(\"w1\", 4, zero_extend_writes=True),)),\n        Reg(\"x2\", 8, subregisters=(Reg(\"w2\", 4, zero_extend_writes=True),)),\n        Reg(\"x3\", 8, subregisters=(Reg(\"w3\", 4, zero_extend_writes=True),)),\n        Reg(\"x4\", 8, subregisters=(Reg(\"w4\", 4, zero_extend_writes=True),)),\n        Reg(\"x5\", 8, subregisters=(Reg(\"w5\", 4, zero_extend_writes=True),)),\n        Reg(\"x6\", 8, subregisters=(Reg(\"w6\", 4, zero_extend_writes=True),)),\n        Reg(\"x7\", 8, subregisters=(Reg(\"w7\", 4, zero_extend_writes=True),)),\n        Reg(\"x8\", 8, subregisters=(Reg(\"w8\", 4, zero_extend_writes=True),)),\n        Reg(\"x9\", 8, subregisters=(Reg(\"w9\", 4, zero_extend_writes=True),)),\n        Reg(\"x10\", 8, subregisters=(Reg(\"w10\", 4, zero_extend_writes=True),)),\n        Reg(\"x11\", 8, subregisters=(Reg(\"w11\", 4, zero_extend_writes=True),)),\n        Reg(\"x12\", 8, subregisters=(Reg(\"w12\", 4, zero_extend_writes=True),)),\n        Reg(\"x13\", 8, subregisters=(Reg(\"w13\", 4, zero_extend_writes=True),)),\n        Reg(\"x14\", 8, subregisters=(Reg(\"w14\", 4, zero_extend_writes=True),)),\n        Reg(\"x15\", 8, subregisters=(Reg(\"w15\", 4, zero_extend_writes=True),)),\n        Reg(\"x16\", 8, subregisters=(Reg(\"w16\", 4, zero_extend_writes=True),)),\n        Reg(\"x17\", 8, subregisters=(Reg(\"w17\", 4, zero_extend_writes=True),)),\n        Reg(\"x18\", 8, subregisters=(Reg(\"w18\", 4, zero_extend_writes=True),)),\n        Reg(\"x19\", 8, subregisters=(Reg(\"w19\", 4, zero_extend_writes=True),)),\n        Reg(\"x20\", 8, subregisters=(Reg(\"w20\", 4, zero_extend_writes=True),)),\n        Reg(\"x21\", 8, subregisters=(Reg(\"w21\", 4, zero_extend_writes=True),)),\n        Reg(\"x22\", 8, subregisters=(Reg(\"w22\", 4, zero_extend_writes=True),)),\n        Reg(\"x23\", 8, subregisters=(Reg(\"w23\", 4, zero_extend_writes=True),)),\n        Reg(\"x24\", 8, subregisters=(Reg(\"w24\", 4, zero_extend_writes=True),)),\n        Reg(\"x25\", 8, subregisters=(Reg(\"w25\", 4, zero_extend_writes=True),)),\n        Reg(\"x26\", 8, subregisters=(Reg(\"w26\", 4, zero_extend_writes=True),)),\n        Reg(\"x27\", 8, subregisters=(Reg(\"w27\", 4, zero_extend_writes=True),)),\n        Reg(\"x28\", 8, subregisters=(Reg(\"w28\", 4, zero_extend_writes=True),)),\n    ),\n    args=(\"x0\", \"x1\", \"x2\", \"x3\"),\n    retval=\"x0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.x86flags","title":"x86flags  module-attribute","text":"
x86flags = {\n    \"eflags\": BitFlags(\n        [\n            (\"CF\", 0),\n            (\"PF\", 2),\n            (\"AF\", 4),\n            (\"ZF\", 6),\n            (\"SF\", 7),\n            (\"IF\", 9),\n            (\"DF\", 10),\n            (\"OF\", 11),\n            (\"AC\", 18),\n        ]\n    )\n}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.amd64_kernel","title":"amd64_kernel  module-attribute","text":"
amd64_kernel = KernelRegisterSet(\n    segments=SegmentRegisters([\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\"]),\n    controls={\n        \"cr0\": BitFlags([(\"PE\", 0), (\"WP\", 16), (\"PG\", 31)]),\n        \"cr3\": AddressingRegister(\"cr3\", False),\n        \"cr4\": BitFlags(\n            [\n                (\"UMIP\", 11),\n                (\"FSGSBASE\", 16),\n                (\"SMEP\", 20),\n                (\"SMAP\", 21),\n                (\"PKE\", 22),\n                (\"CET\", 23),\n                (\"PKS\", 24),\n            ]\n        ),\n    },\n    msrs={\n        \"efer\": BitFlags([(\"NXE\", 11)]),\n        \"gs_base\": AddressingRegister(\"gs_base\", True),\n        \"fs_base\": AddressingRegister(\"fs_base\", True),\n    },\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.amd64","title":"amd64  module-attribute","text":"
amd64 = RegisterSet(\n    pc=Reg(\"rip\"),\n    stack=Reg(\n        \"rsp\",\n        8,\n        subregisters=(\n            Reg(\"esp\", 4, 0, zero_extend_writes=True),\n            Reg(\"sp\", 2, 0),\n            Reg(\"spl\", 1, 0),\n        ),\n    ),\n    frame=Reg(\n        \"rbp\",\n        8,\n        subregisters=(\n            Reg(\"ebp\", 4, 0, zero_extend_writes=True),\n            Reg(\"bp\", 2, 0),\n            Reg(\"bpl\", 1, 0),\n        ),\n    ),\n    flags=x86flags,\n    gpr=(\n        Reg(\n            \"rax\",\n            8,\n            subregisters=(\n                Reg(\"eax\", 4, 0, zero_extend_writes=True),\n                Reg(\"ax\", 2, 0),\n                Reg(\"ah\", 1, 1),\n                Reg(\"al\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"rbx\",\n            8,\n            subregisters=(\n                Reg(\"ebx\", 4, 0, zero_extend_writes=True),\n                Reg(\"bx\", 2, 0),\n                Reg(\"bh\", 1, 1),\n                Reg(\"bl\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"rcx\",\n            8,\n            subregisters=(\n                Reg(\"ecx\", 4, 0, zero_extend_writes=True),\n                Reg(\"cx\", 2, 0),\n                Reg(\"ch\", 1, 1),\n                Reg(\"cl\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"rdx\",\n            8,\n            subregisters=(\n                Reg(\"edx\", 4, 0, zero_extend_writes=True),\n                Reg(\"dx\", 2, 0),\n                Reg(\"dh\", 1, 1),\n                Reg(\"dl\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"rdi\",\n            8,\n            subregisters=(\n                Reg(\"edi\", 4, 0, zero_extend_writes=True),\n                Reg(\"di\", 2, 0),\n                Reg(\"dil\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"rsi\",\n            8,\n            subregisters=(\n                Reg(\"esi\", 4, 0, zero_extend_writes=True),\n                Reg(\"si\", 2, 0),\n                Reg(\"sil\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r8\",\n            8,\n            subregisters=(\n                Reg(\"r8d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r8w\", 2, 0),\n                Reg(\"r8b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r9\",\n            8,\n            subregisters=(\n                Reg(\"r9d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r9w\", 2, 0),\n                Reg(\"r9b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r10\",\n            8,\n            subregisters=(\n                Reg(\"r10d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r10w\", 2, 0),\n                Reg(\"r10b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r11\",\n            8,\n            subregisters=(\n                Reg(\"r11d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r11w\", 2, 0),\n                Reg(\"r11b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r12\",\n            8,\n            subregisters=(\n                Reg(\"r12d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r12w\", 2, 0),\n                Reg(\"r12b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r13\",\n            8,\n            subregisters=(\n                Reg(\"r13d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r13w\", 2, 0),\n                Reg(\"r13b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r14\",\n            8,\n            subregisters=(\n                Reg(\"r14d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r14w\", 2, 0),\n                Reg(\"r14b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r15\",\n            8,\n            subregisters=(\n                Reg(\"r15d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r15w\", 2, 0),\n                Reg(\"r15b\", 1, 0),\n            ),\n        ),\n    ),\n    misc=(\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\", \"fs_base\", \"gs_base\", \"ip\"),\n    kernel=amd64_kernel,\n    args=(\"rdi\", \"rsi\", \"rdx\", \"rcx\", \"r8\", \"r9\"),\n    retval=\"rax\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.i386","title":"i386  module-attribute","text":"
i386 = RegisterSet(\n    pc=Reg(\"eip\"),\n    stack=Reg(\"esp\", 4, subregisters=(Reg(\"sp\", 2, 0),)),\n    frame=Reg(\"ebp\", 4, subregisters=(Reg(\"bp\", 2, 0),)),\n    flags=x86flags,\n    gpr=(\n        Reg(\n            \"eax\",\n            4,\n            subregisters=(Reg(\"ax\", 2, 0), Reg(\"ah\", 1, 1), Reg(\"al\", 1, 0)),\n        ),\n        Reg(\n            \"ebx\",\n            4,\n            subregisters=(Reg(\"bx\", 2, 0), Reg(\"bh\", 1, 1), Reg(\"bl\", 1, 0)),\n        ),\n        Reg(\n            \"ecx\",\n            4,\n            subregisters=(Reg(\"cx\", 2, 0), Reg(\"ch\", 1, 1), Reg(\"cl\", 1, 0)),\n        ),\n        Reg(\n            \"edx\",\n            4,\n            subregisters=(Reg(\"dx\", 2, 0), Reg(\"dh\", 1, 1), Reg(\"dl\", 1, 0)),\n        ),\n        Reg(\"edi\", 4, subregisters=(Reg(\"di\", 2, 0),)),\n        Reg(\"esi\", 4, subregisters=(Reg(\"si\", 2, 0),)),\n    ),\n    misc=(\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\", \"fs_base\", \"gs_base\", \"ip\"),\n    retval=\"eax\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.powerpc","title":"powerpc  module-attribute","text":"
powerpc = RegisterSet(\n    retaddr=(Reg(\"lr\"),),\n    flags={\"msr\": BitFlags(), \"xer\": BitFlags()},\n    gpr=(\n        Reg(\"r0\"),\n        Reg(\"r1\"),\n        Reg(\"r2\"),\n        Reg(\"r3\"),\n        Reg(\"r4\"),\n        Reg(\"r5\"),\n        Reg(\"r6\"),\n        Reg(\"r7\"),\n        Reg(\"r8\"),\n        Reg(\"r9\"),\n        Reg(\"r10\"),\n        Reg(\"r11\"),\n        Reg(\"r12\"),\n        Reg(\"r13\"),\n        Reg(\"r14\"),\n        Reg(\"r15\"),\n        Reg(\"r16\"),\n        Reg(\"r17\"),\n        Reg(\"r18\"),\n        Reg(\"r19\"),\n        Reg(\"r20\"),\n        Reg(\"r21\"),\n        Reg(\"r22\"),\n        Reg(\"r23\"),\n        Reg(\"r24\"),\n        Reg(\"r25\"),\n        Reg(\"r26\"),\n        Reg(\"r27\"),\n        Reg(\"r28\"),\n        Reg(\"r29\"),\n        Reg(\"r30\"),\n        Reg(\"r31\"),\n        Reg(\"cr\"),\n        Reg(\"ctr\"),\n    ),\n    args=(\"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\", \"r10\"),\n    retval=\"r3\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.sparc","title":"sparc  module-attribute","text":"
sparc = RegisterSet(\n    stack=Reg(\"sp\"),\n    frame=Reg(\"fp\"),\n    retaddr=(Reg(\"i7\"),),\n    flags={\"psr\": BitFlags()},\n    gpr=(\n        Reg(\"g1\"),\n        Reg(\"g2\"),\n        Reg(\"g3\"),\n        Reg(\"g4\"),\n        Reg(\"g5\"),\n        Reg(\"g6\"),\n        Reg(\"g7\"),\n        Reg(\"o0\"),\n        Reg(\"o1\"),\n        Reg(\"o2\"),\n        Reg(\"o3\"),\n        Reg(\"o4\"),\n        Reg(\"o5\"),\n        Reg(\"o7\"),\n        Reg(\"l0\"),\n        Reg(\"l1\"),\n        Reg(\"l2\"),\n        Reg(\"l3\"),\n        Reg(\"l4\"),\n        Reg(\"l5\"),\n        Reg(\"l6\"),\n        Reg(\"l7\"),\n        Reg(\"i0\"),\n        Reg(\"i1\"),\n        Reg(\"i2\"),\n        Reg(\"i3\"),\n        Reg(\"i4\"),\n        Reg(\"i5\"),\n    ),\n    args=(\"i0\", \"i1\", \"i2\", \"i3\", \"i4\", \"i5\"),\n    retval=\"o0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.mips","title":"mips  module-attribute","text":"
mips = RegisterSet(\n    frame=Reg(\"fp\"),\n    retaddr=(Reg(\"ra\"),),\n    gpr=(\n        Reg(\"v0\"),\n        Reg(\"v1\"),\n        Reg(\"a0\"),\n        Reg(\"a1\"),\n        Reg(\"a2\"),\n        Reg(\"a3\"),\n        Reg(\"t0\"),\n        Reg(\"t1\"),\n        Reg(\"t2\"),\n        Reg(\"t3\"),\n        Reg(\"t4\"),\n        Reg(\"t5\"),\n        Reg(\"t6\"),\n        Reg(\"t7\"),\n        Reg(\"t8\"),\n        Reg(\"t9\"),\n        Reg(\"s0\"),\n        Reg(\"s1\"),\n        Reg(\"s2\"),\n        Reg(\"s3\"),\n        Reg(\"s4\"),\n        Reg(\"s5\"),\n        Reg(\"s6\"),\n        Reg(\"s7\"),\n        Reg(\"s8\"),\n        Reg(\"gp\"),\n    ),\n    args=(\"a0\", \"a1\", \"a2\", \"a3\"),\n    retval=\"v0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.riscv","title":"riscv  module-attribute","text":"
riscv = RegisterSet(\n    pc=Reg(\"pc\"),\n    stack=Reg(\"sp\"),\n    retaddr=(Reg(\"ra\"),),\n    gpr=(\n        Reg(\"gp\"),\n        Reg(\"tp\"),\n        Reg(\"t0\"),\n        Reg(\"t1\"),\n        Reg(\"t2\"),\n        Reg(\"s0\"),\n        Reg(\"s1\"),\n        Reg(\"a0\"),\n        Reg(\"a1\"),\n        Reg(\"a2\"),\n        Reg(\"a3\"),\n        Reg(\"a4\"),\n        Reg(\"a5\"),\n        Reg(\"a6\"),\n        Reg(\"a7\"),\n        Reg(\"s2\"),\n        Reg(\"s3\"),\n        Reg(\"s4\"),\n        Reg(\"s5\"),\n        Reg(\"s6\"),\n        Reg(\"s7\"),\n        Reg(\"s8\"),\n        Reg(\"s9\"),\n        Reg(\"s10\"),\n        Reg(\"s11\"),\n        Reg(\"t3\"),\n        Reg(\"t4\"),\n        Reg(\"t5\"),\n        Reg(\"t6\"),\n    ),\n    args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n    retval=\"a0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.loongarch64","title":"loongarch64  module-attribute","text":"
loongarch64 = RegisterSet(\n    pc=Reg(\"pc\"),\n    stack=Reg(\"sp\"),\n    frame=Reg(\"fp\"),\n    retaddr=(Reg(\"ra\"),),\n    gpr=(\n        Reg(\"a0\"),\n        Reg(\"a1\"),\n        Reg(\"a2\"),\n        Reg(\"a3\"),\n        Reg(\"a4\"),\n        Reg(\"a5\"),\n        Reg(\"a6\"),\n        Reg(\"a7\"),\n        Reg(\"t0\"),\n        Reg(\"t1\"),\n        Reg(\"t2\"),\n        Reg(\"t3\"),\n        Reg(\"t4\"),\n        Reg(\"t5\"),\n        Reg(\"t6\"),\n        Reg(\"t7\"),\n        Reg(\"t8\"),\n        Reg(\"s0\"),\n        Reg(\"s1\"),\n        Reg(\"s2\"),\n        Reg(\"s3\"),\n        Reg(\"s4\"),\n        Reg(\"s5\"),\n        Reg(\"s6\"),\n        Reg(\"s7\"),\n        Reg(\"s8\"),\n    ),\n    args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n    misc=(\"tp\", \"r21\"),\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.s390x","title":"s390x  module-attribute","text":"
s390x = RegisterSet(\n    pc=Reg(\"pc\"),\n    retaddr=(Reg(\"r14\"),),\n    stack=Reg(\"r15\"),\n    flags={\"pswm\": BitFlags()},\n    gpr=(\n        Reg(\"r0\"),\n        Reg(\"r1\"),\n        Reg(\"r2\"),\n        Reg(\"r3\"),\n        Reg(\"r4\"),\n        Reg(\"r5\"),\n        Reg(\"r6\"),\n        Reg(\"r7\"),\n        Reg(\"r8\"),\n        Reg(\"r9\"),\n        Reg(\"r10\"),\n        Reg(\"r11\"),\n        Reg(\"r12\"),\n        Reg(\"r13\"),\n    ),\n    args=(\"r2\", \"r3\", \"r4\", \"r5\", \"r6\"),\n    retval=\"r2\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.reg_sets","title":"reg_sets  module-attribute","text":"
reg_sets: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet] = {\n    \"i386\": i386,\n    \"i8086\": i386,\n    \"x86-64\": amd64,\n    \"rv32\": riscv,\n    \"rv64\": riscv,\n    \"mips\": mips,\n    \"sparc\": sparc,\n    \"arm\": arm,\n    \"armcm\": armcm,\n    \"aarch64\": aarch64,\n    \"powerpc\": powerpc,\n    \"loongarch64\": loongarch64,\n    \"s390x\": s390x,\n}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags","title":"BitFlags","text":"
BitFlags(flags: list[tuple[str, int | tuple[int, int]]] = [], value=None)\n
 
Methods:
 
     
  •  __getattr__             \u2013              
    •  
  •  __getitem__             \u2013              
    •  
  •  __setitem__             \u2013              
    •  
  •  __delitem__             \u2013              
    •  
  •  __iter__             \u2013              
    •  
  •  __len__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
  •  update             \u2013              
    •  
  •  context             \u2013              
    •  
 
Attributes:
 
     
  •  regname               (str)           \u2013            
    •  
  •  flags               (OrderedDict[str, int | tuple[int, int]])           \u2013            
    •  
  •  value               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.regname","title":"regname  instance-attribute","text":"
regname: str = ''\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.flags","title":"flags  instance-attribute","text":"
flags: OrderedDict[str, int | tuple[int, int]] = {}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.value","title":"value  instance-attribute","text":"
value: int = value\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__getattr__","title":"__getattr__","text":"
__getattr__(name)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__getitem__","title":"__getitem__","text":"
__getitem__(key)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__setitem__","title":"__setitem__","text":"
__setitem__(key, value)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__delitem__","title":"__delitem__","text":"
__delitem__(key)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__iter__","title":"__iter__","text":"
__iter__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__len__","title":"__len__","text":"
__len__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__repr__","title":"__repr__","text":"
__repr__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.update","title":"update","text":"
update(regname: str)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.context","title":"context","text":"
context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister","title":"AddressingRegister","text":"
AddressingRegister(reg: str, is_virtual: bool)\n
 
Represents a register that is used to store an address, e.g. cr3, gsbase, fsbase
 
Methods:
 
     
  •  update             \u2013              
    •  
  •  context             \u2013              
    •  
 
Attributes:
 
     
  •  reg               (str)           \u2013            
    •  
  •  value               (int)           \u2013            
    •  
  •  is_virtual               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.reg","title":"reg  instance-attribute","text":"
reg: str = reg\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.value","title":"value  instance-attribute","text":"
value: int = 0\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.is_virtual","title":"is_virtual  instance-attribute","text":"
is_virtual: bool = is_virtual\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.update","title":"update","text":"
update(regname: str)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.context","title":"context","text":"
context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters","title":"SegmentRegisters","text":"
SegmentRegisters(regs: list[str])\n
 
Represents the x86 segment register set
 
Methods:
 
     
  •  context             \u2013              
    •  
 
Attributes:
 
     
  •  regs               (list[str])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters.regs","title":"regs  instance-attribute","text":"
regs: list[str] = regs\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters.context","title":"context","text":"
context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet","title":"KernelRegisterSet","text":"
KernelRegisterSet(\n    segments: SegmentRegisters | None,\n    controls: dict[str, BitFlags | AddressingRegister] = {},\n    msrs: dict[str, BitFlags | AddressingRegister] = {},\n)\n
 
additional registers that are useful when pwning kernels used only for x86-64 for now
 
Attributes:
 
     
  •  segments               (SegmentRegisters)           \u2013            
    •  
  •  controls               (dict[str, BitFlags | AddressingRegister])           \u2013            
    •  
  •  msrs               (dict[str, BitFlags | AddressingRegister])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.segments","title":"segments  instance-attribute","text":"
segments: SegmentRegisters = segments\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.controls","title":"controls  instance-attribute","text":"
controls: dict[str, BitFlags | AddressingRegister] = controls\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.msrs","title":"msrs  instance-attribute","text":"
msrs: dict[str, BitFlags | AddressingRegister] = msrs\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite","title":"UnicornRegisterWrite  dataclass","text":"
UnicornRegisterWrite(name: str, force_write: bool)\n
 
Represent a register to write to the Unicorn emulator.
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  force_write               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite.force_write","title":"force_write  instance-attribute","text":"
force_write: bool\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg","title":"Reg  dataclass","text":"
Reg(\n    name: str,\n    size: int | None = None,\n    offset: int = 0,\n    zero_extend_writes: bool = False,\n    subregisters: tuple[Reg, ...] = (),\n)\n
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  size               (int | None)           \u2013            
    Register width in bytes. None if the register size is arch.ptrsize
     
    •  
  •  offset               (int)           \u2013            
    Relevant for subregisters - the offset of this register in the main register
     
    •  
  •  zero_extend_writes               (bool)           \u2013            
    Upon writing a value to this subregister, are the higher bits of the full register zeroed out?
     
    •  
  •  subregisters               (tuple[Reg, ...])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.size","title":"size  class-attribute instance-attribute","text":"
size: int | None = None\n
 
Register width in bytes. None if the register size is arch.ptrsize
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.offset","title":"offset  class-attribute instance-attribute","text":"
offset: int = 0\n
 
Relevant for subregisters - the offset of this register in the main register
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.zero_extend_writes","title":"zero_extend_writes  class-attribute instance-attribute","text":"
zero_extend_writes: bool = False\n
 
Upon writing a value to this subregister, are the higher bits of the full register zeroed out?
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.subregisters","title":"subregisters  class-attribute instance-attribute","text":"
subregisters: tuple[Reg, ...] = ()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet","title":"RegisterSet","text":"
RegisterSet(\n    pc: Reg = Reg(\"pc\"),\n    stack: Reg = Reg(\"sp\"),\n    frame: Reg | None = None,\n    retaddr: tuple[Reg, ...] = (),\n    flags: dict[str, BitFlags] = {},\n    extra_flags: dict[str, BitFlags] = {},\n    gpr: tuple[Reg, ...] = (),\n    misc: tuple[str, ...] = (),\n    args: tuple[str, ...] = (),\n    kernel: KernelRegisterSet | None = None,\n    retval: str | None = None,\n)\n
 
Methods:
 
     
  •  __contains__             \u2013              
    •  
  •  __iter__             \u2013              
    •  
 
Attributes:
 
     
  •  pc               (str)           \u2013            
    •  
  •  stack               (str)           \u2013            
    •  
  •  frame               (str | None)           \u2013            
    •  
  •  retaddr               (tuple[str, ...])           \u2013            
    •  
  •  flags               (dict[str, BitFlags])           \u2013            
    •  
  •  extra_flags           \u2013            
    •  
  •  gpr               (tuple[str, ...])           \u2013            
    •  
  •  misc               (tuple[str, ...])           \u2013            
    •  
  •  args               (tuple[str, ...])           \u2013            
    •  
  •  retval               (str | None)           \u2013            
    •  
  •  kernel               (KernelRegisterSet | None)           \u2013            
    •  
  •  reg_definitions               (dict[str, Reg])           \u2013            
    •  
  •  full_register_lookup               (dict[str, Reg])           \u2013            
    •  
  •  common               (list[str])           \u2013            
    •  
  •  emulated_regs_order               (list[UnicornRegisterWrite])           \u2013            
    •  
  •  all               (set[str])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.pc","title":"pc  instance-attribute","text":"
pc: str = name\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.stack","title":"stack  instance-attribute","text":"
stack: str = name\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.frame","title":"frame  class-attribute instance-attribute","text":"
frame: str | None = name if frame else None\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retaddr","title":"retaddr  instance-attribute","text":"
retaddr: tuple[str, ...] = tuple((name) for x in retaddr)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.flags","title":"flags  instance-attribute","text":"
flags: dict[str, BitFlags] = flags\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.extra_flags","title":"extra_flags  instance-attribute","text":"
extra_flags = extra_flags\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.gpr","title":"gpr  instance-attribute","text":"
gpr: tuple[str, ...] = tuple((name) for x in gpr)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.misc","title":"misc  instance-attribute","text":"
misc: tuple[str, ...] = misc\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.args","title":"args  instance-attribute","text":"
args: tuple[str, ...] = args\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retval","title":"retval  instance-attribute","text":"
retval: str | None = retval\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.kernel","title":"kernel  instance-attribute","text":"
kernel: KernelRegisterSet | None = kernel\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.reg_definitions","title":"reg_definitions  instance-attribute","text":"
reg_definitions: dict[str, Reg] = {}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.full_register_lookup","title":"full_register_lookup  instance-attribute","text":"
full_register_lookup: dict[str, Reg] = {}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.common","title":"common  class-attribute instance-attribute","text":"
common: list[str] = []\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.emulated_regs_order","title":"emulated_regs_order  instance-attribute","text":"
emulated_regs_order: list[UnicornRegisterWrite] = []\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.all","title":"all  instance-attribute","text":"
all: set[str] = (\n    set(misc)\n    | set(flags)\n    | set(extra_flags)\n    | set(retaddr)\n    | set(common)\n    | set(all_subregisters)\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__contains__","title":"__contains__","text":"
__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__iter__","title":"__iter__","text":"
__iter__() -> Iterator[str]\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile","title":"PseudoEmulatedRegisterFile","text":"
PseudoEmulatedRegisterFile(register_set: RegisterSet, ptrsize: int)\n
 
This class represents a set of registers that can be written, read, and invalidated.
 
The aim is to allow some manual dynamic/static analysis without the need for a full emulator.
 
The implementation can handle the behavior of architectures with partial registers, such as x86 (Ex: rax has \"eax\", \"ax\", \"ah\", and \"al\" as subregisters) or AArch64 (Ex: X0 contains W0). Most of the complexity of the bitshifts and masks arise from the necessity to handle these cases.
 
Methods:
 
     
  •  write_register             \u2013              
    source_width is the byte width of the value's source.
     
    •  
  •  read_register             \u2013              
    •  
  •  invalidate_all_registers             \u2013              
    •  
  •  invalidate_register             \u2013              
    Invalidate the bits that a write to this register would override.
     
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  register_set               (RegisterSet)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    •  
  •  masks               (defaultdict[str, int])           \u2013            
    Map of register name to bitmask indicating what bits of the register we know the value of.
     
    •  
  •  values               (defaultdict[str, int])           \u2013            
    Map of register to the value we know it to have.
     
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.register_set","title":"register_set  instance-attribute","text":"
register_set: RegisterSet = register_set\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int = ptrsize\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.masks","title":"masks  instance-attribute","text":"
masks: defaultdict[str, int] = defaultdict(int)\n
 
Map of register name to bitmask indicating what bits of the register we know the value of.
 
Example: {     \"rax\": 0xFFFF } This indicates that in the RAX register, we only know the bottom 16 bits. This likely resulted from writing the \"ax\" register. Any attempt to read any other bits returns None. In this case, we can read from \"ax\", \"ah\", and \"al\", but not \"eax\" or \"rax\".
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.values","title":"values  instance-attribute","text":"
values: defaultdict[str, int] = defaultdict(int)\n
 
Map of register to the value we know it to have.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.write_register","title":"write_register","text":"
write_register(\n    reg: str,\n    value: int,\n    source_width: int | None = None,\n    sign_extend: bool = False,\n) -> None\n
 
source_width is the byte width of the value's source. It should be specified when the source has a width shorter than the destination register.
 
Examples:
 
movsbl EAX, AL      // sign extend 1 byte register to 4 byte register movzbl EAX, AL      // zero extend
 
Source width would be 1, and in the first case sign_extend should be set to True. If sign_extend is False, we zero extend.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.read_register","title":"read_register","text":"
read_register(reg: str) -> int | None\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.invalidate_all_registers","title":"invalidate_all_registers","text":"
invalidate_all_registers() -> None\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.invalidate_register","title":"invalidate_register","text":"
invalidate_register(reg: str) -> None\n
 
Invalidate the bits that a write to this register would override.
 
This can be used when we statically detect that a register is written, but we don't know the concrete value that is written so we have to invalidate any current knowledge of the register's bits.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.__repr__","title":"__repr__","text":"
__repr__()\n
"},{"location":"reference/pwndbg/lib/stdio/","title":"stdio","text":""},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio","title":"stdio","text":"
Provides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout which prevent output from appearing on-screen inside of certain event handlers.
 
Classes:
 
     
  •  Stdio           \u2013            
    •  
 
Attributes:
 
     
  •  stdio           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.stdio","title":"stdio  module-attribute","text":"
stdio = Stdio()\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio","title":"Stdio","text":"
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
 
Attributes:
 
     
  •  queue               (list[tuple[TextIO, TextIO, TextIO]])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.queue","title":"queue  class-attribute instance-attribute","text":"
queue: list[tuple[TextIO, TextIO, TextIO]] = []\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__enter__","title":"__enter__","text":"
__enter__(*a: Any, **kw: Any) -> None\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__exit__","title":"__exit__","text":"
__exit__(\n    exc_type: type[BaseException] | None,\n    exc_value: BaseException | None,\n    traceback: TracebackType | None,\n) -> None\n
"},{"location":"reference/pwndbg/lib/strings/","title":"strings","text":""},{"location":"reference/pwndbg/lib/strings/#pwndbg.lib.strings","title":"strings","text":"
Functions:
 
     
  •  strip_colors             \u2013              
    Remove all ANSI color codes from the text
     
    •  
"},{"location":"reference/pwndbg/lib/strings/#pwndbg.lib.strings.strip_colors","title":"strip_colors","text":"
strip_colors(text)\n
 
Remove all ANSI color codes from the text
"},{"location":"reference/pwndbg/lib/tempfile/","title":"tempfile","text":""},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile","title":"tempfile","text":"
Common helper and cache for pwndbg tempdir
 
Functions:
 
     
  •  tempdir             \u2013              
    Returns a safe and unpredictable temporary directory with pwndbg prefix.
     
    •  
  •  cachedir             \u2013              
    Returns and potentially creates a persistent safe cachedir location
     
    •  
"},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile.tempdir","title":"tempdir","text":"
tempdir() -> str\n
 
Returns a safe and unpredictable temporary directory with pwndbg prefix.
"},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile.cachedir","title":"cachedir","text":"
cachedir(namespace: str | None = None) -> str\n
 
Returns and potentially creates a persistent safe cachedir location based on XDG_CACHE_HOME or ~/.cache or LOCALAPPDATA (Windows)
 
Optionally creates a sub namespace inside the pwndbg cache folder.
"},{"location":"reference/pwndbg/lib/tips/","title":"tips","text":""},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips","title":"tips","text":"
Functions:
 
     
  •  get_tip_of_the_day             \u2013              
    Returns a random tip based on the current debugger type.
     
    •  
  •  get_all_tips             \u2013              
    Returns all tips applicable to the current debugger.
     
    •  
  •  color_tip             \u2013              
    •  
 
Attributes:
 
     
  •  GDB_TIPS               (list[str])           \u2013            
    •  
  •  PWNDBG_TIPS               (list[str])           \u2013            
    •  
  •  LLDB_TIPS               (list[str])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.GDB_TIPS","title":"GDB_TIPS  module-attribute","text":"
GDB_TIPS: list[str] = [\n    \"GDB's `apropos <topic>` command displays all registered commands that are related to the given <topic>\",\n    \"GDB's `follow-fork-mode` parameter can be used to set whether to trace parent or child after fork() calls. Pwndbg sets it to child by default\",\n    'Use GDB\\'s `dprintf` command to print all calls to given function. E.g. `dprintf malloc, \"malloc(%p)\\\\n\", (void*)$rdi` will print all malloc calls',\n    \"Use GDB's `pi` command to run an interactive Python console where you can use Pwndbg APIs like `pwndbg.aglib.memory.read(addr, len)`, `pwndbg.aglib.memory.write(addr, data)`, `pwndbg.aglib.vmmap.get()` and so on!\",\n    \"GDB's `set directories <path>` parameter can be used to debug e.g. glibc sources like the malloc/free functions!\",\n    \"If you have debugging symbols the `info args` command shows current frame's function arguments (use `up` and `down` to switch between frames)\",\n    'Calling functions like `call (void)puts(\"hello world\")` will run all other target threads for the time the function runs. Use `set scheduler-locking on` to lock the execution to current thread when calling functions',\n    \"Use the `pipe <cmd> | <prog>` command to pass output of a GDB/Pwndbg command to a shell program, e.g. `pipe elfsections | grep bss`. This can also be shortened to: `| <cmd> | <prog>`\",\n    \"Prefixing a command with `!` in GDB will execute it as a shell command, e.g.: `!ls` or `!cat flag.txt`\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.PWNDBG_TIPS","title":"PWNDBG_TIPS  module-attribute","text":"
PWNDBG_TIPS: list[str] = [\n    \"If you want Pwndbg to clear screen on each command (but still save previous output in history) use `set context-clear-screen on`\",\n    \"The `set show-flags on` setting will display CPU flags register in the regs context panel\",\n    \"GDB and Pwndbg parameters can be shown or set with `show <param>` and `set <param> <value>` GDB commands\",\n    \"Use Pwndbg's `config` and `theme` commands to tune its configuration and theme colors!\",\n    \"Pwndbg mirrors some of WinDbg commands like `eq`, `ew`, `ed`, `eb`, `es`, `dq`, `dw`, `dd`, `db`, `ds` for writing and reading memory\",\n    \"Pwndbg resolves kernel memory maps by parsing page tables (default) or via `monitor info mem` QEMU gdbstub command (use `set kernel-vmmap-via-page-tables off` for that)\",\n    \"Use the `vmmap` command for a better & colored memory maps display (than the GDB's `info proc mappings`)\",\n    \"Use the `telescope` command to dereference a given address/pointer multiple times (if the dereferenced value is a valid ptr; see `config telescope` to configure its behavior)\",\n    \"Use the `context` (or `ctx`) command to display the context once again. You can reconfigure the context layout with `set context-section <sections>` or forward the output to a file/tty via `set context-output <file>`. See also `config context` to configure it further!\",\n    \"Disable Pwndbg context information display with `set context-sections ''`\",\n    \"Pwndbg context displays where the program branches to thanks to emulating few instructions into the future. You can disable this with `set emulate off` which may also speed up debugging\",\n    \"Use the `canary` command to see all stack canary/cookie values on the stack (based on the *usual* stack canary value initialized by glibc)\",\n    \"Use the `procinfo` command for better process introspection (than the GDB's `info proc` command)\",\n    \"Want to display each context panel in a separate tmux window? See https://pwndbg.re/stable/tutorials/splitting-the-context/\",\n    'Use `$base(\"heap\")` to get the start address of a [heap] memory page',\n    \"Use the `errno` (or `errno <number>`) command to see the name of the last or provided (libc) error\",\n    \"Pwndbg sets the SIGLARM, SIGBUS, SIGPIPE and SIGSEGV signals so they are not passed to the app; see `info signals` for full GDB signals configuration\",\n    \"Use `vmmap -A|-B <number> <filter>` to display <number> of maps after/before filtered ones\",\n    \"Use the `killall` command to kill all specified threads (via their ids)\",\n    \"Use the `spray` command to spray memory with cyclic pattern or specified value\",\n    \"Use `patch <address> '<assembly>'` to patch an address with given assembly code\",\n    \"Want to NOP some instructions? Use `patch <address> 'nop; nop; nop'`\",\n    \"`heap-config` shows heap related configuration\",\n    \"`break-if-taken` and `break-if-not-taken` commands sets breakpoints after a given jump instruction was taken or not\",\n    \"`stepuntilasm <assembly-instruction [operands]>` steps program forward until matching instruction occures\",\n    \"Use `plist` command to dump elements of linked list\",\n    \"If your program has multiple threads they will be displayed in the context display or using the `context threads` command\",\n    \"Use `track-got enable|info|query` to track GOT accesses - useful for hijacking control flow via writable GOT/PLT\",\n    \"Need to `mmap` or `mprotect` memory in the debugee? Use commands with the same name to inject and run such syscalls\",\n    \"Use `hi` to see if a an address belongs to a glibc heap chunk\",\n    \"Use `contextprev` and `contextnext` to display a previous context output again without scrolling\",\n    \"Try splitting the context output into multiple TUI windows using `layout pwndbg` (`tui disable` or `ctrl-x + a` to go back to CLI mode)\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.LLDB_TIPS","title":"LLDB_TIPS  module-attribute","text":"
LLDB_TIPS: list[str] = [\n    \"Use LLDB's `help <command>` to get detailed help on any command\",\n    \"LLDB's `expr` command lets you evaluate expressions in the current frame context\",\n    \"Use `frame variable` (or `fr v`) to show all variables in the current frame\",\n    \"The `watchpoint set` command allows you to stop execution when a variable changes\",\n    \"Use `process launch --stop-at-entry` to stop at the program entry point\",\n    \"LLDB's `memory read` (or `m read`) command displays memory contents at a specified address\",\n    \"Use `thread backtrace all` to see backtraces of all threads\",\n    \"The `breakpoint set --func-regex <regex>` command sets breakpoints on functions matching a regular expression\",\n    \"Use `target modules list` to see all loaded modules in your process\",\n    \"LLDB's `image lookup` command helps find symbols, addresses, and files in the executable and loaded libraries\",\n    \"Use `command alias` to create custom shortcuts for frequently used commands\",\n    \"LLDB's `register read` shows the contents of registers in the selected frame\",\n    \"The `disassemble` command shows assembly instructions for the current function\",\n    \"Use `thread step-inst` (or `si`) to step one instruction\",\n    \"LLDB's Python API can be accessed with the `script` command to extend debugging capabilities\",\n    \"Use `process attach --pid <pid>` to attach to a running process\",\n    \"The `breakpoint command add` lets you run commands when a breakpoint is hit\",\n    \"Use `memory find` to search for a value in the process's memory\",\n    \"LLDB's `settings set` command allows you to customize debugger behavior\",\n    \"The `platform list` command shows all available platforms for remote debugging\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_tip_of_the_day","title":"get_tip_of_the_day","text":"
get_tip_of_the_day() -> str\n
 
Returns a random tip based on the current debugger type.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_all_tips","title":"get_all_tips","text":"
get_all_tips() -> list[str]\n
 
Returns all tips applicable to the current debugger.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.color_tip","title":"color_tip","text":"
color_tip(tip: str) -> str\n
"},{"location":"reference/pwndbg/lib/version/","title":"version","text":""},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version","title":"version","text":"
Functions:
 
     
  •  build_id             \u2013              
    Returns pwndbg commit id if git is available.
     
    •  
 
Attributes:
 
     
  •  __version__           \u2013            
    •  
  •  b_id           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.__version__","title":"__version__  module-attribute","text":"
__version__ = '2025.10.20'\n
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.b_id","title":"b_id  module-attribute","text":"
b_id = build_id()\n
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.build_id","title":"build_id","text":"
build_id() -> str\n
 
Returns pwndbg commit id if git is available.
"},{"location":"reference/pwndbg/lib/which/","title":"which","text":""},{"location":"reference/pwndbg/lib/which/#pwndbg.lib.which","title":"which","text":"
Functions:
 
     
  •  which             \u2013              
    which(name, flags = os.X_OK, all = False) -> str or str set
     
    •  
"},{"location":"reference/pwndbg/lib/which/#pwndbg.lib.which.which","title":"which","text":"
which(name: str, all: bool = False) -> str | set[str] | None\n
 
which(name, flags = os.X_OK, all = False) -> str or str set
 
Works as the system command which; searches $PATH for name and returns a full path if found.
 
If all is True the set of all found locations is returned, else the first occurrence or None is returned.
 
Parameters:
 
     
  •  name               (str)           \u2013            
    The file to search for.
     
    •  
  •  all               (bool, default:                   False )           \u2013            
    Whether to return all locations where name was found.
     
    •  
 
Returns:
 
     
  •  str | set[str] | None           \u2013            
    If all is True the set of all locations where name was found,
     
    •  
  •  str | set[str] | None           \u2013            
    else the first location or None if not found.
     
    •  
 Example 
which('sh') '/bin/sh'
"},{"location":"reference/pwndbg/lib/zig/","title":"zig","text":""},{"location":"reference/pwndbg/lib/zig/#pwndbg.lib.zig","title":"zig","text":"
Functions:
 
     
  •  get_zig_executable             \u2013              
    Get the path to the zig executable.
     
    •  
  •  flags             \u2013              
    •  
  •  asm             \u2013              
    •  
 
Attributes:
 
     
  •  ZIG_SUPPORTED_VERSION           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/zig/#pwndbg.lib.zig.ZIG_SUPPORTED_VERSION","title":"ZIG_SUPPORTED_VERSION  module-attribute","text":"
ZIG_SUPPORTED_VERSION = '0.14.1'\n
"},{"location":"reference/pwndbg/lib/zig/#pwndbg.lib.zig.get_zig_executable","title":"get_zig_executable","text":"
get_zig_executable() -> str\n
 
Get the path to the zig executable. Precedence: ziglang module, zig in PATH.
"},{"location":"reference/pwndbg/lib/zig/#pwndbg.lib.zig.flags","title":"flags","text":"
flags(arch: ArchDefinition) -> list[str]\n
"},{"location":"reference/pwndbg/lib/zig/#pwndbg.lib.zig.asm","title":"asm","text":"
asm(\n    arch: ArchDefinition, data: str, includes: list[Path] | None = None\n) -> bytes\n
"},{"location":"reference/pwndbg/log/","title":"log","text":""},{"location":"reference/pwndbg/log/#pwndbg.log","title":"log","text":"
Logging.
 
Classes:
 
     
  •  ColorFormatter           \u2013            
    •  
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter","title":"ColorFormatter","text":"
               Bases: Formatter
 
Methods:
 
     
  •  format             \u2013              
    •  
 
Attributes:
 
     
  •  log_funcs           \u2013            
    •  
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter.log_funcs","title":"log_funcs  class-attribute instance-attribute","text":"
log_funcs = {\n    DEBUG: debug,\n    INFO: info,\n    WARNING: warn,\n    ERROR: error,\n    CRITICAL: error,\n}\n
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter.format","title":"format","text":"
format(record)\n
"},{"location":"reference/pwndbg/profiling/","title":"profiling","text":""},{"location":"reference/pwndbg/profiling/#pwndbg.profiling","title":"profiling","text":"
Pwndbg profiling.
 
Classes:
 
     
  •  Profiler           \u2013            
    •  
 
Functions:
 
     
  •  init             \u2013              
    •  
 
Attributes:
 
     
  •  profiler               (Profiler | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.profiler","title":"profiler  module-attribute","text":"
profiler: Profiler | None = None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler","title":"Profiler","text":"
Profiler(p: Profile)\n
 
Methods:
 
     
  •  print_time_elapsed             \u2013              
    •  
  •  start             \u2013              
    •  
  •  stop             \u2013              
    •  
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.print_time_elapsed","title":"print_time_elapsed","text":"
print_time_elapsed() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.start","title":"start","text":"
start() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.stop","title":"stop","text":"
stop(filename: str | None = None) -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.init","title":"init","text":"
init(p: Profile, _start_time: float | None) -> None\n
"},{"location":"reference/pwndbg/radare2/","title":"radare2","text":""},{"location":"reference/pwndbg/radare2/#pwndbg.radare2","title":"radare2","text":"
Radare2 integration with r2pipe.
 
Functions:
 
     
  •  r2pipe             \u2013              
    Spawn and return a r2pipe handle for the current process file.
     
    •  
  •  r2cmd             \u2013              
    •  
"},{"location":"reference/pwndbg/radare2/#pwndbg.radare2.r2pipe","title":"r2pipe","text":"
r2pipe()\n
 
Spawn and return a r2pipe handle for the current process file.
 
This function requires a radare2 installation plus the r2pipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed.
 
Raises ImportError if r2pipe python library is not available. Raises Exception if anything goes fatally wrong.
 
Returns a r2pipe.open handle.
"},{"location":"reference/pwndbg/radare2/#pwndbg.radare2.r2cmd","title":"r2cmd","text":"
r2cmd(arguments) -> str\n
"},{"location":"reference/pwndbg/rizin/","title":"rizin","text":""},{"location":"reference/pwndbg/rizin/#pwndbg.rizin","title":"rizin","text":"
Rizin integration with rzpipe.
 
Functions:
 
     
  •  rzpipe             \u2013              
    Spawn and return a rzpipe handle for the current process file.
     
    •  
  •  rzcmd             \u2013              
    •  
"},{"location":"reference/pwndbg/rizin/#pwndbg.rizin.rzpipe","title":"rzpipe","text":"
rzpipe()\n
 
Spawn and return a rzpipe handle for the current process file. This function requires a rizin installation plus the rzpipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed. Raises ImportError if rzpipe python library is not available. Raises Exception if anything goes fatally wrong. Returns a rzpipe.open handle.
"},{"location":"reference/pwndbg/rizin/#pwndbg.rizin.rzcmd","title":"rzcmd","text":"
rzcmd(arguments) -> str\n
"},{"location":"reference/pwndbg/search/","title":"search","text":""},{"location":"reference/pwndbg/search/#pwndbg.search","title":"search","text":"
Search the address space for byte patterns.
 
Functions:
 
     
  •  search             \u2013              
    Search inferior memory for a byte sequence.
     
    •  
"},{"location":"reference/pwndbg/search/#pwndbg.search.search","title":"search","text":"
search(\n    searchfor: bytes,\n    mappings: Collection[Page] | None = None,\n    start: int | None = None,\n    end: int | None = None,\n    step: int | None = None,\n    aligned: int | None = None,\n    limit: int | None = None,\n    executable: bool = False,\n    writable: bool = False,\n) -> Generator[int, None, None]\n
 
Search inferior memory for a byte sequence.
 
Parameters:
 
     
  •  searchfor               (bytes)           \u2013            
    Byte sequence to find
     
    •  
  •  mappings               (Collection[Page] | None, default:                   None )           \u2013            
    List of pwndbg.lib.memory.Page objects to search By default, uses all available mappings.
     
    •  
  •  start               (int | None, default:                   None )           \u2013            
    First address to search, inclusive.
     
    •  
  •  end               (int | None, default:                   None )           \u2013            
    Last address to search, exclusive.
     
    •  
  •  step               (int | None, default:                   None )           \u2013            
    Size of memory region to skip each result
     
    •  
  •  aligned               (int | None, default:                   None )           \u2013            
    Strict byte alignment for search result
     
    •  
  •  limit               (int | None, default:                   None )           \u2013            
    Maximum number of results to return
     
    •  
  •  executable               (bool, default:                   False )           \u2013            
    Restrict search to executable pages
     
    •  
  •  writable               (bool, default:                   False )           \u2013            
    Restrict search to writable pages
     
    •  
 
Yields:
 
     
  •  int           \u2013            
    An iterator on the address matches
     
    •  
"},{"location":"reference/pwndbg/ui/","title":"ui","text":""},{"location":"reference/pwndbg/ui/#pwndbg.ui","title":"ui","text":"
A few helpers for making things print pretty-like.
 
Functions:
 
     
  •  banner             \u2013              
    •  
  •  addrsz             \u2013              
    •  
  •  get_window_size             \u2013              
    •  
  •  get_cmd_window_size             \u2013              
    •  
 
Attributes:
 
     
  •  title_position           \u2013            
    •  
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.title_position","title":"title_position  module-attribute","text":"
title_position = add_param(\n    \"banner-title-position\",\n    \"center\",\n    \"banner title position\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"center\", \"left\", \"right\"],\n)\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.banner","title":"banner","text":"
banner(title, target=stdout, width=None, extra='')\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.addrsz","title":"addrsz","text":"
addrsz(address) -> str\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_window_size","title":"get_window_size","text":"
get_window_size(target=stdout)\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_cmd_window_size","title":"get_cmd_window_size","text":"
get_cmd_window_size()\n
"},{"location":"reference/pwndbg/wrappers/","title":"wrappers","text":""},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers","title":"wrappers","text":"
Specific command output wrappers.
 
Modules:
 
     
  •  checksec           \u2013            
    •  
  •  readelf           \u2013            
    •  
 
Classes:
 
     
  •  OnlyWithCommand           \u2013            
    •  
 
Functions:
 
     
  •  call_cmd             \u2013              
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand","title":"OnlyWithCommand","text":"
OnlyWithCommand(*commands: str | list[str])\n
 
Methods:
 
     
  •  __call__             \u2013              
    •  
 
Attributes:
 
     
  •  all_cmds               (list[str])           \u2013            
    •  
  •  cmd               (list[str])           \u2013            
    •  
  •  cmd_path               (str | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.all_cmds","title":"all_cmds  instance-attribute","text":"
all_cmds: list[str] = [\n    (cmd[0] if isinstance(cmd, list) else cmd) for cmd in commands\n]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd","title":"cmd  instance-attribute","text":"
cmd: list[str] = command if isinstance(command, list) else [command]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd_path","title":"cmd_path  instance-attribute","text":"
cmd_path: str | None = which(cmd[0])\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.__call__","title":"__call__","text":"
__call__(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.call_cmd","title":"call_cmd","text":"
call_cmd(*cmd: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/","title":"checksec","text":""},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec","title":"checksec","text":"
Functions:
 
     
  •  monkeypatch_pwnlib_term_text             \u2013              
    •  
  •  get_raw_out             \u2013              
    •  
  •  relro_status             \u2013              
    •  
  •  pie_status             \u2013              
    •  
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.monkeypatch_pwnlib_term_text","title":"monkeypatch_pwnlib_term_text","text":"
monkeypatch_pwnlib_term_text() -> Iterator[None]\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.get_raw_out","title":"get_raw_out","text":"
get_raw_out(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.relro_status","title":"relro_status","text":"
relro_status(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.pie_status","title":"pie_status","text":"
pie_status(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/readelf/","title":"readelf","text":""},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf","title":"readelf","text":"
Classes:
 
     
  •  RelocationType           \u2013            
    •  
 
Functions:
 
     
  •  get_got_entry             \u2013              
    •  
 
Attributes:
 
     
  •  cmd_name           \u2013            
    •  
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.cmd_name","title":"cmd_name  module-attribute","text":"
cmd_name = 'readelf'\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType","title":"RelocationType","text":"
               Bases: Enum
 
Attributes:
 
     
  •  JUMP_SLOT           \u2013            
    •  
  •  GLOB_DAT           \u2013            
    •  
  •  IRELATIVE           \u2013            
    •  
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.JUMP_SLOT","title":"JUMP_SLOT  class-attribute instance-attribute","text":"
JUMP_SLOT = 1\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.GLOB_DAT","title":"GLOB_DAT  class-attribute instance-attribute","text":"
GLOB_DAT = 2\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.IRELATIVE","title":"IRELATIVE  class-attribute instance-attribute","text":"
IRELATIVE = 3\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.get_got_entry","title":"get_got_entry","text":"
get_got_entry(local_path: str) -> dict[RelocationType, list[str]]\n
"},{"location":"blog/archive/2022/","title":"2022","text":""}]}
\ No newline at end of file
+{"config":{"lang":["en"],"separator":"[\\s\\u200b\\-_,:!=\\[\\]()\"`/]+|\\.(?!\\d)|&[lg]t;|(?!\\b)(?=[A-Z][a-z])","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":""},{"location":"#pwndbg","title":"pwndbg","text":"
pwndbg (/pa\u028an\u02c8di\u02ccb\u028c\u0261/) is a GDB and LLDB plug-in that makes debugging suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.
 
It has a boatload of features, see our Features page and CHEATSHEET (feel free to print it!). If you have any questions you may read the documentation or asks us in our Discord server.
"},{"location":"#why","title":"Why?","text":"
Vanilla GDB and LLDB are terrible to use for reverse engineering and exploit development. Typing x/30gx $rsp or navigating cumbersome LLDB commands is not fun and often provides minimal information. The year is 2025, and core debuggers still lack many user-friendly features such as a robust hexdump command. WinDbg users are completely lost when they occasionally need to bump into GDB or LLDB.
 
Pwndbg is a Python module which can be loaded into GDB or run as a REPL interface for LLDB. It provides a suite of utilities and enhancements that fill the gaps left by these debuggers, smoothing out rough edges and making them more user-friendly.
"},{"location":"#installation","title":"Installation","text":"
See installation instructions.
"},{"location":"#what-about","title":"What about ...?","text":"
Many past (gdbinit, PEDA) and present projects (GEF, bata24/GEF) offer great features, but are hard to extend and are packaged as large single files (103KB, 195KB, 423KB, 4.12MB). Pwndbg aims to replace them with a faster, cleaner, and more robust implementation.
"},{"location":"#when-to-use-gdb-or-lldb","title":"When to Use GDB or LLDB?","text":"
Pwndbg supports both GDB and LLDB, and each debugger has its own strengths. Here's a quick guide to help you decide which one to use:
 Use Case Supported Debugger Debugging Linux binaries or ELF files GDB, LLDB Debugging Mach-O binaries on macOS LLDB Linux kernel debugging (qemu-system) GDB, LLDB Linux user-space emulation (qemu-user) GDB Embedded debugging (ARM Cortex M* or RISC-V/32) GDB, LLDB 
Pwndbg ensures a consistent experience across both, so switching between them is seamless.
 
The LLDB implementation in pwndbg is still in early-stage and may contain bugs or limitations. Known issues are tracked in GitHub Issues.
 
If you encounter any problems, feel free to report them or discuss on our Discord server.
"},{"location":"#compatibility-table","title":"Compatibility Table","text":"Feature Supported Version Notes pwndbg-gdb - Python 3.10+ - GDB 12.1+ Battle-tested on Ubuntu 22.04/24.04 pwndbg-lldb - Python 3.12+ - LLDB 19+ Experimental/early-stage support qemu-user QEMU 8.1+ vFile API is needed for vmmap qemu-system QEMU 6.2+ Supported version since ubuntu 22.04"},{"location":"#contributing","title":"Contributing","text":"
Pull requests are welcome \u2764\ufe0f. Check out the Contributing Guide.
"},{"location":"#acknowledgements","title":"Acknowledgements","text":"
Pwndbg was originally created by Zach Riggle, who is no longer with us. We want to thank Zach for all of his contributions to pwndbg and the wider security community.
"},{"location":"features/","title":"Features","text":""},{"location":"features/#features","title":"Features","text":"
Pwndbg has a great deal of useful features. You can a see all available commands at any time by typing the pwndbg command or by checking the Commands section of the documentation. For configuration and theming see the Configuration section. Below is a subset of commands which are easy to capture in screenshots.
"},{"location":"features/#disassembly-and-emulation","title":"Disassembly and Emulation","text":"
Pwndbg leverages the capstone and unicorn engines, along with its own instrospection, to display, annotate and emulate instructions.
 
Operands of instructions are resolved, conditions evaluated, and only the instructions that will actually be executed are shown.
 
 
This is incredibly useful when stepping through jump tables, PLT entries, and ROPping.
 
"},{"location":"features/#context","title":"Context","text":"
A useful summary of the current execution context is printed every time the debugger stops (e.g. breakpoint or single-step), displaying all registers, the stack, call frames, disassembly, and additionally recursively dereferencing all pointers.  All memory addresses are color-coded to the type of memory they represent.
 
 
A history of previous context output is kept which can be accessed using the contextprev and contextnext commands.
"},{"location":"features/#arguments","title":"Arguments","text":"
All function call sites are annotated with the arguments to those functions.  This works best with debugging symbols, but also works in the most common case where an imported function (e.g. libc function via GOT or PLT) is used.
 
 
"},{"location":"features/#splitting-layouting-context","title":"Splitting / Layouting Context","text":"
The context sections can be distributed among different tty by using the contextoutput command. Thus, if you want to make better use of some of the empty space in the default Pwndbg output, you can split the panes in your terminal and redirect the various contexts among them.
 
 
See Splitting the Context for more information.
"},{"location":"features/#gdb-tui","title":"GDB TUI","text":"
The context sections are available as native GDB TUI windows named pwndbg_[sectionname]. There are some predefined layouts coming with Pwndbg which you can select using layout pwndbg or layout pwndbg_code.
 
 
See GDB TUI for more information.
"},{"location":"features/#watch-expressions","title":"Watch Expressions","text":"
You can add expressions to be watched by the context. Those expressions are evaluated and shown on every context refresh. For instance by doing contextwatch execute \"info args\" we can see the arguments of every function we are in (here we are in mmap):
 
 
See contextwatch for more information.
"},{"location":"features/#integrations","title":"Integrations","text":""},{"location":"features/#ghidra","title":"Ghidra","text":"
With the help of radare2 or rizin it is possible to show the decompiled source code of the ghidra decompiler.
 
See Ghidra Integration for more information.
"},{"location":"features/#ida-probinary-ninja","title":"IDA Pro/Binary Ninja","text":"
Pwndbg is capable of integrating with IDA Pro or Binary Ninja by installing an XMLRPC server in the decompiler as a plugin, and then querying it for information.
 
This allows extraction of comments, decompiled lines of source, breakpoints, symbols, and synchronized debugging (single-steps update the cursor in the decompiler).
 
 
See Binary Ninja Integration or IDA Integration for setup information.
"},{"location":"features/#heap-inspection","title":"Heap Inspection","text":"
Pwndbg provides commands for inspecting the heap and the allocator's state. Currently supported are:
 
     
  • glibc malloc
    •  
  • jemalloc
    •  
  • linux's buddy allocator
    •  
  • linux's SLUB allocator
    •  
 
See some of the commands for glibc malloc:  
"},{"location":"features/#lldb","title":"LLDB","text":"
While most other GDB plugins are well GDB plugins, Pwndbg's implementation is debugger-agnostic. You can use Pwndbg with LLDB!
 
"},{"location":"features/#windbg-compatibility","title":"WinDbg Compatibility","text":"
For those coming from a Windows background, Pwndbg has a complete WinDbg compatibility layer.  You can dd, dps, eq, and even eb $rip 90 to your heart's content.
 
"},{"location":"features/#go-debugging","title":"Go Debugging","text":"
Pwndbg has support for dumping complex Go values like maps and slices, including automatically parsing out type layouts in certain cases.
 
See the Go debugging guide for more information.
"},{"location":"features/#so-many-commands","title":"So many commands","text":"
Go take a look at Commands! Here is some cool stuff you can do to get you started.
"},{"location":"features/#process-state-inspection","title":"Process State Inspection","text":"
Use the procinfo command in order to inspect the current process state, like UID, GID, Groups, SELinux context, and open file descriptors! Pwndbg works particularly well with remote GDB debugging like with Android phones.
 
 
"},{"location":"features/#rop-gadgets","title":"ROP Gadgets","text":"
Tools for finding rop gadgets statically don't know about everything that will be loaded into the address space and they can make mistakes about which addresses will actually end up executable. You can now rop at runtime with Pwndbg's rop and ropper.
 
"},{"location":"features/#search","title":"Search","text":"
Pwndbg makes searching the target memory space easy, with a complete and easy-to-use interface.  Whether you're searching for bytes, strings, or various sizes of integer values or pointers, it's a simple command away.
 
"},{"location":"features/#finding-leaks","title":"Finding Leaks","text":"
Finding leak chains can be done using the leakfind and probeleak commands. They recursively inspect address ranges for pointers, and report on all pointers found.
 
 
"},{"location":"features/#telescope","title":"Telescope","text":"
Inspecting memory dumps is easy with the telescope command.  It recursively dereferences a range of memory, letting you see everything at once.  As an added bonus, Pwndbg checks all of the available registers to see if they point into the memory range.
 
"},{"location":"features/#virtual-memory-maps","title":"Virtual Memory Maps","text":"
Pwndbg enhances the standard memory map listing and allows easy searching with vmmap.
 
 
"},{"location":"features/#tracking-glibc-heap-allocations","title":"Tracking glibc heap allocations","text":"
It can be very useful to see allocations happening in real time. It can give us a good idea of what the allocation pattern of a program looks like, and allows us to make informed decisions on how to optimize or attack it. The track-heap command does just that.
"},{"location":"features/#tracking-the-got","title":"Tracking the GOT","text":"
The Procedure Linkage Table (PLT) and Global Offset Table (GOT) are very interesting exploitation targets since they contain many often-accessed function pointers. You can track how your program goes through the GOT using the track-got command.
"},{"location":"features/#attach-to-a-process-by-name","title":"Attach to a process by name","text":"
The days of running pidof in a different terminal are over. Use attachp to attach to any process by name, pid, arguments or device file!
 
"},{"location":"setup/","title":"Setup","text":"
There are multiple ways to install Pwndbg, depending on whether you want to use it with GDB, with LLDB, use a portable release, or install it from source.
"},{"location":"setup/#installing-pwndbg-gdb","title":"Installing pwndbg-gdb","text":"
Install via curl/sh (Linux/macOS) 
curl --proto '=https' --tlsv1.2 -LsSf 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb\n
 Install via GNU wget/sh (Linux/macOS) 
wget --https-only --secure-protocol=TLSv1_2 -qO- 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb\n
 Install via BusyBox wget/sh (Linux/macOS) 
wget -qO- 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb\n
 Install via Homebrew (macOS) 
brew install pwndbg/tap/pwndbg-gdb\n
 Install via the Nix package manager (Linux/macOS) 
nix shell github:pwndbg/pwndbg\n
"},{"location":"setup/#official-pwndbg-packages","title":"Official Pwndbg packages","text":"
When installing with GDB, you may also download a package to install through your package manager of choice. Download the package from the releases page and pick the appropriate download from the second table.
 
RPM-based Systems (CentOS/Alma/Rocky/RHEL): 
dnf install ./pwndbg-2025.10.20.x86_64.rpm\n
 DEB-based Systems (Debian/Ubuntu/Kali): 
apt install ./pwndbg_2025.10.20_amd64.deb\n
 Alpine: 
apk add --allow-untrusted ./pwndbg_2025.10.20_x86_64.apk\n
 Arch Linux: 
pacman -U ./pwndbg-2025.10.20-1-x86_64.pkg.tar.zst\n
"},{"location":"setup/#distro-packages","title":"Distro packages","text":"
You may want to install Pwndbg through your distribution's package manager. This installation method is not officially supported because we cannot control the versions of the python dependencies Pwndbg uses in this case. Please use any other installation method when reproducing bug reports (portable package is probably simplest in this case). If a bug reproduces with a distro package but not with any of the supported installation methods, please report it to the package maintainer; if the problem cannot be fixed, let us know and we will add it to a list of known issues below.
 ArchGentoo 
sudo pacman -S pwndbg\n
 You will also need to source Pwndbg from your ~/.gdbinit. Add this line to the beginning of that file: 
source /usr/share/pwndbg/gdbinit.py\n
 Pwndbg will be started every time you invoke gdb now.
 
Note that the Arch package is quite outdated. Once it gets updated you will not need the source line in your ~/.gdbinit and will be able to run Pwndbg with the pwndbg and pwndbg-lldb commands. See packaging Pwndbg.
 
sudo emerge --ask dev-debug/pwndbg\n
 Pwndbg will now be available with the pwndbg and pwndbg-lldb commands.
"},{"location":"setup/#installing-pwndbg-lldb","title":"Installing pwndbg-lldb","text":"
These installation methods provide the 
pwndbg-lldb ./your-binary\n
 command.
 
Install via curl/sh (Linux/macOS) 
curl --proto '=https' --tlsv1.2 -LsSf 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb\n
 Install via Homebrew (macOS) 
brew install pwndbg/tap/pwndbg-lldb\n
 Install via the Nix package manager (Linux/macOS): 
nix shell github:pwndbg/pwndbg#pwndbg-lldb\n
"},{"location":"setup/#download-the-portable-version","title":"Download the Portable Version","text":"
You can download a portable release on the Pwndbg releases page. There are seperate releases for GDB and LLDB. Use the first table to pick the appropriate download for your system architecture. You can then unpack the archive with: 
tar -v -xf <archive-name>\n
 And run Pwndbg with 
./pwndbg/bin/pwndbg\n
 or 
./pwndbg/bin/pwndbg-lldb\n
 depending on which version you installed. You may add the appropriate file to your shell's PATH.
"},{"location":"setup/#removing-quarantine-flags-macos","title":"Removing Quarantine Flags (macOS)","text":"
When first setting up the portable version of Pwndbg in macOS, Gatekeeper will normally try to prevent any code in the extracted files from running until the user explicitly allows each file to be run. As we ship many files which would require this, the process of manually granting permission for each one to be run can get quite tiresome.
 
In order to do this to all files at once, you may choose to run the following command, which removes the quarantine flag from all extracted files at once:
 
xattr -rd com.apple.quarantine pwndbg\n
 
Assuming that the files were extracted to a folder called pwndbg.
"},{"location":"setup/#installing-from-source","title":"Installing from source","text":"
See contributing/Installing Pwndbg from source, you do not need the \"The development environment\" section. The TLDR is to run the following (but see the aforementioned link for more details): 
git clone https://github.com/pwndbg/pwndbg\ncd pwndbg\n./setup.sh\n
"},{"location":"blog/","title":"Blog","text":""},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/","title":"Pwndbg coding sprints report","text":"
(originally posted on https://disconnect3d.pl/2022/08/21/pwndbg-coding-sprints/)
 
This blog post is a report of the two coding sprints for the Pwndbg project that I organized first on the EuroPython 2022 conference and then, taking inspiration from the previous one, in the Hackerspace Krak\u00f3w, located in Cracow, Poland.
 
PS: If you are only looking for a list of things done, scroll down!
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#where-i-got-the-idea-for-sprints","title":"Where I got the idea for sprints?","text":"
I have recently attended the EuroPython 2022 conference and I enjoyed the \u201csprints\u201d there. In short, a sprint is a semi-organized event, where anyone can announce a project they will be working on and others can join them. This helps both the projects and the event participants to learn about the project and to make first-time contributions. At the EuroPython conference, there were 16 officially announced projects, but I know that even more projects were being worked on in practice. Of course, other communities or conferences also do this (e.g. NixCon).
 
At the EuroPython conference, I announced my own sprint to work on the Pwndbg project that I maintain. Having no expectations, I felt excited when four people showed up to learn something new and hack together on the project. Later, taking inspiration from it, I organized another sprint, this time in Cracow in the local Hackerspace with even a bigger response. Below, you can read a small report on the two sprints that have happened.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#my-general-idea-for-a-pwndbg-sprint","title":"My general idea for a Pwndbg sprint","text":"
Pwndbg is written in Python, so on one hand is easy to hack on, but on the other hand it is a plugin for GDB, a console debugger for native programs (e.g. ones written in C, C++, Go or Rust). The general idea of Pwndbg is to alleviate the pain points of working with and improve the UX of GDB when debugging assembly code, reverse engineering a binary or during exploit development.
 
Since not everyone is familiar with debuggers or the underlyings of programs execution (e.g. assembly code, CPU registers or stack or heap memory) I knew that I had to make some introduction to those concepts and if possible, prepare a list of simple tasks, so that people can get familiar with the codebase and the tool and contribute something.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#europython-2022-sprint","title":"EuroPython 2022 sprint","text":"
On the first sprint, four people showed up, mostly having no prior experience with the topic. We started with an introduction to what GDB and Pwndbg are and why and when they are useful.
 
For this, I took a small C program that had a buffer overflow bug: 
#include <stdio.h>\n#include <string.h>\n\nint main(int argc, char* argv[]) {\n    char name[16] = {0};\n\n    // NOTE: We copy the `argv[1]` string which may be of arbitrary length\n    // into the `name` buffer which is only of 16-bytes long. Thus, we can\n    // overwrite the stack memory of the program past the `name` buffer.\n    strcpy(name, argv[1]);\n\n    printf(\"Hello %s!\\n\", name);\n}\n
 
Then, after compiling it (gcc main.c), we ran the program twice to see that it will crash if we provide a too long string as its argument:
 
$ ./a.out Disconnect3d\nHello Disconnect3d!\n\n$ ./a.out Disconnect3d_at_EuroPython\nHello Disconnect3d_at_EuroPython!\n*** stack smashing detected ***: <unknown> terminated\nAborted (core dumped)\n
 
Then, I explained that the \"stack smashing detected\" we see is the \"stack canaries\" (also called \"stack cookies\") exploit mitigation added by compilers. This compiler feature adds a special 8-bytes canary value after the function's local variables located on the stack, so that then a stack frame may look like this:
 
------------------------------   lower addresses\nchar name[16];                         |\nuint8_t canary[8];                     |\nvoid* function_return_address;         V\n------------------------------   higher addresses\n
 
This local stack canary value is then filled in just after the function\u2019s prologue and is verified against a global value before the function returns to see if the stack was not corrupted (starting from the canary). Of course this may not detect all possible stack memory corruptions but it often makes it impossible to exploit a program (e.g. by changing the return address, also located on the stack), knowing just this vulnerability.
 
The stack canary mitigation can also be disabled. And if it were done (by passing in a -fno-stack-protector flag during compilation), we would get a different result when running the resulting program:
 
$ gcc -fno-stack-protector buf.c\n\n$ ./a.out Disconnect3d_on_EuroPython\nHello Disconnect3d_on_EuroPython!\nSegmentation fault (core dumped)\n
 
Now, the \"stack smashing detected\" is gone, but the program still crashed, because we still corrupted a part of its memory that we shouldn't have touched in a way that made the program do illegal things (e.g. accessing unmapped memory).
 
During the sprint, we also ran a GDB+Pwndbg session to see the exact instructions that placed the canary value on the stack memory, to see that our input string was located just before it and how the canary was checked just before the function was returned.
 
I am not going to describe all of this here, but you can see some of it in the below asciinema recording.
 
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#hackerspace-krakow-sprint","title":"Hackerspace Krak\u00f3w sprint","text":"
Since the second sprint was an ad-hoc event, I had to organize it myself. As a member of Hackerspace Krak\u00f3w, I was able to reserve the hackerspace's softroom, which is a perfect place for people to hack on things using their computers. Then, I advertised the event on the Hackerspace's mailing list and on a few other mediums.
 
I did not expect many people to come, especially that I advertised the sprint ~2 days before the event.
 
But... 8 people (!) showed up (excluding me). I prepared a document with some basic information and tasks, which can be found here (though, it is in Polish and it was modified during and after the sprint).
 
I won't lie: most people that came were friends of mine, some of which I play CTFs with. However, not all of them had really used or developed Pwndbg before.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#accomplishments-from-the-two-sprints","title":"Accomplishments from the two sprints","text":"
On the EP sprint, since we were just a group of four, we focused on small improvements to the codebase. In total, we did the following: * reviewed and merged the fs/gs_base fetching improvement PR, * pinned the project's dependencies, * updated the unicorn dependency version, * added a \"tip of the day\" feature, * improved the UX of using Pwndbg within a Python virtual environment, * and also worked on enhancing the display of arguments when stopping on a call to the printf functions family.
 
The last item from the list was the hardest to jump on and it still requires enhancements until it is merged. Nonetheless, all of this was a nice outcome from the whole sprint :).
 
On the second sprint, while we were a bigger group, we had much more limited time (since instead of having ~8 hours, we had just a few). Anyway, we were able to do the following:
 
     
  • Cleanup some code leftover after dropping Python 2 support,
    •  
  • Added documentation on how to debug Pwndbg using PyCharm remote debugging,
    •  
  • Reviewed and merged the PRs that sets $base_heap variable and a tip for it, which may be useful for heap exploitation,
    •  
  • Fix the X30 register display on AARCH64 targets,
    •  
  • Fix context args display when PC/IP register pointed to unmapped memory,
    •  
  • Fixed the xor and memfrob commands and added tests for them (! :D),
    •  
  • Worked on adding a way to dump memory that can be copied right away as C or Python code (this needs to be changed to a command flag),
    •  
  • Investigated a potential parsing issue, even looking at GDB's command parsing source code, implemented potential patch, which only later turned out to be redundant and the issue to be invalid.
    •  
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#summary-and-whats-next","title":"Summary and what's next?","text":"
Organizing those sprints helped me to get back to develop the Pwndbg project more and and attract more people to contribute to it. I also think that more conferences should have this kind of attractions (similarly as more conferences should have lightning talk sessions, heh).
 
Regarding the Pwndbg sprints, I am organizing another one this week in Cracow on Tuesday, so if you live nearby and are interested in learning about Pwndbg or contributing to the project, feel invited! :)
 
PS: Thanks a lot to @arturcygan for reviewing this blog post.
"},{"location":"commands/","title":"Index","text":""},{"location":"commands/#commands","title":"Commands","text":""},{"location":"commands/#breakpoint","title":"Breakpoint","text":"
     
  • break-if-not-taken - Breaks on a branch if it is not taken.
    •  
  • break-if-taken - Breaks on a branch if it is taken.
    •  
  • breakrva - Break at RVA from PIE base.
    •  
  • ignore - Set ignore-count of breakpoint number N to COUNT.
    •  
"},{"location":"commands/#context","title":"Context","text":"
     
  • context - Print out the currently enabled context sections.
    •  
  • contextnext - Select next entry in context history.
    •  
  • contextoutput - Sets the output of a context section.
    •  
  • contextprev - Select previous entry in context history.
    •  
  • contextsearch - Search for a string in the context history and select that entry.
    •  
  • contextunwatch - Removes an expression previously added to be watched.
    •  
  • contextwatch - Adds an expression to be shown on context.
    •  
  • regs - Print out all registers and enhance the information.
    •  
"},{"location":"commands/#darwinlibsystemmach-o","title":"Darwin/libsystem/Mach-O","text":"
     
  • commpage - Dumps all values from the macOS commpage.
    •  
"},{"location":"commands/#developer","title":"Developer","text":"
     
  • dev-dump-instruction - Dump internal PwndbgInstruction attributes.
    •  
  • log-level - Set the log level.
    •  
"},{"location":"commands/#disassemble","title":"Disassemble","text":"
     
  • emulate - Like nearpc, but will emulate instructions from the current $PC forward.
    •  
  • nearpc - Disassemble near a specified address.
    •  
"},{"location":"commands/#glibc-ptmalloc2-heap","title":"GLibc ptmalloc2 Heap","text":"
     
  • arena - Print the contents of an arena.
    •  
  • arenas - List this process's arenas.
    •  
  • bins - Print the contents of all an arena's bins and a thread's tcache.
    •  
  • fastbins - Print the contents of an arena's fastbins.
    •  
  • find-fake-fast - Find candidate fake fast or tcache chunks overlapping the specified address.
    •  
  • heap - Iteratively print chunks on a heap.
    •  
  • hi - Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
    •  
  • largebins - Print the contents of an arena's largebins.
    •  
  • malloc-chunk - Print a chunk.
    •  
  • mp - Print the mp_ struct's contents.
    •  
  • smallbins - Print the contents of an arena's smallbins.
    •  
  • tcache - Print a thread's tcache contents.
    •  
  • tcachebins - Print the contents of a tcache.
    •  
  • top-chunk - Print relevant information about an arena's top chunk.
    •  
  • try-free - Check what would happen if free was called with given address.
    •  
  • unsortedbin - Print the contents of an arena's unsortedbin.
    •  
  • vis-heap-chunks - Visualize chunks on a heap.
    •  
"},{"location":"commands/#integrations","title":"Integrations","text":"
     
  • ai - Ask GPT-3 a question about the current debugging context.
    •  
  • bn-sync - Synchronize Binary Ninja's cursor with GDB.
    •  
  • decomp - Use the current integration to decompile code near an address.
    •  
  • j - Synchronize IDA's cursor with GDB.
    •  
  • r2 - Launches radare2.
    •  
  • r2pipe - Execute stateful radare2 commands through r2pipe.
    •  
  • rop - Dump ROP gadgets with Jon Salwan's ROPgadget tool.
    •  
  • ropper - ROP gadget search with ropper.
    •  
  • rz - Launches rizin.
    •  
  • rzpipe - Execute stateful rizin commands through rzpipe.
    •  
  • save-ida - Save the ida database.
    •  
"},{"location":"commands/#kernel","title":"Kernel","text":"
     
  • binder - Show Android Binder information
    •  
  • buddydump - Displays metadata and freelists of the buddy allocator.
    •  
  • kbase - Finds the kernel virtual base address.
    •  
  • kbpf - Prints information about the linux kernel bpf progs and maps.
    •  
  • kchecksec - Checks for kernel hardening configuration options.
    •  
  • kcmdline - Return the kernel commandline (/proc/cmdline).
    •  
  • kconfig - Outputs the kernel config.
    •  
  • kcurrent - Displays the current kernel task debugged by the debugger (gdb/lldb) if pid == None
    •  
  • kdmabuf - Prints DMA buf info
    •  
  • kdmesg - Displays the kernel ring buffer (dmesg) contents.
    •  
  • kfile - Displays information about fds accessible by a kernel task.
    •  
  • klookup - Lookup kernel symbols
    •  
  • kmem-trace - Trace kernel memory (SLUB and buddy) allocations and frees.
    •  
  • kmod - Displays the loaded Linux kernel modules.
    •  
  • knft-dump - Dump all nftables: tables, chains, rules, expressions
    •  
  • knft-list-chains - Dump netfilter chains form a specific table
    •  
  • knft-list-exprs - Dump only expressions from specific rule
    •  
  • knft-list-flowtables - Dump netfilter flowtables from a specific table
    •  
  • knft-list-objects - Dump netfilter objects from a specific table
    •  
  • knft-list-rules - Dump netfilter rules form a specific chain
    •  
  • knft-list-sets - Dump netfilter sets from a specific table
    •  
  • knft-list-tables - Dump netfliter tables from a specific network namespace
    •  
  • ksyscalls - Displays Linux syscall table, including names and addresses of syscalls.
    •  
  • ktask - Displays information about kernel tasks.
    •  
  • kversion - Outputs the kernel version (/proc/version).
    •  
  • msr - Read or write to Model Specific Register (MSR)
    •  
  • p2v - Translate physical address to its corresponding virtual address.
    •  
  • pageinfo - Convert a pointer to a struct page to its corresponding virtual address.
    •  
  • pagewalk - Performs pagewalk.
    •  
  • slab - Prints information about the linux kernel's slab allocator SLUB.
    •  
  • v2p - Translate virtual address to its corresponding physmap address.
    •  
  • vmlinux - Load bzImage or vmlinux file to add kernel debug symbols.
    •  
"},{"location":"commands/#linuxlibcelf","title":"Linux/libc/ELF","text":"
     
  • argc - Prints out the number of arguments.
    •  
  • argv - Prints out the contents of argv.
    •  
  • aslr - Check the current ASLR status, or turn it on/off.
    •  
  • auxv-explore - Explore and print information from the Auxiliary ELF Vector.
    •  
  • auxv - Print information from the Auxiliary ELF Vector.
    •  
  • elfsections - Prints the section mappings contained in the ELF header.
    •  
  • envp - Prints out the contents of the environment.
    •  
  • errno - Converts errno (or argument) to its string representation.
    •  
  • got - Show the state of the Global Offset Table.
    •  
  • gotplt - Prints any symbols found in the .got.plt section if it exists.
    •  
  • libcinfo - Show libc version and link to its sources
    •  
  • linkmap - Show the state of the Link Map
    •  
  • onegadget - Find gadgets which single-handedly give code execution.
    •  
  • parse-seccomp - Parse a struct sock_fprog from memory and dump its filter
    •  
  • piebase - Calculate VA of RVA from PIE base.
    •  
  • plt - Prints any symbols found in Procedure Linkage Table sections if any exist.
    •  
  • strings - Extracts and displays ASCII strings from readable memory pages of the debugged process.
    •  
  • threads - List all threads belonging to the selected inferior.
    •  
  • tls - Print out base address of the current Thread Local Storage (TLS).
    •  
  • track-got - Controls GOT tracking
    •  
  • track-heap - Manages the heap tracker.
    •  
"},{"location":"commands/#memory","title":"Memory","text":"
     
  • distance - Print the distance between the two arguments, or print the offset to the address's page base.
    •  
  • dump-register-frame - Display the registers saved to memory for a certain frame type
    •  
  • gdt - Decode X86-64 GDT entries at address
    •  
  • go-dump - Dumps a Go value of a given type at a specified address.
    •  
  • go-type - Dumps a Go runtime reflection type at a specified address.
    •  
  • hexdump - Hexdumps data at the specified address or module name.
    •  
  • leakfind - Attempt to find a leak chain given a starting address.
    •  
  • memfrob - Memfrobs a region of memory (xor with '*').
    •  
  • mmap - Calls the mmap syscall and prints its resulting address.
    •  
  • mprotect - Calls the mprotect syscall and prints its result value.
    •  
  • p2p - Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
    •  
  • probeleak - Pointer scan for possible offset leaks.
    •  
  • search - Search memory for byte sequences, strings, pointers, and integer values.
    •  
  • telescope - Recursively dereferences pointers starting at the specified address.
    •  
  • vmmap-add - Add virtual memory map page.
    •  
  • vmmap-clear - Clear the vmmap cache.
    •  
  • vmmap-explore - Explore a page, trying to guess permissions.
    •  
  • vmmap - Print virtual memory map pages.
    •  
  • xinfo - Shows offsets of the specified address from various useful locations.
    •  
  • xor - XOR count bytes at address with the key key.
    •  
"},{"location":"commands/#misc","title":"Misc","text":"
     
  • asm - Assemble shellcode into bytes
    •  
  • checksec - Prints out the binary security settings using checksec.
    •  
  • comm - Put comments in assembly code.
    •  
  • cyclic - Cyclic pattern creator/finder.
    •  
  • cymbol - Manage custom C structures in pwndbg. Supports project-specific auto-loading from .gdbinit.
    •  
  • down - Select and print stack frame called by this one.
    •  
  • dt - Dump out information on a type (e.g. ucontext_t).
    •  
  • dumpargs - Prints determined arguments for call/syscall instruction.
    •  
  • getfile - Gets the current file.
    •  
  • hex2ptr - Converts a space-separated hex string to a little-endian address.
    •  
  • hijack-fd - Replace a file descriptor of a debugged process.
    •  
  • ipi - Start an interactive IPython prompt.
    •  
  • patch-list - List all patches.
    •  
  • patch-revert - Revert patch at given address.
    •  
  • patch - Patches given instruction with given code or bytes.
    •  
  • plist - Dumps the elements of a linked list.
    •  
  • sigreturn - Display the SigreturnFrame at the specific address
    •  
  • spray - Spray memory with cyclic() generated values
    •  
  • tips - Shows tips.
    •  
  • up - Select and print stack frame that called this one.
    •  
  • valist - Dumps the arguments of a va_list.
    •  
  • vmmap-load - Load virtual memory map pages from ELF file.
    •  
"},{"location":"commands/#process","title":"Process","text":"
     
  • killthreads - Kill all or given threads.
    •  
  • pid - Gets the pid.
    •  
  • procinfo - Display information about the running process.
    •  
"},{"location":"commands/#pwndbg","title":"Pwndbg","text":"
     
  • bugreport - Generate a bug report.
    •  
  • config - Shows Pwndbg-specific configuration.
    •  
  • configfile - Generates a configuration file for the current Pwndbg options.
    •  
  • heap-config - Shows heap related configuration.
    •  
  • memoize - Toggles memoization (caching).
    •  
  • profiler - Utilities for profiling Pwndbg.
    •  
  • pwndbg - Prints out a list of all Pwndbg commands.
    •  
  • reinit-pwndbg - Makes Pwndbg reinitialize all state.
    •  
  • reload - Reload Pwndbg.
    •  
  • theme - Shows Pwndbg-specific theme configuration.
    •  
  • themefile - Generates a configuration file for the current Pwndbg theme options.
    •  
  • version - Displays Pwndbg and its important deps versions.
    •  
"},{"location":"commands/#register","title":"Register","text":"
     
  • cpsr - Print out ARM CPSR or xPSR register.
    •  
  • fsbase - Prints out the FS base address. See also $fsbase.
    •  
  • gsbase - Prints out the GS base address. See also $gsbase.
    •  
  • setflag - Modify the flags register.
    •  
"},{"location":"commands/#stack","title":"Stack","text":"
     
  • canary - Print out the current stack canary.
    •  
  • retaddr - Print out the stack addresses that contain return addresses.
    •  
  • stack-explore - Explore stack from all threads.
    •  
  • stack - Dereferences on stack data with specified count and offset.
    •  
  • stackf - Dereferences on stack data, printing the entire stack frame with specified count and offset .
    •  
"},{"location":"commands/#start","title":"Start","text":"
     
  • attachp - Attaches to a given pid, process name, process found with partial argv match or to a device file.
    •  
  • entry - Start the debugged program stopping at its entrypoint address.
    •  
  • sstart - Alias for 'tbreak __libc_start_main; run'.
    •  
  • start - Start the debugged program stopping at the first convenient location
    •  
"},{"location":"commands/#stepnextcontinue","title":"Step/Next/Continue","text":"
     
  • nextcall - Breaks at the next call instruction.
    •  
  • nextjmp - Breaks at the next jump instruction.
    •  
  • nextproginstr - Breaks at the next instruction that belongs to the running program.
    •  
  • nextret - Breaks at next return-like instruction.
    •  
  • nextsyscall - Breaks at the next syscall not taking branches.
    •  
  • stepover - Breaks on the instruction after this one.
    •  
  • stepret - Breaks at next return-like instruction by 'stepping' to it.
    •  
  • stepsyscall - Breaks at the next syscall by taking branches.
    •  
  • stepuntilasm - Breaks on the next matching instruction.
    •  
  • xuntil - Continue execution until an address or expression.
    •  
"},{"location":"commands/#windbg","title":"WinDbg","text":"
     
  • bc - Clear the breakpoint with the specified index.
    •  
  • bd - Disable the breakpoint with the specified index.
    •  
  • be - Enable the breakpoint with the specified index.
    •  
  • bl - List breakpoints.
    •  
  • bp - Set a breakpoint at the specified address.
    •  
  • da - Dump a string at the specified address.
    •  
  • db - Starting at the specified address, dump N bytes.
    •  
  • dc - Starting at the specified address, hexdump.
    •  
  • dd - Starting at the specified address, dump N dwords.
    •  
  • dds - Dump pointers and symbols at the specified address.
    •  
  • dq - Starting at the specified address, dump N qwords.
    •  
  • ds - Dump a string at the specified address.
    •  
  • dw - Starting at the specified address, dump N words.
    •  
  • eb - Write hex bytes at the specified address.
    •  
  • ed - Write hex dwords at the specified address.
    •  
  • eq - Write hex qwords at the specified address.
    •  
  • ew - Write hex words at the specified address.
    •  
  • ez - Write a string at the specified address.
    •  
  • eza - Write a string at the specified address.
    •  
  • go - WinDbg compatibility alias for 'continue' command.
    •  
  • k - Print a backtrace (alias 'bt').
    •  
  • ln - List the symbols nearest to the provided value.
    •  
  • pc - WinDbg compatibility alias for 'nextcall' command.
    •  
  • peb - Not be windows.
    •  
"},{"location":"commands/#jemalloc-heap","title":"jemalloc Heap","text":"
     
  • jemalloc-extent-info - Prints extent information for the given address
    •  
  • jemalloc-find-extent - Returns extent information for pointer address allocated by jemalloc
    •  
  • jemalloc-heap - Prints all extents information
    •  
"},{"location":"commands/#musl","title":"musl","text":"
     
  • mallocng-dump - Dump the mallocng heap.
    •  
  • mallocng-explain - Gives a quick explanation of musl's mallocng allocator.
    •  
  • mallocng-find - Find slot which contains the given address.
    •  
  • mallocng-group - Print out information about a mallocng group at the given address.
    •  
  • mallocng-malloc-context - Print out the mallocng __malloc_context (ctx) object.
    •  
  • mallocng-meta-area - Print out a mallocng meta_area object at the given address.
    •  
  • mallocng-meta - Print out information about a mallocng group given the address of its meta.
    •  
  • mallocng-slot-start - Dump information about a mallocng slot, given its start address.
    •  
  • mallocng-slot-user - Dump information about a mallocng slot, given its user address.
    •  
  • mallocng-visualize-slots - Visualize slots in a group.
    •  
"},{"location":"commands/breakpoint/break-if-not-taken/","title":"Break if not taken","text":""},{"location":"commands/breakpoint/break-if-not-taken/#break-if-not-taken","title":"break-if-not-taken","text":"
(only in GDB)
 
usage: break-if-not-taken [-h] branch\n
 
Breaks on a branch if it is not taken.
"},{"location":"commands/breakpoint/break-if-not-taken/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help branch The branch instruction to break on."},{"location":"commands/breakpoint/break-if-not-taken/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/break-if-taken/","title":"Break if taken","text":""},{"location":"commands/breakpoint/break-if-taken/#break-if-taken","title":"break-if-taken","text":"
(only in GDB)
 
usage: break-if-taken [-h] branch\n
 
Breaks on a branch if it is taken.
"},{"location":"commands/breakpoint/break-if-taken/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help branch The branch instruction to break on."},{"location":"commands/breakpoint/break-if-taken/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/breakrva/","title":"Breakrva","text":""},{"location":"commands/breakpoint/breakrva/#breakrva","title":"breakrva","text":"
(only in GDB)
 
usage: breakrva [-h] [offset] [module]\n
 
Break at RVA from PIE base.
 
Alias: brva
"},{"location":"commands/breakpoint/breakrva/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help offset Offset to add. (default: 0) module Module to choose as base. Defaults to the target executable. (default: '')"},{"location":"commands/breakpoint/breakrva/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/ignore/","title":"Ignore","text":""},{"location":"commands/breakpoint/ignore/#ignore","title":"ignore","text":"
(only in GDB)
 
usage: ignore [-h] [N] COUNT\n
 
Set ignore-count of breakpoint number N to COUNT.
 
While the ignore count is positive, execution will not stop on the breakpoint.
 
By default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.
"},{"location":"commands/breakpoint/ignore/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help bpnum The breakpoint number N. count The number to set COUNT."},{"location":"commands/breakpoint/ignore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/context/","title":"Context","text":""},{"location":"commands/context/context/#context","title":"context","text":"
usage: context [-h] [--on] [--off] [subcontext ...]\n
 
Print out the currently enabled context sections.
 
This is the text that gets printed on every stop. It can be useful to run this command manually when you change some process/debugger state but don't want to step/continue (e.g. after using the down and up commands).
 
Alias: ctx
"},{"location":"commands/context/context/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help subcontext Submenu to display: 'regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'"},{"location":"commands/context/context/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --on Show the section(s) in subsequent context commands again. The section(s) have to be in the 'context-sections' list. --off Do not show the section(s) in subsequent context commands even though they might be in the 'context-sections' list."},{"location":"commands/context/context/#notes","title":"Notes","text":"
To see more commands related to context control run: 
pwndbg -c context\n
 To see context configuration run: 
config context\n
"},{"location":"commands/context/context/#usage-example","title":"Usage example","text":""},{"location":"commands/context/contextnext/","title":"Contextnext","text":""},{"location":"commands/context/contextnext/#contextnext","title":"contextnext","text":"
usage: contextnext [-h] [count]\n
 
Select next entry in context history.
 
Alias: ctxn
"},{"location":"commands/context/contextnext/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count The number of entries to go forward in history (default: 1)"},{"location":"commands/context/contextnext/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextoutput/","title":"Contextoutput","text":""},{"location":"commands/context/contextoutput/#contextoutput","title":"contextoutput","text":"
usage: contextoutput [-h] section path clearing [banner] [width]\n
 
Sets the output of a context section.
 
Alias: ctx-out
"},{"location":"commands/context/contextoutput/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help section The section which is to be configured. ('regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal') path The path to which the output is written clearing Indicates whether to clear the output banner Where a banner should be placed: both, top , bottom, none (default: 'both') width Sets a fixed width (used for banner). Set to None for auto"},{"location":"commands/context/contextoutput/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextprev/","title":"Contextprev","text":""},{"location":"commands/context/contextprev/#contextprev","title":"contextprev","text":"
usage: contextprev [-h] [count]\n
 
Select previous entry in context history.
 
Alias: ctxp
"},{"location":"commands/context/contextprev/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count The number of entries to go back in history (default: 1)"},{"location":"commands/context/contextprev/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextsearch/","title":"Contextsearch","text":""},{"location":"commands/context/contextsearch/#contextsearch","title":"contextsearch","text":"
usage: contextsearch [-h] needle [section]\n
 
Search for a string in the context history and select that entry.
 
Alias: ctxsearch
"},{"location":"commands/context/contextsearch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help needle The string to search for in the context history section The section to search in. If not provided, search in all sections"},{"location":"commands/context/contextsearch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextunwatch/","title":"Contextunwatch","text":""},{"location":"commands/context/contextunwatch/#contextunwatch","title":"contextunwatch","text":"
usage: contextunwatch [-h] num\n
 
Removes an expression previously added to be watched.
 
Aliases: ctx-unwatch, cunwatch
"},{"location":"commands/context/contextunwatch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help num The expression number to be removed from context"},{"location":"commands/context/contextunwatch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextwatch/","title":"Contextwatch","text":""},{"location":"commands/context/contextwatch/#contextwatch","title":"contextwatch","text":"
usage: contextwatch [-h] [{eval,execute}] expression\n
 
Adds an expression to be shown on context.
 
To remove an expression, see cunwatch.
 
Aliases: ctx-watch, cwatch
"},{"location":"commands/context/contextwatch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help cmd Command to be used with the expression. - eval: the expression is parsed and evaluated as in the debugged language. - execute: the expression is executed as a GDB command. (default: 'eval') expression The expression to be evaluated and shown in context"},{"location":"commands/context/contextwatch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextwatch/#examples","title":"Examples","text":"
For watching variables/expressions:\n    cwatch BUF\n    cwatch ITEMS[0]\n\nFor running commands:\n    cwatch execute \"ds BUF\"\n    cwatch execute \"x/20x $rsp\"\n    cwatch execute \"info args\"\n
"},{"location":"commands/context/regs/","title":"Regs","text":""},{"location":"commands/context/regs/#regs","title":"regs","text":"
usage: regs [-h] [regs ...]\n
 
Print out all registers and enhance the information.
"},{"location":"commands/context/regs/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help regs Registers to be shown"},{"location":"commands/context/regs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/darwin_libsystem_mach-o/commpage/","title":"Commpage","text":""},{"location":"commands/darwin_libsystem_mach-o/commpage/#commpage","title":"commpage","text":"
usage: commpage [-h] [-v]\n
 
Dumps all values from the macOS commpage.
"},{"location":"commands/darwin_libsystem_mach-o/commpage/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print detailed information."},{"location":"commands/developer/dev-dump-instruction/","title":"Dev dump instruction","text":""},{"location":"commands/developer/dev-dump-instruction/#dev-dump-instruction","title":"dev-dump-instruction","text":"
usage: dev-dump-instruction [-h] [-e] [-n] [address]\n
 
Dump internal PwndbgInstruction attributes.
 
Useful for debugging the disassembly and annotation subsystems in Pwndbg. See https://pwndbg.re/dev/contributing/improving-annotations/#bug-root-cause for more information.
"},{"location":"commands/developer/dev-dump-instruction/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to get the enhanced instruction from - must be in cache."},{"location":"commands/developer/dev-dump-instruction/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -e --emulate Force the use of emulation when enhancing the instruction, regardless of global 'emulate' setting. -n --no-emulate Disable the use of emulation when enhancing the instruction, regardless of global 'emulate' setting."},{"location":"commands/developer/log-level/","title":"Log level","text":""},{"location":"commands/developer/log-level/#log-level","title":"log-level","text":"
usage: log-level [-h] [{debug,info,warning,error,critical}]\n
 
Set the log level.
"},{"location":"commands/developer/log-level/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help level The log level to set. (default: 'warning')"},{"location":"commands/developer/log-level/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/disassemble/emulate/","title":"Emulate","text":""},{"location":"commands/disassemble/emulate/#emulate","title":"emulate","text":"
usage: emulate [-h] [-r REVERSE] [-t TOTAL] [pc] [lines]\n
 
Like nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"commands/disassemble/emulate/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pc Address to emulate near. lines Number of lines to disassemble."},{"location":"commands/disassemble/emulate/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --reverse Number of lines to show before the address. -t --total Total number of lines to show. This results in dynamic number of forward instructions depending on how many cached instructions are used."},{"location":"commands/disassemble/nearpc/","title":"Nearpc","text":""},{"location":"commands/disassemble/nearpc/#nearpc","title":"nearpc","text":"
usage: nearpc [-h] [-r REVERSE] [-t TOTAL] [-e] [pc] [lines]\n
 
Disassemble near a specified address.
 
Aliases: pdisass, u
"},{"location":"commands/disassemble/nearpc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pc Address to disassemble near. If this is the only argument and the value provided is small enough, it is interpreted as lines instead. lines Number of lines to disassemble."},{"location":"commands/disassemble/nearpc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --reverse Number of lines to show before the address. -t --total Total number of lines to show. This results in dynamic number of forward instructions depending on how many cached instructions are used. -e --emulate Whether to emulate instructions to find the next ones or just linearly disassemble."},{"location":"commands/glibc_ptmalloc2_heap/arena/","title":"Arena","text":""},{"location":"commands/glibc_ptmalloc2_heap/arena/#arena","title":"arena","text":"
usage: arena [-h] [addr]\n
 
Print the contents of an arena.
 
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/arena/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/arena/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/arenas/","title":"Arenas","text":""},{"location":"commands/glibc_ptmalloc2_heap/arenas/#arenas","title":"arenas","text":"
usage: arenas [-h]\n
 
List this process's arenas.
"},{"location":"commands/glibc_ptmalloc2_heap/arenas/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/bins/","title":"Bins","text":""},{"location":"commands/glibc_ptmalloc2_heap/bins/#bins","title":"bins","text":"
usage: bins [-h] [addr] [tcache_addr]\n
 
Print the contents of all an arena's bins and a thread's tcache.
 
Default to the current thread's arena and tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/bins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena. tcache_addr Address of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/bins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/","title":"Fastbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#fastbins","title":"fastbins","text":"
usage: fastbins [-h] [-v] [addr]\n
 
Print the contents of an arena's fastbins.
 
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all fastbins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/","title":"Find fake fast","text":""},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#find-fake-fast","title":"find-fake-fast","text":"
usage: find-fake-fast [-h] [--align] [--glibc-fastbin-bug]\n                      [--partial-overwrite]\n                      target_address [max_candidate_size]\n
 
Find candidate fake fast or tcache chunks overlapping the specified address.
"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target_address Address of the word-sized value to overlap. max_candidate_size Maximum size of fake chunks to find."},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --align Whether the fake chunk must be aligned to MALLOC_ALIGNMENT. This is required for tcache chunks and for all chunks when Safe Linking is enabled -b --glibc-fastbin-bug Does the GLIBC fastbin size field bug affect the candidate size field width? -p --partial-overwrite Consider partial overwrite candidates, default behavior only shows word-size overwrites."},{"location":"commands/glibc_ptmalloc2_heap/heap/","title":"Heap","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap/#heap","title":"heap","text":"
usage: heap [-h] [-v] [-s] [addr]\n
 
Iteratively print chunks on a heap.
 
Default to the current thread's active heap.
"},{"location":"commands/glibc_ptmalloc2_heap/heap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the first chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents."},{"location":"commands/glibc_ptmalloc2_heap/hi/","title":"Hi","text":""},{"location":"commands/glibc_ptmalloc2_heap/hi/#hi","title":"hi","text":"
usage: hi [-h] [-v] [-s] [-f] addr\n
 
Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/hi/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the interest."},{"location":"commands/glibc_ptmalloc2_heap/hi/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents. -f --fake Allow fake chunks. If set, displays any memory as a heap chunk (even if its not a real chunk)."},{"location":"commands/glibc_ptmalloc2_heap/largebins/","title":"Largebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/largebins/#largebins","title":"largebins","text":"
usage: largebins [-h] [-v] [addr]\n
 
Print the contents of an arena's largebins.
 
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/largebins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/largebins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all largebins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/","title":"Malloc chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#malloc-chunk","title":"malloc-chunk","text":"
usage: malloc-chunk [-h] [-f] [-v] [-s] [-d] [-n NEXT] addr\n
 
Print a chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --fake Is this a fake chunk? -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents. -d --dump Print a hexdump of the chunk. -n --next Print the next N chunks after the specified address. (default: 0)"},{"location":"commands/glibc_ptmalloc2_heap/mp/","title":"Mp","text":""},{"location":"commands/glibc_ptmalloc2_heap/mp/#mp","title":"mp","text":"
usage: mp [-h]\n
 
Print the mp_ struct's contents.
"},{"location":"commands/glibc_ptmalloc2_heap/mp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/","title":"Smallbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#smallbins","title":"smallbins","text":"
usage: smallbins [-h] [-v] [addr]\n
 
Print the contents of an arena's smallbins.
 
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all smallbins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/tcache/","title":"Tcache","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcache/#tcache","title":"tcache","text":"
usage: tcache [-h] [addr]\n
 
Print a thread's tcache contents.
 
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcache/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/tcache/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/","title":"Tcachebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#tcachebins","title":"tcachebins","text":"
usage: tcachebins [-h] [-v] [addr]\n
 
Print the contents of a tcache.
 
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address of the tcache bins."},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all tcachebins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/","title":"Top chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#top-chunk","title":"top-chunk","text":"
usage: top-chunk [-h] [addr]\n
 
Print relevant information about an arena's top chunk.
 
Default to current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/try-free/","title":"Try free","text":""},{"location":"commands/glibc_ptmalloc2_heap/try-free/#try-free","title":"try-free","text":"
usage: try-free [-h] addr\n
 
Check what would happen if free was called with given address.
"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address passed to free"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/","title":"Unsortedbin","text":""},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#unsortedbin","title":"unsortedbin","text":"
usage: unsortedbin [-h] [-v] [addr]\n
 
Print the contents of an arena's unsortedbin.
 
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show the \"all\" bin even if it's empty"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/","title":"Vis heap chunks","text":""},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#vis-heap-chunks","title":"vis-heap-chunks","text":"
usage: vis-heap-chunks [-h] [--beyond_top] [--no_truncate] [--all_chunks]\n                       [count] [addr]\n
 
Visualize chunks on a heap.
 
Default to the current arena's active heap.
 
Alias: vis
"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count Number of chunks to visualize. If the value is big enough and addr isn't provided, this is interpreted as addr instead. (default: 10) addr Address of the first chunk."},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -b --beyond_top Attempt to keep printing beyond the top chunk. -n --no_truncate Display all the chunk contents (Ignore the max-visualize-chunk-size configuration). -a --all_chunks Display all chunks (Ignore the default-visualize-chunk-number configuration)."},{"location":"commands/integrations/ai/","title":"Ai","text":""},{"location":"commands/integrations/ai/#ai","title":"ai","text":"
(only in GDB)
 
usage: ai [-h] [-M MODEL] [-t TEMPERATURE] [-m MAX_TOKENS] [-v] [-L]\n          [-c COMMAND]\n          [question ...]\n
 
Ask GPT-3 a question about the current debugging context.
"},{"location":"commands/integrations/ai/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help question The question to ask."},{"location":"commands/integrations/ai/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -M --model The OpenAI model to use. -t --temperature The temperature to use. -m --max-tokens The maximum number of tokens to generate. -v --verbose Print the prompt and response. -L --list-models List the available models. -c --command Run a command in the GDB debugger and ask a question about the output."},{"location":"commands/integrations/bn-sync/","title":"Bn sync","text":""},{"location":"commands/integrations/bn-sync/#bn-sync","title":"bn-sync","text":"
usage: bn-sync [-h]\n
 
Synchronize Binary Ninja's cursor with GDB.
 
Alias: bns
"},{"location":"commands/integrations/bn-sync/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/decomp/","title":"Decomp","text":""},{"location":"commands/integrations/decomp/#decomp","title":"decomp","text":"
usage: decomp [-h] [addr] [lines]\n
 
Use the current integration to decompile code near an address.
"},{"location":"commands/integrations/decomp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address to decompile near. lines Number of lines of decompilation to show."},{"location":"commands/integrations/decomp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/j/","title":"J","text":""},{"location":"commands/integrations/j/#j","title":"j","text":"
(only in GDB)
 
usage: j [-h]\n
 
Synchronize IDA's cursor with GDB.
"},{"location":"commands/integrations/j/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/r2/","title":"R2","text":""},{"location":"commands/integrations/r2/#r2","title":"r2","text":"
usage: r2 [-h] [--no-seek] [--no-rebase] [arguments ...]\n
 
Launches radare2.
 
Alias: radare2
"},{"location":"commands/integrations/r2/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to radare"},{"location":"commands/integrations/r2/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-seek Do not seek to current pc --no-rebase Do not set the base address for PIE according to the current mapping"},{"location":"commands/integrations/r2/#examples","title":"Examples","text":"
pwndbg> r2 -- -S -AA\nWARN: Relocs has not been applied. Please use `-e bin.relocs.apply=true` or `-e bin.cache=true` next time\nINFO: Analyze all flags starting with sym. and entry0 (aa)\n[...]\nINFO: Debugger commands disabled in sandbox mode\n[0x0001d3d0]> help\n\nWelcome to radare2!\n[...]\n
"},{"location":"commands/integrations/r2pipe/","title":"R2pipe","text":""},{"location":"commands/integrations/r2pipe/#r2pipe","title":"r2pipe","text":"
usage: r2pipe [-h] arguments [arguments ...]\n
 
Execute stateful radare2 commands through r2pipe.
"},{"location":"commands/integrations/r2pipe/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to r2pipe"},{"location":"commands/integrations/r2pipe/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/r2pipe/#examples","title":"Examples","text":"
pwndbg> r2pipe pdf @ sym.main\n            ; ICOD XREF from entry0 @ 0x1d3e8(r)\n\u250c 6786: int main (uint32_t argc, char **argv, char **envp);\n\u2502 `- args(rdi, rsi, rdx) vars(21:sp[0x40..0x18c])\n\u2502           0x0001b920      f30f1efa       endbr64\n\u2502           0x0001b924      4157           push r15\n\u2502           0x0001b926      4156           push r14\n\u2502           0x0001b928      4155           push r13\n\u2502           0x0001b92a      4154           push r12\n[...]\n\u2502           0x0001b966      85c0           test eax, eax\n\u2502       \u250c\u2500< 0x0001b968      7545           jne 0x1b9af\n\u2502       \u2502   0x0001b96a      e8311b0100     call sym.xtrace_init\n\u2502       \u2502   0x0001b96f      e80cff0000     call sym.check_dev_tty\n\u2502       \u2502   ; CODE XREF from main @ 0x1b988(x)\n\u2502      \u250c\u2500\u2500> 0x0001b974      833dd1680f..   cmp dword [obj.debugging_login_shell], 0 ; [0x11224c:4]=0\n\u2502     \u250c\u2500\u2500\u2500< 0x0001b97b      743d           je 0x1b9ba\n\u2502     \u2502\u254e\u2502   0x0001b97d      bf03000000     mov edi, 3\n[...]\n
"},{"location":"commands/integrations/rop/","title":"Rop","text":""},{"location":"commands/integrations/rop/#rop","title":"rop","text":"
usage: rop [-h] [--grep GREP] [--memlimit MEMLIMIT] [argument ...]\n
 
Dump ROP gadgets with Jon Salwan's ROPgadget tool.
 
Alias: ropgadget
"},{"location":"commands/integrations/rop/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help argument Arguments to pass to ROPgadget"},{"location":"commands/integrations/rop/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --grep String to grep the output for --memlimit String to grep the output for (default: '50MB')"},{"location":"commands/integrations/rop/#examples","title":"Examples","text":"
pwndbg> rop --grep 'pop rdi' -- --nojop\nGadgets information\n============================================================\n[...]\n0x0007dce8 : pop rdi ; or dword ptr [rax], eax ; add rsp, 0x28 ; ret\n0x0007d838 : pop rdi ; or dword ptr [rax], eax ; je 0x7d840 ; ret\n0x0005b13d : pop rdi ; pop rbp ; ret\n0x0001ee23 : pop rdi ; ret\n\nUnique gadgets found: 8514\n
"},{"location":"commands/integrations/ropper/","title":"Ropper","text":""},{"location":"commands/integrations/ropper/#ropper","title":"ropper","text":"
(only in GDB)
 
usage: ropper [-h] [argument ...]\n
 
ROP gadget search with ropper.
"},{"location":"commands/integrations/ropper/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help argument Arguments to pass to ropper"},{"location":"commands/integrations/ropper/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/ropper/#examples","title":"Examples","text":"
pwndbg> ropper -- --console\n[INFO] Load gadgets from cache\n[LOAD] loading... 100%\n[LOAD] removing double gadgets... 100%\n(bash/ELF/x86_64)>\n----\npwndbg> ropper -- --search 'pop rdi; ret;'\n[INFO] Load gadgets from cache\n[LOAD] loading... 100%\n[LOAD] removing double gadgets... 100%\n[INFO] Searching for gadgets: pop rdi; ret;\n\n[INFO] File: /usr/bin/bash\n0x000000000001ee23: pop rdi; ret;\n
"},{"location":"commands/integrations/rz/","title":"Rz","text":""},{"location":"commands/integrations/rz/#rz","title":"rz","text":"
usage: rz [-h] [--no-seek] [--no-rebase] [arguments ...]\n
 
Launches rizin.
 
Alias: rizin
"},{"location":"commands/integrations/rz/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to rizin"},{"location":"commands/integrations/rz/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-seek Do not seek to current pc --no-rebase Do not set the base address for PIE according to the current mapping"},{"location":"commands/integrations/rz/#examples","title":"Examples","text":"
pwndbg> rz -- -AA\n[x] Analyze all flags starting with sym. and entry0 (aa)\n[x] Analyze function calls\n[...]\n[x] Enable constraint types analysis for variables\n -- Use 'e asm.offset=true' to show offsets in 16bit segment addressing mode.\n[0x0001d3d0]>\n
"},{"location":"commands/integrations/rzpipe/","title":"Rzpipe","text":""},{"location":"commands/integrations/rzpipe/#rzpipe","title":"rzpipe","text":"
usage: rzpipe [-h] arguments [arguments ...]\n
 
Execute stateful rizin commands through rzpipe.
"},{"location":"commands/integrations/rzpipe/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to rzpipe"},{"location":"commands/integrations/rzpipe/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/rzpipe/#examples","title":"Examples","text":"
pwndbg> rzpipe pdf @ sym.main\n            ; DATA XREF from entry0 @ 0x1d3e8\n\u250c int main(int argc, char **argv, char **envp);\n\u2502           ; arg int argc @ rdi\n\u2502           ; arg char **argv @ rsi\n\u2502           ; arg char **envp @ rdx\n[...]\n\u2502           ; var uint64_t var_18ch @ stack - 0x18c\n\u2502           ; var int64_t var_188h @ stack - 0x188\n[...]\n\u2502           ; var int64_t canary @ stack - 0x40\n\u2502           0x0001b920      endbr64\n\u2502           0x0001b924      push  r15\n\u2502           0x0001b926      push  r14\n\u2502           0x0001b928      push  r13\n\u2502           0x0001b92a      push  r12\n[...]\n\u2502           0x0001b966      test  eax, eax\n\u2502       \u250c\u2500< 0x0001b968      jne   0x1b9af\n\u2502       \u2502   0x0001b96a      call  sym.xtrace_init\n\u2502       \u2502   0x0001b96f      call  sym.check_dev_tty\n\u2502       \u2502   ; CODE XREF from main @ 0x1b988\n\u2502      \u250c\u2500\u2500> 0x0001b974      cmp   dword [obj.debugging_login_shell], 0 ; [0x11224c:4]=0\n\u2502     \u250c\u2500\u2500\u2500< 0x0001b97b      je    0x1b9ba\n\u2502     \u2502\u254e\u2502   0x0001b97d      mov   edi, 3                               ; int s\n[...]\n
"},{"location":"commands/integrations/save-ida/","title":"Save ida","text":""},{"location":"commands/integrations/save-ida/#save-ida","title":"save-ida","text":"
(only in GDB)
 
usage: save-ida [-h]\n
 
Save the ida database.
"},{"location":"commands/integrations/save-ida/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/","title":"Jemalloc extent info","text":""},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#jemalloc-extent-info","title":"jemalloc-extent-info","text":"
usage: jemalloc-extent-info [-h] [-v] addr\n
 
Prints extent information for the given address
"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the extent metadata"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones."},{"location":"commands/jemalloc_heap/jemalloc-find-extent/","title":"Jemalloc find extent","text":""},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#jemalloc-find-extent","title":"jemalloc-find-extent","text":"
usage: jemalloc-find-extent [-h] addr\n
 
Returns extent information for pointer address allocated by jemalloc
"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the allocated memory location"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-heap/","title":"Jemalloc heap","text":""},{"location":"commands/jemalloc_heap/jemalloc-heap/#jemalloc-heap","title":"jemalloc-heap","text":"
usage: jemalloc-heap [-h]\n
 
Prints all extents information
"},{"location":"commands/jemalloc_heap/jemalloc-heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/binder/","title":"Binder","text":""},{"location":"commands/kernel/binder/#binder","title":"binder","text":"
usage: binder [-h]\n
 
Show Android Binder information
"},{"location":"commands/kernel/binder/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/buddydump/","title":"Buddydump","text":""},{"location":"commands/kernel/buddydump/#buddydump","title":"buddydump","text":"
usage: buddydump [-h] [-z ZONE] [-o ORDER] [-m MTYPE] [-p] [-c CPU] [-n NODE]\n                 [-f FIND]\n
 
Displays metadata and freelists of the buddy allocator.
"},{"location":"commands/kernel/buddydump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -z --zone Displays/searches lists only in the specified zone. -o --order Displays/searches lists only with the specified order. -m --mtype Displays/searches lists only with the specified mtype. -p --pcp-only Displays/searches only PCP lists. -c --cpu CPU nr for searching PCP. -n --node -f --find The address to find in page free lists."},{"location":"commands/kernel/kbase/","title":"Kbase","text":""},{"location":"commands/kernel/kbase/#kbase","title":"kbase","text":"
usage: kbase [-h] [-r] [-v]\n
 
Finds the kernel virtual base address.
"},{"location":"commands/kernel/kbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --rebase rebase loaded symbol file -v --verbose show more information relevant to the kbase (e.g. phys addr)"},{"location":"commands/kernel/kbpf/","title":"Kbpf","text":""},{"location":"commands/kernel/kbpf/#kbpf","title":"kbpf","text":"
usage: kbpf [-h] [-v] [-p] [-m]\n
 
Prints information about the linux kernel bpf progs and maps.
"},{"location":"commands/kernel/kbpf/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose (default: 0) -p --progs -m --maps"},{"location":"commands/kernel/kchecksec/","title":"Kchecksec","text":""},{"location":"commands/kernel/kchecksec/#kchecksec","title":"kchecksec","text":"
usage: kchecksec [-h]\n
 
Checks for kernel hardening configuration options.
"},{"location":"commands/kernel/kchecksec/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kcmdline/","title":"Kcmdline","text":""},{"location":"commands/kernel/kcmdline/#kcmdline","title":"kcmdline","text":"
usage: kcmdline [-h]\n
 
Return the kernel commandline (/proc/cmdline).
"},{"location":"commands/kernel/kcmdline/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kconfig/","title":"Kconfig","text":""},{"location":"commands/kernel/kconfig/#kconfig","title":"kconfig","text":"
usage: kconfig [-h] [-l FILE_PATH] [config_name]\n
 
Outputs the kernel config.
"},{"location":"commands/kernel/kconfig/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help config_name A config name to search for"},{"location":"commands/kernel/kconfig/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -l --load load kernel config file"},{"location":"commands/kernel/kcurrent/","title":"Kcurrent","text":""},{"location":"commands/kernel/kcurrent/#kcurrent","title":"kcurrent","text":"
usage: kcurrent [-h] [--set] [pid]\n
 
Displays the current kernel task debugged by the debugger (gdb/lldb) if pid == None     Displays the task with pid if pid != None.
"},{"location":"commands/kernel/kcurrent/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pid"},{"location":"commands/kernel/kcurrent/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --set sets the kernel task used for supported pwndbg commands (kfile, pagewalk), this option does not change internal mem (purely effects how certain commands behaves)"},{"location":"commands/kernel/kdmabuf/","title":"Kdmabuf","text":""},{"location":"commands/kernel/kdmabuf/#kdmabuf","title":"kdmabuf","text":"
usage: kdmabuf [-h]\n
 
Prints DMA buf info
"},{"location":"commands/kernel/kdmabuf/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kdmesg/","title":"Kdmesg","text":""},{"location":"commands/kernel/kdmesg/#kdmesg","title":"kdmesg","text":"
usage: kdmesg [-h] [-T]\n
 
Displays the kernel ring buffer (dmesg) contents.
"},{"location":"commands/kernel/kdmesg/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -T --ctime Print human-readable timestamps."},{"location":"commands/kernel/kfile/","title":"Kfile","text":""},{"location":"commands/kernel/kfile/#kfile","title":"kfile","text":"
usage: kfile [-h] [--fd [FD]] [pid]\n
 
Displays information about fds accessible by a kernel task.
"},{"location":"commands/kernel/kfile/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pid"},{"location":"commands/kernel/kfile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --fd"},{"location":"commands/kernel/klookup/","title":"Klookup","text":""},{"location":"commands/kernel/klookup/#klookup","title":"klookup","text":"
usage: klookup [-h] [-a] [symbol]\n
 
Lookup kernel symbols
 
Aliases: kallsyms, ks
"},{"location":"commands/kernel/klookup/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol Address or symbol name to lookup"},{"location":"commands/kernel/klookup/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --apply applies all the symbols that satisfy the filter"},{"location":"commands/kernel/klookup/#notes","title":"Notes","text":"
Using --apply makes sense for kernel modules. If you want to symbolize the whole kernel, use vmlinux-to-elf (marin-m/vmlinux-to-elf) or compile it yourself.
"},{"location":"commands/kernel/kmem-trace/","title":"Kmem trace","text":""},{"location":"commands/kernel/kmem-trace/#kmem-trace","title":"kmem-trace","text":"
usage: kmem-trace [-h] [-s] [-b] [-v] [-c COMMAND] [--all]\n
 
Trace kernel memory (SLUB and buddy) allocations and frees.
 
This command will execute next in the debugger, and print out all (de)allocations that happen until the command finishes. As such this makes most sense to call when the PC is on a function call instruction. Only (de)allocations triggered by the current function are considered (rather than other threads etc).
 
If neither -s nor -b are passed, both allocators are traced.
"},{"location":"commands/kernel/kmem-trace/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -s --trace-slab do only slab allocator tracing -b --trace-buddy do only buddy allocator tracing -v --verbose print backtraces -c --command trace during the execution of this command (default: 'next') --all display ALL memory allocations/frees regardless if they are triggered by the current function."},{"location":"commands/kernel/kmem-trace/#notes","title":"Notes","text":"
The --all flag may be helpful if you also want to trace frees scheduled with rcu or if the traced command steps out of the current function. You may also find -c finish and -c continue useful.
"},{"location":"commands/kernel/kmod/","title":"Kmod","text":""},{"location":"commands/kernel/kmod/#kmod","title":"kmod","text":"
usage: kmod [-h] [-l PATH] [module_name]\n
 
Displays the loaded Linux kernel modules.
"},{"location":"commands/kernel/kmod/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help module_name A module name substring to filter for"},{"location":"commands/kernel/kmod/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -l --load the path of the module to load"},{"location":"commands/kernel/knft-dump/","title":"Knft dump","text":""},{"location":"commands/kernel/knft-dump/#knft-dump","title":"knft-dump","text":"
usage: knft-dump [-h] [nsid]\n
 
Dump all nftables: tables, chains, rules, expressions
"},{"location":"commands/kernel/knft-dump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help nsid Network Namespace ID"},{"location":"commands/kernel/knft-dump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/knft-list-chains/","title":"Knft list chains","text":""},{"location":"commands/kernel/knft-list-chains/#knft-list-chains","title":"knft-list-chains","text":"
usage: knft-list-chains [-h] [--nsid NSID] [table_family] [table_name]\n
 
Dump netfilter chains form a specific table
"},{"location":"commands/kernel/knft-list-chains/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Netfilter table family (inet, ip, ip6, netdev, bridge, arp) table_name Table name"},{"location":"commands/kernel/knft-list-chains/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-exprs/","title":"Knft list exprs","text":""},{"location":"commands/kernel/knft-list-exprs/#knft-list-exprs","title":"knft-list-exprs","text":"
usage: knft-list-exprs [-h] [--nsid NSID]\n                       [table_family] [table_name] [chain_name] [rule_id]\n
 
Dump only expressions from specific rule
"},{"location":"commands/kernel/knft-list-exprs/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name chain_name Chain name rule_id Rule Handle ID"},{"location":"commands/kernel/knft-list-exprs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-flowtables/","title":"Knft list flowtables","text":""},{"location":"commands/kernel/knft-list-flowtables/#knft-list-flowtables","title":"knft-list-flowtables","text":"
usage: knft-list-flowtables [-h] [--nsid NSID] [table_family] [table_name]\n
 
Dump netfilter flowtables from a specific table
"},{"location":"commands/kernel/knft-list-flowtables/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Netfilter table family (inet, ip, ip6, netdev, bridge, arp) table_name Table name"},{"location":"commands/kernel/knft-list-flowtables/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-objects/","title":"Knft list objects","text":""},{"location":"commands/kernel/knft-list-objects/#knft-list-objects","title":"knft-list-objects","text":"
usage: knft-list-objects [-h] [--nsid NSID] [table_family] [table_name]\n
 
Dump netfilter objects from a specific table
"},{"location":"commands/kernel/knft-list-objects/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name"},{"location":"commands/kernel/knft-list-objects/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-rules/","title":"Knft list rules","text":""},{"location":"commands/kernel/knft-list-rules/#knft-list-rules","title":"knft-list-rules","text":"
usage: knft-list-rules [-h] [--nsid NSID]\n                       [table_family] [table_name] [chain_name]\n
 
Dump netfilter rules form a specific chain
"},{"location":"commands/kernel/knft-list-rules/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name chain_name Chain name"},{"location":"commands/kernel/knft-list-rules/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-sets/","title":"Knft list sets","text":""},{"location":"commands/kernel/knft-list-sets/#knft-list-sets","title":"knft-list-sets","text":"
usage: knft-list-sets [-h] [--nsid NSID] [table_family] [table_name]\n
 
Dump netfilter sets from a specific table
"},{"location":"commands/kernel/knft-list-sets/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name"},{"location":"commands/kernel/knft-list-sets/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-tables/","title":"Knft list tables","text":""},{"location":"commands/kernel/knft-list-tables/#knft-list-tables","title":"knft-list-tables","text":"
usage: knft-list-tables [-h] [--nsid NSID]\n
 
Dump netfliter tables from a specific network namespace
"},{"location":"commands/kernel/knft-list-tables/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/ksyscalls/","title":"Ksyscalls","text":""},{"location":"commands/kernel/ksyscalls/#ksyscalls","title":"ksyscalls","text":"
usage: ksyscalls [-h] [syscall_name]\n
 
Displays Linux syscall table, including names and addresses of syscalls.
"},{"location":"commands/kernel/ksyscalls/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help syscall_name A syscall name to search for"},{"location":"commands/kernel/ksyscalls/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/ktask/","title":"Ktask","text":""},{"location":"commands/kernel/ktask/#ktask","title":"ktask","text":"
usage: ktask [-h] [task_name]\n
 
Displays information about kernel tasks.
"},{"location":"commands/kernel/ktask/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help task_name A task name to search for"},{"location":"commands/kernel/ktask/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kversion/","title":"Kversion","text":""},{"location":"commands/kernel/kversion/#kversion","title":"kversion","text":"
usage: kversion [-h]\n
 
Outputs the kernel version (/proc/version).
"},{"location":"commands/kernel/kversion/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/msr/","title":"Msr","text":""},{"location":"commands/kernel/msr/#msr","title":"msr","text":"
usage: msr [-h] [-w [write_value]] [-l] [-r [MSR_RANGE]] [msr]\n
 
Read or write to Model Specific Register (MSR)
"},{"location":"commands/kernel/msr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help msr MSR value or name"},{"location":"commands/kernel/msr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -w --write value to write in MSR -l --list list common MSRs for the current arch -r --range dash separated range of MSRs to read (eg. --range=1-10 where 10 is included)"},{"location":"commands/kernel/p2v/","title":"P2v","text":""},{"location":"commands/kernel/p2v/#p2v","title":"p2v","text":"
usage: p2v [-h] paddr\n
 
Translate physical address to its corresponding virtual address.
"},{"location":"commands/kernel/p2v/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help paddr"},{"location":"commands/kernel/p2v/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/pageinfo/","title":"Pageinfo","text":""},{"location":"commands/kernel/pageinfo/#pageinfo","title":"pageinfo","text":"
usage: pageinfo [-h] page\n
 
Convert a pointer to a struct page to its corresponding virtual address.
"},{"location":"commands/kernel/pageinfo/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help page"},{"location":"commands/kernel/pageinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/pagewalk/","title":"Pagewalk","text":""},{"location":"commands/kernel/pagewalk/#pagewalk","title":"pagewalk","text":"
usage: pagewalk [-h] [--pgd ENTRY] vaddr\n
 
Performs pagewalk.
"},{"location":"commands/kernel/pagewalk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help vaddr virtual address to walk"},{"location":"commands/kernel/pagewalk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --pgd"},{"location":"commands/kernel/slab/","title":"Slab","text":""},{"location":"commands/kernel/slab/#slab","title":"slab","text":"
usage: slab [-h] {list,info,contains} ...\n
 
Prints information about the linux kernel's slab allocator SLUB.
"},{"location":"commands/kernel/slab/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help command"},{"location":"commands/kernel/slab/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/v2p/","title":"V2p","text":""},{"location":"commands/kernel/v2p/#v2p","title":"v2p","text":"
usage: v2p [-h] vaddr\n
 
Translate virtual address to its corresponding physmap address.
"},{"location":"commands/kernel/v2p/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help vaddr"},{"location":"commands/kernel/v2p/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/vmlinux/","title":"Vmlinux","text":""},{"location":"commands/kernel/vmlinux/#vmlinux","title":"vmlinux","text":"
usage: vmlinux [-h] [-t TOOL] filepath\n
 
Load bzImage or vmlinux file to add kernel debug symbols.
"},{"location":"commands/kernel/vmlinux/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filepath Path to the bzImage or vmlinux file to load"},{"location":"commands/kernel/vmlinux/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -t --tool Path to the vmlinux-to-elf tool (if not in PATH)"},{"location":"commands/linux_libc_elf/argc/","title":"Argc","text":""},{"location":"commands/linux_libc_elf/argc/#argc","title":"argc","text":"
usage: argc [-h]\n
 
Prints out the number of arguments.
"},{"location":"commands/linux_libc_elf/argc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/argv/","title":"Argv","text":""},{"location":"commands/linux_libc_elf/argv/#argv","title":"argv","text":"
usage: argv [-h] [i]\n
 
Prints out the contents of argv.
"},{"location":"commands/linux_libc_elf/argv/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help i Index of the argument to print out."},{"location":"commands/linux_libc_elf/argv/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/aslr/","title":"Aslr","text":""},{"location":"commands/linux_libc_elf/aslr/#aslr","title":"aslr","text":"
usage: aslr [-h] [{on,off}]\n
 
Check the current ASLR status, or turn it on/off.
 
Does not take effect until the program is restarted.
"},{"location":"commands/linux_libc_elf/aslr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help state Turn ASLR on or off (takes effect when target is started)"},{"location":"commands/linux_libc_elf/aslr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/auxv-explore/","title":"Auxv explore","text":""},{"location":"commands/linux_libc_elf/auxv-explore/#auxv-explore","title":"auxv-explore","text":"
usage: auxv-explore [-h]\n
 
Explore and print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/auxv/","title":"Auxv","text":""},{"location":"commands/linux_libc_elf/auxv/#auxv","title":"auxv","text":"
usage: auxv [-h]\n
 
Print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/elfsections/","title":"Elfsections","text":""},{"location":"commands/linux_libc_elf/elfsections/#elfsections","title":"elfsections","text":"
usage: elfsections [-h] [-R]\n
 
Prints the section mappings contained in the ELF header. If binary not start or use --no-rebase, the section permission based on section flags.
"},{"location":"commands/linux_libc_elf/elfsections/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -R --no-rebase Print the non-rebased section address."},{"location":"commands/linux_libc_elf/elfsections/#examples","title":"Examples","text":"
elfsections\nelfsections --no-rebase\n
"},{"location":"commands/linux_libc_elf/envp/","title":"Envp","text":""},{"location":"commands/linux_libc_elf/envp/#envp","title":"envp","text":"
usage: envp [-h] [name]\n
 
Prints out the contents of the environment.
 
Aliases: env, environ
"},{"location":"commands/linux_libc_elf/envp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help name Name of the environment variable to see."},{"location":"commands/linux_libc_elf/envp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/errno/","title":"Errno","text":""},{"location":"commands/linux_libc_elf/errno/#errno","title":"errno","text":"
usage: errno [-h] [err]\n
 
Converts errno (or argument) to its string representation.
"},{"location":"commands/linux_libc_elf/errno/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help err Errno; if not passed, it is retrieved from __errno_location"},{"location":"commands/linux_libc_elf/errno/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/got/","title":"Got","text":""},{"location":"commands/linux_libc_elf/got/#got","title":"got","text":"
(only in GDB)
 
usage: got [-h] [-p PATH_FILTER | -a] [-r] [symbol_filter]\n
 
Show the state of the Global Offset Table.
"},{"location":"commands/linux_libc_elf/got/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol_filter Filter results by symbol name. (default: '')"},{"location":"commands/linux_libc_elf/got/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --path Filter results by library/objfile path. (default: '') -a --all Process all libs/obfjiles including the target executable. -r --show-readonly Also display read-only entries (which are filtered out by default)."},{"location":"commands/linux_libc_elf/got/#examples","title":"Examples","text":"
> got\n    Print all writable GOT entries in the executable.\n> got -r puts\n    Print all GOT entries that contain the string \"puts\".\n> got -p libc\n    Print all writable GOT entries used by libc. (And any other loaded\n    object files that contain the string \"libc\" in their path).\n> got -ra\n    Print all GOT entries in the address space.\n
"},{"location":"commands/linux_libc_elf/gotplt/","title":"Gotplt","text":""},{"location":"commands/linux_libc_elf/gotplt/#gotplt","title":"gotplt","text":"
usage: gotplt [-h]\n
 
Prints any symbols found in the .got.plt section if it exists.
"},{"location":"commands/linux_libc_elf/gotplt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/libcinfo/","title":"Libcinfo","text":""},{"location":"commands/linux_libc_elf/libcinfo/#libcinfo","title":"libcinfo","text":"
usage: libcinfo [-h]\n
 
Show libc version and link to its sources
"},{"location":"commands/linux_libc_elf/libcinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/linkmap/","title":"Linkmap","text":""},{"location":"commands/linux_libc_elf/linkmap/#linkmap","title":"linkmap","text":"
usage: linkmap [-h]\n
 
Show the state of the Link Map
"},{"location":"commands/linux_libc_elf/linkmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/onegadget/","title":"Onegadget","text":""},{"location":"commands/linux_libc_elf/onegadget/#onegadget","title":"onegadget","text":"
usage: onegadget [-h] [--show-unsat] [--no-unknown] [-v]\n
 
Find gadgets which single-handedly give code execution.
 
Uses the onegadget tool by david942j.
"},{"location":"commands/linux_libc_elf/onegadget/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-unsat Show unsatisfiable gadgets. --no-unknown Do not show unknown gadgets. -v --verbose Show verbose output."},{"location":"commands/linux_libc_elf/parse-seccomp/","title":"Parse seccomp","text":""},{"location":"commands/linux_libc_elf/parse-seccomp/#parse-seccomp","title":"parse-seccomp","text":"
usage: parse-seccomp [-h] addr\n
 
Parse a struct sock_fprog from memory and dump its filter
"},{"location":"commands/linux_libc_elf/parse-seccomp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of sock_fprog structure in target process memory (e.g. 0xdeadbeef)"},{"location":"commands/linux_libc_elf/parse-seccomp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/piebase/","title":"Piebase","text":""},{"location":"commands/linux_libc_elf/piebase/#piebase","title":"piebase","text":"
usage: piebase [-h] [offset] [module]\n
 
Calculate VA of RVA from PIE base.
"},{"location":"commands/linux_libc_elf/piebase/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help offset Offset from PIE base. (default: 0) module Module to choose as base. Defaults to the target executable. (default: '')"},{"location":"commands/linux_libc_elf/piebase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/plt/","title":"Plt","text":""},{"location":"commands/linux_libc_elf/plt/#plt","title":"plt","text":"
usage: plt [-h] [-a]\n
 
Prints any symbols found in Procedure Linkage Table sections if any exist.
"},{"location":"commands/linux_libc_elf/plt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all-symbols Print all symbols, not just those that end in @plt"},{"location":"commands/linux_libc_elf/strings/","title":"Strings","text":""},{"location":"commands/linux_libc_elf/strings/#strings","title":"strings","text":"
usage: strings [-h] [-n N] [--save-as SAVE_AS] [page_names ...]\n
 
Extracts and displays ASCII strings from readable memory pages of the debugged process.
"},{"location":"commands/linux_libc_elf/strings/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help page_names Mapping to search [e.g. libc]. Can be used with multiple mappings [e.g libc heap stack] (default: '[]')"},{"location":"commands/linux_libc_elf/strings/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n Minimum length of ASCII strings to include (default: 4) --save-as Sets the filename for the output of this command [e.g. --save-as='out.txt']"},{"location":"commands/linux_libc_elf/threads/","title":"Threads","text":""},{"location":"commands/linux_libc_elf/threads/#threads","title":"threads","text":"
usage: threads [-h] [-c] [num_threads]\n
 
List all threads belonging to the selected inferior.
"},{"location":"commands/linux_libc_elf/threads/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help num_threads Number of threads to display. Omit to display all threads."},{"location":"commands/linux_libc_elf/threads/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -c --config Respect context-max-threads config to limit number of threads displayed."},{"location":"commands/linux_libc_elf/tls/","title":"Tls","text":""},{"location":"commands/linux_libc_elf/tls/#tls","title":"tls","text":"
usage: tls [-h] [-p] [-a]\n
 
Print out base address of the current Thread Local Storage (TLS).
"},{"location":"commands/linux_libc_elf/tls/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --pthread-self Try to get the address of TLS by calling pthread_self(). -a --all Do not truncate the dump output."},{"location":"commands/linux_libc_elf/track-got/","title":"Track got","text":""},{"location":"commands/linux_libc_elf/track-got/#track-got","title":"track-got","text":"
(only in GDB)
 
usage: track-got [-h] {enable,disable,info,query} ...\n
 
Controls GOT tracking
"},{"location":"commands/linux_libc_elf/track-got/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/track-heap/","title":"Track heap","text":""},{"location":"commands/linux_libc_elf/track-heap/#track-heap","title":"track-heap","text":"
(only in GDB)
 
usage: track-heap [-h] {enable,disable,toggle-break} ...\n
 
Manages the heap tracker.
 
The heap tracker is a module that tracks usage of the GLibc heap and looks for user errors such as double frees and use after frees.
 
Currently, the following errors can be detected:     - Use After Free
"},{"location":"commands/linux_libc_elf/track-heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/distance/","title":"Distance","text":""},{"location":"commands/memory/distance/#distance","title":"distance","text":"
usage: distance [-h] a [b]\n
 
Print the distance between the two arguments, or print the offset to the address's page base.
"},{"location":"commands/memory/distance/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help a The first address. b The second address."},{"location":"commands/memory/distance/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/dump-register-frame/","title":"Dump register frame","text":""},{"location":"commands/memory/dump-register-frame/#dump-register-frame","title":"dump-register-frame","text":"
usage: dump-register-frame [-h] [-p]\n                           {armcm-exception,armcm-exception2} [address]\n
 
Display the registers saved to memory for a certain frame type
"},{"location":"commands/memory/dump-register-frame/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help frame_type The type of frame to print address The address to read the frame from"},{"location":"commands/memory/dump-register-frame/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --print Show addresses of frame values"},{"location":"commands/memory/gdt/","title":"Gdt","text":""},{"location":"commands/memory/gdt/#gdt","title":"gdt","text":"
usage: gdt [-h] address [count]\n
 
Decode X86-64 GDT entries at address
 
See also:
 
     
  • https://wiki.osdev.org/Global_Descriptor_Table
    •  
  • https://wiki.osdev.org/GDT_Tutorial
    •  
"},{"location":"commands/memory/gdt/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address x86-64 GDTR base address (e.g. read from sgdt instruction from [16:79] bits) count Number of entries to dump (should be (GDTR.size+1)/8) (default: 8)"},{"location":"commands/memory/gdt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/gdt/#notes","title":"Notes","text":"
In 64-bit mode, the Base and Limit values are ignored, each descriptor covers the entire linear address space regardless of what they are set to.
"},{"location":"commands/memory/go-dump/","title":"Go dump","text":""},{"location":"commands/memory/go-dump/#go-dump","title":"go-dump","text":"
usage: go-dump [-h] [-x] [-f [DECIMALS]] [-d] [-p] ty address\n
 
Dumps a Go value of a given type at a specified address.
 
Alias: god
"},{"location":"commands/memory/go-dump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help ty Go type of value to dump, e.g. map[int]string, or the address of a type to resolve at runtime, e.g. 0x408860 address Address to dump"},{"location":"commands/memory/go-dump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -x --hex Display non-pointer integers as hex -f --decimals Configures the number of decimal places to display for floating points -d --debug Shows debug info, like addresses for slice/map elements, slice capacity, etc. -p --pretty Enables pretty printing"},{"location":"commands/memory/go-type/","title":"Go type","text":""},{"location":"commands/memory/go-type/#go-type","title":"go-type","text":"
usage: go-type [-h] address\n
 
Dumps a Go runtime reflection type at a specified address.
 
Alias: goty
"},{"location":"commands/memory/go-type/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump"},{"location":"commands/memory/go-type/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/hexdump/","title":"Hexdump","text":""},{"location":"commands/memory/hexdump/#hexdump","title":"hexdump","text":"
usage: hexdump [-h] [-C [{py,c}]] [address] [count]\n
 
Hexdumps data at the specified address or module name.
"},{"location":"commands/memory/hexdump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address or module name to dump (default: $sp) count Number of bytes to dump (default: 64)"},{"location":"commands/memory/hexdump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -C --code Output as Python or C code data definition (default: py)"},{"location":"commands/memory/leakfind/","title":"Leakfind","text":""},{"location":"commands/memory/leakfind/#leakfind","title":"leakfind","text":"
usage: leakfind [-h] [-p [PAGE_NAME]] [-o [MAX_OFFSET]] [-d [MAX_DEPTH]]\n                [-s [STEP]] [--negative_offset [NEGATIVE_OFFSET]]\n                [address]\n
 
Attempt to find a leak chain given a starting address.
 
Scans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.
"},{"location":"commands/memory/leakfind/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Starting address to find a leak chain from (default: $sp)"},{"location":"commands/memory/leakfind/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --page_name Substring required to be part of the name of any found pages -o --max_offset Max offset to add to addresses when looking for leak (default: 72) -d --max_depth Maximum depth to follow pointers to (default: 4) -s --step Step to add between pointers so they are considered. For example, if this is 4 it would only consider pointers at an offset divisible by 4 from the starting pointer (default: 1) --negative_offset Max negative offset to search before an address when looking for a leak (default: 0)"},{"location":"commands/memory/leakfind/#examples","title":"Examples","text":"
pwndbg> leakfind $rsp --page_name=filename --max_offset=0x48 --max_depth=6.\nThis would look for any chains of leaks that point to a section in filename\nwhich begin near $rsp, are never 0x48 bytes further from a known pointer,\nand are a maximum length of 6.\n
"},{"location":"commands/memory/memfrob/","title":"Memfrob","text":""},{"location":"commands/memory/memfrob/#memfrob","title":"memfrob","text":"
usage: memfrob [-h] address count\n
 
Memfrobs a region of memory (xor with '*').
"},{"location":"commands/memory/memfrob/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to start xoring at. count The number of bytes to xor."},{"location":"commands/memory/memfrob/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/mmap/","title":"Mmap","text":""},{"location":"commands/memory/mmap/#mmap","title":"mmap","text":"
usage: mmap [-h] [--quiet] [--force] addr length [prot] [flags] [fd] [offset]\n
 
Calls the mmap syscall and prints its resulting address.
 
Note that the mmap syscall may fail for various reasons (see man mmap) and, in case of failure, its return value will not be a valid pointer.
 
PROT values: NONE (0), READ (1), WRITE (2), EXEC (4)
 
MAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10),             ANONYMOUS (0x20)
 
Flags and protection values can be either a string containing the names of the flags or permissions or a single number corresponding to the bitwise OR of the protection and flag numbers.
"},{"location":"commands/memory/mmap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address hint to be given to mmap. length Length of the mapping, in bytes. Needs to be greater than zero. prot Prot enum or int as in mmap(2). Eg. \"PROT_READ|PROT_EXEC\" or 7 (for RWX). (default: '7') flags Flags enum or int as in mmap(2). Eg. \"MAP_PRIVATE|MAP_ANONYMOUS\" or 0x22. (default: '0x22') fd File descriptor of the file to be mapped, or -1 if using MAP_ANONYMOUS. (default: -1) offset Offset from the start of the file, in bytes, if using file based mapping. (default: 0)"},{"location":"commands/memory/mmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -q --quiet Disable address validity warnings and hints -f --force Force potentially unsafe actions to happen"},{"location":"commands/memory/mmap/#examples","title":"Examples","text":"
mmap 0x0 4096 PROT_READ|PROT_WRITE|PROT_EXEC MAP_PRIVATE|MAP_ANONYMOUS -1 0\n - Maps a new private+anonymous page with RWX permissions at a location\n   decided by the kernel.\n\nmmap 0x0 4096 PROT_READ MAP_PRIVATE 10 0\n - Maps 4096 bytes of the file pointed to by file descriptor number 10 with\n   read permission at a location decided by the kernel.\n\nmmap 0xdeadbeef 0x1000\n - Maps a new private+anonymous page with RWX permissions at a page boundary\n   near 0xdeadbeef.\n
"},{"location":"commands/memory/mprotect/","title":"Mprotect","text":""},{"location":"commands/memory/mprotect/#mprotect","title":"mprotect","text":"
usage: mprotect [-h] addr length prot\n
 
Calls the mprotect syscall and prints its result value.
 
Note that the mprotect syscall may fail for various reasons (see man mprotect) and a non-zero error return value can be decoded with the errno <value> command.
"},{"location":"commands/memory/mprotect/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Page-aligned address to all mprotect on. length Count of bytes to call mprotect on. Needs to be multiple of page size. prot Prot string as in mprotect(2). Eg. \"PROT_READ|PROT_EXEC\", \"rx\", or \"5\""},{"location":"commands/memory/mprotect/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/mprotect/#examples","title":"Examples","text":"
mprotect $rsp 4096 PROT_READ|PROT_WRITE|PROT_EXEC\nmprotect $rsp 4096 rwx\nmprotect $rsp 4096 7\nmprotect some_symbol 0x1000 PROT_NONE\n
"},{"location":"commands/memory/p2p/","title":"P2p","text":""},{"location":"commands/memory/p2p/#p2p","title":"p2p","text":"
usage: p2p [-h] mapping_names [mapping_names ...]\n
 
Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
 
Any chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.
"},{"location":"commands/memory/p2p/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help mapping_names Mapping name"},{"location":"commands/memory/p2p/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/probeleak/","title":"Probeleak","text":""},{"location":"commands/memory/probeleak/#probeleak","title":"probeleak","text":"
usage: probeleak [-h] [--max-distance MAX_DISTANCE] [--point-to POINT_TO]\n                 [--max-ptrs MAX_PTRS] [--flags FLAGS]\n                 [address] [count]\n
 
Pointer scan for possible offset leaks.
"},{"location":"commands/memory/probeleak/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Leak memory address (default: $sp) count Leak size in bytes (default: 64)"},{"location":"commands/memory/probeleak/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --max-distance Max acceptable distance between memory page boundary and leaked pointer (default: 0) --point-to Mapping name of the page that you want the pointers point to --max-ptrs Stop search after find n pointers, default 0 (default: 0) --flags flags of the page that you want the pointers point to. [e.g. rwx]"},{"location":"commands/memory/probeleak/#examples","title":"Examples","text":"
> probeleak $rsp 0x64\nLeaks 0x64 bytes starting at stack pointer and search for valid pointers.\n> probeleak $rsp 0x64 --max-dist 0x10\nAs above, but pointers may point 0x10 bytes outside of memory page.\n> probeleak $rsp 0x64 --point-to libc --max-ptrs 1 --flags rwx\nLeaks 0x64 bytes starting at stack pointer and search for one valid pointer\nwhich points to a libc rwx page.\n
"},{"location":"commands/memory/search/","title":"Search","text":""},{"location":"commands/memory/search/#search","title":"search","text":"
usage: search [-h] [-t {byte,short,word,dword,qword,pointer,string,bytes,asm}]\n              [-1] [-2] [-4] [-8] [-p] [--asm] [--asmbp] [-x] [-e] [-w]\n              [-s STEP] [-l LIMIT] [-a ALIGNED] [--save] [--no-save] [-n]\n              [--trunc-out]\n              value [mapping_name]\n
 
Search memory for byte sequences, strings, pointers, and integer values.
 
By default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.
"},{"location":"commands/memory/search/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help value Value to search for mapping_name Mapping to search [e.g. libc]"},{"location":"commands/memory/search/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -t --type Size of search target (default: 'bytes') -1 --byte Search for a 1-byte integer -2 --short Search for a 2-byte integer -4 --dword Search for a 4-byte integer -8 --qword Search for an 8-byte integer -p --pointer Search for a pointer-width integer --asm Search for an assembly instruction --asmbp Set breakpoint for found assembly instruction -x --hex Target is a hex-encoded (for bytes/strings) -e --executable Search executable segments only -w --writable Search writable segments only -s --step Step search address forward to next alignment after each hit (ex: 0x1000) -l --limit Max results before quitting the search. Differs from --trunc-out in that it will not save all search results before quitting -a --aligned Result must be aligned to this byte boundary --save Save results for further searches with --next. Default comes from config 'auto-save-search' --no-save Invert --save -n --next Search only locations returned by previous search with --save --trunc-out Truncate the output to 20 results. Differs from --limit in that it will first save all search results"},{"location":"commands/memory/telescope/","title":"Telescope","text":""},{"location":"commands/memory/telescope/#telescope","title":"telescope","text":"
usage: telescope [-h] [-r] [-f] [-i] [address] [count]\n
 
Recursively dereferences pointers starting at the specified address.
"},{"location":"commands/memory/telescope/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to telescope at. (default: $sp) count The number of lines to show. (default: 8)"},{"location":"commands/memory/telescope/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --reverse Show  previous addresses instead of next ones -f --frame Show the stack frame, from rsp to rbp -i --inverse Show the stack reverse growth"},{"location":"commands/memory/vmmap-add/","title":"Vmmap add","text":""},{"location":"commands/memory/vmmap-add/#vmmap-add","title":"vmmap-add","text":"
usage: vmmap-add [-h] start size [flags] [offset]\n
 
Add virtual memory map page.
"},{"location":"commands/memory/vmmap-add/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help start Starting virtual address size Size of the address space, in bytes flags Flags set by the ELF file (r - read, w - write, x - executable) (default: '') offset Offset into the original ELF file that the data is loaded from (default: 0)"},{"location":"commands/memory/vmmap-add/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap-clear/","title":"Vmmap clear","text":""},{"location":"commands/memory/vmmap-clear/#vmmap-clear","title":"vmmap-clear","text":"
usage: vmmap-clear [-h]\n
 
Clear the vmmap cache.
"},{"location":"commands/memory/vmmap-clear/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap-explore/","title":"Vmmap explore","text":""},{"location":"commands/memory/vmmap-explore/#vmmap-explore","title":"vmmap-explore","text":"
usage: vmmap-explore [-h] address\n
 
Explore a page, trying to guess permissions.
"},{"location":"commands/memory/vmmap-explore/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address of the page to explore"},{"location":"commands/memory/vmmap-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap/","title":"Vmmap","text":""},{"location":"commands/memory/vmmap/#vmmap","title":"vmmap","text":"
usage: vmmap [-h] [-w] [-x] [-s] [-A LINES_AFTER] [-B LINES_BEFORE]\n             [-C CONTEXT] [--gaps]\n             [gdbval_or_str]\n
 
Print virtual memory map pages.
 
Unnamed mappings are named as [anon_%#x] where %#x is high part of their start address. This is useful for filtering with vmmap or search commands.
 
Known issues with vmmap: For QEMU user targets, the QEMU's gdbstub does not provide memory maps information to GDB until [0] is finished & merged. We try to deal with it without parsing the QEMU process' /proc/$pid/maps file, but if our approach fails, we simply create a [0, 0xffff...] vmmap which is not great and may result in lack of proper colors or inability to search memory with the search command.
 
For QEMU kernel, we use gdb-pt-dump that parses page tables from the guest by reading /proc/$pid/mem of QEMU process. If this does not work for you, use set kernel-vmmap-via-page-tables off to refer to our old method of reading vmmap info from monitor info mem command exposed by QEMU. Note that the latter may be slower and will not give full vmmaps permission information.
 
For coredump debugging, GDB also lacks all vmmap info but we do our best to get it back by using the info proc mappings and maintenance info sections commands.
 
As a last resort, we sometimes try to explore the addresses in CPU registers and if they are readable by GDB, we determine their bounds and create an \"\" vmmap. However, this method is slow and is not used on each GDB stop. 
Memory pages can also be added manually with the use of vmmap-add, vmmap-clear and vmmap-load commands. This may be useful for bare metal debugging.
 
[0] https://lore.kernel.org/all/20220221030910.3203063-1-dominik.b.czarnota@gmail.com/
 
Aliases: lm, address, vprot, libs
"},{"location":"commands/memory/vmmap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help gdbval_or_str Address or module name filter"},{"location":"commands/memory/vmmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -w --writable Display writable maps only -x --executable Display executable maps only -s --expand-shared-cache Expand all entries in the DYLD Shared Cache (Darwin only) -A --lines-after Number of pages to display after result (default: 1) -B --lines-before Number of pages to display before result (default: 1) -C --context Number of pages to display around the result --gaps Display unmapped memory gap information in the memory map."},{"location":"commands/memory/xinfo/","title":"Xinfo","text":""},{"location":"commands/memory/xinfo/#xinfo","title":"xinfo","text":"
usage: xinfo [-h] [address]\n
 
Shows offsets of the specified address from various useful locations.
"},{"location":"commands/memory/xinfo/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to inspect (default: $pc)"},{"location":"commands/memory/xinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/xor/","title":"Xor","text":""},{"location":"commands/memory/xor/#xor","title":"xor","text":"
usage: xor [-h] address key count\n
 
XOR count bytes at address with the key key.
"},{"location":"commands/memory/xor/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to start xoring at. key The key to use. count The number of bytes to xor."},{"location":"commands/memory/xor/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/asm/","title":"Asm","text":""},{"location":"commands/misc/asm/#asm","title":"asm","text":"
usage: asm [-h] [-f {hex,string}]\n           [--arch {powerpc64,aarch64,powerpc,riscv32,riscv64,sparc64,mips64,msp430,alpha,amd64,sparc,thumb,cris,i386,ia64,m68k,mips,s390,none,avr,arm,vax}]\n           [-v AVOID] [-n] [-z] [-i INFILE]\n           [shellcode ...]\n
 
Assemble shellcode into bytes
"},{"location":"commands/misc/asm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help shellcode Assembler code to assemble (default: '[]')"},{"location":"commands/misc/asm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --format Output format (default: 'hex') --arch Target architecture -v --avoid Encode the shellcode to avoid the listed bytes (provided as hex) -n --newline Encode the shellcode to avoid newlines -z --zero Encode the shellcode to avoid NULL bytes -i --infile Specify input file"},{"location":"commands/misc/checksec/","title":"Checksec","text":""},{"location":"commands/misc/checksec/#checksec","title":"checksec","text":"
usage: checksec [-h] [-f FILE]\n
 
Prints out the binary security settings using checksec.
"},{"location":"commands/misc/checksec/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --file Specify the file to run checksec on."},{"location":"commands/misc/checksec/#examples","title":"Examples","text":"
pwndbg> checksec\nFile:     /usr/bin/bash\nArch:     amd64\nRELRO:      Full RELRO\nStack:      Canary found\nNX:         NX enabled\nPIE:        PIE enabled\nSHSTK:      Enabled\nIBT:        Enabled\n
"},{"location":"commands/misc/comm/","title":"Comm","text":""},{"location":"commands/misc/comm/#comm","title":"comm","text":"
usage: comm [-h] [--addr address] comment\n
 
Put comments in assembly code.
"},{"location":"commands/misc/comm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help comment The text you want to comment"},{"location":"commands/misc/comm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --addr Address to write comments"},{"location":"commands/misc/cyclic/","title":"Cyclic","text":""},{"location":"commands/misc/cyclic/#cyclic","title":"cyclic","text":"
usage: cyclic [-h] [-a charset] [-n length] [-t seconds] [-l lookup_value]\n              [-d]\n              [count] [filename]\n
 
Cyclic pattern creator/finder.
"},{"location":"commands/misc/cyclic/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count Number of characters to print from the sequence (default: print the entire sequence) (default: 100) filename Name (path) of the file to save the cyclic pattern to"},{"location":"commands/misc/cyclic/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --alphabet The alphabet to use in the cyclic pattern (default: abcdefghijklmnopqrstuvwxyz) -n --length Size of the unique subsequences (defaults to the pointer size for the current arch) -t --timeout Timeout in seconds for --detect (default: 2) -o --lookup Do a lookup instead of printing the sequence (accepts constant values as well as expressions) -d --detect Detect cyclic patterns in registers (Immediate values and memory pointed to by registers)"},{"location":"commands/misc/cyclic/#notes","title":"Notes","text":"
If you want to write the cyclic pattern to memory, use the spray command!
"},{"location":"commands/misc/cymbol/","title":"Cymbol","text":""},{"location":"commands/misc/cymbol/#cymbol","title":"cymbol","text":"
(only in GDB)
 
usage: cymbol [-h] {add,remove,edit,load,show,file,show-all} ...\n
 
Manage custom C structures in pwndbg. Supports project-specific auto-loading from .gdbinit.
"},{"location":"commands/misc/cymbol/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help subcommand Available subcommands"},{"location":"commands/misc/cymbol/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/cymbol/#notes","title":"Notes","text":"
The cymbol command loads custom C structs and symbols into the debugger using GCC under the hood.
 
Usage Example:     cymbol file --force ./structs.h
 
--force:     Use this flag to force symbol reloading, even if symbols with the same name already exist.
 
Warning:     If a loaded structure defines a symbol that already exists, the debugger may prefer the original     symbol or behave unexpectedly. It\u2019s recommended to use unique struct names to avoid     symbol conflicts.
 
Tip:     You can add this command to your .gdbinit file for automatic loading:         cymbol file --force ./path/to/structs.h
"},{"location":"commands/misc/down/","title":"Down","text":""},{"location":"commands/misc/down/#down","title":"down","text":"
(only in GDB)
 
usage: down [-h] [n]\n
 
Select and print stack frame called by this one.
 
Aliases: do, dow
"},{"location":"commands/misc/down/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help n The number of stack frames to go down. (default: 1)"},{"location":"commands/misc/down/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/dt/","title":"Dt","text":""},{"location":"commands/misc/dt/#dt","title":"dt","text":"
usage: dt [-h] typename [address]\n
 
Dump out information on a type (e.g. ucontext_t).
 
Optionally overlay that information at an address.
"},{"location":"commands/misc/dt/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help typename The name of the structure being dumped. Use quotes if the type contains spaces (e.g. \"struct malloc_state\"). address The address of the structure."},{"location":"commands/misc/dt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/dumpargs/","title":"Dumpargs","text":""},{"location":"commands/misc/dumpargs/#dumpargs","title":"dumpargs","text":"
usage: dumpargs [-h] [-f]\n
 
Prints determined arguments for call/syscall instruction.
 
Alias: args
"},{"location":"commands/misc/dumpargs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --force Force displaying of all arguments."},{"location":"commands/misc/getfile/","title":"Getfile","text":""},{"location":"commands/misc/getfile/#getfile","title":"getfile","text":"
(only in GDB)
 
usage: getfile [-h]\n
 
Gets the current file.
"},{"location":"commands/misc/getfile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hex2ptr/","title":"Hex2ptr","text":""},{"location":"commands/misc/hex2ptr/#hex2ptr","title":"hex2ptr","text":"
usage: hex2ptr [-h] hex_string\n
 
Converts a space-separated hex string to a little-endian address.
"},{"location":"commands/misc/hex2ptr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help hex_string Hexadecimal string to convert (e.g., '00 70 75 c1 cd ef 59 00')."},{"location":"commands/misc/hex2ptr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hijack-fd/","title":"Hijack fd","text":""},{"location":"commands/misc/hijack-fd/#hijack-fd","title":"hijack-fd","text":"
usage: hijack-fd [-h] fdnum newfile\n
 
Replace a file descriptor of a debugged process.
 
The new file descriptor can point to:
 
     
  • a file
    •  
  • a pipe
    •  
  • a socket
    •  
  • a device, etc.
    •  
"},{"location":"commands/misc/hijack-fd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help fdnum File descriptor (FD) number to be replaced with the specified new socket or file. newfile Specify a file or a socket.  For files, the filename must start with / (e.g., /etc/passwd).  For sockets, the following formats are allowed: - 127.0.0.1:80 (default is TCP) - tcp://[::1]:80 - udp://example.com:80 - tcp+ipv6://example.com:80"},{"location":"commands/misc/hijack-fd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hijack-fd/#examples","title":"Examples","text":"
1. Redirect STDOUT to a file:\n   `hijack-fd 1 /dev/null`\n\n2. Redirect STDERR to a socket:\n   `hijack-fd 2 tcp://localhost:8888`\n
"},{"location":"commands/misc/ipi/","title":"Ipi","text":""},{"location":"commands/misc/ipi/#ipi","title":"ipi","text":"
(only in GDB)
 
usage: ipi [-h]\n
 
Start an interactive IPython prompt.
"},{"location":"commands/misc/ipi/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch-list/","title":"Patch list","text":""},{"location":"commands/misc/patch-list/#patch-list","title":"patch-list","text":"
usage: patch-list [-h]\n
 
List all patches.
"},{"location":"commands/misc/patch-list/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch-revert/","title":"Patch revert","text":""},{"location":"commands/misc/patch-revert/#patch-revert","title":"patch-revert","text":"
usage: patch-revert [-h] address\n
 
Revert patch at given address.
"},{"location":"commands/misc/patch-revert/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to revert patch on"},{"location":"commands/misc/patch-revert/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch/","title":"Patch","text":""},{"location":"commands/misc/patch/#patch","title":"patch","text":"
usage: patch [-h] [-q] address ins\n
 
Patches given instruction with given code or bytes.
"},{"location":"commands/misc/patch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to patch ins instruction[s]"},{"location":"commands/misc/patch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -q --quiet don't print anything"},{"location":"commands/misc/plist/","title":"Plist","text":""},{"location":"commands/misc/plist/#plist","title":"plist","text":"
usage: plist [-h] [-s SENTINEL] [-i INNER_NAME] [-f FIELD_NAME] [-o OFFSET]\n             [-c COUNT]\n             path next\n
 
Dumps the elements of a linked list.
 
This command traverses the linked list beginning at a given element, dumping its contents and the contents of all the elements that come after it in the list. Traversal is configurable and can handle multiple types of linked lists, but will always stop when a cycle is detected.
 
The path to the first element can be any GDB expression that evaluates to either the first element directly, or a to pointer to it. The next element is the name of the field containing the next pointer, in either the structure itself or in the structure given by --inner.
 
An address value may be given with --sentinel that signals the end of the list. By default, the value used is NULL (0).
 
If only one field inside each node is desired, it can be printed exclusively by specifying its name with --field.
 
This command supports traversing three types of linked lists, classified by how the next pointer can be found in the structure and what type it is:     1 - Next pointer is field of structure, type is the same as structure.     2 - Next pointer is field of inner nested structure, pointed to type is the         same as outer structure.     3 - Next pointer is field of inner nested structure, pointed to type is the         same as inner structure. Types 2 and 3 require --inner to be specified.
 
Example 1:
 
struct node {\n    int value;\n    struct node *next;\n};\nstruct node node_c = { 2, NULL };\nstruct node node_b = { 1, &node_c };\nstruct node node_a = { 0, &node_b };\n
 
pwndbg> plist node_a next 0x4000011050 : {   value = 0,   next = 0x4000011040  } 0x4000011040 : {   value = 1,   next = 0x4000011010  } 0x4000011010 : {   value = 2,   next = 0x0 } 
Example 2:
 
struct node_inner_a {\n    struct node_inner_a *next;\n};\nstruct inner_a_node {\n    int value;\n    struct node_inner_a inner;\n};\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\n
 
pwndbg> plist inner_a_node_a -i inner next 0x4000011070 : {   value = 0,   inner = {     next = 0x4000011068    } } 0x4000011060 : {   value = 1,   inner = {     next = 0x4000011028    } } 0x4000011020 : {   value = 2,   inner = {     next = 0x0   } } 
Example 3:
 
struct inner_b_node;\nstruct node_inner_b {\n    struct inner_b_node *next;\n};\nstruct inner_b_node {\n    int value;\n    struct node_inner_b inner;\n};\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\n
 
pwndbg> plist inner_b_node_a -i inner next 0x4000011090 : {   value = 0,   inner = {     next = 0x4000011080    } } 0x4000011080 : {   value = 1,   inner = {     next = 0x4000011030    } } 0x4000011030 : {   value = 2,   inner = {     next = 0x0   } }"},{"location":"commands/misc/plist/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help path The first element of the linked list next The name of the field pointing to the next element in the list"},{"location":"commands/misc/plist/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -s --sentinel The address that stands in for an end of list marker in a non-cyclic list (default: 0) -i --inner The name of the inner nested structure where the next pointer is stored -f --field The name of the field to be displayed, if only one is desired -o --offset The offset of the first list element to display. Defaults to zero. (default: 0) -c --count The number of elements to display. Defaults to the value of dereference-limit."},{"location":"commands/misc/sigreturn/","title":"Sigreturn","text":""},{"location":"commands/misc/sigreturn/#sigreturn","title":"sigreturn","text":"
usage: sigreturn [-h] [-a] [-p] [address]\n
 
Display the SigreturnFrame at the specific address
"},{"location":"commands/misc/sigreturn/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to read the frame from"},{"location":"commands/misc/sigreturn/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Show all values in the frame in addition to common registers -p --print Show addresses of frame values"},{"location":"commands/misc/spray/","title":"Spray","text":""},{"location":"commands/misc/spray/#spray","title":"spray","text":"
usage: spray [-h] [--value VALUE] [-x] addr [length]\n
 
Spray memory with cyclic() generated values
"},{"location":"commands/misc/spray/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address to spray length Length of byte sequence, when unspecified sprays until the end of vmmap which address belongs to (default: 0)"},{"location":"commands/misc/spray/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --value Value to spray memory with, when prefixed with '0x' treated as hex string encoded big-endian -x --only-funcptrs Spray only addresses whose values points to executable pages"},{"location":"commands/misc/tips/","title":"Tips","text":""},{"location":"commands/misc/tips/#tips","title":"tips","text":"
usage: tips [-h] [-a]\n
 
Shows tips.
"},{"location":"commands/misc/tips/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Show all tips."},{"location":"commands/misc/up/","title":"Up","text":""},{"location":"commands/misc/up/#up","title":"up","text":"
(only in GDB)
 
usage: up [-h] [n]\n
 
Select and print stack frame that called this one.
"},{"location":"commands/misc/up/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help n The number of stack frames to go up. (default: 1)"},{"location":"commands/misc/up/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/valist/","title":"Valist","text":""},{"location":"commands/misc/valist/#valist","title":"valist","text":"
usage: valist [-h] addr [count]\n
 
Dumps the arguments of a va_list.
"},{"location":"commands/misc/valist/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the va_list count Number of arguments to dump (default: 8)"},{"location":"commands/misc/valist/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/vmmap-load/","title":"Vmmap load","text":""},{"location":"commands/misc/vmmap-load/#vmmap-load","title":"vmmap-load","text":"
usage: vmmap-load [-h] [filename]\n
 
Load virtual memory map pages from ELF file.
"},{"location":"commands/misc/vmmap-load/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filename ELF filename, by default uses current loaded filename."},{"location":"commands/misc/vmmap-load/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/musl/mallocng-dump/","title":"Mallocng dump","text":""},{"location":"commands/musl/mallocng-dump/#mallocng-dump","title":"mallocng-dump","text":"
usage: mallocng-dump [-h] [-ma META_AREA]\n
 
Dump the mallocng heap.
 
May produce lots of output.
 
Alias: ng-dump
"},{"location":"commands/musl/mallocng-dump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -ma --meta-area Dump only the meta area at the provided address."},{"location":"commands/musl/mallocng-dump/#notes","title":"Notes","text":"
Since the command may produce lots of output, you may want to pipe it to less with | ng-dump | less -R.
 
The [index] next to the metas is their index in the doubly linked list pointed to by ctx.freed_meta_head. The [index] next to the slots is the slot's index inside of its group (thus, these will always be sequential).
 
Notice that the pointers in the output of this command aren't colored according to their mapping's color but rather according to the object's allocation status. Color legend: allocated; freed; available.
"},{"location":"commands/musl/mallocng-explain/","title":"Mallocng explain","text":""},{"location":"commands/musl/mallocng-explain/#mallocng-explain","title":"mallocng-explain","text":"
usage: mallocng-explain [-h]\n
 
Gives a quick explanation of musl's mallocng allocator.
 
Alias: ng-explain
"},{"location":"commands/musl/mallocng-explain/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/musl/mallocng-find/","title":"Mallocng find","text":""},{"location":"commands/musl/mallocng-find/#mallocng-find","title":"mallocng-find","text":"
usage: mallocng-find [-h] [-a] [-m] [-s] address\n
 
Find slot which contains the given address.
 
Returns the start of the slot. We say a slot 'contains' an address if the address is in [start, start + stride).
 
Alias: ng-find
"},{"location":"commands/musl/mallocng-find/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to look for."},{"location":"commands/musl/mallocng-find/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Print out all information. Including meta and group data. -m --metadata If the given address falls onto some in-band metadata, return the slot which owns that metadata. In other words, the containment check becomes [start - IB, end). -s --shallow Return the biggest slot which contains this address, don't recurse for smaller slots. The group  which owns this slot will not be a nested group."},{"location":"commands/musl/mallocng-group/","title":"Mallocng group","text":""},{"location":"commands/musl/mallocng-group/#mallocng-group","title":"mallocng-group","text":"
usage: mallocng-group [-h] [-i INDEX] address\n
 
Print out information about a mallocng group at the given address.
 
Alias: ng-group
"},{"location":"commands/musl/mallocng-group/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address of the group object."},{"location":"commands/musl/mallocng-group/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -i --index Print start address of slot at given index (0-indexed)."},{"location":"commands/musl/mallocng-malloc-context/","title":"Mallocng malloc context","text":""},{"location":"commands/musl/mallocng-malloc-context/#mallocng-malloc-context","title":"mallocng-malloc-context","text":"
usage: mallocng-malloc-context [-h] [address]\n
 
Print out the mallocng __malloc_context (ctx) object.
 
Alias: ng-ctx
"},{"location":"commands/musl/mallocng-malloc-context/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Use the provided address instead of the one Pwndbg found."},{"location":"commands/musl/mallocng-malloc-context/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/musl/mallocng-meta-area/","title":"Mallocng meta area","text":""},{"location":"commands/musl/mallocng-meta-area/#mallocng-meta-area","title":"mallocng-meta-area","text":"
usage: mallocng-meta-area [-h] [-i INDEX] address\n
 
Print out a mallocng meta_area object at the given address.
 
Aliases: ng-metaarea, ng-ma
"},{"location":"commands/musl/mallocng-meta-area/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address of the meta_area object."},{"location":"commands/musl/mallocng-meta-area/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -i --index Print address of meta at given index (0-indexed)."},{"location":"commands/musl/mallocng-meta/","title":"Mallocng meta","text":""},{"location":"commands/musl/mallocng-meta/#mallocng-meta","title":"mallocng-meta","text":"
usage: mallocng-meta [-h] address\n
 
Print out information about a mallocng group given the address of its meta.
 
Alias: ng-meta
"},{"location":"commands/musl/mallocng-meta/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address of the meta object."},{"location":"commands/musl/mallocng-meta/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/musl/mallocng-slot-start/","title":"Mallocng slot start","text":""},{"location":"commands/musl/mallocng-slot-start/#mallocng-slot-start","title":"mallocng-slot-start","text":"
usage: mallocng-slot-start [-h] [-a] address\n
 
Dump information about a mallocng slot, given its start address.
 
Alias: ng-slots
"},{"location":"commands/musl/mallocng-slot-start/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The start of the slot (not including IB)."},{"location":"commands/musl/mallocng-slot-start/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Print out all information. Including meta and group data."},{"location":"commands/musl/mallocng-slot-user/","title":"Mallocng slot user","text":""},{"location":"commands/musl/mallocng-slot-user/#mallocng-slot-user","title":"mallocng-slot-user","text":"
usage: mallocng-slot-user [-h] [-a] address\n
 
Dump information about a mallocng slot, given its user address.
 
Alias: ng-slotu
"},{"location":"commands/musl/mallocng-slot-user/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The start of user memory. Referred to as p in the source."},{"location":"commands/musl/mallocng-slot-user/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Print out all information. Including meta and group data."},{"location":"commands/musl/mallocng-visualize-slots/","title":"Mallocng visualize slots","text":""},{"location":"commands/musl/mallocng-visualize-slots/#mallocng-visualize-slots","title":"mallocng-visualize-slots","text":"
usage: mallocng-visualize-slots [-h] address [count]\n
 
Visualize slots in a group.
 
Alias: ng-vis
"},{"location":"commands/musl/mallocng-visualize-slots/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address which is inside some slot. count The amount of slots to visualize. (default: 10)"},{"location":"commands/musl/mallocng-visualize-slots/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/process/killthreads/","title":"Killthreads","text":""},{"location":"commands/process/killthreads/#killthreads","title":"killthreads","text":"
(only in GDB)
 
usage: killthreads [-h] [-a] [thread_ids ...]\n
 
Kill all or given threads.
 
Switches to given threads and calls pthread_exit(0) on them. This is performed with scheduler-locking to prevent other threads from operating at the same time.
 
Killing all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).
"},{"location":"commands/process/killthreads/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help thread_ids Thread IDs to kill."},{"location":"commands/process/killthreads/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Kill all threads except the current one."},{"location":"commands/process/pid/","title":"Pid","text":""},{"location":"commands/process/pid/#pid","title":"pid","text":"
usage: pid [-h]\n
 
Gets the pid.
 
Alias: getpid
"},{"location":"commands/process/pid/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/process/procinfo/","title":"Procinfo","text":""},{"location":"commands/process/procinfo/#procinfo","title":"procinfo","text":"
usage: procinfo [-h]\n
 
Display information about the running process.
"},{"location":"commands/process/procinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/bugreport/","title":"Bugreport","text":""},{"location":"commands/pwndbg/bugreport/#bugreport","title":"bugreport","text":"
usage: bugreport [-h] [--run-browser | --use-gh]\n
 
Generate a bug report.
"},{"location":"commands/pwndbg/bugreport/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -b --run-browser Open browser on github/issues/new -g --use-gh Create issue using Github CLI"},{"location":"commands/pwndbg/config/","title":"Config","text":""},{"location":"commands/pwndbg/config/#config","title":"config","text":"
usage: config [-h] [filter_pattern]\n
 
Shows Pwndbg-specific configuration.
"},{"location":"commands/pwndbg/config/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to config parameters names/descriptions"},{"location":"commands/pwndbg/config/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/configfile/","title":"Configfile","text":""},{"location":"commands/pwndbg/configfile/#configfile","title":"configfile","text":"
(only in GDB)
 
usage: configfile [-h] [--show-all]\n
 
Generates a configuration file for the current Pwndbg options.
"},{"location":"commands/pwndbg/configfile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-all Display all configuration options."},{"location":"commands/pwndbg/heap-config/","title":"Heap config","text":""},{"location":"commands/pwndbg/heap-config/#heap-config","title":"heap-config","text":"
usage: heap-config [-h] [filter_pattern]\n
 
Shows heap related configuration.
"},{"location":"commands/pwndbg/heap-config/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to config parameters names/descriptions"},{"location":"commands/pwndbg/heap-config/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/memoize/","title":"Memoize","text":""},{"location":"commands/pwndbg/memoize/#memoize","title":"memoize","text":"
usage: memoize [-h]\n
 
Toggles memoization (caching).
 
Useful for diagnosing caching-related bugs. Decreases performance.
"},{"location":"commands/pwndbg/memoize/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/profiler/","title":"Profiler","text":""},{"location":"commands/pwndbg/profiler/#profiler","title":"profiler","text":"
usage: profiler [-h] {start,stop} ...\n
 
Utilities for profiling Pwndbg.
 
Check out the ./profiling folder for other useful utilities. Use ./profiling/print_stats.py to generate a report from a .pstats file.
"},{"location":"commands/pwndbg/profiler/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help command"},{"location":"commands/pwndbg/profiler/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/pwndbg/","title":"Pwndbg","text":""},{"location":"commands/pwndbg/pwndbg/#pwndbg","title":"pwndbg","text":"
usage: pwndbg [-h] [-c CATEGORY_ | --list-categories] [filter_pattern]\n
 
Prints out a list of all Pwndbg commands.
"},{"location":"commands/pwndbg/pwndbg/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to commands names/docs"},{"location":"commands/pwndbg/pwndbg/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -c --category Filter commands by category --list-categories List command categories"},{"location":"commands/pwndbg/reinit-pwndbg/","title":"Reinit pwndbg","text":""},{"location":"commands/pwndbg/reinit-pwndbg/#reinit-pwndbg","title":"reinit-pwndbg","text":"
(only in GDB)
 
usage: reinit-pwndbg [-h]\n
 
Makes Pwndbg reinitialize all state.
"},{"location":"commands/pwndbg/reinit-pwndbg/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/reload/","title":"Reload","text":""},{"location":"commands/pwndbg/reload/#reload","title":"reload","text":"
(only in GDB)
 
usage: reload [-h]\n
 
Reload Pwndbg.
"},{"location":"commands/pwndbg/reload/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/theme/","title":"Theme","text":""},{"location":"commands/pwndbg/theme/#theme","title":"theme","text":"
usage: theme [-h] [filter_pattern]\n
 
Shows Pwndbg-specific theme configuration.
"},{"location":"commands/pwndbg/theme/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to theme parameters names/descriptions"},{"location":"commands/pwndbg/theme/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/themefile/","title":"Themefile","text":""},{"location":"commands/pwndbg/themefile/#themefile","title":"themefile","text":"
(only in GDB)
 
usage: themefile [-h] [--show-all]\n
 
Generates a configuration file for the current Pwndbg theme options.
"},{"location":"commands/pwndbg/themefile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-all Force displaying of all theme options."},{"location":"commands/pwndbg/version/","title":"Version","text":""},{"location":"commands/pwndbg/version/#version","title":"version","text":"
(only in GDB)
 
usage: version [-h]\n
 
Displays Pwndbg and its important deps versions.
"},{"location":"commands/pwndbg/version/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/cpsr/","title":"Cpsr","text":""},{"location":"commands/register/cpsr/#cpsr","title":"cpsr","text":"
usage: cpsr [-h] [cpsr_value]\n
 
Print out ARM CPSR or xPSR register.
 
Aliases: xpsr, pstate
"},{"location":"commands/register/cpsr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help cpsr_value Parse the given CPSR value instead of the actual one."},{"location":"commands/register/cpsr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/fsbase/","title":"Fsbase","text":""},{"location":"commands/register/fsbase/#fsbase","title":"fsbase","text":"
(only in GDB)
 
usage: fsbase [-h]\n
 
Prints out the FS base address. See also $fsbase.
"},{"location":"commands/register/fsbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/gsbase/","title":"Gsbase","text":""},{"location":"commands/register/gsbase/#gsbase","title":"gsbase","text":"
(only in GDB)
 
usage: gsbase [-h]\n
 
Prints out the GS base address. See also $gsbase.
"},{"location":"commands/register/gsbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/setflag/","title":"Setflag","text":""},{"location":"commands/register/setflag/#setflag","title":"setflag","text":"
usage: setflag [-h] flag value\n
 
Modify the flags register.
 
Alias: flag
"},{"location":"commands/register/setflag/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help flag Flag for which you want to change the value value Value to which you want to set the flag - only valid options are 0 and 1"},{"location":"commands/register/setflag/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/setflag/#examples","title":"Examples","text":"
On X86/X64:\n    setflag ZF 1        -- set zero flag\n    setflag CF 0        -- unset carry flag\n\nOn ARM:\n    setflag Z 0         -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n    info reg eflags     -- on x86/x64\n    info reg cpsr/xpsr  -- on ARM (specific register may vary)\n
"},{"location":"commands/register/setflag/#notes","title":"Notes","text":"
This command supports flags registers that are defined for architectures in the pwndbg/regs.py file.
"},{"location":"commands/stack/canary/","title":"Canary","text":""},{"location":"commands/stack/canary/#canary","title":"canary","text":"
usage: canary [-h] [-a]\n
 
Print out the current stack canary.
"},{"location":"commands/stack/canary/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Print out stack canaries for all threads instead of the current thread only."},{"location":"commands/stack/retaddr/","title":"Retaddr","text":""},{"location":"commands/stack/retaddr/#retaddr","title":"retaddr","text":"
usage: retaddr [-h]\n
 
Print out the stack addresses that contain return addresses.
"},{"location":"commands/stack/retaddr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/stack/stack-explore/","title":"Stack explore","text":""},{"location":"commands/stack/stack-explore/#stack-explore","title":"stack-explore","text":"
usage: stack-explore [-h]\n
 
Explore stack from all threads.
"},{"location":"commands/stack/stack-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/stack/stack/","title":"Stack","text":""},{"location":"commands/stack/stack/#stack","title":"stack","text":"
usage: stack [-h] [-f] [-i] [count] [offset]\n
 
Dereferences on stack data with specified count and offset.
"},{"location":"commands/stack/stack/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count number of element to dump (default: 8) offset Element offset from $sp (support negative offset) (default: 0)"},{"location":"commands/stack/stack/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --frame Show the stack frame, from rsp to rbp -i --inverse Show reverse stack growth"},{"location":"commands/stack/stackf/","title":"Stackf","text":""},{"location":"commands/stack/stackf/#stackf","title":"stackf","text":"
usage: stackf [-h] [count] [offset]\n
 
Dereferences on stack data, printing the entire stack frame with specified count and offset .
"},{"location":"commands/stack/stackf/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count number of element to dump (default: 8) offset Element offset from $sp (support negative offset) (default: 0)"},{"location":"commands/stack/stackf/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/attachp/","title":"Attachp","text":""},{"location":"commands/start/attachp/#attachp","title":"attachp","text":"
(only in GDB)
 
usage: attachp [-h] [--no-truncate] [--retry] [--user USER] [-e] [-a] [target]\n
 
Attaches to a given pid, process name, process found with partial argv match or to a device file.
 
This command wraps the original GDB attach command to add the ability to debug a process with a given name or partial name match. In such cases, the process identifier is fetched via the pidof <name> command first. If no matches are found, then it uses the ps -eo pid,args command to search for partial name matches.
 
Original GDB attach command help:     Attach to a process or file outside of GDB.     This command attaches to another target, of the same type as your last     \"target\" command (\"info files\" will show your target stack).     The command may take as argument a process id or a device file.     For a process id, you must have permission to send the process a signal,     and it must have the same effective uid as the debugger.     When using \"attach\" with a process id, the debugger finds the     program running in the process, looking first in the current working     directory, or (if not found there) using the source file search path     (see the \"directory\" command).  You can also use the \"file\" command     to specify the program, and to load its symbol table.
"},{"location":"commands/start/attachp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target pid, process name, part of cmdline to be matched or device file to attach to (uses current loaded file name if not provided)"},{"location":"commands/start/attachp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-truncate dont truncate command args --retry retry until a target is found --user username or uid to filter by -e --exact get the pid only for an exact command name match -a --all get pids also for partial cmdline matches etc"},{"location":"commands/start/entry/","title":"Entry","text":""},{"location":"commands/start/entry/#entry","title":"entry","text":"
usage: entry [-h] [args ...]\n
 
Start the debugged program stopping at its entrypoint address.
 
Note that the entrypoint may not be the first instruction executed by the program. If you want to stop on the first executed instruction, use the GDB's starti command or LLDB's process launch -s.
 
Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable).  Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
 
With no arguments, uses arguments last specified (with \"run\" or \"set args\").  To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
 
To start the inferior without using a shell, use \"set startup-with-shell off\".
"},{"location":"commands/start/entry/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help args The arguments to run the binary with."},{"location":"commands/start/entry/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/sstart/","title":"Sstart","text":""},{"location":"commands/start/sstart/#sstart","title":"sstart","text":"
(only in GDB)
 
usage: sstart [-h]\n
 
Alias for 'tbreak __libc_start_main; run'.
"},{"location":"commands/start/sstart/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/start/","title":"Start","text":""},{"location":"commands/start/start/#start","title":"start","text":"
(only in GDB)
 
usage: start [-h] [args ...]\n
 
Start the debugged program stopping at the first convenient location from this list: main, _main, start, _start, init or _init. You may specify arguments to give it.
 
Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable).  Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
 
With no arguments, uses arguments last specified (with \"run\" or \"set args\").  To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
 
To start the inferior without using a shell, use \"set startup-with-shell off\".
 
Aliases: main, init
"},{"location":"commands/start/start/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help args The arguments to run the binary with."},{"location":"commands/start/start/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextcall/","title":"Nextcall","text":""},{"location":"commands/step_next_continue/nextcall/#nextcall","title":"nextcall","text":"
usage: nextcall [-h] [symbol_regex]\n
 
Breaks at the next call instruction.
"},{"location":"commands/step_next_continue/nextcall/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol_regex A regex matching the name of next symbol to be broken on before calling."},{"location":"commands/step_next_continue/nextcall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextjmp/","title":"Nextjmp","text":""},{"location":"commands/step_next_continue/nextjmp/#nextjmp","title":"nextjmp","text":"
usage: nextjmp [-h]\n
 
Breaks at the next jump instruction.
 
Alias: nextjump
"},{"location":"commands/step_next_continue/nextjmp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextproginstr/","title":"Nextproginstr","text":""},{"location":"commands/step_next_continue/nextproginstr/#nextproginstr","title":"nextproginstr","text":"
usage: nextproginstr [-h]\n
 
Breaks at the next instruction that belongs to the running program.
"},{"location":"commands/step_next_continue/nextproginstr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextret/","title":"Nextret","text":""},{"location":"commands/step_next_continue/nextret/#nextret","title":"nextret","text":"
usage: nextret [-h]\n
 
Breaks at next return-like instruction.
"},{"location":"commands/step_next_continue/nextret/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextsyscall/","title":"Nextsyscall","text":""},{"location":"commands/step_next_continue/nextsyscall/#nextsyscall","title":"nextsyscall","text":"
usage: nextsyscall [-h]\n
 
Breaks at the next syscall not taking branches.
 
Alias: nextsc
"},{"location":"commands/step_next_continue/nextsyscall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepover/","title":"Stepover","text":""},{"location":"commands/step_next_continue/stepover/#stepover","title":"stepover","text":"
usage: stepover [-h] [addr]\n
 
Breaks on the instruction after this one.
 
Alias: so
"},{"location":"commands/step_next_continue/stepover/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address to break after."},{"location":"commands/step_next_continue/stepover/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepret/","title":"Stepret","text":""},{"location":"commands/step_next_continue/stepret/#stepret","title":"stepret","text":"
usage: stepret [-h]\n
 
Breaks at next return-like instruction by 'stepping' to it.
"},{"location":"commands/step_next_continue/stepret/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepsyscall/","title":"Stepsyscall","text":""},{"location":"commands/step_next_continue/stepsyscall/#stepsyscall","title":"stepsyscall","text":"
usage: stepsyscall [-h]\n
 
Breaks at the next syscall by taking branches.
 
Alias: stepsc
"},{"location":"commands/step_next_continue/stepsyscall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepuntilasm/","title":"Stepuntilasm","text":""},{"location":"commands/step_next_continue/stepuntilasm/#stepuntilasm","title":"stepuntilasm","text":"
usage: stepuntilasm [-h] mnemonic [op_str ...]\n
 
Breaks on the next matching instruction.
"},{"location":"commands/step_next_continue/stepuntilasm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help mnemonic The mnemonic of the instruction op_str The operands of the instruction"},{"location":"commands/step_next_continue/stepuntilasm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/xuntil/","title":"Xuntil","text":""},{"location":"commands/step_next_continue/xuntil/#xuntil","title":"xuntil","text":"
(only in GDB)
 
usage: xuntil [-h] target\n
 
Continue execution until an address or expression.
"},{"location":"commands/step_next_continue/xuntil/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target Location to stop execution at"},{"location":"commands/step_next_continue/xuntil/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bc/","title":"Bc","text":""},{"location":"commands/windbg/bc/#bc","title":"bc","text":"
(only in GDB)
 
usage: bc [-h] [which]\n
 
Clear the breakpoint with the specified index.
"},{"location":"commands/windbg/bc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to clear. (default: '*')"},{"location":"commands/windbg/bc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bd/","title":"Bd","text":""},{"location":"commands/windbg/bd/#bd","title":"bd","text":"
(only in GDB)
 
usage: bd [-h] [which]\n
 
Disable the breakpoint with the specified index.
"},{"location":"commands/windbg/bd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to disable. (default: '*')"},{"location":"commands/windbg/bd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/be/","title":"Be","text":""},{"location":"commands/windbg/be/#be","title":"be","text":"
(only in GDB)
 
usage: be [-h] [which]\n
 
Enable the breakpoint with the specified index.
"},{"location":"commands/windbg/be/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to enable. (default: '*')"},{"location":"commands/windbg/be/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bl/","title":"Bl","text":""},{"location":"commands/windbg/bl/#bl","title":"bl","text":"
(only in GDB)
 
usage: bl [-h]\n
 
List breakpoints.
"},{"location":"commands/windbg/bl/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bp/","title":"Bp","text":""},{"location":"commands/windbg/bp/#bp","title":"bp","text":"
(only in GDB)
 
usage: bp [-h] where\n
 
Set a breakpoint at the specified address.
"},{"location":"commands/windbg/bp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help where The address to break at."},{"location":"commands/windbg/bp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/da/","title":"Da","text":""},{"location":"commands/windbg/da/#da","title":"da","text":"
usage: da [-h] address [max]\n
 
Dump a string at the specified address.
"},{"location":"commands/windbg/da/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump max Maximum string length (default: 256)"},{"location":"commands/windbg/da/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/db/","title":"Db","text":""},{"location":"commands/windbg/db/#db","title":"db","text":"
usage: db [-h] address [count]\n
 
Starting at the specified address, dump N bytes.
"},{"location":"commands/windbg/db/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of bytes to dump. (default: 64)"},{"location":"commands/windbg/db/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dc/","title":"Dc","text":""},{"location":"commands/windbg/dc/#dc","title":"dc","text":"
usage: dc [-h] address [count]\n
 
Starting at the specified address, hexdump.
"},{"location":"commands/windbg/dc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of bytes to hexdump. (default: 8)"},{"location":"commands/windbg/dc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dd/","title":"Dd","text":""},{"location":"commands/windbg/dd/#dd","title":"dd","text":"
usage: dd [-h] address [count]\n
 
Starting at the specified address, dump N dwords.
"},{"location":"commands/windbg/dd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of dwords to dump. (default: 16)"},{"location":"commands/windbg/dd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dds/","title":"Dds","text":""},{"location":"commands/windbg/dds/#dds","title":"dds","text":"
usage: dds [-h] addr\n
 
Dump pointers and symbols at the specified address.
 
Aliases: kd, dps, dqs
"},{"location":"commands/windbg/dds/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address to dump from."},{"location":"commands/windbg/dds/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dq/","title":"Dq","text":""},{"location":"commands/windbg/dq/#dq","title":"dq","text":"
usage: dq [-h] address [count]\n
 
Starting at the specified address, dump N qwords.
"},{"location":"commands/windbg/dq/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of qwords to dump. (default: 8)"},{"location":"commands/windbg/dq/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ds/","title":"Ds","text":""},{"location":"commands/windbg/ds/#ds","title":"ds","text":"
usage: ds [-h] address [max]\n
 
Dump a string at the specified address.
"},{"location":"commands/windbg/ds/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump max Maximum string length (default: 256)"},{"location":"commands/windbg/ds/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dw/","title":"Dw","text":""},{"location":"commands/windbg/dw/#dw","title":"dw","text":"
usage: dw [-h] address [count]\n
 
Starting at the specified address, dump N words.
"},{"location":"commands/windbg/dw/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of words to dump. (default: 32)"},{"location":"commands/windbg/dw/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eb/","title":"Eb","text":""},{"location":"commands/windbg/eb/#eb","title":"eb","text":"
usage: eb [-h] address [data ...]\n
 
Write hex bytes at the specified address.
"},{"location":"commands/windbg/eb/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The bytes to write."},{"location":"commands/windbg/eb/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ed/","title":"Ed","text":""},{"location":"commands/windbg/ed/#ed","title":"ed","text":"
usage: ed [-h] address [data ...]\n
 
Write hex dwords at the specified address.
"},{"location":"commands/windbg/ed/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The dwords to write."},{"location":"commands/windbg/ed/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eq/","title":"Eq","text":""},{"location":"commands/windbg/eq/#eq","title":"eq","text":"
usage: eq [-h] address [data ...]\n
 
Write hex qwords at the specified address.
"},{"location":"commands/windbg/eq/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The qwords to write."},{"location":"commands/windbg/eq/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ew/","title":"Ew","text":""},{"location":"commands/windbg/ew/#ew","title":"ew","text":"
usage: ew [-h] address [data ...]\n
 
Write hex words at the specified address.
"},{"location":"commands/windbg/ew/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The words to write."},{"location":"commands/windbg/ew/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ez/","title":"Ez","text":""},{"location":"commands/windbg/ez/#ez","title":"ez","text":"
usage: ez [-h] address data\n
 
Write a string at the specified address.
"},{"location":"commands/windbg/ez/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The string to write."},{"location":"commands/windbg/ez/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eza/","title":"Eza","text":""},{"location":"commands/windbg/eza/#eza","title":"eza","text":"
usage: eza [-h] address data\n
 
Write a string at the specified address.
"},{"location":"commands/windbg/eza/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The string to write."},{"location":"commands/windbg/eza/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/go/","title":"Go","text":""},{"location":"commands/windbg/go/#go","title":"go","text":"
(only in GDB)
 
usage: go [-h]\n
 
WinDbg compatibility alias for 'continue' command.
"},{"location":"commands/windbg/go/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/k/","title":"K","text":""},{"location":"commands/windbg/k/#k","title":"k","text":"
(only in GDB)
 
usage: k [-h]\n
 
Print a backtrace (alias 'bt').
"},{"location":"commands/windbg/k/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ln/","title":"Ln","text":""},{"location":"commands/windbg/ln/#ln","title":"ln","text":"
usage: ln [-h] [value]\n
 
List the symbols nearest to the provided value.
"},{"location":"commands/windbg/ln/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help value The address you want the name of."},{"location":"commands/windbg/ln/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/pc/","title":"Pc","text":""},{"location":"commands/windbg/pc/#pc","title":"pc","text":"
usage: pc [-h]\n
 
WinDbg compatibility alias for 'nextcall' command.
"},{"location":"commands/windbg/pc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/peb/","title":"Peb","text":""},{"location":"commands/windbg/peb/#peb","title":"peb","text":"
usage: peb [-h]\n
 
Not be windows.
"},{"location":"commands/windbg/peb/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"configuration/","title":"Configuration","text":"
Pwndbg can be configured in various ways. You can tune features, control what it displays, how it displays it, and even what is going on under the hood.
 
There are three \"scopes\" of configuration parameters currently:
 
     
  1. the config scope - for generic parameters
    2.  
  2. the heap scope - for heap-related parameters
    3.  
  3. the theme scope - for Pwndbg theming
    4.  
 
To see the parameters belonging to these scopes, use the config, heap-config, and theme commands respectively. You can also use the configfile and themefile commands to save your live configuration to a file which you can then load in your ~/.(gdb/lldb)init file (after sourcing Pwndbg!).
 
To see the value of any parameter, use show param-name. To set the value, use set param-name param-value. To see a more detailed description of the parameter use help set param-name.
 
If you wish to use a theme different from the default one, check out pwndbg/pwndbg-themes. If you made a theme yourself, feel free to open a PR!
"},{"location":"configuration/config/","title":"Config","text":""},{"location":"configuration/config/#config","title":"config","text":""},{"location":"configuration/config/#ai-anthropic-api-key","title":"ai-anthropic-api-key","text":"
(only in GDB)
 
Anthropic API key.
 
Defaults to ANTHROPIC_API_KEY environment variable if not set.
 
Default: ''  
"},{"location":"configuration/config/#ai-history-size","title":"ai-history-size","text":"
(only in GDB)
 
Maximum number of questions and answers to keep in the prompt.
 
Default: 3  
"},{"location":"configuration/config/#ai-max-tokens","title":"ai-max-tokens","text":"
(only in GDB)
 
The maximum number of tokens to return in the response.
 
Useful when limiting verbosity or conserving resources. Set to a lower value to restrict output.
 
Default: 100  
"},{"location":"configuration/config/#ai-model","title":"ai-model","text":"
(only in GDB)
 
The name of the large language model to query.
 
Changing this affects the behavior, response quality, and cost (if applicable) of AI responses.
 
Default: 'gpt-3.5-turbo'  
"},{"location":"configuration/config/#ai-ollama-endpoint","title":"ai-ollama-endpoint","text":"
(only in GDB)
 
Ollama API endpoint.
 
Defaults to OLLAMA_ENDPOINT environment variable if not set.
 
Default: ''  
"},{"location":"configuration/config/#ai-openai-api-key","title":"ai-openai-api-key","text":"
(only in GDB)
 
OpenAI API key.
 
Will default to OPENAI_API_KEY environment variable if not set.
 
Default: ''  
"},{"location":"configuration/config/#ai-show-usage","title":"ai-show-usage","text":"
(only in GDB)
 
Whether to show how many tokens are used with each OpenAI API call.
 
Default: off  
"},{"location":"configuration/config/#ai-stack-depth","title":"ai-stack-depth","text":"
(only in GDB)
 
Rows of stack context to include in the prompt for the ai command.
 
Default: 16  
"},{"location":"configuration/config/#ai-temperature","title":"ai-temperature","text":"
(only in GDB)
 
The temperature specification for the LLM query.
 
This controls the degree of randomness in the response.
 
Default: 0  
"},{"location":"configuration/config/#attachp-resolution-method","title":"attachp-resolution-method","text":"
(only in GDB)
 
How to determine the process to attach when multiple candidates exists.
 
Default: 'ask' Valid values: 'none', 'oldest', 'newest', 'ask'
"},{"location":"configuration/config/#auto-explore-auxv","title":"auto-explore-auxv","text":"
Stack exploration for AUXV information; it may be really slow.
 
Default: 'warn' Valid values: 'warn', 'yes', 'no'
"},{"location":"configuration/config/#auto-explore-pages","title":"auto-explore-pages","text":"
Whether to try to infer page permissions when memory maps are missing.
 
This command can cause errors.
 
Default: 'warn' Valid values: 'yes', 'warn', 'no'
"},{"location":"configuration/config/#auto-explore-stack","title":"auto-explore-stack","text":"
Stack exploration; it may be really slow.
 
Default: 'warn' Valid values: 'warn', 'yes', 'no'
"},{"location":"configuration/config/#auto-save-search","title":"auto-save-search","text":"
Automatically pass --save to \"search\" command.
 
Default: off  
"},{"location":"configuration/config/#bn-autosync","title":"bn-autosync","text":"
Whether to automatically run bn-sync every step.
 
Default: off  
"},{"location":"configuration/config/#bn-il-level","title":"bn-il-level","text":"
The IL level to use when displaying Binary Ninja decompilation.
 
Default: 'hlil' Valid values: 'disasm', 'llil', 'mlil', 'hlil'
"},{"location":"configuration/config/#bn-rpc-host","title":"bn-rpc-host","text":"
Binary Ninja XML-RPC server host.
 
Default: '127.0.0.1'  
"},{"location":"configuration/config/#bn-rpc-port","title":"bn-rpc-port","text":"
Binary Ninja XML-RPC server port.
 
Default: 43717  
"},{"location":"configuration/config/#bn-timeout","title":"bn-timeout","text":"
Time to wait for Binary Ninja XML-RPC, in seconds.
 
Default: 2  
"},{"location":"configuration/config/#context-backtrace-lines","title":"context-backtrace-lines","text":"
Number of lines to print in the backtrace context.
 
Default: 8  
"},{"location":"configuration/config/#context-clear-screen","title":"context-clear-screen","text":"
Whether to clear the screen before printing the context.
 
Default: off  
"},{"location":"configuration/config/#context-code-lines","title":"context-code-lines","text":"
Number of source code lines to print by the context command.
 
Default: 10  
"},{"location":"configuration/config/#context-code-tabstop","title":"context-code-tabstop","text":"
Number of spaces that a  in the source code counts for. 
Default: 8  
"},{"location":"configuration/config/#context-disasm-lines","title":"context-disasm-lines","text":"
Number of additional lines to print in the disasm context.
 
Default: 10  
"},{"location":"configuration/config/#context-ghidra","title":"context-ghidra","text":"
When to try to decompile the current function with ghidra.
 
Doing this is slow and requires radare2/r2pipe or rizin/rzpipe.
 
Default: 'never' Valid values: 'always', 'never', 'if-no-source'
"},{"location":"configuration/config/#context-history-size","title":"context-history-size","text":"
Number of context history entries to store.
 
Default: 50  
"},{"location":"configuration/config/#context-integration-decompile","title":"context-integration-decompile","text":"
Whether context should fall back to decompilation with no source code.
 
Default: on  
"},{"location":"configuration/config/#context-max-threads","title":"context-max-threads","text":"
Maximum number of threads displayed by the context command.
 
Default: 4  
"},{"location":"configuration/config/#context-output","title":"context-output","text":"
Where Pwndbg should output (\"stdout\" or file/tty).
 
Default: 'stdout'  
"},{"location":"configuration/config/#context-reserve-lines","title":"context-reserve-lines","text":"
When to reserve lines after the prompt to reduce context shake.
 
The \"if-ctx-fits\" setting only reserves lines if the whole context would still fit vertically in the current terminal window. It doesn't take into account line-wrapping due to insufficient terminal width.
 
Default: 'if-ctx-fits' Valid values: 'never', 'if-ctx-fits', 'always'
"},{"location":"configuration/config/#context-sections","title":"context-sections","text":"
Which context sections are displayed (controls order).
 
Default: 'regs disasm code ghidra stack backtrace expressions threads heap_tracker'  
"},{"location":"configuration/config/#context-stack-lines","title":"context-stack-lines","text":"
Number of lines to print in the stack context.
 
Default: 8  
"},{"location":"configuration/config/#cymbol-editor","title":"cymbol-editor","text":"
(only in GDB)
 
Path to the editor for editing custom structures.
 
Default: ''  
"},{"location":"configuration/config/#debug-events","title":"debug-events","text":"
(only in GDB)
 
Display internal event debugging info.
 
Default: off  
"},{"location":"configuration/config/#decompiler","title":"decompiler","text":"
Framework that your ghidra plugin installed.
 
Default: 'radare2' Valid values: 'radare2', 'rizin'
"},{"location":"configuration/config/#default-visualize-chunk-number","title":"default-visualize-chunk-number","text":"
Default number of chunks to visualize.
 
Default: 10  
"},{"location":"configuration/config/#dereference-limit","title":"dereference-limit","text":"
Max number of pointers to dereference in a chain.
 
Default: 5  
"},{"location":"configuration/config/#disasm-annotations","title":"disasm-annotations","text":"
Display annotations for instructions.
 
Default: on  
"},{"location":"configuration/config/#disasm-inline-symbols","title":"disasm-inline-symbols","text":"
Replacing constant operands with their symbol in the disassembly.
 
Default: on  
"},{"location":"configuration/config/#disasm-reg-alias","title":"disasm-reg-alias","text":"
Force the disassembly to use register aliases (e.g. aarch64 x29 -> fp).
 
The register aliasing is done by capstone, see: https://github.com/capstone-engine/capstone/blob/next/docs/cs_v6_release_guide.md#:~:text=None.-,Register%20alias,-Register%20alias%20
 
Enabling this may make disassembly slower.
 
Default: off  
"},{"location":"configuration/config/#disasm-telescope-depth","title":"disasm-telescope-depth","text":"
Depth of telescope for disasm annotations.
 
Default: 3  
"},{"location":"configuration/config/#disasm-telescope-string-length","title":"disasm-telescope-string-length","text":"
The number of characters in strings to display in disasm annotations.
 
Default: 50  
"},{"location":"configuration/config/#emulate","title":"emulate","text":"
Unicorn emulation of code from the current PC register.
 
Emulate can be:
 
     
  1. off             - no emulation is performed
    2.  
  2. jumps-only      - emulation is done only to resolve branch instructions
    3.  
  3. on              - emulation is done to resolve registers/memory values etc.
    4.  
 
Emulation can slow down Pwndbg. Disabling it may improve performance. Emulation requires >1GB RAM being available on the system and ability to allocate RWX memory.
 
Default: 'on' Valid values: 'on', 'off', 'jumps-only'
"},{"location":"configuration/config/#emulate-annotations","title":"emulate-annotations","text":"
Unicorn emulation for instruction annotations.
 
Refers to register and memory value annotations.
 
Default: on  
"},{"location":"configuration/config/#emulate-future-annotations","title":"emulate-future-annotations","text":"
Unicorn emulation for future instruction's annotations.
 
Default: on  
"},{"location":"configuration/config/#exception-debugger","title":"exception-debugger","text":"
Whether to debug exceptions raised in Pwndbg commands.
 
Default: off  
"},{"location":"configuration/config/#exception-verbose","title":"exception-verbose","text":"
Print a full stacktrace for exceptions raised in Pwndbg commands.
 
Default: off  
"},{"location":"configuration/config/#gcc-compiler-path","title":"gcc-compiler-path","text":"
(only in GDB)
 
Path to the gcc/g++ toolchain for generating imported symbols.
 
Default: ''  
"},{"location":"configuration/config/#gdb-workaround-stop-event","title":"gdb-workaround-stop-event","text":"
(only in GDB)
 
Asynchronous stop events to improve 'commands' functionality.
 
Note that this may cause unexpected behavior with Pwndbg or gdb.execute.
 
Values explained:
 
     
  • disabled - Disable the workaround (default).
    •  
  • disabled-deadlock - Disable only deadlock detection; deadlocks may still occur.
    •  
  • enabled - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).
    •  
 
Default: 'disabled' Valid values: 'disabled', 'disabled-deadlock', 'enabled'
"},{"location":"configuration/config/#go-dump-indent-amount","title":"go-dump-indent-amount","text":"
The indent amount for go-dump pretty printing.
 
Default: 4  
"},{"location":"configuration/config/#go-dump-line-width","title":"go-dump-line-width","text":"
The soft line width for go-dump pretty printing.
 
Default: 80  
"},{"location":"configuration/config/#hexdump-bytes","title":"hexdump-bytes","text":"
Number of bytes printed by hexdump command.
 
Default: 64  
"},{"location":"configuration/config/#hexdump-group-use-big-endian","title":"hexdump-group-use-big-endian","text":"
Use big-endian within each group of bytes in hexdump command.
 
When on, use big-endian within each group of bytes. Only applies to raw bytes, not the ASCII part. See also hexdump-highlight-group-lsb.
 
Default: off  
"},{"location":"configuration/config/#hexdump-group-width","title":"hexdump-group-width","text":"
Number of bytes grouped in hexdump command.
 
If -1, the architecture's pointer size is used.
 
Default: -1  
"},{"location":"configuration/config/#hexdump-limit-mb","title":"hexdump-limit-mb","text":"
The maximum size in megabytes (MB) hexdump will read.
 
Set the maximum size in megabytes (MB) that the hexdump command will attempt to read at once.     Prevents GDB crashes due to excessive memory allocation requests.     Set to 0 for unlimited (use with caution).
 
Default: 10  
"},{"location":"configuration/config/#hexdump-width","title":"hexdump-width","text":"
Line width of hexdump command.
 
Default: 16  
"},{"location":"configuration/config/#ida-rpc-host","title":"ida-rpc-host","text":"
(only in GDB)
 
Ida xmlrpc server address.
 
Default: '127.0.0.1'  
"},{"location":"configuration/config/#ida-rpc-port","title":"ida-rpc-port","text":"
(only in GDB)
 
Ida xmlrpc server port.
 
Default: 43718  
"},{"location":"configuration/config/#ida-timeout","title":"ida-timeout","text":"
(only in GDB)
 
Time to wait for ida xmlrpc in seconds.
 
Default: 2  
"},{"location":"configuration/config/#integration-function-lookup","title":"integration-function-lookup","text":"
Use integration to look up function type signatures.
 
Default: on  
"},{"location":"configuration/config/#integration-provider","title":"integration-provider","text":"
Which provider to use for integration features.
 
Default: 'none' Valid values: 'none', 'binja', 'ida'
"},{"location":"configuration/config/#integration-smart-enhance","title":"integration-smart-enhance","text":"
Use integration to determine when to disassemble during enhancing.
 
Default: on  
"},{"location":"configuration/config/#integration-symbol-lookup","title":"integration-symbol-lookup","text":"
Whether to use integration to look up unknown symbols.
 
Default: on  
"},{"location":"configuration/config/#kernel-vmmap","title":"kernel-vmmap","text":"
The method to get vmmap information when debugging via QEMU kernel.
 
Values explained:
 
     
  • page-tables - read /proc/$qemu-pid/mem to parse kernel page tables to render vmmap
    •  
  • monitor - use QEMU's monitor info mem to render vmmap
    •  
  • none - disable vmmap rendering; useful if rendering is particularly slow
    •  
 
Note that the page-tables method will require the QEMU kernel process to be on the same machine and within the same PID namespace. Running QEMU kernel and GDB in different Docker containers will not work. Consider running both containers with --pid=host (meaning they will see and so be able to interact with all processes on the machine).
 
Default: 'page-tables' Valid values: 'page-tables', 'monitor', 'none'
"},{"location":"configuration/config/#left-pad-disasm","title":"left-pad-disasm","text":"
Whether to left-pad disassembly.
 
Default: on  
"},{"location":"configuration/config/#max-decimal-number","title":"max-decimal-number","text":"
Show all numbers greater than this in hex.
 
For negative numbers, their absolute value is used.
 
Set the parameter to 'unlimited' if you want all values in decimal. Specially, set the parameter to zero if you want all values in hex.
 
The assembly instruction operands come from capstone, and are thus not controlled by this setting. For consistency with them, leave this setting at 9 (the default).
 
Default: 9  
"},{"location":"configuration/config/#max-visualize-chunk-size","title":"max-visualize-chunk-size","text":"
Max display size for heap chunks visualization (0 for display all).
 
Default: 0  
"},{"location":"configuration/config/#nearpc-backwards-lines","title":"nearpc-backwards-lines","text":"
Number of lines before the pc to print for the nearpc command.
 
Default: 5  
"},{"location":"configuration/config/#nearpc-integration-comments","title":"nearpc-integration-comments","text":"
Whether to show comments from integration provider.
 
Default: on  
"},{"location":"configuration/config/#nearpc-lines","title":"nearpc-lines","text":"
Number of lines to print for the nearpc command.
 
Default: 10  
"},{"location":"configuration/config/#nearpc-num-opcode-bytes","title":"nearpc-num-opcode-bytes","text":"
Number of opcode bytes to print for each instruction.
 
Default: 0  
"},{"location":"configuration/config/#nearpc-opcode-separator-bytes","title":"nearpc-opcode-separator-bytes","text":"
Number of spaces between opcode bytes.
 
Default: 1  
"},{"location":"configuration/config/#nearpc-show-args","title":"nearpc-show-args","text":"
Whether to show call arguments below instruction.
 
Default: on  
"},{"location":"configuration/config/#objc-max-function-arguments","title":"objc-max-function-arguments","text":"
Maximum number of arguments to resolve for an Objective-C method call.
 
Default: 32  
"},{"location":"configuration/config/#objc-max-function-types-depth","title":"objc-max-function-types-depth","text":"
Maximum allowed depth for a type in an Objective-C method call.
 
Default: 32  
"},{"location":"configuration/config/#safe-linking","title":"safe-linking","text":"
Whether glibc uses safe-linking.
 
Default: auto Valid values: on, off, auto.
"},{"location":"configuration/config/#show-compact-regs","title":"show-compact-regs","text":"
Whether to show a compact register view with columns.
 
Default: off  
"},{"location":"configuration/config/#show-compact-regs-columns","title":"show-compact-regs-columns","text":"
The number of columns (0 for dynamic number of columns).
 
Default: 2  
"},{"location":"configuration/config/#show-compact-regs-min-width","title":"show-compact-regs-min-width","text":"
The minimum width of each column.
 
Default: 20  
"},{"location":"configuration/config/#show-compact-regs-separation","title":"show-compact-regs-separation","text":"
The number of spaces separating columns.
 
Default: 4  
"},{"location":"configuration/config/#show-flags","title":"show-flags","text":"
Whether to show flags registers.
 
Default: off  
"},{"location":"configuration/config/#show-retaddr-reg","title":"show-retaddr-reg","text":"
Whether to show return address register.
 
Default: on  
"},{"location":"configuration/config/#show-tips","title":"show-tips","text":"
Whether to display the tip of the day on startup.
 
Default: on  
"},{"location":"configuration/config/#syntax-highlight","title":"syntax-highlight","text":"
Source code / assembly syntax highlight.
 
Default: on  
"},{"location":"configuration/config/#telescope-dont-skip-registers","title":"telescope-dont-skip-registers","text":"
Don't skip a repeated line if a registers points to it.
 
Default: on  
"},{"location":"configuration/config/#telescope-frame-print-retaddr","title":"telescope-frame-print-retaddr","text":"
Print one pointer past the stack frame.
 
Default: on  
"},{"location":"configuration/config/#telescope-framepointer-offset","title":"telescope-framepointer-offset","text":"
Print offset to framepointer for each address, if sufficiently small.
 
Default: on  
"},{"location":"configuration/config/#telescope-lines","title":"telescope-lines","text":"
Number of lines to printed by the telescope command.
 
Default: 8  
"},{"location":"configuration/config/#telescope-skip-repeating-val","title":"telescope-skip-repeating-val","text":"
Whether to skip repeating values of the telescope command.
 
Default: on  
"},{"location":"configuration/config/#telescope-skip-repeating-val-min","title":"telescope-skip-repeating-val-min","text":"
Minimum amount of repeated values before skipping lines.
 
Default: 3  
"},{"location":"configuration/config/#vmmap-prefer-relpaths","title":"vmmap-prefer-relpaths","text":"
Show relative paths by default in vmmap.
 
Default: on  
"},{"location":"configuration/heap/","title":"Heap","text":""},{"location":"configuration/heap/#heap","title":"heap","text":""},{"location":"configuration/heap/#glibc","title":"glibc","text":"
Glibc version for heap heuristics resolution (e.g. 2.31).
 
Default: ''  
"},{"location":"configuration/heap/#global-max-fast","title":"global-max-fast","text":"
The address of global_max_fast.
 
Default: '0'  
"},{"location":"configuration/heap/#heap-corruption-check-limit","title":"heap-corruption-check-limit","text":"
Amount of chunks to traverse for the bin corruption check.
 
The bins are traversed both forwards and backwards.
 
Default: 64  
"},{"location":"configuration/heap/#heap-dereference-limit","title":"heap-dereference-limit","text":"
Number of chunks to dereference in each bin.
 
Default: 8  
"},{"location":"configuration/heap/#main-arena","title":"main-arena","text":"
The address of main_arena.
 
Default: '0'  
"},{"location":"configuration/heap/#mp","title":"mp","text":"
The address of mp_.
 
Default: '0'  
"},{"location":"configuration/heap/#ng-search-on-fail","title":"ng-search-on-fail","text":"
Let the ng-slot* commands search the heap if necessary.
 
For freed, avail(able) and corrupted slots, it may be impossible to recover the start of the group and meta.
 
When this option is set to True, the ng-slotu and ng-slots commands will search the heap to try to find the correct meta/group.
 
Default: on  
"},{"location":"configuration/heap/#ng-vis-count","title":"ng-vis-count","text":"
Default count for ng-vis.
 
Default: 10  
"},{"location":"configuration/heap/#resolve-heap-via-heuristic","title":"resolve-heap-via-heuristic","text":"GDBLLDB 
The strategy to resolve heap via heuristic.
 
Values explained:
 
     
  • auto - Pwndbg will try to use heuristics if debug symbols are missing
    •  
  • force - Pwndbg will always try to use heuristics, even if debug symbols are available
    •  
  • never - Pwndbg will never use heuristics to resolve the heap
    •  
 
If the output of the heap related command produces errors with heuristics, you can try manually setting the libc symbol addresses. For this, see the heap_config command output and set the main_arena, mp_, global_max_fast, tcache and thread_arena addresses.
 
Note: Pwndbg will generate more reliable results with proper debug symbols. Therefore, when debug symbols are missing, you should try to install them first if you haven't already.
 
They can probably be installed via the package manager of your choice. See also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .
 
E.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and 32-bit binaries): 
sudo apt-get install libc6-dbg\nsudo dpkg --add-architecture i386\nsudo apt-get install libc-dbg:i386\n
 If you used setup.sh on Arch based distro you'll need to do a power cycle or set environment variable manually like this: 
export DEBUGINFOD_URLS=https://debuginfod.archlinux.org\n
 
In addition, even you have the debug symbols of libc, you might still see the following warning when debugging a multi-threaded program: 
warning: Unable to find libthread_db matching inferior's thread library, thread\ndebugging will not be available.\n
 
You'll need to ensure that the correct libthread_db.so is loaded. To do this, set the search path using: 
set libthread-db-search-path <path having correct libthread_db.so>\n
 Then, restart your program to enable proper thread debugging.
 
Default: 'auto' Valid values: 'auto', 'force', 'never'
 
The strategy to resolve heap via heuristic.
 
Values explained:
 
     
  • auto - Pwndbg will try to use heuristics if debug symbols are missing
    •  
  • force - Pwndbg will always try to use heuristics, even if debug symbols are available
    •  
  • never - Pwndbg will never use heuristics to resolve the heap
    •  
 
If the output of the heap related command produces errors with heuristics, you can try manually setting the libc symbol addresses. For this, see the heap_config command output and set the main_arena, mp_, global_max_fast, tcache and thread_arena addresses.
 
Note: Pwndbg will generate more reliable results with proper debug symbols. Therefore, when debug symbols are missing, you should try to install them first if you haven't already.
 
They can probably be installed via the package manager of your choice. See also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .
 
E.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and 32-bit binaries): 
sudo apt-get install libc6-dbg\nsudo dpkg --add-architecture i386\nsudo apt-get install libc-dbg:i386\n
 If you used setup.sh on Arch based distro you'll need to do a power cycle or set environment variable manually like this: 
export DEBUGINFOD_URLS=https://debuginfod.archlinux.org\n
 
Default: 'auto' Valid values: 'auto', 'force', 'never'
"},{"location":"configuration/heap/#tcache","title":"tcache","text":"
The address pointed by tcache.
 
Default: '0'  
"},{"location":"configuration/heap/#thread-arena","title":"thread-arena","text":"
The address pointed by thread_arena.
 
Default: '0'  
"},{"location":"configuration/theme/","title":"Theme","text":""},{"location":"configuration/theme/#theme","title":"theme","text":""},{"location":"configuration/theme/#backtrace-address-color","title":"backtrace-address-color","text":"
Color for backtrace (address).
 
Default: 'none'  
"},{"location":"configuration/theme/#backtrace-frame-label","title":"backtrace-frame-label","text":"
Frame number label for backtrace.
 
Default: ''  
"},{"location":"configuration/theme/#backtrace-frame-label-color","title":"backtrace-frame-label-color","text":"
Color for backtrace (frame label).
 
Default: 'none'  
"},{"location":"configuration/theme/#backtrace-prefix","title":"backtrace-prefix","text":"
Prefix for current backtrace label.
 
Default: '\u25ba'  
"},{"location":"configuration/theme/#backtrace-prefix-color","title":"backtrace-prefix-color","text":"
Color for prefix of current backtrace label.
 
Default: 'none'  
"},{"location":"configuration/theme/#backtrace-symbol-color","title":"backtrace-symbol-color","text":"
Color for backtrace (symbol).
 
Default: 'none'  
"},{"location":"configuration/theme/#banner-color","title":"banner-color","text":"
Color for banner line.
 
Default: 'blue'  
"},{"location":"configuration/theme/#banner-separator","title":"banner-separator","text":"
Repeated banner separator character.
 
Default: '\u2500'  
"},{"location":"configuration/theme/#banner-title-color","title":"banner-title-color","text":"
Color for banner title.
 
Default: 'none'  
"},{"location":"configuration/theme/#banner-title-position","title":"banner-title-position","text":"
Banner title position.
 
Default: 'center' Valid values: 'center', 'left', 'right'
"},{"location":"configuration/theme/#banner-title-surrounding-left","title":"banner-title-surrounding-left","text":"
Banner title surrounding char (left side).
 
Default: '[ '  
"},{"location":"configuration/theme/#banner-title-surrounding-right","title":"banner-title-surrounding-right","text":"
Banner title surrounding char (right side).
 
Default: ' ]'  
"},{"location":"configuration/theme/#bn-decomp-style","title":"bn-decomp-style","text":"
Decompilation highlight theme for Binary Ninja.
 
Default: 'dark' Valid values: 'dark', 'light'
"},{"location":"configuration/theme/#chain-arrow-color","title":"chain-arrow-color","text":"
Color of chain formatting (arrow).
 
Default: 'normal'  
"},{"location":"configuration/theme/#chain-arrow-left","title":"chain-arrow-left","text":"
Left arrow of chain formatting.
 
Default: '\u25c2\u2014'  
"},{"location":"configuration/theme/#chain-arrow-right","title":"chain-arrow-right","text":"
Right arrow of chain formatting.
 
Default: '\u2014\u25b8'  
"},{"location":"configuration/theme/#chain-contiguous-marker","title":"chain-contiguous-marker","text":"
Contiguous marker of chain formatting.
 
Default: '...'  
"},{"location":"configuration/theme/#chain-contiguous-marker-color","title":"chain-contiguous-marker-color","text":"
Color of chain formatting (contiguous marker).
 
Default: 'normal'  
"},{"location":"configuration/theme/#code-prefix","title":"code-prefix","text":"
Prefix marker for 'context code' command.
 
Default: '\u25ba'  
"},{"location":"configuration/theme/#code-prefix-color","title":"code-prefix-color","text":"
Color for 'context code' command (prefix marker).
 
Default: 'none'  
"},{"location":"configuration/theme/#comment-color","title":"comment-color","text":"
Color for comment.
 
Default: 'gray'  
"},{"location":"configuration/theme/#context-flag-bracket-color","title":"context-flag-bracket-color","text":"
Color for flags register (bracket).
 
Default: 'none'  
"},{"location":"configuration/theme/#context-flag-changed-color","title":"context-flag-changed-color","text":"
Color for flags register (flag changed).
 
Default: 'underline'  
"},{"location":"configuration/theme/#context-flag-set-color","title":"context-flag-set-color","text":"
Color for flags register (flag set).
 
Default: 'green,bold'  
"},{"location":"configuration/theme/#context-flag-unset-color","title":"context-flag-unset-color","text":"
Color for flags register (flag unset).
 
Default: 'red'  
"},{"location":"configuration/theme/#context-flag-value-color","title":"context-flag-value-color","text":"
Color for flags register (register value).
 
Default: 'none'  
"},{"location":"configuration/theme/#context-register-changed-color","title":"context-register-changed-color","text":"
Color for registers label (change marker).
 
Default: 'red'  
"},{"location":"configuration/theme/#context-register-changed-marker","title":"context-register-changed-marker","text":"
Change marker for registers label.
 
Default: '*'  
"},{"location":"configuration/theme/#context-register-color","title":"context-register-color","text":"
Color for registers label.
 
Default: 'bold'  
"},{"location":"configuration/theme/#disable-colors","title":"disable-colors","text":"
Whether to color the output or not.
 
Default: off  
"},{"location":"configuration/theme/#disasm-branch-color","title":"disasm-branch-color","text":"
Color for disasm (branch/call instruction).
 
Default: 'bold'  
"},{"location":"configuration/theme/#disasm-branch-off","title":"disasm-branch-off","text":"
Marker for branches that will NOT be taken.
 
Default: '\u2718'  
"},{"location":"configuration/theme/#disasm-branch-on","title":"disasm-branch-on","text":"
Marker for branches that WILL be taken.
 
Default: '\u2714'  
"},{"location":"configuration/theme/#enhance-comment-color","title":"enhance-comment-color","text":"
Color of value enhance (comment).
 
Default: 'none'  
"},{"location":"configuration/theme/#enhance-integer-value-color","title":"enhance-integer-value-color","text":"
Color of value enhance (integer).
 
Default: 'none'  
"},{"location":"configuration/theme/#enhance-string-value-color","title":"enhance-string-value-color","text":"
Color of value enhance (string).
 
Default: 'none'  
"},{"location":"configuration/theme/#enhance-unknown-color","title":"enhance-unknown-color","text":"
Color of value enhance (unknown value).
 
Default: 'none'  
"},{"location":"configuration/theme/#go-dump-debug","title":"go-dump-debug","text":"
Color for 'go-dump' command's debug info when --debug is specified.
 
Default: 'blue'  
"},{"location":"configuration/theme/#hexdump-address-color","title":"hexdump-address-color","text":"
Color for hexdump command (address label).
 
Default: 'none'  
"},{"location":"configuration/theme/#hexdump-ascii-block-separator","title":"hexdump-ascii-block-separator","text":"
Block separator char of the hexdump command.
 
Default: '\u2502'  
"},{"location":"configuration/theme/#hexdump-byte-separator","title":"hexdump-byte-separator","text":"
Separator of single bytes in hexdump (does NOT affect group separator).
 
Default: ' '  
"},{"location":"configuration/theme/#hexdump-colorize-ascii","title":"hexdump-colorize-ascii","text":"
Whether to colorize the hexdump command ascii section.
 
Default: on  
"},{"location":"configuration/theme/#hexdump-highlight-group-lsb","title":"hexdump-highlight-group-lsb","text":"
Highlight LSB of each group.
 
Applies only if hexdump-use-big-endian actually changes byte order.
 
Default: 'underline'  
"},{"location":"configuration/theme/#hexdump-normal-color","title":"hexdump-normal-color","text":"
Color for hexdump command (normal bytes).
 
Default: 'none'  
"},{"location":"configuration/theme/#hexdump-offset-color","title":"hexdump-offset-color","text":"
Color for hexdump command (offset label).
 
Default: 'none'  
"},{"location":"configuration/theme/#hexdump-printable-color","title":"hexdump-printable-color","text":"
Color for hexdump command (printable characters).
 
Default: 'bold'  
"},{"location":"configuration/theme/#hexdump-separator-color","title":"hexdump-separator-color","text":"
Color for hexdump command (group separator).
 
Default: 'none'  
"},{"location":"configuration/theme/#hexdump-special-color","title":"hexdump-special-color","text":"
Color for hexdump command (special bytes).
 
Default: 'yellow'  
"},{"location":"configuration/theme/#hexdump-zero-color","title":"hexdump-zero-color","text":"
Color for hexdump command (zero bytes).
 
Default: 'red'  
"},{"location":"configuration/theme/#highlight-breakpoints","title":"highlight-breakpoints","text":"
Whether to highlight breakpoints.
 
Default: on  
"},{"location":"configuration/theme/#highlight-color","title":"highlight-color","text":"
Color added to highlights like source/pc.
 
Default: 'green,bold'  
"},{"location":"configuration/theme/#highlight-pc","title":"highlight-pc","text":"
Whether to highlight the current instruction.
 
Default: on  
"},{"location":"configuration/theme/#highlight-source","title":"highlight-source","text":"
Whether to highlight the closest source line.
 
Default: on  
"},{"location":"configuration/theme/#memory-code-color","title":"memory-code-color","text":"
Color for executable memory.
 
Default: 'red'  
"},{"location":"configuration/theme/#memory-data-color","title":"memory-data-color","text":"
Color for all other writable memory.
 
Default: 'purple'  
"},{"location":"configuration/theme/#memory-guard-color","title":"memory-guard-color","text":"
Color added to all guard pages (no perms).
 
Default: 'cyan'  
"},{"location":"configuration/theme/#memory-heap-color","title":"memory-heap-color","text":"
Color for heap memory.
 
Default: 'blue'  
"},{"location":"configuration/theme/#memory-rodata-color","title":"memory-rodata-color","text":"
Color for all read only memory.
 
Default: 'normal'  
"},{"location":"configuration/theme/#memory-stack-color","title":"memory-stack-color","text":"
Color for stack memory.
 
Default: 'yellow'  
"},{"location":"configuration/theme/#memory-wx-color","title":"memory-wx-color","text":"
Color added to all WX memory.
 
Default: 'underline'  
"},{"location":"configuration/theme/#message-breakpoint-color","title":"message-breakpoint-color","text":"
Color of breakpoint messages.
 
Default: 'yellow'  
"},{"location":"configuration/theme/#message-debug-color","title":"message-debug-color","text":"
Color of debug messages.
 
Default: 'blue'  
"},{"location":"configuration/theme/#message-error-color","title":"message-error-color","text":"
Color of error messages.
 
Default: 'red'  
"},{"location":"configuration/theme/#message-exit-color","title":"message-exit-color","text":"
Color of exit messages.
 
Default: 'red'  
"},{"location":"configuration/theme/#message-hint-color","title":"message-hint-color","text":"
Color of hint and marker messages.
 
Default: 'yellow'  
"},{"location":"configuration/theme/#message-info-color","title":"message-info-color","text":"
Color of info messages.
 
Default: 'white'  
"},{"location":"configuration/theme/#message-notice-color","title":"message-notice-color","text":"
Color of notice messages.
 
Default: 'purple'  
"},{"location":"configuration/theme/#message-signal-color","title":"message-signal-color","text":"
Color of signal messages.
 
Default: 'bold,red'  
"},{"location":"configuration/theme/#message-status-off-color","title":"message-status-off-color","text":"
Color of off status messages.
 
Default: 'red'  
"},{"location":"configuration/theme/#message-status-on-color","title":"message-status-on-color","text":"
Color of on status messages.
 
Default: 'green'  
"},{"location":"configuration/theme/#message-success-color","title":"message-success-color","text":"
Color of success messages.
 
Default: 'green'  
"},{"location":"configuration/theme/#message-system-color","title":"message-system-color","text":"
Color of system messages.
 
Default: 'light-red'  
"},{"location":"configuration/theme/#message-warning-color","title":"message-warning-color","text":"
Color of warning messages.
 
Default: 'yellow'  
"},{"location":"configuration/theme/#nearpc-address-color","title":"nearpc-address-color","text":"
Color for nearpc command (address).
 
Default: 'normal'  
"},{"location":"configuration/theme/#nearpc-argument-color","title":"nearpc-argument-color","text":"
Color for nearpc command (target argument).
 
Default: 'bold'  
"},{"location":"configuration/theme/#nearpc-branch-marker","title":"nearpc-branch-marker","text":"
Branch marker line for nearpc command.
 
Default: '    \u2193'  
"},{"location":"configuration/theme/#nearpc-branch-marker-color","title":"nearpc-branch-marker-color","text":"
Color for nearpc command (branch marker line).
 
Default: 'normal'  
"},{"location":"configuration/theme/#nearpc-branch-marker-contiguous","title":"nearpc-branch-marker-contiguous","text":"
Contiguous branch marker line for nearpc command.
 
Default: ' '  
"},{"location":"configuration/theme/#nearpc-breakpoint-color","title":"nearpc-breakpoint-color","text":"
Color for nearpc command (breakpoint marker).
 
Default: 'red'  
"},{"location":"configuration/theme/#nearpc-breakpoint-prefix","title":"nearpc-breakpoint-prefix","text":"
Breakpoint marker for nearpc command.
 
Default: 'b+'  
"},{"location":"configuration/theme/#nearpc-integration-comments-color","title":"nearpc-integration-comments-color","text":"
Color for nearpc command (integration comments).
 
Default: 'bold'  
"},{"location":"configuration/theme/#nearpc-prefix","title":"nearpc-prefix","text":"
Prefix marker for nearpc command.
 
Default: '\u25ba'  
"},{"location":"configuration/theme/#nearpc-prefix-color","title":"nearpc-prefix-color","text":"
Color for nearpc command (prefix marker).
 
Default: 'none'  
"},{"location":"configuration/theme/#nearpc-symbol-color","title":"nearpc-symbol-color","text":"
Color for nearpc command (symbol).
 
Default: 'normal'  
"},{"location":"configuration/theme/#nearpc-syscall-name-color","title":"nearpc-syscall-name-color","text":"
Color for nearpc command (resolved syscall name).
 
Default: 'red'  
"},{"location":"configuration/theme/#prompt-alive-color","title":"prompt-alive-color","text":"
Prompt alive color.
 
Default: 'bold,green'  
"},{"location":"configuration/theme/#prompt-color","title":"prompt-color","text":"
Prompt color.
 
Default: 'bold,red'  
"},{"location":"configuration/theme/#prop-name-color","title":"prop-name-color","text":"
Color used to highlight the name in name-value pairs.
 
Used heavily in mallocng commands.
 
Default: 'bold'  
"},{"location":"configuration/theme/#prop-title-color","title":"prop-title-color","text":"
Color used to highlight the title of name-value pair groups.
 
Used heavily in mallocng commands.
 
Default: 'green'  
"},{"location":"configuration/theme/#prop-value-color","title":"prop-value-color","text":"
Color used to highlight the value in name-value pairs.
 
Used heavily in mallocng commands.
 
Default: 'yellow'  
"},{"location":"configuration/theme/#syntax-highlight-style","title":"syntax-highlight-style","text":"
Source code / assembly syntax highlight stylename of pygments module.
 
Default: 'monokai'  
"},{"location":"configuration/theme/#telescope-offset-color","title":"telescope-offset-color","text":"
Color of the telescope command (offset prefix).
 
Default: 'normal'  
"},{"location":"configuration/theme/#telescope-offset-delimiter","title":"telescope-offset-delimiter","text":"
Offset delimiter of the telescope command.
 
Default: ':'  
"},{"location":"configuration/theme/#telescope-offset-delimiter-color","title":"telescope-offset-delimiter-color","text":"
Color of the telescope command (offset delimiter).
 
Default: 'normal'  
"},{"location":"configuration/theme/#telescope-offset-separator","title":"telescope-offset-separator","text":"
Offset separator of the telescope command.
 
Default: '\u2502'  
"},{"location":"configuration/theme/#telescope-offset-separator-color","title":"telescope-offset-separator-color","text":"
Color of the telescope command (offset separator).
 
Default: 'normal'  
"},{"location":"configuration/theme/#telescope-register-color","title":"telescope-register-color","text":"
Color of the telescope command (register).
 
Default: 'bold'  
"},{"location":"configuration/theme/#telescope-repeating-marker","title":"telescope-repeating-marker","text":"
Repeating values marker of the telescope command.
 
Default: '... \u2193'  
"},{"location":"configuration/theme/#telescope-repeating-marker-color","title":"telescope-repeating-marker-color","text":"
Color of the telescope command (repeating values marker).
 
Default: 'normal'  
"},{"location":"contributing/","title":"Contributing Guide","text":""},{"location":"contributing/#contributing-overview","title":"Contributing Overview","text":"
Thank you for your interest in contributing to Pwndbg!
 
Note that while it is recommended that your pull request (PR) links to an issue (which can be used for discussing the bug / feature), you do not need to be assigned to it - just create the PR and it will be reviewed.
 
To start, install Pwndbg from source and set it up for development. For common tasks see:
 
     
  • Adding a command
    •  
  • Adding a configuration option
    •  
  • Improving annotations
    •  
 
Regardless of the contents of your PR, you will need to lint and test your code so make sure to read those sections. It is also likely you will need to update the documentation.
 
Read General developer notes to get more familiar with the various systems in place in Pwndbg. If you have any questions don't hesitate to ask us on our discord server!
"},{"location":"contributing/#linting","title":"Linting","text":"
The lint.sh script runs isort, ruff, shfmt, and vermin. isort and ruff (mostly) are able to automatically fix any issues they detect. You may apply all available fixes by running 
./lint.sh -f\n
 
Note
 
You can find the configuration files for these tools in pyproject.toml or by checking the arguments passed inside lint.sh.
 
When submitting a PR, the continuous integration (CI) job defined in .github/workflows/lint.yml will verify that running ./lint.sh succeeds, otherwise the job will fail and we won't be able to merge your PR.
 
It is recommended to enable the pre-push git hook to run the lint if you haven't already done so. You may re-run ./setup-dev.sh to set it.
"},{"location":"contributing/#running-tests","title":"Running tests","text":"
Your PR will not be merged without passing the testing CI. Moreover, it is highly recommended you write a new test or update an existing test whenever adding new functionality to Pwndbg. To see how to do this, check out Writing tests.
 
To run the tests in the same environment as the testing CI, you can use the following docker commands. 
# General (x86_64) test suite\ndocker compose run --rm --build ubuntu24.04-mount ./tests.sh -d gdb -g gdb\n# Cross-architecture tests\ndocker compose run --rm --build ubuntu24.04-mount ./tests.sh -d gdb -g cross-arch-user\n# Kernel tests (x86_64 and aarch64)\ndocker compose run --rm --build ubuntu24.04-mount ./kernel-tests.sh\n# Unit tests\ndocker compose run --rm --build ubuntu24.04-mount ./unit-tests.sh\n
 This comes in handy particularly for cross-architecture tests because the docker environment has all the cross-compilers installed. The active pwndbg directory is mounted, preventing the need for a full rebuild whenever you update the codebase.
 
Remove the -mount if you want the tests to run from a clean slate (no files are mounted, meaning all binaries are recompiled each time).
 
If you wish to focus on some failing tests, you can filter the tests to run by providing an argument to the script, such as <docker..> ./tests.sh heap, which will only run tests that contain \"heap\" in the name. See ./tests.sh --help for more information and other options. You can also do this with the cross-arch and kernel tests.
 
If you want to, you may also run the tests with nix or run them bare.
"},{"location":"contributing/#running-tests-with-nix","title":"Running tests with nix","text":"
You will need to build a nix-compatible gdbinit.py file, which you can do with 
nix build .#pwndbg-dev\n
 Then simply run the test by adding the --nix flag: 
./tests.sh --nix [filter]\n
"},{"location":"contributing/#running-without-docker","title":"Running without docker","text":"
If you wish to improve Pwndbg support for your distribution (or the testing infrastructure) you may run the testing suite without the docker container.
 
The commands are analogous to the docker commands. 
# General (x86_64) test suite\n./tests.sh -d gdb -g gdb\n# Cross-architecture tests\n./tests.sh -d gdb -g cross-arch-user\n# Kernel tests (x86_64 and aarch64)\n./kernel-tests.sh\n# Unit tests\n./unit-tests.sh\n
"},{"location":"contributing/#updating-documentation","title":"Updating Documentation","text":"
All the documentation is written in markdown files in the ./docs/ folder. The docs are built into a website using mkdocs (you may see the configuration in ./mkdocs.yml), pushed to the gh-pages branch, and published via github pages. All of this happens in the CI.
 
In general, for your PR to be accepted you will only need to Update the auto-generated documentation.
"},{"location":"contributing/#update-the-auto-generated-documentation","title":"Update the auto-generated documentation","text":"
The ./docs/commands, ./docs/functions, and ./docs/configuration folders are automatically generated1 by extracting the necessary information from the source code. If your changes modify things like a command's description, a configuration's valid values, a convenience function's arguments - i.e. pretty much anything that's user-facing - you must run 
./scripts/generate-docs.sh\n
 to update the documentation. You need to have a supported version of GDB and LLDB installed for this to work. Commit these changes in a separate commit.
 
If you forget to do that the CI will detect a discrepency between the documentation and source code (using the ./scripts/verify-docs.sh script, which you may also invoke yourself) and prevent your PR from being merged (until you push new changes, re-running the CI).
"},{"location":"contributing/#manual-updates","title":"Manual updates","text":"
Of course, if you wish to update some other part of the documentation, you may simply modify the necessary markdown files. All autogenerated files (or parts of files) will have noticable markers written as markdown comments, for instance: 
<!-- THIS PART OF THIS FILE IS AUTOGENERATED. DO NOT MODIFY IT. See scripts/generate-docs.sh -->\n
 In case you want to add something that cannot be cleanly viewed from the debugger, like a video, screenshot, or long example, every command markdown file also has a dedicated part at the bottom for hand-written text which you can use. The ./scripts/generate-docs.sh script will never delete these hand-written parts, so if you are for instance renaming a command you will have to transfer this part by copy pasting it to the new file.
 
If you wish to preview the documentation locally, you may do so by running: 
./scripts/docs-live.sh\n
 The build will take some time due to the Source section being built. You may disable this by temporarily commenting these lines 
  - api-autonav:\n      modules: ['pwndbg']\n      nav_section_title: \"Source\"\n
 in the mkdocs.yml file. This will provide much faster build times (but make sure not to commit those changes!). Visit http://127.0.0.1:8000/pwndbg/ to see the docs. Note that the Home section will not be available (it is generated in the CI by copying the README.md), and the site will lack the version selector.
 
     
  1.  
    Actually, the ./docs/configuration/index.md file is hand-written, and the intro text to the ./docs/functions/index.md file is defined in the doc generating file's source code.\u00a0\u21a9
     
    2.  
"},{"location":"contributing/adding-a-command/","title":"Adding a Command","text":""},{"location":"contributing/adding-a-command/#command-skeleton","title":"Command skeleton","text":"
To add a command to Pwndbg, create a new python file in pwndbg/commands/my_command.py where my_command is the name of the command you want to add.  The most basic command looks like this: 
import argparse\nimport pwndbg.commands\n\nparser = argparse.ArgumentParser(description=\"Command description.\")\nparser.add_argument(\"arg\", type=str, help=\"An example argument.\")\n\n@pwndbg.commands.Command(parser, category=pwndbg.commands.CommandCategory.MISC)\ndef my_command(arg: str) -> None:\n    \"\"\"Print the argument\"\"\"\n    print(f\"Argument is {arg}\")\n
 Next, import this file in the load_commands function in pwndbg/commands/__init__.py.
 
That's all you need to get it working! 
pwndbg> my-command foo\nArgument is foo\n
"},{"location":"contributing/adding-a-command/#getting-started","title":"Getting started","text":"
Let's see what arguments the @pwndbg.commands.Command decorator takes. It is defined in pwndbg/commands/__init__.py: 
    def __init__(\n        self,\n        parser_or_desc: argparse.ArgumentParser | str,\n        *,  # All further parameters are not positional\n        category: CommandCategory,\n        command_name: str | None = None,\n        aliases: List[str] = [],\n        examples: str = \"\",\n        notes: str = \"\",\n        only_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n        exclude_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n    ) -> None:\n        # ...\n
 We will cover the first four arguments now, and come back to the rest later.
 
If your command takes no arguments you can pass the description of the command as the first argument (parser_or_desc) to the constructor. Otherwise you will be passing an argparse.ArgumentParser object there.
 
The only other required argument is category. The category determines how commands are grouped together in the output of the pwndbg command and in the documentation. Peruse the list of all commands inside a debugger (by running the pwndbg command) and decide in which category your command fits best. The enum of all command categories is defined at the top of the pwndbg/commands/__init__.py file.
"},{"location":"contributing/adding-a-command/#picking-a-command-name","title":"Picking a command name","text":"
Next, the command_name argument. It is optional because if it is not specified the command name will be the same as the function you used to define the command (except the underscores are replaced with dashes). As such, it is generally not needed to specify this argument.
 
That being said, it is important to pick a good name for your command. Ideally your command name should be one to two words that are not delimited by a dash (e.g. errno, libcinfo, buddydump) since that is easiest to remember and type.
 
If your command is porting behavior from some other debugger or tool, you should consider using the same name they use so users don't need to relearn it when switching.
 
If the command name contains three or more words, you should use dashes to make it more legible. If that is the case, or if the name is long, consider providing an alias that makes it quicker to type (like vis-heap-chunks [vis]).
 
You provide aliases to a command by specifying a list of strings to the aliases argument. Again, you may provide aliases to help users transitioning from other tools/debuggers (e.g. nearpc [pdisass, u]).
"},{"location":"contributing/adding-a-command/#the-arguments-your-command-will-take","title":"The arguments your command will take","text":"
We are using argparse.ArgumentParser from the python standard library to define command arguments. Take a look at the python documentation to see how it works. Let's take a look at an example from the source (the setflag command): 
parser = argparse.ArgumentParser(description=\"Modify the flags register.\")\n\nparser.add_argument(\n    \"flag\",\n    type=str,\n    help=\"Flag for which you want to change the value\"\n )\n\nparser.add_argument(\n    \"value\",\n    type=int,\n    help=\"Value to which you want to set the flag - only valid options are 0 and 1\",\n)\n
 For usage inside Pwndbg, to instantiate an argparse.ArgumentParser object, you must pass the description argument and may pass the epilog argument. Everything else, including prog, usage, formatter_class etc. will be set up by Pwndbg (by the @pwndbg.commands.Command decorator). Here we see only the description was provided.
 
Add arguments to your command with parser.add_argument. Again, consult the python documentation for an explanation. One nice thing specific to Pwndbg is that by setting an argument's type to int, it will also accept debugger values and symbols that can resolve to an int. For instance: 
pwndbg> setflag ZF (1-1)\nSet flag ZF=0 in flag register eflags (old val=0x206, new val=0x206)\npwndbg> setflag ZF $rdi\nSet flag ZF=1 in flag register eflags (old val=0x246, new val=0x246)\npwndbg> setflag ZF (int)main^(int)main\nSet flag ZF=0 in flag register eflags (old val=0x246, new val=0x206)\n
 Be careful when deciding which arguments are positional, and which are optional. Especially take care if you have positional arguments which are not required, think about which of those will be specified more often by users and put them first.
 
Your function signature should match the arguments you defined with argparse (and their order!), unsurprisingly the setflag function has this signature: 
def setflag(flag: str, value: int) -> None:\n
 You can see the help of your command with my_command -h or help my_command, so for setflag: 
pwndbg> help setflag\nusage: setflag [-h] flag value\n\nModify the flags register.\n\npositional arguments:\n  flag        Flag for which you want to change the value\n  value       Value to which you want to set the flag - only valid options are 0 and 1\n\noptions:\n  -h, --help  show this help message and exit\n\nExamples:\nOn X86/X64:\n    setflag ZF 1        -- set zero flag\n    setflag CF 0        -- unset carry flag\n\nOn ARM:\n    setflag Z 0         -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n    info reg eflags     -- on x86/x64\n    info reg cpsr/xpsr  -- on ARM (specific register may vary)\n\nNotes:\nThis command supports flags registers that are defined for architectures in the pwndbg/regs.py file.\n\nAlias: flag\n
 Eh? Where is all that extra text coming from? Well the Alias: flag line is being automatically generated by Pwndbg but...
"},{"location":"contributing/adding-a-command/#examples-notes-and-debugger-support","title":"Examples, notes, and debugger support","text":"
Coming back to the arguments of the pwndbg.commands.Command constructor: 
    def __init__(\n        self,\n        parser_or_desc: argparse.ArgumentParser | str,\n        *,  # All further parameters are not positional\n        category: CommandCategory,\n        command_name: str | None = None,\n        aliases: List[str] = [],\n        examples: str = \"\",  #  <--- we left off here\n        notes: str = \"\",\n        only_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n        exclude_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n    ) -> None:\n        # ...\n
 You may supply the examples and notes arguments to add additional text at the end of the command's help. It is defined like so for setflag: 
@pwndbg.commands.Command(\n    parser,\n    aliases=[\"flag\"],\n    category=CommandCategory.REGISTER,\n    examples=\"\"\"\nOn X86/X64:\n    setflag ZF 1        -- set zero flag\n    setflag CF 0        -- unset carry flag\n\nOn ARM:\n    setflag Z 0         -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n    info reg eflags     -- on x86/x64\n    info reg cpsr/xpsr  -- on ARM (specific register may vary)\n    \"\"\",\n    notes=\"\"\"\nThis command supports flags registers that are defined for architectures in the pwndbg/regs.py file.\n    \"\"\",\n)\n@pwndbg.commands.OnlyWhenRunning\ndef setflag(flag: str, value: int) -> None:\n    # ....\n
 When writing this (and the command description for that matter), you should consider what it will look like in the documentation after being parsed as markdown.
 
As for only_debuggers and exclude_debuggers, you must use (usually one of) them if your command does not work an all debuggers that Pwndbg supports. For instance, if it uses some features from pwndbg.gdblib (which should be avoided if at all possible). In such a case, you probably also need to conditionally import it in the load_commands function.
"},{"location":"contributing/adding-a-command/#can-your-command-be-invoked-all-the-time","title":"Can your command be invoked all the time?","text":"
In most cases a command cannot be legally invoked at every moment in a debugging session, or for every debugging session. For instance, you can't use heap commands if the heap isn't initialized yet, you can't use kernel commands if you're not debugging a kernel.
 
To make sure these cases are properly handled, Pwndbg provides certain decorators. They are defined in pwndbg/commands/__init__.py. Check the source to see an up-to-date list, but here are some important ones: 
OnlyWhenRunning\nOnlyWhenLocal\nOnlyWithFile\nOnlyWhenQemuKernel\nOnlyWhenUserspace\nOnlyWithKernelDebugInfo\nOnlyWithKernelSymbols\nOnlyWhenPagingEnabled\nOnlyWithTcache\nOnlyWhenHeapIsInitialized\nOnlyWithResolvedHeapSyms\n
 Feel free to add more of these decorators yourself!
 
Another very important one is OnlyWithArch, defined in pwndbg/aglib/proc.py. Does your command work on all architectures? If not, make sure to specify this decorator and pass in the architectures which you do support.
"},{"location":"contributing/adding-a-command/#actually-implementing-the-command","title":"Actually implementing the command","text":"
There is no single right way to do it. You will want to read the source of some similar commands and see how they work. Check out the general developer notes, and feel free to ask a question on the discord server. Good luck!
"},{"location":"contributing/adding-a-parameter/","title":"Adding a Configuration Option","text":"
Configuration options are also called \"parameters\" in the source. Let's take a look at an existing parameter gdb-workaround-stop-event defined in pwndbg/gdblib/events.py. 
DISABLED = \"disabled\"\nDISABLED_DEADLOCK = \"disabled-deadlock\"\nENABLED = \"enabled\"\n\ngdb_workaround_stop_event = config.add_param(\n    \"gdb-workaround-stop-event\",\n    DISABLED,\n    \"asynchronous stop events to improve 'commands' functionality\",\n    help_docstring=f\"\"\"\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `{DISABLED}` - Disable the workaround (default).\n+ `{DISABLED_DEADLOCK}` - Disable only deadlock detection; deadlocks may still occur.\n+ `{ENABLED}` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n    \"\"\",\n    param_class=pwndbg.lib.config.PARAM_ENUM,\n    enum_sequence=[DISABLED, DISABLED_DEADLOCK, ENABLED],\n)\n
 To understand it, let's also look at the signature of the Config.add_param function defined in pwndbg/lib/config.py: 
    def add_param(\n        self,\n        name: str,\n        default: Any,\n        set_show_doc: str,\n        *,\n        help_docstring: str = \"\",\n        param_class: int | None = None,\n        enum_sequence: Sequence[str] | None = None,\n        scope: Scope = Scope.config,\n    ) -> Parameter:\n        # ...\n
 So, the first argument specifies the name by which the parameter will be used inside the debugger. The second argument specifies the default value of the parameter.
"},{"location":"contributing/adding-a-parameter/#set_show_doc","title":"set_show_doc","text":"
The third argument is a very brief description of what the parameter is for. The argument is called set_show_doc due to how it is used in GDB. 
pwndbg> set gdb-workaround-stop-event enabled\nSet asynchronous stop events to improve 'commands' functionality to 'enabled'.\n   |------------------------------------------------------------|\n
 
pwndbg> show gdb-workaround-stop-event\nAsynchronous stop events to improve 'commands' functionality is 'enabled'. [...]\n|-----------------------------------------------------------|\n
 It is therefore recommended to use a noun phrase rather than describe an action. However, it sometimes may be necessary to break this rule to retain the brevity of the description.
 
The set_show_doc argument should be short because it is displayed with the config family of commands. 
pwndbg> config\nName                               Documentation                                                            Value (Default)\n----------------------------------------------------------------------------------------------------------------------------\nai-anthropic-api-key               Anthropic API key                                                        ''\nai-history-size                    maximum number of questions and answers to keep in the prompt            3\nai-max-tokens                      the maximum number of tokens to return in the response                   100\nai-model                           the name of the large language model to query                            'gpt-3.5-turbo'\nai-ollama-endpoint                 Ollama API endpoint                                                      ''\nai-openai-api-key                  OpenAI API key                                                           ''\nai-show-usage                      whether to show how many tokens are used with each OpenAI API call       off\nai-stack-depth                     rows of stack context to include in the prompt for the ai command        16\nai-temperature                     the temperature specification for the LLM query                          0\nattachp-resolution-method          how to determine the process to attach when multiple candidates exists   'ask'\nauto-explore-auxv                  stack exploration for AUXV information; it may be really slow            'warn'\nauto-explore-pages                 whether to try to infer page permissions when memory maps are missing    'warn'\nauto-explore-stack                 stack exploration; it may be really slow                                 'warn'\nauto-save-search                   automatically pass --save to \"search\" command                            off\nbn-autosync                        whether to automatically run bn-sync every step                          off\n[...]\n
 Because of the various contexts in which a parameter can be show, the first letter of the set_show_doc string should be lowercase (unless the first word is a name or an abbreviation) and there should be no punctuation at the end. This way, Pwndbg and GDB can more easily modify the string to fit it into these contexts.
"},{"location":"contributing/adding-a-parameter/#help_docstring","title":"help_docstring","text":"
While help_docstring is not mandatory, it is highly recommended to use it. Put a detailed explanation of what the parameter does here, and explain any caveats. This string does not have a size limit and is shown with the following command in GDB and LLDB: 
pwndbg> help set gdb-workaround-stop-event\nSet asynchronous stop events to improve 'commands' functionality.\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `disabled` - Disable the workaround (default).\n+ `disabled-deadlock` - Disable only deadlock detection; deadlocks may still occur.\n+ `enabled` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n\nDefault: 'disabled'\nValid values: 'disabled', 'disabled-deadlock', 'enabled'\n
 Note that the last two lines are automatically generated by Pwndbg.
 
When writing this explanation, it is important to take into account how it will be displayed in the documentation after being parsed as markdown. See what gdb-workaround-stop-event looks like here. If there wasn't an empty line between Values explained: and + `disabled`.. the list wouldn't have rendered properly.
"},{"location":"contributing/adding-a-parameter/#param_class","title":"param_class","text":"
This argument describes the type of the parameter. It will be used by GDB to perform input validation when the parameter is being set so it is important to set this to the correct value. The possible values are defined in pwndbg/lib/config.py, use the most restrictive one that fits: 
# Boolean value. True or False, same as in Python.\nPARAM_BOOLEAN = 0\n# Boolean value, or 'auto'.\nPARAM_AUTO_BOOLEAN = 1\n# Signed integer value. Disallows zero.\nPARAM_INTEGER = 2\n# Signed integer value.\nPARAM_ZINTEGER = 3\n# Unsigned integer value. Disallows zero.\nPARAM_UINTEGER = 4\n# Unsigned integer value.\nPARAM_ZUINTEGER = 5\n# Unlimited ZUINTEGER.\nPARAM_ZUINTEGER_UNLIMITED = 6\n# String value. Accepts escape sequences.\nPARAM_STRING = 7\n# String value, accepts only one of a number of possible values, specified at\n# parameter creation.\nPARAM_ENUM = 8\n# String value corresponding to the name of a file, if present.\nPARAM_OPTIONAL_FILENAME = 9\n
 For more information (for instance about what None or \"unlimited\" mean) see https://sourceware.org/gdb/current/onlinedocs/gdb.html/Parameters-In-Python.html .
"},{"location":"contributing/adding-a-parameter/#enum_sequence","title":"enum_sequence","text":"
If the param_class is set to pwndbg.lib.config.PARAM_ENUM then the enum_sequence argument must be supplied as well. It should constitute an array of legal values. GDB and (our) LLDB (driver) won't allow setting the parameter to any other value. The legal values will be automatically displayed at the end of help_docstring as previously shown.
 
If it isn't immediately obvious what the enum values do, explain them in help_docstring using same format that gdb-workaround-stop-event uses.
"},{"location":"contributing/adding-a-parameter/#scope","title":"scope","text":"
The scope argument has the default value of pwndbg.lib.config.Scope.config and is used to group parameters. The legal values are: 
class Scope(Enum):\n    # If you want to add another scope here, don't forget to add\n    # a command which prints it!\n    config = 1\n    theme = 2\n    heap = 3\n
 The parameters of each scope are printed using a different command. The config scope is printed with config, the heap scope is printed with heap-config and the theme scope is printed with theme. The config and theme scopes also have corresponding configfile and themefile commands which export the values of all the parameters from those scopes.
"},{"location":"contributing/adding-a-parameter/#the-theme-scope","title":"The theme scope","text":"
You should never directly pass this scope to pwndbg.config.add_param. Instead use the pwndbg.color.theme.add_param and pwndbg.color.theme.add_color_param wrapper commands like this: 
# pwndbg/aglib/nearpc.py\nnearpc_branch_marker = pwndbg.color.theme.add_param(\n    \"nearpc-branch-marker\", \"    \u2193\", \"branch marker line for nearpc command\"\n)\n
 
# pwndbg/color/context.py\nconfig_highlight_color = theme.add_color_param(\n    \"highlight-color\", \"green,bold\", \"color added to highlights like source/pc\"\n)\n
"},{"location":"contributing/adding-a-parameter/#using-the-parameter-in-code","title":"Using the parameter in code","text":"
Usually when a parameter is defined its value is also set to a variable, for instance gdb_workaround_stop_event = ... in the initial example. This isn't necessary, as all registered parameters are available as pwndbg.config.<parameter_name_except_with_underscores> so in our example, we could also access the gdb-workaround-stop-event parameter as pwndbg.config.gdb_workaround_stop_event.
 
That being said, defining the variable can reduce code verbosity: 
# pwndbg/aglib/godbg.py\nline_width = pwndbg.config.add_param(\n    \"go-dump-line-width\", 80, \"the soft line width for go-dump pretty printing\"\n)\n
 Since the variable is scoped to the godbg.py file, its name can be short, and we don't have to write pwndbg.config.go_dump_line_width every time.
"},{"location":"contributing/adding-a-parameter/#using-color-parameters","title":"Using color parameters","text":"
Note that the theme.add_color_param() function returns a ColorParameter object instead of a Parameter. The parameter should be used via its color_function() method: 
# pwndbg/aglib/godbg.py\ndef fmt_debug(self, val: str, default: str = \"\") -> str:\n    if self.debug:\n        return debug_color.color_function(val)\n    else:\n        return default\n
 Though you will also see generateColorFunction(debug_color)(val) being used in the code to the same effect.
"},{"location":"contributing/dev-notes/","title":"Developer Notes","text":""},{"location":"contributing/dev-notes/#random-developer-notes","title":"Random developer notes","text":"
Feel free to update the list below!
 
     
  •  
    If you want to play with Pwndbg functions under GDB, you can always use GDB's pi which launches python interpreter or just py <some python line>.
     
    •  
  •  
    If you want to do the same in LLDB, you should type lldb, followed by script, which brings up an interactive Python REPL. Don't forget to import pwndbg!
     
    •  
  •  
    Do not access debugger-specific functionality - eg. anything that uses the gdb, lldb, or gdblib modules - from outside the proper module in pwndbg.dbg.
     
    •  
  •  
    Use aglib instead of gdblib, as the latter is in the process of being removed. Both modules should have nearly identical interfaces, so doing this should be a matter of typing pwndbg.aglib.X instead of pwndbg.gdblib.X. Ideally, an issue should be opened if there is any functionality present in gdblib that's missing from aglib.
     
    •  
  •  
    We have our own pwndbg.config.Parameter - read about it in Adding a Configuration Option.
     
    •  
  •  
    The dashboard/display/context we are displaying is done by pwndbg/commands/context.py which is invoked through GDB's and LLDB's prompt hook, which are defined as prompt_hook in both pwndbg/gdblib/prompt.py and pwndb/dbg/lldb/hooks.py .
     
    •  
  •  
    We change a bit GDB settings - this can be seen in pwndbg/dbg/gdb.py under GDB.setup - there are also imports for all Pwndbg submodules.
     
    •  
  •  
    Pwndbg has its own event system, and thanks to it we can set up code to be invoked in response to them. The event types and the conditions in which they occurr are defined and documented in the EventType enum, and functions are registered to be called on events with the @pwndbg.dbg.event_handler decorator. Both the enum and the decorator are documented in pwndbg/dbg/__init__.py.
     
    •  
  •  
    We have a caching mechanism (\"memoization\") which we use through Python's decorators - those are defined in pwndbg/lib/cache.py - just check its usages
     
    •  
  •  
    To block a function before the first prompt was displayed use the pwndbg.decorators.only_after_first_prompt decorator.
     
    •  
  •  
    Memory accesses should be done through pwndbg/aglib/memory.py functions.
     
    •  
  •  
    Process properties can be retrieved thanks to pwndbg/aglib/proc.py - e.g. using pwndbg.aglib.proc.pid will give us current process pid
     
    •  
  •  
    We have a wrapper for handling exceptions that are thrown by commands - defined in pwndbg/exception.py - current approach seems to work fine - by using set exception-verbose on - we get a stacktrace. If we want to debug stuff we can always do set exception-debugger on.
     
    •  
  •  
    Some of Pwndbg's functionality require us to have an instance of pwndbg.dbg.Value - the problem with that is that there is no way to define our own types in either GDB or LLDB - we have to ask the debugger if it detected a particular type in this particular binary (that sucks). We do that in pwndbg/aglib/typeinfo.py and it works most of the time. The known bug with that is that it might not work properly for Golang binaries compiled with debugging symbols.
     
    •  
"},{"location":"contributing/dev-notes/#support-for-multiple-debuggers","title":"Support for Multiple Debuggers","text":"
Pwndbg is a tool that supports multiple debuggers, and so using debugger-specific functionality outside of pwndbg.dbg.X is generally discouraged, with one imporant caveat, that we will get into later. When adding code to Pwndbg, one must be careful with the functionality being used.
"},{"location":"contributing/dev-notes/#the-debugger-api","title":"The Debugger API","text":"
Our support for multiple debuggers is primarily achieved through use of the Debugger API, found under pwndbg/dbg/, which defines a terse set of debugging primitives that can then be built upon by the rest of Pwndbg. It comprises two parts: the interface, and the implementations. The interface contains the abstract classes and the types that lay out the \"shape\" of the functionality that may be used by the rest of Pwndbg, and the implementations, well, implement the interface on top of each supported debugger.
 
As a matter of clarity, it makes sense to think of the Debugger API as a debugger-agnostic version of the lldb and gdb Python modules. Compared to both modules, it is much closer in spirit to lldb than to gdb.
 
It is important to note that a lot of care must be exercised when adding things to the Debugger API, as one must always add implementations for all supported debuggers of whatever new functionality is being added, even if only to properly gate off debuggers in which the functionality is not supported. Additionally, it is important to keep the Debugger API interfaces as terse as possible in order to reduce code duplication. As a rule of thumb, if all the implementations of an interface are expected to share code, that interface is probably better suited for aglib, and it should be further broken down into its primitives, which can then be added to the Debugger API.
 
Some examples of debugging primitives are memory reads, memory writes, memory map acquisition, symbol lookup, register reads and writes, and execution frames. These are all things that one can find in both the GDB and LLDB APIs.
 
The entry point for the Debugger API is pwndbg.dbg, though most process-related methods are accessed through a Process object. Unless you really know what you're doing, you're going to want to use the objected yielded by pwndbg.dbg.selected_inferior() for this.
"},{"location":"contributing/dev-notes/#aglib","title":"aglib","text":"
Along with the Debugger API, there is also aglib, found under pwndbg/aglib/, in which lives functionality that is both too broad for a single command, and that can be shared between multiple debuggers. Things like QEMU handling, ELF and dynamic section parsing, operating system functionality, disassembly with capstone, heap analysis, and more, all belong in aglib.
 
In order to facilitate the process of porting Pwndbg to the debugger-agnostic interfaces, and also because of its historical roots, aglib is intended to export the exact same functionality provided by gdblib, but on top of a debugger-agnostic foundation.
 
If it helps, one may think of aglib like a pwndbglib. It takes the debugging primitives provided by the Debugger API and builds the more complex and interesting bits of functionality found in Pwndbg on top of them.
"},{"location":"contributing/dev-notes/#mappings-from-gdb-and-lldb-to-the-debugger-api","title":"Mappings from GDB and LLDB to the Debugger API","text":"
Here are some things one may want to do, along with how they can be achieved in the GDB, LLDB, and Pwndbg Debugger APIs.
 GDBLLDBDebugger API 
Setting a breakpoint at an address: 
gdb.Breakpoint(\"*<address>\")\n
 Querying for the address of a symbol: 
int(gdb.lookup_symbol(<name>).value().address)\n
 Setting a watchpoint at an address: 
gdb.Breakpoint(f\"(char[{<size>}])*{<address>}\", gdb.BP_WATCHPOINT)\n
 
Setting a breakpoint at an address: 
lldb.target.BreakpointCreateByAddress(<address>)\n
 Querying for the address of a symbol: 
lldb.target.FindSymbols(<name>).GetContextAtIndex(0).symbol.GetStartAddress().GetLoadAddress(lldb.target)\n
 Setting a watchpoint at an address: 
lldb.target.WatchAddress(<address>, <size>, ...)\n
 
# Fetch a Process object on which we will operate.\ninf = pwndbg.dbg.selected_inferior()\n
 Setting a breakpoint at an address: 
inf.break_at(BreakpointLocation(<address>))\n
 Querying for the address of a symbol: 
inf.lookup_symbol(<name>)\n
 Setting a watchpoint at an address: 
inf.break_at(WatchpointLocation(<address>, <size>))\n
"},{"location":"contributing/dev-notes/#exception-to-use-of-debugger-agnostic-interfaces","title":"Exception to use of Debugger-agnostic interfaces","text":"
Some commands might not make any sense outside the context of a single debugger. For these commands, it is generally okay to talk to the debugger directly. However, they must be properly marked as debugger-specific and their loading must be properly gated off behind the correct debugger. They should ideally be placed in a separate location from the rest of the commands in pwndbg/commands/.
"},{"location":"contributing/dev-notes/#porting-public-tools","title":"Porting public tools","text":"
If porting a public tool to Pwndbg, please make a point of crediting the original author. This can be added to CREDITS.md noting the original author/inspiration, and linking to the original tool/article. Also please be sure that the license of the original tool is suitable to porting into Pwndbg, such as MIT.
"},{"location":"contributing/dev-notes/#minimum-supported-versions","title":"Minimum Supported Versions","text":"
Our goal is to fully support all Ubuntu LTS releases that have not reached end-of-life, with support for other platforms on a best-effort basis. Currently that means all code should work on Ubuntu 22.04, and 24.04 with GDB 12.1 and later. This means that the minimum supported Python version is 3.10, and we cannot use any newer Python features unless those features are backported to this minimum version.
 
Note that while all code should run without errors on these supported LTS versions, it's fine if older versions don't support all of the features of newer versions, as long as this is handled correctly and this information is shown to the user. For example, we may make use of some GDB APIs in newer versions that we aren't able to provide alternative implementations for in older versions, and so in these cases we should inform the user that the functionality can't be provided due to the version of GDB.
 
The lint.sh script described in the previous section runs vermin to ensure that our code does not use any features that aren't supported on Python 3.10.
"},{"location":"contributing/improving-annotations/","title":"Improving Annotations","text":"
Alongside the disassembled instructions in the dashboard, Pwndbg also has the ability to display annotations - text that contains relevent information regarding the execution of the instruction. For example, on the x86 MOV instruction, we can display the concrete value that gets placed into the destination register. Likewise, we can indicate the results of mathematical operations and memory accesses. The annotation in question is always dependent on the exact instruction being annotated - we handle it in a case-by-case basis.
 
The main hurdle in providing annotations is determining what each instruction does, getting the relevent CPU registers and memory that are accessed, and then resolving concrete values of the operands. We call the process of determining this information \"enhancement\", as we enhance the information provided natively by GDB.
 
The Capstone Engine disassembly framework is used to statically determine information about instructions and their operands. Take the x86 instruction sub rax, rdx. Given the raw bytes of the machine instructions, Capstone creates an object that provides an API that, among many things, exposes the names of the operands and the fact that they are both 8-byte wide registers. It provides all the information necessary to describe each operand. It also tells the general 'group' that a instruction belongs to, like if its a JUMP-like instruction, a RET, or a CALL. These groups are architecture agnostic.
 
However, the Capstone Engine doesn't fill in concrete values that those registers take on. It has no way of knowing the value in rdx, nor can it actually read from memory.
 
To determine the actual values that the operands take on, and to determine the results of executing an instruction, we use the Unicorn Engine, a CPU emulator framework. The emulator has its own internal CPU register set and memory pages that mirror that of the host process, and it can execute instructions to mutate its internal state. Note that the Unicorn Engine cannot execute syscalls - it doesn't have knowledge of a kernel.
 
We have the ability to single-step the emulator - tell it to execute the instruction at the program counter inside the emulator. After doing so, we can inspect the state of the emulator - read from its registers and memory. The Unicorn Engine itself doesn't expose information regarding what each instruction is doing - what is the instruction (is it an add, mov, push?) and what registers/memory locations is it reading to and writing from? - which is why we use the Capstone engine to statically determine this information.
 
Using what we know about the instruction based on the Capstone engine - such as that it was a sub instruction and rax was written to - we query the emulator after stepping in to determine the results of the instruction.
 
We also read the program counter from the emulator to determine jumps and so we can display the instructions that will actually be executed, as opposed to displaying the instructions that follow consecutively in memory.
"},{"location":"contributing/improving-annotations/#enhancing","title":"Enhancing","text":"
Everytime the inferior process stops (and when the disasm context section is displayed), we display the next handful of assembly instructions in the dashboard so the user can understand where the process is headed. The exact amount is determined by the context-disasm-lines setting.
 
We will be enhancing the instruction at the current program counter, as well as all the future instructions that are displayed. The end result of enhancement is that we get a list of PwndbgInstruction objects, each encapsulating relevent information regarding the instructions execution.
 
When the process stops, we instantiate the emulator from scratch. We copy all the registers from the host process into the emulator. For performance purposes, we register a handler to the Unicorn Engine to lazily map memory pages from the host to the emulator when they are accessed (a page fault from within the emulator), instead of immediately copying all the memory from the host to the emulator.
 
The enhancement is broken into a couple stops:
 
     
  1. First, we resolve the values of all the operands of the instruction before stepping the emulator. This means we read values from registers and dereference memory depending on the operand type. This gives us the values of operands before the instruction executes.
    2.  
  2. Then, we step the emulator, executing a single instruction.
    3.  
  3. We resolve the values of all operands again, giving us the after_value of each operand.
    4.  
  4. Then, we enhance the \"condition\" field of PwndbgInstructions, where we determine if the instruction is conditional (conditional branch or conditional mov are common) and if the action is taken.
    5.  
  5. We then determine the next and target fields of PwndbgInstructions. next is the address that the program counter will take on after using the GDB command nexti, and target indicates the target address of branch/jump/PC-changing instructions.
    6.  
  6. With all this information determined, we now effectively have a big switch statement, matching on the instruction type, where we set the annotation string value, which is the text that will be printed alongside the instruction in question.
    7.  
 
We go through the enhancement process for the instruction at the program counter and then ensuing handful of instructions that are shown in the dashboard.
"},{"location":"contributing/improving-annotations/#when-to-use-emulation-reasoning-about-process-state","title":"When to use emulation / reasoning about process state","text":"
In general, the code aims to be organized in a way as to allow as many features as possible even in the absence of emulation. If there is information that can be determined statically, then we try to expose it as an alternative to emulation. This is so we can display annotations even when the Unicorn Engine is disabled. For example, say we come to a stop, and are faced with enhancing the following three instructions in the dashboard:
 
1.     lea    rax, [rip + 0xd55]\n2. >   mov    rsi, rax      # The host process program counter is here\n3.     mov    rax, rsi\n
 
Instruction 1, the lea instruction, is already in the past - we pull our enhanced PwndbgInstruction for it from a cache.
 
Instruction 2, the first mov instruction, is where the host process program counter is at. If we did stepi in GDB, this instruction would be executed. In this case, there is two ways we can determine the value that gets written to rsi.
 
     
  1. After stepping the emulator, read from the emulators rsi register.
    2.  
  2. Given the context of the instruction, we know the value in rsi will come from rax. We can just read the rax register from the host. This avoids emulation.
    3.  
 
The decision on which option to take is implemented in the annotation handler for the specific instruction. When possible, we have a preference for the second option, because it makes the annotations work even when emulation is off.
 
The reason we could do the second option, in this case, is because we could reason about the process state at the time this instruction would execute. This instruction is about to be executed (Program PC == instruction.address). We can safely read from rax from the host, knowing that the value we get is the true value it takes on when the instruction will execute. It must - there are no instructions in-between that could have mutated rax.
 
However, this will not be the case while enhancing instruction 3 while we are paused at instruction 2. This instruction is in the future, and without emulation, we cannot safely reason about the operands in question. It is reading from rsi, which might be mutated from the current value that rsi has in the stopped process (and in this case, we happen to know that it will be mutated). We must use emulation to determine the before_value of rsi in this case, and can't just read from the host processes register set. This principle applies in general - future instructions must be emulated to be fully annotated. When emulation is disable, the annotations are not as detailed since we can't fully reason about process state for future instructions.
"},{"location":"contributing/improving-annotations/#what-if-the-emulator-fails","title":"What if the emulator fails?","text":"
It is possible for the emulator to fail to execute an instruction - either due to a restrictions in the engine itself, or the instruction inside segfaults and cannot continue. If the Unicorn Engine fails, there is no real way we can recover. When this happens, we simply stop emulating for the current step, and we try again the next time the process stops when we instantiate the emulator from scratch again.
"},{"location":"contributing/improving-annotations/#caching-annotations","title":"Caching annotations","text":"
When we are stepping through the emulator, we want to remember the annotations of the past couple instructions. We don't want to nexti, and suddenly have the annotation of the previously executed instruction deleted. At the same time, we also never want stale annotations that might result from coming back to point in the program to which we have stepped before, such as the middle of a loop via a breakpoint.
 
New annotations are only created when the process stops, and we create annotations for next handful of instructions to be executed. If we continue in GDB and stop at a breakpoint, we don't want annotations to appear behind the PC that are from a previous time we were near the location in question. To avoid stale annotations while still remembering them when stepping, we have a simple caching method:
 
While we are doing our enhancement, we create a list containing the addresses of the future instructions that are displayed.
 
For example, say we have the following instructions with the first number being the memory address:
 
   0x555555556259 <main+553>    lea    rax, [rsp + 0x90]\n   0x555555556261 <main+561>    mov    edi, 1                          EDI => 1\n   0x555555556266 <main+566>    mov    rsi, rax\n   0x555555556269 <main+569>    mov    qword ptr [rsp + 0x78], rax\n   0x55555555626e <main+574>    call   qword ptr [rip + 0x6d6c]    <fstat64>\n\n \u25ba 0x555555556274 <main+580>    mov    edx, 5                  EDX => 5\n   0x555555556279 <main+585>    lea    rsi, [rip + 0x3f30]     RSI => 0x55555555a1b0 \u25c2\u2014 'standard output'\n   0x555555556280 <main+592>    test   eax, eax\n   0x555555556282 <main+594>    js     main+3784                   <main+3784>\n\n   0x555555556288 <main+600>    mov    rsi, qword ptr [rsp + 0xc8]\n   0x555555556290 <main+608>    mov    edi, dword ptr [rsp + 0xa8]\n
 
In this case, our next_addresses_cache would be [0x555555556279, 0x555555556280, 0x555555556282, 0x555555556288, 0x555555556290].
 
Then, the next time our program comes to a stop (after using si, n, or any GDB command that continues the process), we immediately check if the current program counter is in this list. If it is, then we can infer that the annotations are still valid, as the program has only executed a couple instructions. In all other cases, we delete our cache of annotated instructions.
 
We might think \"why not just check if it's the next address - 0x555555556279 in this case? Why a list of the next couple addresses?\". This is because when source code is available, step and next often skip a couple instructions. It would be jarring to remove the annotations in this case. Likewise, this method has the added benefit that if we stop somewhere, and there happens to be a breakpoint only a couple instructions in front of us that we continue to, then previous couple annotations won't be wiped.
"},{"location":"contributing/improving-annotations/#other-random-annotation-details","title":"Other random annotation details","text":"
     
  • We don't emulate through CALL instructions. This is because the function might be very long.
    •  
  • We resolve symbols during the enhancement stage for operand values.
    •  
  • The folder pwndbg/aglib/disasm contains the code for enhancement. It follows an object-oriented model, with arch.py implementing the parent class with shared functionality, and the per-architecture implementations are implemented as subclasses in their own files.
    •  
  • pwndbg/aglib/nearpc.py is responsible for getting the list of enhanced PwndbgInstruction objects and converting them to the output seen in the 'disasm' view of the dashboard.
    •  
"},{"location":"contributing/improving-annotations/#adding-or-fixing-annotations","title":"Adding or fixing annotations","text":"
We annotate on an instruction-by-instruction basis. Effectively, imagine a giant switch statement that selects the correct handler to create an annotation based on the specific instruction. Many instruction types can be grouped and annotated using the same logic, such as load, store, and arithmetic instructions.
 
See pwndbg/aglib/disasm/aarch64.py as an example. We define sets that group instructions using the unique Capstone ID for each instruction, and inside the constructor of DisassemblyAssistant we have a mapping of instructions to a specific handler. The _set_annotation_string function will match the instruction to the correct handler, which set the instruction.annotation field.
 
If there is a bug in an annotation, the first order of business is finding its annotation handler. To track down where we are handling the instruction, you can search for its Capstone constant. For example, the RISC-V store byte instruction, sb, is represented as the Capstone constant RISCV_INS_SB. Or, if you are looking for the handler for the AArch64 instruction SUB, you can search the disasm code for _INS_SUB to find where we reference the appropriate Capstone constant for the instruction and following the code to the function that ultimately sets the annotation.
 
If an annotation is causing a crash, is it most likely due to a handler making an incorrect assumption on the number of operands, leading to a list index out of range error. One possible source of this is that a given instruction has multiple different disassembly representations. Take the RISC-V JALR instruction. It can be represented in 3 ways:
 
jalr rs1        # return register is implied as ra, and imm is implied as 0\njalr rs1, imm   # return register is implied as ra\njalr rd, rs1, imm\n
 
Capstone will expose the most \"simplified\" one possible, and the underlying list of register operands will change. If the handler doesn't take these different options into account, and rather assumes that jalr always has 3 operands, then an index error can occur if the handler accesses instruction.operands[2].
"},{"location":"contributing/improving-annotations/#bug-root-cause","title":"Bug root cause","text":"
When encountering an instruction that is behaving strangely (incorrect annotation, or there is a jump target when one shouldn't exist, or the target is incorrect), there are a couple routine things to check.
 
1. Use the dev-dump-instruction command to print all the enhancement information. With no arguments, it will dump the info from the instruction at the current address. If given an address, it will pull from the instruction cache at the corresponding location.
 
If the issue is not related to branches, check the operands and the resolved values for registers and memory accesses. Verify that the values are correct - are the resolved memory locations correct? Step past the instruction and use instructions like telescope and regs to read memory and verify if the claim that the annotation is making is correct. For things like memory operands, you can try to look around the resolved memory location in memory to see the actual value that the instruction dereferenced, and see if the resolved memory location is simply off by a couple bytes.
 
Example output of dumping a mov instruction:
 
mov qword ptr [rsp], rsi at 0x55555555706c (size=4) (arch: x86)\n        ID: 460, mov\n        Raw asm: mov    qword ptr [rsp], rsi\n        New asm: mov    qword ptr [rsp], rsi\n        Next: 0x555555557070\n        Target: 0x555555557070, Target string=, const=None\n        Condition: UNDETERMINED\n        Groups: []\n        Annotation: [0x7fffffffe000] => 0x7fffffffe248 \u2014\u25b8 0x7fffffffe618 \u25c2\u2014 '/usr/bin/ls'\n        Operands: [['[0x7fffffffe000]': Symbol: None, Before: 0x7fffffffe000, After: 0x7fffffffe000, type=CS_OP_MEM, size=8, access=CS_AC_WRITE]] ['RSI': Symbol: None, Before: 0x7fffffffe248, After: 0x7fffffffe248, type=CS_OP_REG, size=8, access=CS_AC_READ]]]\n        Conditional jump: False. Taken: False\n        Unconditional jump: False\n        Declare unconditional: None\n        Can change PC: False\n        Syscall:  N/A\n        Causes Delay slot: False\n        Split: NO_SPLIT\n        Call-like: False\n
 
2. Use the Capstone disassembler to verify the number of operands the instruction groups.
 
Taken the raw instruction bytes and pass them to cstool to see the information that we are working with:
 
cstool -d mips 0x0400000c\n
 
The number of operands may not match the visual appearance. You might also check the instruction groups, and verify that an instruction that we might consider a call has the Capstone call group. Capstone is not 100% correct in every single case in all architectures, so it's good to verify. Report a bug to Capstone if there appears to be an error, and in the meanwhile we can create a fix in Pwndbg to work around the current behavior.
 
3. Check the state of the emulator.
 
Go to pwndbg/emu/emulator.py and uncomment the DEBUG = -1 line. This will enable verbose debug printing. The emulator will print it's current pc at every step, and indicate important events, like memory mappings. Likewise, in pwndbg/aglib/disasm/arch.py you can set DEBUG_ENHANCEMENT = True to print register accesses to verify they are sane values.
 
Potential bugs:
 
     
  • A register is 0 (may also be the source of a Unicorn segfault if used as a memory operand) - often means we are not copying the host processes register into the emulator. By default, we map register by name - if in Pwndbg, it's called rax, then we find the UC constant named U.x86_const.UC_X86_REG_RAX. Sometimes, this default mapping doesn't work, sometimes do to differences in underscores (FSBASE vs FS_BASE). In these cases, we have to manually add the mapping.
    •  
  • Unexpected crash - the instruction at hand might require a 'coprocessor', or some information that is unavailable to Unicorn (it's QEMU under the hood).
    •  
  • Instructions are just no executing - we've seen this in the case of Arm Thumb instructions. There might be some specific API/way to invoke the emulator that is required for a certain processor state.
    •  
"},{"location":"contributing/improving-annotations/#creating-small-cross-architecture-programs","title":"Creating small cross-architecture programs","text":"
If you are encountering a strange behavior with a certain instruction or scenario in a non-native-architecture program, you can use some great functions from pwntools to handle the compilation and debugging. This is a great way to create a small reproducible example to isolate an issue.
 
The following Python program, when run from inside a tmux session, will take some AArch64 assembly, compile it, and run it with GDB attached in a new tmux pane. It will search your system for the appropriate cross compiler for the architecture at hand, and run the compiled binary with QEMU.
 
from pwn import *\n\ncontext.arch = \"aarch64\"\n\nAARCH64_GRACEFUL_EXIT = \"\"\"\nmov x0, 0\nmov x8, 93\nsvc 0\n\"\"\"\n\nout = make_elf_from_assembly(STORE)\n# Debug info\nprint(out)\ngdb.debug(out)\n\npause()\n
"},{"location":"contributing/making-a-gif/","title":"Making a Pwndbg gif","text":""},{"location":"contributing/making-a-gif/#the-rundown","title":"The rundown","text":"
If you wish to make a gif of your terminal while using Pwndbg (usually to add an example of some command/workflow to the website) you should use charmbracelet/vhs. This ensures a consistent look to the gifs throughout the documentation, makes them easily updateable when UI changes are made, and just makes them more easily reproducable and modifiable in general.
 
Note
 
Here \"gif\" really means \"a video that loops\", in practice it is better to use .webm with .mp4 as a fallback because they are better optimized file formats.
 
The workflow to creating a gif is simple. Start a recording: 
vhs record > my_thingy.tape\n
 Whatever you now do in the terminal will be \"recorded\" to the my_thingy.tape file. Exit the shell to save the recording. The tape probably isn't ready to use as-is. You will want to add some metadata and fixup some lines.
 Example 
This is the tape used to generate the gif at https://pwndbg.re/dev/commands/context/context/ : 
# https://github.com/charmbracelet/vhs\n\nOutput pwndbg.mp4\nOutput pwndbg.webm\n\nSet FontSize 24\nSet Width 1920\nSet Height 1080\nSet TypingSpeed 100ms\n\nSleep 1s\nType \"pwndbg /bin/sh\"\nEnter\nSleep 2s\nType \"start\"\nEnter\nSleep 3s\nType \"stepsyscall\"\nSleep 3s\nEnter 1\nSleep 3s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"context\"\nSleep 4s\nEnter 1\nSleep 7s\nType \"down\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"ctx\"\nSleep 4s\nEnter 1\nSleep 7s\n
 
You may now run 
vhs my_thingy.tape\n
 and it will generate a gif with the filename you specified in the tape (the Output line in the example).
 
Make sure to commit the .tape file along with the gif.
"},{"location":"contributing/making-a-gif/#recording-in-docker","title":"Recording in Docker","text":"
If the setup for the gif is not highly involved, you may want to use a Dockerfile to generate the gif to ensure reproducability (or if wish to make sure your environment variables aren't visible during the debugging session). Here is a sample Dockerfile you can modify to your liking: 
# https://github.com/charmbracelet/vhs\nFROM ghcr.io/charmbracelet/vhs\n\n# Install Pwndbg\nRUN apt update && apt install -y git \\\n    && git clone https://github.com/pwndbg/pwndbg.git /pwndbg \\\n    && cd /pwndbg \\\n    && ./setup.sh\n\n# Create a pwndbg executable in PATH so we can run with\n# `pwndbg /bin/sh`.\nRUN echo '#!/bin/sh\\ngdb --quiet \"$@\"' > /usr/local/bin/pwndbg \\\n    && chmod +x /usr/local/bin/pwndbg\n\n# Make sure uv.lock.hash is created so we don't get\n# a message about updating during the gif.\nRUN gdb /bin/sh --batch\n\n# The ENTRYPOINT and CMD are defined in the vhs docker image.\n
 you can use a script like this to run it easily. 
#!/bin/sh\n\nset -e\n\nIMAGE_NAME=\"vhs-pwndbg\"\n\nrm -f .gdb_history\ndocker build -t \"$IMAGE_NAME\" .\ndocker run --rm -v \"$(pwd)\":/vhs \"$IMAGE_NAME\" my_thingy.tape\n
"},{"location":"contributing/setup-pwndbg-dev/","title":"Setup Pwndbg for Development","text":""},{"location":"contributing/setup-pwndbg-dev/#installing-pwndbg-from-source","title":"Installing Pwndbg from source","text":"
Run the following: 
git clone https://github.com/pwndbg/pwndbg\ncd pwndbg\n./setup.sh\n
 Officially supported is Ubuntu 22.04 and later, but the setup script also supports the following distributions:
 
     
  • Debian-based OSes (via apt-get)
    •  
  • Fedora and Red Hat (via dnf)
    •  
  • Clear (via swiped)
    •  
  • OpenSUSE LEAP (via zypper)
    •  
  • Arch and Manjaro (via community AUR packages)
    •  
  • Void (via xbps)
    •  
  • Gentoo (via emerge)
    •  
 
Tip
 
If you have an older ubuntu version you may still use Pwndbg:
 
     
  • for Ubuntu 20.04 use the 2024.08.29 release
    •  
  • for Ubuntu 18.04 use the 2023.07.17: ubuntu18.04-final release
    •  
 
however if you wish to contribute, it is recommended you upgrade your distribution.
"},{"location":"contributing/setup-pwndbg-dev/#running-with-gdb","title":"Running with GDB","text":"
Pwndbg requires GDB 12.1 or later. If the GDB version your distro provides is too old, build GDB from source: 
sudo apt install libgmp-dev libmpfr-dev libreadline-dev texinfo  # required by build\ngit clone git://sourceware.org/git/binutils-gdb.git\nmkdir gdb-build\ncd gdb-build\n../binutils-gdb/configure --enable-option-checking --disable-nls --disable-werror --with-system-readline --with-python=$(which python3) --with-system-gdbinit=/etc/gdb/gdbinit --enable-targets=all --disable-binutils --disable-ld --disable-gold --disable-gas --disable-sim --disable-gprof\nmake -j $(nproc)\n
 Since the ./setup.sh script made it so you source Pwndbg from your ~/.gdbinit, Pwndbg will start up automatically any time you run gdb.
"},{"location":"contributing/setup-pwndbg-dev/#running-with-lldb","title":"Running with LLDB","text":"
Pwndbg requires LLDB 19 or later. You can get it like this on Ubuntu 24.04: 
sudo apt install -y lldb-19 liblldb-19-dev\n
 but it will be added to your PATH as lldb-19 so you should either alias it or export it in your shell: 
export PATH=/usr/lib/llvm-19/bin/:$PATH\n
 so you can invoke it as lldb. Also export this environment variable: 
export LLDB_DEBUGSERVER_PATH=/usr/lib/llvm-19/bin/lldb-server\n
 Pwndbg doesn't use the lldb driver binary directly, it drives its own REPL and interacts with LLDB through liblldb. You can run Pwndbg with LLDB by running: 
uv run pwndbg-lldb [binary-to-debug]\n
"},{"location":"contributing/setup-pwndbg-dev/#the-development-environment","title":"The development environment","text":"
After installing Pwndbg like described above, there are a few ways to set up the development environment. The simplest one is by running: 
./setup-dev.sh\n
 but you can also use the docker container or develop using nix.
 
Note
 
For a proper development environment you must be able to run Pwndbg with both GDB and LLDB, otherwise you won't be able to use some important development features (like doc generation).
"},{"location":"contributing/setup-pwndbg-dev/#development-from-docker","title":"Development from docker","text":"
You can create a Docker image with everything already installed for you. You can use docker compose 
docker compose run -i main\n
 or build and run the container with 
docker build -t pwndbg .\ndocker run -it --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -v `pwd`:/pwndbg pwndbg bash\n
"},{"location":"contributing/setup-pwndbg-dev/#development-using-nix","title":"Development using Nix","text":"
Pwndbg supports development with Nix which installs all the required development dependencies:
 
     
  1. Install Nix with Determinate Nix Installer.
    2.  
  2. Enter the development shell with nix develop or automate this with direnv.
    3.  
  3. Run local changes with pwndbg or pwndbg-lldb. Run tests with ./tests.sh.
    4.  
"},{"location":"contributing/writing-tests/","title":"Writing Tests","text":""},{"location":"contributing/writing-tests/#overview","title":"Overview","text":"
Note
 
This is written under the assumption you already know how to run the tests.
 
In Pwndbg we have four types of tests: extensive x86_64 GDB tests, cross-architecture tests, linux kernel tests and unit-tests. They are all located in subdirectories of ./tests.
 
The x86_64 tests encompass most of the Pwndbg testing suite. If your tests do not belong in any of the other categories, they should go here. Since we do not yet perform testing on LLDB, these are run from inside GDB and are located in the ./tests/library/gdb directory. They can be run with ./tests.sh -d gdb -g gdb.
 
The cross-architecture tests are run using qemu-user emulation. They test architecture-specific logic and are located in the ./tests/library/qemu-user directory. They can be run with ./tests.sh -d gdb -g cross-arch-user.
 
The linux kernel tests are run using qemu-system emulation. They are located in the ./tests/library/qemu_system directory and run for a variety kernel configurations and architectures.
 
The unit tests are not run from within a debugger, but rather directly with pytest. They are located in the ./tests/unit_tests/ directory.
 
Here are the options supported by ./tests.sh which you can get by running ./tests.sh -h. 
usage: tests.py [-h] -g {gdb,dbg,cross-arch-user} -d {gdb} [-p] [-c] [-v] [-s] [--nix] [--collect-only] [test_name_filter]\n\nRun tests.\n\npositional arguments:\n  test_name_filter      run only tests that match the regex\n\noptions:\n  -h, --help            show this help message and exit\n  -g {gdb,dbg,cross-arch-user}, --group {gdb,dbg,cross-arch-user}\n  -d {gdb}, --driver {gdb}\n  -p, --pdb             enable pdb (Python debugger) post mortem debugger on failed tests\n  -c, --cov             enable codecov\n  -v, --verbose         display all test output instead of just failing test output\n  -s, --serial          run tests one at a time instead of in parallel\n  --nix                 run tests using built for nix environment\n  --collect-only        only show the output of test collection, don't run any tests\n
"},{"location":"contributing/writing-tests/#writing-tests_1","title":"Writing tests","text":"
Each test is a Python function that runs inside of an isolated GDB session. Using a pytest fixture at the beginning of each test, GDB will attach to a binary or connect to a QEMU instance. Each test runs some commands and uses Python assert statements to verify correctness. We can access Pwndbg library code like pwndbg.aglib.regs.sp as well as execute GDB commands with gdb.execute().
 
We can take a look at tests/library/gdb/tests/test_symbol.py for an example of a simple test. Looking at a simplified version of the top-level code, we have this:
 
import gdb\nimport pwndbg\nimport tests\n\nBINARY = tests.get_binary(\"symbol_1600_and_752.native.out\")\n
 
Since these tests run inside GDB, we can import the gdb Python library. We also import the tests module, which makes it easy to get the path to the test binaries located in tests/gdb-tests/tests/binaries. You should be able to reuse the binaries in this folder for most tests, but if not feel free to add a new one.
 
Here's a small snippet of the actual test:
 
def test_hexdump(start_binary):\n    start_binary(BINARY)\n    pwndbg.config.hexdump_group_width.value = -1\n\n    gdb.execute(\"set hexdump-byte-separator\")\n    stack_addr = pwndbg.aglib.regs.sp - 0x100\n
 
pytest will run any function that starts with test_ as a new test, so there is no need to register your new test anywhere. The start_binary argument is a function that will run the binary you give it, and it will set some common options before starting the binary. Using start_binary is recommended if you don't need any additional customization to GDB settings before starting the binary, but if you do it's fine to not use it.
"},{"location":"contributing/writing-tests/#qemu-tests","title":"QEMU Tests","text":"
Our gdb tests run in x86. To debug other architectures, we use QEMU for emulation and attach to its debug port. These tests are located in tests/library/qemu-user/tests. Test creation is identical to our x86 tests - create a Python function with a Pytest fixture name as the parameter (it matches based on the name), and call the argument to start debugging a binary. The qemu_assembly_run fixture takes in a Python string of assembly code, compiles it in the appropriate architecture, and runs it - no need to create an external file or edit a Makefile.
"},{"location":"functions/","title":"Index","text":""},{"location":"functions/#functions","title":"Functions","text":"
Pwndbg provides a set of functions which can be used during expression evaluation to quickly perform common calculations. These can even be passed to other commands as arguments. Currently, they only work in gdb.
 
To see a list of all functions, including those built into GDB, use help function. To see the help of any given function use help function function_name. Function invocation must include a preceding $ sign and must include brackets. For instance, invoke the environ function like so: 
pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffe6da \"LANG=en_US.UTF-8\"\n
 If the result of the function is being passed to a Pwndbg command, make sure to either escape the function argument's quotes, or put the whole function call in quotes. 
pwndbg> tele $environ(\"LANG\")\nusage: telescope [-h] [-r] [-f] [-i] [address] [count]\ntelescope: error: argument address: debugger couldn't resolve argument '$environ(LANG)':\n    No symbol \"LANG\" in current context.\npwndbg> tele $environ(\\\"LANG\\\")\n00:0000\u2502  0x7fffffffe6cf \u25c2\u2014 'LANG=en_US.UTF-8'\n01:0008\u2502  0x7fffffffe6d7 \u25c2\u2014 'US.UTF-8'\n02:0010\u2502  0x7fffffffe6df \u25c2\u2014 0x4e49475542454400\n[...]\npwndbg> tele '$environ(\"LANG\")'\n00:0000\u2502  0x7fffffffe6cf \u25c2\u2014 'LANG=en_US.UTF-8'\n01:0008\u2502  0x7fffffffe6d7 \u25c2\u2014 'US.UTF-8'\n02:0010\u2502  0x7fffffffe6df \u25c2\u2014 0x4e49475542454400\n[...]\n
"},{"location":"functions/#pwndbg-functions","title":"Pwndbg functions","text":""},{"location":"functions/#argc","title":"argc","text":"
argc() -> int\n
 
Get the number of program arguments. Evaluates to argc.
"},{"location":"functions/#example","title":"Example","text":"
pwndbg> p $argc()\n$1 = 2\npwndbg> argv\n00:0000\u2502  0x7fffffffe288 \u2014\u25b8 0x7fffffffe659 \u25c2\u2014 '/usr/bin/cat'\n01:0008\u2502  0x7fffffffe290 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 'gdbinit.py'\n02:0010\u2502  0x7fffffffe298 \u25c2\u2014 0\n
"},{"location":"functions/#argv","title":"argv","text":"
argv(index: gdb.Value) -> gdb.Value\n
 
Get the n-th program argument. Evaluate argv on the supplied value.
"},{"location":"functions/#example_1","title":"Example","text":"
pwndbg> p $argv(0)\n$11 = (signed char *) 0x7fffffffe666 \"/usr/bin/sh\"\npwndbg> argv\n00:0000\u2502  0x7fffffffe2a8 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 '/usr/bin/sh'\n01:0008\u2502  0x7fffffffe2b0 \u25c2\u2014 0\n
"},{"location":"functions/#base","title":"base","text":"
base(name_pattern: gdb.Value | str)\n
 
Return the base address of the first memory mapping containing the given name.
"},{"location":"functions/#example_2","title":"Example","text":"
pwndbg> p/x $base(\"libc\")\n$4 = 0x7ffff7d4b000\npwndbg> vmmap libc\n    0x7ffff7d4a000     0x7ffff7d4b000 rw-p     1000  6e000 /usr/lib/libncursesw.so.6.5\n\u25ba   0x7ffff7d4b000     0x7ffff7d6f000 r--p    24000      0 /usr/lib/libc.so.6\n\u25ba   0x7ffff7d6f000     0x7ffff7ed6000 r-xp   167000  24000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7ed6000     0x7ffff7f2b000 r--p    55000 18b000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7f2b000     0x7ffff7f2f000 r--p     4000 1e0000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7f2f000     0x7ffff7f31000 rw-p     2000 1e4000 /usr/lib/libc.so.6\n    0x7ffff7f31000     0x7ffff7f39000 rw-p     8000      0 [anon_7ffff7f31]\npwndbg> tele $base(\\\"libc\\\")+0x1337\n00:0000\u2502  0x7ffff7d4c337 \u25c2\u2014 0x80480a04214000f0\n01:0008\u2502  0x7ffff7d4c33f \u25c2\u2014 0x8040c02204452040\n02:0010\u2502  0x7ffff7d4c347 \u25c2\u2014 0x20042400000200\n03:0018\u2502  0x7ffff7d4c34f \u25c2\u2014 0x20 /* ' ' */\n[...]\n
 
Beware of accidentally matching the wrong mapping. For instance, if the loaded executable contained the string \"libc\" anywhere in it's path, it would've been returned.
"},{"location":"functions/#bn_eval","title":"bn_eval","text":"
bn_eval(expr: gdb.Value) -> int\n
 
Parse and evaluate a Binary Ninja expression.
 
Read more about binary ninja expressions here: https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView.parse_expression
 
All registers in the current register set are available as magic variables (e.g. $rip). The $piebase magic variable is also included, with the computed executable base.
 
This function cannot see stack local variables.
"},{"location":"functions/#example_3","title":"Example","text":"
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p/x $bn_eval(\"10+20\")\n$6 = 0x30\npwndbg> p/x $bn_eval(\"main\")\n$7 = 0x1645\npwndbg> p/x $rebase($bn_eval(\"main\"))\n$8 = 0x555555555645\npwndbg> p some_global_var\nNo symbol \"some_global_var\" in current context.\npwndbg> p/x $rebase($bn_eval(\"some_global_var+$rax\"))\n$9 = 0x5555555586b8\npwndbg> p $rebase($bn_eval(\"some_global_var+$rax\")) == $bn_sym(\"some_global_var\") + $rax\n$10 = 1\npwndbg> p $bn_eval(\"$piebase+some_global_var+$rax\") == $bn_sym(\"some_global_var\") + $rax\n$11 = 1\n
"},{"location":"functions/#bn_sym","title":"bn_sym","text":"
bn_sym(name_val: gdb.Value) -> int\n
 
Lookup a symbol's address by name from Binary Ninja.
 
This function sees symbols like functions and global variables, but not stack local variables, use bn_var for that.
"},{"location":"functions/#example_4","title":"Example","text":"
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $bn_sym(\"main\")\n$2 = 0x555555555645\npwndbg> b *($bn_sym(\"main\"))\nBreakpoint 1 at 0x555555555645\n
"},{"location":"functions/#bn_var","title":"bn_var","text":"
bn_var(name_val: gdb.Value) -> int\n
 
Lookup a stack variable's address by name from Binary Ninja.
 
This function doesn't see functions or global variables, use bn_sym for that.
"},{"location":"functions/#example_5","title":"Example","text":"
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p user_choice\nNo symbol \"user_choice\" in current context.\npwndbg> p/x $bn_var(\"user_choice\")\n$4 = 0x7fffffffe118\npwndbg> vmmap $4\n    0x7ffff7ffe000     0x7ffff7fff000 rw-p     1000      0 [anon_7ffff7ffe]\n\u25ba   0x7ffffffde000     0x7ffffffff000 rw-p    21000      0 [stack] +0x20118\npwndbg> p/x $bn_var(\"main\")\nTypeError: Could not convert Python object: None.\nError while executing Python code.\n
"},{"location":"functions/#environ","title":"environ","text":"
environ(env_name: gdb.Value) -> gdb.Value\n
 
Get an environment variable by name. Evaluate getenv() on the supplied value.
"},{"location":"functions/#example_6","title":"Example","text":"
pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffebfb \"LANG=en_US.UTF-8\"\n
"},{"location":"functions/#envp","title":"envp","text":"
envp(index: gdb.Value) -> gdb.Value\n
 
Get the n-th environment variable. Evaluate envp on the supplied value.
"},{"location":"functions/#example_7","title":"Example","text":"
pwndbg> p $envp(0x3F)\n$13 = (signed char *) 0x7fffffffef7d \"LANG=en_US.UTF-8\"\npwndbg> p $envp(0x3F) == $environ(\"LANG\")\n$14 = 1\n
"},{"location":"functions/#fsbase","title":"fsbase","text":"
fsbase(offset: gdb.Value = gdb.Value(0)) -> int\n
 
Get the value of the FS segment register. Only valid on x86(-64).
"},{"location":"functions/#example_8","title":"Example","text":"
pwndbg> p/x $fsbase()\n$3 = 0x7ffff7cdab80\npwndbg> p $fs_base == $fsbase()\n$4 = 1\npwndbg> x/gx $fsbase(0x28)\n0x7ffff7cdaba8:     0x4da926e1668e5a00\npwndbg> x/gx $fsbase(0x30)\n0x7ffff7cdabb0:     0x190a86d93bccf0ad\npwndbg> tls\nThread Local Storage (TLS) base: 0x7ffff7cdab80\nTLS is located at:\n    0x7ffff7cda000     0x7ffff7cdc000 rw-p     2000      0 [anon_7ffff7cda]\nDumping the address:\ntcbhead_t @ 0x7ffff7cdab80\n    0x00007ffff7cdab80 +0x0000 tcb                  : 0x7ffff7cdab80\n    0x00007ffff7cdab88 +0x0008 dtv                  : 0x7ffff7cdb4f0\n    0x00007ffff7cdab90 +0x0010 self                 : 0x7ffff7cdab80\n    0x00007ffff7cdab98 +0x0018 multiple_threads     : 0x0\n    0x00007ffff7cdab9c +0x001c gscope_flag          : 0x0\n    0x00007ffff7cdaba0 +0x0020 sysinfo              : 0x0\n    0x00007ffff7cdaba8 +0x0028 stack_guard          : 0x4da926e1668e5a00\n    0x00007ffff7cdabb0 +0x0030 pointer_guard        : 0x190a86d93bccf0ad\n    [...]\npwndbg> canary\n[...]\nCanary    = 0x4da926e1668e5a00 (may be incorrect on != glibc)\n[...]\n
 FS will usually point to the start of the TLS. If you're not providing an offset, it is usually easier to use GDB's builtin $fs_base variable.
"},{"location":"functions/#gsbase","title":"gsbase","text":"
gsbase(offset: gdb.Value = gdb.Value(0)) -> int\n
 
Get the value of the GS segment register. Only valid on x86(-64).
"},{"location":"functions/#example_9","title":"Example","text":"
pwndbg> p/x $gsbase()\n$1 = 0x0\n
 The value of the GS register is more interesting when doing kernel debugging: 
pwndbg> p/x $gsbase()\n$1 = 0xffff999287a00000\npwndbg> tele $gsbase()\n00:0000\u2502  0xffff999287a00000 \u25c2\u2014 0\n... \u2193     4 skipped\n05:0028\u2502  0xffff999287a00028 \u25c2\u2014 0xd6aa9b336d52a400\n06:0030\u2502  0xffff999287a00030 \u25c2\u2014 0\n07:0038\u2502  0xffff999287a00038 \u25c2\u2014 0\npwndbg> p $gsbase() == $gs_base\n$2 = 1\n
 If you're not providing an offset, it is usually easier to use GDB's builtin $gs_base variable.
"},{"location":"functions/#hex2ptr","title":"hex2ptr","text":"
hex2ptr(hex_string: gdb.Value | str) -> int\n
 
Converts a hex string to a little-endian address and returns the address.
"},{"location":"functions/#example_10","title":"Example","text":"
pwndbg> p/x $hex2ptr(\"20 74 ed f7 ff 7f\")\n$1 = 0x7ffff7ed7420\npwndbg> p/x $hex2ptr(\"2074edf7ff7f\")\n$2 = 0x7ffff7ed7420\npwndbg> distance '$base(\"libc\")' '$hex2ptr(\"20 74 ed f7 ff 7f\")'\n0x7ffff7d4b000->0x7ffff7ed7420 is 0x18c420 bytes (0x31884 words)\n
 
Especially useful for quickly converting pwntools output.
"},{"location":"functions/#ida","title":"ida","text":"
ida(name: gdb.Value) -> int\n
 
Lookup a symbol's address by name from IDA. Evaluate ida.LocByName() on the supplied value.
 
This functions doesn't see stack local variables.
"},{"location":"functions/#example_11","title":"Example","text":"
pwndbg> set integration-provider ida\nPwndbg successfully connected to Ida Pro xmlrpc: http://127.0.0.1:43718\nSet which provider to use for integration features to 'ida'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $ida(\"main\")\n$1 = 0x555555555645\npwndbg> b *$ida(\"main\")\nBreakpoint 2 at 0x555555555645\n
"},{"location":"functions/#rebase","title":"rebase","text":"
rebase(addr: gdb.Value | int) -> int\n
 
Return address rebased onto the executable's mappings.
"},{"location":"functions/#example_12","title":"Example","text":"
pwndbg> p/x $rebase(0xd9020)\n$1 = 0x55555562d020\npwndbg> vmmap\n0x555555554000     0x55555556f000 r--p    1b000      0 /usr/bin/bash\n0x55555556f000     0x55555562d000 r-xp    be000  1b000 /usr/bin/bash\n0x55555562d000     0x55555565e000 r--p    31000  d9000 /usr/bin/bash\n[...]\npwndbg> p $rebase(0xd9020) == 0x555555554000 + 0xd9020\n$2 = 1\npwndbg> tele $rebase(0xd9020)\n00:0000\u2502  0x55555562d020 \u25c2\u2014 0x204900636f6c6c61 /* 'alloc' */\n01:0008\u2502  0x55555562d028 \u25c2\u2014 'have no name!'\n02:0010\u2502  0x55555562d030 \u25c2\u2014 0x65720021656d616e /* 'name!' */\n03:0018\u2502  0x55555562d038 \u25c2\u2014 'adline stdin'\n[...]\n
"},{"location":"tutorials/env-vars/","title":"Env vars","text":""},{"location":"tutorials/env-vars/#environment-variables","title":"Environment Variables","text":"
Pwndbg relies on several environment variables to customize its behavior. Below is a list of these variables and their purposes:
 
     
  • PATH: Standard system PATH variable used to locate executables.
    •  
  • EDITOR, VISUAL: Used by the cymbol command to open an editor.
    •  
  • HOME, XDG_CACHE_HOME: Used by lib.tempfile to determine temporary file locations.
    •  
  • PWNDBG_VENV_PATH: Specifies the virtual environment path for Pwndbg.
    •  
  • NO_COLOR: Disables colored output in Pwndbg.
    •  
  • PWNDBG_LOGLEVEL: Initial log level to use for log messages.
    •  
  • OPENAI_API_KEY, ANTHROPIC_API_KEY: Used by the ai command for accessing respective AI APIs.
    •  
  • GITHUB_ACTIONS, RUN_FLAKY: Used by tests_commands.py to determine the test environment.
    •  
  • PWNDBG_PROFILE: Enables profiling for benchmarking.
    •  
  • USE_PDB: Enables Python debugger in tests.
    •  
  • PWNDBG_LAUNCH_TEST: Used by tests to configure test launching.
    •  
  • PWNDBG_ARCH, PWNDBG_KERNEL_TYPE, PWNDBG_KERNEL_VERSION: Used by gdblib kernel tests to specify kernel parameters.
    •  
  • SPHINX: Used by docs/source/conf.py, likely to be removed.
    •  
  • PWNLIB_NOTERM=1: Set by Pwndbg to avoid terminal issues with Pwntools.
    •  
"},{"location":"tutorials/gdb-lldb-commands/","title":"GDB vs LLDB","text":"
For users who are migrating from one debugger to another, here is a table comparison of some of the most common actions and how to do them in GDB and LLDB. Note that both debuggers offer shorthands for typing these commands.
 Functionality GDB Command LLDB Command Start Debugging Program gdb ./your-program lldb ./your-program Set a Breakpoint break <function-name> breakpoint set --name <function-name> Set Breakpoint on Address break *<address> breakpoint set --address <address> Set Breakpoint at Line break <filename>:<line-number> breakpoint set --file <filename> --line <line-number> Set Hardware Breakpoint hbreak <function-name> breakpoint set --hardware --name <function-name> Set Hardware Breakpoint at Memory hbreak *<memory-address> breakpoint set --hardware --address <memory-address> List All Breakpoints info breakpoints breakpoint list Delete Breakpoints delete <breakpoint-number> breakpoint delete <breakpoint-number> Set Watchpoint watch <variable> watchpoint set variable <variable> Set Conditional Breakpoint break <function-name> if <condition> breakpoint set --condition \"<condition>\" Continue Execution continue process continue Next Instruction next thread step-over Step into a Function step thread step-in Step out of a Function finish thread step-out Print Threads info threads thread list Select Thread thread <thread-id> thread select <thread-id> Print Register Values info registers register read -a Print a Variable print <variable> print <variable> Display Variable on Every Stop display <variable> expression --watch <variable> Examine Memory (Hex) x/<num>x <memory-address> memory read --format x --count <num> <memory-address> Examine Memory (Integer) x/<num>d <memory-address> memory read --format d --count <num> <memory-address> Inspect Stack Trace backtrace thread backtrace Change Register Value set $<register-name> = <value> register write <register-name> <value> Check Program Status info locals frame variable Check Program Info info functions image lookup --functions Show Disassembly of Function disas <function-name> disassemble <function-name> Memory Dump (Hex) x/<num>xh <memory-address> memory read --format x --count <num> <memory-address> Memory Dump (Bytes) x/<num>bx <memory-address> memory read --format b --count <num> <memory-address> Show Process Information info process process status Quit Debugging quit quit Run Program with Arguments run <arg1> <arg2> ... process launch -- <arg1> <arg2> ... Show Current Function info frame frame info Set Sysroot set sysroot <path-to-sysroot> settings set target.sysroot <path-to-sysroot> Set Source Directory directory <path-to-source-directory> settings set target.source-map <remote-path> <local-path> Set Architecture set architecture <arch> target create --arch <arch> <executable-file> Show Settings show <setting-name> settings show <setting-name> Set File for Debugging file <executable-file> target create <executable-file> Start the Program at the First Instruction starti process launch --stop-at-entry Enable ASLR set disable-randomization off settings set target.disable-aslr false"},{"location":"tutorials/gdb-tui/","title":"GDB TUI","text":"
The context sections are available as native GDB TUI windows named pwndbg_[sectionname]. There are some predefined layouts coming with Pwndbg which you can select using layout pwndbg or layout pwndbg_code.
 
Use focus cmd to focus the command window and have the arrow keys scroll through the command history again. tui disable to disable TUI mode and go back to CLI mode when running commands with longer output. ctrl-x + a toggles between TUI and CLI mode quickly. Hold shift to ignore the TUI mouse integration and use the mouse normally to select text or copy data.
 
To create your own layout and selecting it use normal tui new-layout syntax like: 
tui new-layout pwndbg_custom {-horizontal { { -horizontal { pwndbg_code 1 pwndbg_disasm 1 } 2 { {-horizontal pwndbg_legend 8 pwndbg_control 2 } 0 pwndbg_regs 1 pwndbg_stack 1 } 3 } 7 cmd 3 } 3 { pwndbg_backtrace 2 pwndbg_expressions 2 pwndbg_threads 1 } 1 } 1 status 1\nlayout pwndbg_custom\n
"},{"location":"tutorials/go-debugging/","title":"Debugging Go with Pwndbg","text":""},{"location":"tutorials/go-debugging/#basics","title":"Basics","text":"
The go-dump command can be used to dump Go values during debugging. It takes the form go-dump type address_expression, and supports many different types with the same syntax as Go:
 
     
  • Integer types: int, int8, int16, int32, int64, int128, and their uint counterparts
    •  
  • Misc types: bool, rune, uintptr, string
    •  
  • Floating point types: float32, float64
    •  
  • Complex numbers: complex64, complex128
    •  
  • Interface types: any for interface{} (the empty interface), and interface for all non-empty interfaces
    •  
  • Function types: funcptr for all function types
    •  
  • Pointers: *ELEM
    •  
  • Slices: []ELEM
    •  
  • Arrays: [LEN]ELEM
    •  
  • Maps: map[KEY][VAL] (note that maps in Go are actually pointers to the map, whereas this map is the inner map, so you may need to use *map[KEY]VAL to dump a map)
    •  
 
Struct types are also supported, but the syntax is slightly different from Go in order to avoid having to compute offsets (and also to support only having partial field information on structs). Struct types are notated as OFFSET:FIELD_NAME:TYPE triples separated by semicolons then enclosed with struct(SIZE){}, e.g. struct(24){0:foo:string;16:bar:int64} to represent the 24-byte Go struct struct { foo string; bar int64 }.
 
Example: 
pwndbg> go-dump map[string]int 0xc0000b20f0\n{\"a\": 1, \"b\": 2, \"c\": 3}\n\npwndbg> go-dump any 0xc0000ace40\n([]struct { a int; b string }) [struct {a: 1, b: \"first\"}, struct {a: 2, b: \"second\"}]\n\npwndbg> go-dump struct(24){0:a:int;8:b:string} 0xc000108120\nstruct {a: 1, b: \"first\"}\n
 
Some notable flags include -p to enable pretty printing, -x to display integers in hex, -f DECIMALS to set the number of decimals used to display floats, -d to enable debug printing, which displays memory addresses of everything shown in the dump.
"},{"location":"tutorials/go-debugging/#runtime-type-parsing","title":"Runtime Type Parsing","text":"
Go's compiler emits type objects for every single type used by the program. This is what enables dumping interface values with go-dump without having to specify any additional type information, and can also be leveraged to dump non-interface values if the type can be located. A good way to locate types is by finding the type pointer passed into heap allocation functions like runtime.newobject or runtime.makeslice.
 
After finding the type pointer, the go-type command can be used to inspect a type: 
pwndbg> go-type 0x49fbc0\n Name: struct { a int; b string }\n Kind: STRUCT\n Size: 24 (0x18)\nAlign: 8\nParse: struct(24){0:a:int;8:b:string}\nField a:\n    Offset: 0 (0x0)\n    Type name: int\n    Type addr: 0x498ce0\nField b:\n    Offset: 8 (0x8)\n    Type name: string\n    Type addr: 0x498aa0\n
 
The go-dump command can also take an address to a type instead of the name of a type: 
pwndbg> go-dump 0x49fbc0 0xc000108120\nstruct {a: 1, b: \"first\"}\n
"},{"location":"tutorials/packaging/","title":"Packaging Pwndbg","text":"
Previously, packagers were required to create a .skip-venv file if they wanted to make sure Pwndbg used system installed python packages. Also, they had to deal with the fact that Pwndbg was invoked from the ~/.gdbinit file.
 
As of version 2025.10.10, you don't need to worry about those problems anymore. The entrypoints to Pwndbg are the pwndbg and pwndbg-lldb commands as defined in the [project.scripts] section of the pyproject.toml file. The .skip-venv file is also not necessary as Pwndbg will detect that a virtual environment is not being used at runtime. The method you use to package any python package will just work with Pwndbg without any workarounds.
 
Info
 
If you're curious, the PR that introduced these changes is #3199. There is a general packaging thread in #3124. For reference, the Pwndbg package for Gentoo has been updated in this PR: gentoo/gentoo!44181 (discussed in #3348).
"},{"location":"tutorials/pwndbg-users/","title":"Pwndbg in the wild","text":"
Here is a non-exhaustive list of Pwndbg mentions found in the wild. Feel free to open a PR to add more if you find them!
"},{"location":"tutorials/pwndbg-users/#talks","title":"Talks","text":"
     
  • EuroPython 2025 - Pwndbg: Low level debugging and exploit development with Python (slides, video)
    •  
  • OffensiveCon24 - How to Fuzz Your Way to Android Universal Root: Attacking Android Binder - by Eugene Rodionov, Zi Fan Tan and Gulshan Singh
    •  
"},{"location":"tutorials/pwndbg-users/#blog-posts","title":"Blog posts","text":"
     
  • Oops Safari, I think You Spilled Something! @ Exodus Intelligence
    •  
  • \u201cUnstripping\u201d binaries: Restoring debugging information in GDB with Pwndbg by Jason An @ Trail of Bits
    •  
  • A Winter\u2019s Tale: Improving messages and types in GDB\u2019s Python API by Matheus Branco Borella @ Trail of Bits
    •  
  • Patch-gapping Google Chrome @ Exodus Intelligence
    •  
  • Inspecting rdtsc with pwndbg by John Shaughnessy
    •  
"},{"location":"tutorials/pwndbg-users/#videos","title":"Videos","text":"
     
  • Intro to pwndbg - CTF Cookbook by SloppyJoePirates CTF Writeups
    •  
  • Intro to Binary Exploitation (Pwn) by CryptoCat
    •  
  • Bug A Day #8 - pwndbg #2 by Bug-A-Day
    •  
"},{"location":"tutorials/pwndbg-users/#scripts","title":"Scripts","text":"
     
  • CVE-2022-24834 exploit by ptr-yudai
    •  
"},{"location":"tutorials/pwndbg-users/#magazine-articles","title":"Magazine articles","text":"
     
  • \"Programista\" polish programming magazine - Low level debugging with Pwndbg (in polish)
    •  
"},{"location":"tutorials/pycharm-debugging/","title":"Debugging with PyCharm","text":"
In order to debug code with PyCharm you need to configure remote debugging.
 
PyCharm will start a remote debugging server which will listen for connections and Pwndbg will then connect to that server, on startup.
"},{"location":"tutorials/pycharm-debugging/#configuring-the-debugging-server","title":"Configuring the debugging server","text":"
Select Run -> Edit Configurations and follow the instructions there :)
 
     
  • Create a new server with the + button.
    •  
  • Put your IP in IDE host name and select a port number.
    •  
  • Optionally, add a path mapping: pycharm/pwndbg/dir=machine/pwndbg/dir
    •  
  • Uncheck suspend after connect
    •  
"},{"location":"tutorials/pycharm-debugging/#configuring-pwndbg","title":"Configuring Pwndbg","text":"
     
  • Select Run -> Edit Configurations and install the packages described in that window.
    •  
  • pip install pydevd-pycharm~=<your_pycharm_version>
    •  
  • Add the following code somewhere where it will execute on GDB startup: 
    import pydevd_pycharm\npydevd_pycharm.settrace('<your_IP>', port=<port>, stdoutToServer=True, stderrToServer=True)\n
    •  
"},{"location":"tutorials/pycharm-debugging/#debugging","title":"Debugging","text":"
     
  1. Start the debugging server in PyCharm
    2.  
  2. Run Pwndbg
    3.  
"},{"location":"tutorials/pycharm-debugging/#wsl2","title":"WSL2","text":"
In order to debug using WSL2, you need to obtain your Windows IP. The easiest way to do that is to run: 
cat /etc/resolv.conf\n
 and then to pick the value in the nameserver line. Then use that IP in the IDE host name field, when configuring the server. Afterwards, use the same IP in pydevd_pycharm.settrace(...)
"},{"location":"tutorials/splitting-the-context/","title":"Splitting / Layouting Context","text":"
i.e. doing this: 
 
In Pwndbg, the context sections can be distributed among different tty by using the contextoutput command. Example: 
contextoutput stack /path/to/tty true\n
 
If you use a terminal or multiplexer that supports scripted pane splitting, you can write a Python script that will create the panes and distribute them to your liking whenever you start Pwndbg.
 
For instance, for tmux, you could write something like this: 
python\nimport atexit\nimport os\nfrom pwndbg.commands.context import contextoutput, output, clear_screen\nbt = os.popen('tmux split-window -P -F \"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\nst = os.popen(F'tmux split-window -h -t {bt[0]} -P -F '+'\"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\nre = os.popen(F'tmux split-window -h -t {st[0]} -P -F '+'\"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\ndi = os.popen('tmux split-window -h -P -F \"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\npanes = dict(backtrace=bt, stack=st, regs=re, disasm=di)\nfor sec, p in panes.items():\n  contextoutput(sec, p[1], True)\ncontextoutput(\"legend\", di[1], True)\natexit.register(lambda: [os.popen(F\"tmux kill-pane -t {p[0]}\").read() for p in panes.values()])\nend\n
 If you're using tmux specifically, you can use pwnmux as a prebuilt layout or splitmind to easily configure the layout you want.
 
Example
 
The above example uses splitmind and following configuration: 
python\nimport splitmind\n(splitmind.Mind()\n  .tell_splitter(show_titles=True)\n  .tell_splitter(set_title=\"Main\")\n  .right(display=\"backtrace\", size=\"25%\")\n  .above(of=\"main\", display=\"disasm\", size=\"80%\", banner=\"top\")\n  .show(\"code\", on=\"disasm\", banner=\"none\")\n  .right(cmd='tty; tail -f /dev/null', size=\"65%\", clearing=False)\n  .tell_splitter(set_title='Input / Output')\n  .above(display=\"stack\", size=\"75%\")\n  .above(display=\"legend\", size=\"25\")\n  .show(\"regs\", on=\"legend\")\n  .below(of=\"backtrace\", cmd=\"ipython\", size=\"30%\")\n).build(nobanner=True)\nend\n
 
If you're using kitty, you may check out kittydbg for a prebuilt layout.
"},{"location":"tutorials/decompiler-integration/binja-integration/","title":"Binary Ninja","text":""},{"location":"tutorials/decompiler-integration/binja-integration/#requirements","title":"Requirements","text":"
You need at least the personal edition of Binary Ninja (only tested on version 4.0+) that runs at least Python 3.10 for plugins.
"},{"location":"tutorials/decompiler-integration/binja-integration/#setup","title":"Setup","text":"
Copy (or symlink) binja_script.py to your plugins directory.
"},{"location":"tutorials/decompiler-integration/binja-integration/#usage","title":"Usage","text":"
To start the Binary Ninja integration, open the binary you want to debug in Binary Ninja, then go to Plugins > pwndbg > Start integration on current view. This will start the XMLRPC server that Pwndbg queries for information.
 
Then, inside GDB, run set integration-provider binja, which will start the integration. You can run set integration-provider none to disable it again.
"},{"location":"tutorials/decompiler-integration/binja-integration/#features","title":"Features","text":"
The integration currently syncs symbol names, comments, decompilation, function type signatures, and stack variables.
"},{"location":"tutorials/decompiler-integration/binja-integration/#commands","title":"Commands","text":"
     
  • bn-sync: Navigate the Binary Ninja view to the current instruction
    •  
  • decomp ADDR NLINES: Displays the decompilation for NLINES lines at address ADDR.
    •  
"},{"location":"tutorials/decompiler-integration/binja-integration/#config-options","title":"Config Options","text":"
     
  • bn-autosync: If set to yes, every step will automatically run bn-sync
    •  
  • bn-il-level: Sets the IL level to use for decompilation. Valid values are: disasm, llil, mlil, hlil
    •  
  • bn-rpc-host/bn-rpc-port: The host and port to connect to for the XMLRPC server
    •  
  • bn-timeout: The amount, in seconds, to wait for the XMLRPC server to connect
    •  
"},{"location":"tutorials/decompiler-integration/ghidra-integration/","title":"Ghidra","text":"
Unlike with IDA and Binary Ninja, Ghidra is not considered an \"integration provider\". You cannot synchronise your Ghidra reverse engineering progress to Pwndbg. You can however integrate Ghidra's decompiler into Pwndbg such that the decompiled version of any function you're in is shown in the Pwndbg context.
 Example Screenshot 
 
To do this, we will need the help of radare2 or rizin.
"},{"location":"tutorials/decompiler-integration/ghidra-integration/#setup","title":"Setup","text":"rizinradare2 
     
  1. Install rizin. It must be found by the debugger (within path).
    2.  
  2. Install the Ghidra plugin for rizin: rz-ghidra.
    3.  
  3. Install rzpipe and make sure the python used by the debugger can access it.
    4.  
  4. Add set r2decompiler rizin to your ~/.gdbinit after Pwndbg is sourced.
    5.  
 
Regarding the third step, if you don't install to your user or system-wide python (but rather a virtual environment), you may add something like this to the beginning of your ~/.gdbinit: 
python\nimport sys\nimport os\nfrom glob import glob\n\nvenv = os.path.expanduser('~/tools/rizin/venv')\nsite_dir_pattern = os.path.join(venv, 'lib', 'python*/site-packages')\nsite_dirs = glob(site_dir_pattern)\nsys.path.insert(0, site_dirs[0])\nimport rzpipe\nend\n
 
     
  1. Install radare2. It must be found by the debugger (within path).
    2.  
  2. Install the Ghidra plugin for radare2: r2ghidra.
    3.  
  3. Install r2pipe and make sure the python used by the debugger can access it.
    4.  
  4. Add set r2decompiler radare2 to your ~/.gdbinit after Pwndbg is sourced.
    5.  
 
Regarding the third step, if you don't install to your user or system-wide python (but rather a virtual environment), you may add something like this to the beginning of your ~/.gdbinit: 
python\nimport sys\nimport os\nfrom glob import glob\n\nvenv = os.path.expanduser('~/tools/radare2/venv')\nsite_dir_pattern = os.path.join(venv, 'lib', 'python*/site-packages')\nsite_dirs = glob(site_dir_pattern)\nsys.path.insert(0, site_dirs[0])\nimport r2pipe\nend\n
"},{"location":"tutorials/decompiler-integration/ghidra-integration/#usage","title":"Usage","text":"
Append set context-ghidra if-no-source to your ~/.gdbinit. You should be able to see the [ GHIDRA DECOMPILE ] context now right below your disassembly. If you want to temporarily enable/disable it or move around the context sections, see context-ghidra and contextoutput.
 
Be warned, the first call to both radare2/r2ghidra and rizin/rz-ghidra are rather slow! Subsequent requests for decompiled source will be faster. And it does take up some resources as the radare2/rizin instance is kept by r2pipe/rzpipe to enable faster subsequent analysis.
 
Remark: the plugin tries to guess the correct current line and mark it with \"\u2192\", but it might get it wrong.
"},{"location":"tutorials/decompiler-integration/ida-integration/","title":"IDA","text":""},{"location":"tutorials/decompiler-integration/ida-integration/#usage","title":"Usage","text":"
Open the same binary with Pwndbg and IDA. Then inside IDA go to File > Script file and select the ida_script.py file from the Pwndbg root folder. This will start the XMLRPC server that Pwndbg queries for information.
 
Inside the debugger, run set integration-provider ida. This will start the integration, you can run set integration-provider none to disable it.
"},{"location":"tutorials/decompiler-integration/ida-integration/#features","title":"Features","text":"
The integration will sync IDA's decompilation and show it in the context. You can query for symbols and stack variables using the ida function.
"},{"location":"tutorials/decompiler-integration/ida-integration/#debugger-control","title":"Debugger Control","text":"
To see an up-to-date list of things you can do regarding IDA integration, you may grep for ida like so: 
pwndbg> pwndbg ida\nfind-fake-fast                             Find candidate fake fast or tcache chunks overlapping the specified address.\nsave-ida                           Save the ida database.\npwndbg> config ida\nattachp-resolution-method          how to determine the process to attach when multiple candidates exists   'ask'\nida-rpc-host                       ida xmlrpc server address                                                '127.0.0.1'\nida-rpc-port                       ida xmlrpc server port                                                   43718\nida-timeout                        time to wait for ida xmlrpc in seconds                                   2\npwndbg> | help function | grep ida\nfunction ida -- Lookup a symbol's address by name from IDA.\n
 Note that you will see some false positives.
 
You can use the decomp command to use IDA to decompile at an arbitrary address.
"},{"location":"reference/pwndbg/","title":"pwndbg","text":""},{"location":"reference/pwndbg/#pwndbg","title":"pwndbg","text":"
Modules:
 
     
  •  aglib           \u2013            
    Debugger-agnostic library that provides various functionality.
     
    •  
  •  arguments           \u2013            
    Function and syscall argument formatting.
     
    •  
  •  auxv           \u2013            
    Performs handling of the linux auxiliary vector.
     
    •  
  •  chain           \u2013            
    Dereference and format pointer chains.
     
    •  
  •  color           \u2013            
    Text colorizing and theme configuration logic.
     
    •  
  •  commands           \u2013            
    Pwndbg command implementations.
     
    •  
  •  dbg           \u2013            
    The abstracted debugger interface.
     
    •  
  •  decorators           \u2013            
    Project-wide function decorators.
     
    •  
  •  emu           \u2013            
    Emulation assistance from Unicorn.
     
    •  
  •  enhance           \u2013            
    Attempt to describe the data at a memory address as best as possible.
     
    •  
  •  exception           \u2013            
    Common exception handling.
     
    •  
  •  gdblib           \u2013            
    Library for handling GDB logic. Being removed in favour of aglib.
     
    •  
  •  ghidra           \u2013            
    Ghidra integration.
     
    •  
  •  glibc           \u2013            
    Get information about the GLibc
     
    •  
  •  hexdump           \u2013            
    Hexdump implementation, ~= stolen from pwntools.
     
    •  
  •  integration           \u2013            
    Decompiler integration.
     
    •  
  •  lib           \u2013            
    Library for non-debugger-dependant functionality.
     
    •  
  •  log           \u2013            
    Logging.
     
    •  
  •  profiling           \u2013            
    Pwndbg profiling.
     
    •  
  •  radare2           \u2013            
    Radare2 integration with r2pipe.
     
    •  
  •  rizin           \u2013            
    Rizin integration with rzpipe.
     
    •  
  •  search           \u2013            
    Search the address space for byte patterns.
     
    •  
  •  ui           \u2013            
    A few helpers for making things print pretty-like.
     
    •  
  •  wrappers           \u2013            
    Specific command output wrappers.
     
    •  
 
Attributes:
 
     
  •  config               (Config)           \u2013            
    The global configuration object.
     
    •  
  •  __version__           \u2013            
    Pwndbg version.
     
    •  
  •  version           \u2013            
    Pwndbg version.
     
    •  
"},{"location":"reference/pwndbg/#pwndbg.config","title":"config  module-attribute","text":"
config: Config = Config()\n
 
The global configuration object.
"},{"location":"reference/pwndbg/#pwndbg.__version__","title":"__version__  module-attribute","text":"
__version__ = __version__\n
 
Pwndbg version.
"},{"location":"reference/pwndbg/#pwndbg.version","title":"version  module-attribute","text":"
version = __version__\n
 
Pwndbg version.
"},{"location":"reference/pwndbg/aglib/","title":"aglib","text":""},{"location":"reference/pwndbg/aglib/#pwndbg.aglib","title":"aglib","text":"
Debugger-agnostic library that provides various functionality.
 
Takes the debugging primitives provided by the Debugger API and builds the more complex and interesting bits of functionality found in Pwndbg on top of them.
 
See https://pwndbg.re/dev/contributing/dev-notes/#aglib for more information.
 
Modules:
 
     
  •  arch           \u2013            
    •  
  •  argv           \u2013            
    •  
  •  asm           \u2013            
    •  
  •  commpage           \u2013            
    •  
  •  ctypes           \u2013            
    On-the-fly endianness switching for ctypes structures.
     
    •  
  •  disasm           \u2013            
    •  
  •  dt           \u2013            
    Prints structures in a manner similar to WinDbg's \"dt\" command.
     
    •  
  •  dynamic           \u2013            
    Dynamic linking interface.
     
    •  
  •  elf           \u2013            
    This file declares types and methods useful for enumerating
     
    •  
  •  file           \u2013            
    Retrieve files from the debuggee's filesystem.  Useful when
     
    •  
  •  godbg           \u2013            
    •  
  •  heap           \u2013            
    •  
  •  kernel           \u2013            
    •  
  •  macho           \u2013            
    •  
  •  memory           \u2013            
    •  
  •  nearpc           \u2013            
    •  
  •  next           \u2013            
    Commands for setting temporary breakpoints on the next
     
    •  
  •  objc           \u2013            
    Apple Objective-C Runtime Support
     
    •  
  •  onegadget           \u2013            
    •  
  •  proc           \u2013            
    Provides values which would be available from /proc which
     
    •  
  •  qemu           \u2013            
    Determine whether the target is being run under QEMU.
     
    •  
  •  regs           \u2013            
    Reading register value from the inferior, and provides a
     
    •  
  •  remote           \u2013            
    Information about whether the debuggee is local (under GDB) or remote
     
    •  
  •  saved_register_frames           \u2013            
    •  
  •  shellcode           \u2013            
    Shellcode
     
    •  
  •  stack           \u2013            
    Helpers for finding address mappings which are used as a stack.
     
    •  
  •  strings           \u2013            
    Functionality for resolving ASCII printable strings within
     
    •  
  •  symbol           \u2013            
    Looking up addresses for function names / symbols, and
     
    •  
  •  tls           \u2013            
    Getting Thread Local Storage (TLS) information.
     
    •  
  •  typeinfo           \u2013            
    Common types.
     
    •  
  •  vmmap           \u2013            
    •  
  •  vmmap_custom           \u2013            
    •  
 
Functions:
 
     
  •  load_aglib             \u2013              
    •  
  •  set_arch             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/#pwndbg.aglib.load_aglib","title":"load_aglib","text":"
load_aglib()\n
"},{"location":"reference/pwndbg/aglib/#pwndbg.aglib.set_arch","title":"set_arch","text":"
set_arch(pwndbg_arch: PwndbgArchitecture)\n
"},{"location":"reference/pwndbg/aglib/arch/","title":"arch","text":""},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch","title":"arch","text":"
Classes:
 
     
  •  PwndbgArchitecture           \u2013            
    This class defines the context of the currently debugged architecture as well as other related information of the platform.
     
    •  
  •  AMD64Arch           \u2013            
    •  
  •  i386Arch           \u2013            
    32-bit mode x86
     
    •  
  •  i8086Arch           \u2013            
    16-bit mode x86
     
    •  
  •  ArmArch           \u2013            
    •  
  •  ArmCortexArch           \u2013            
    Cortex-M processors run the M-profile Arm architecture.
     
    •  
  •  AArch64Arch           \u2013            
    •  
  •  PowerPCArch           \u2013            
    •  
  •  SparcArch           \u2013            
    •  
  •  RISCV32Arch           \u2013            
    •  
  •  RISCV64Arch           \u2013            
    •  
  •  MipsArch           \u2013            
    •  
  •  Loongarch64Arch           \u2013            
    •  
  •  S390xArch           \u2013            
    •  
 
Functions:
 
     
  •  register_arch             \u2013              
    •  
  •  get_pwndbg_architecture             \u2013              
    •  
  •  get_thumb_mode_string             \u2013              
    •  
  •  update             \u2013              
    •  
 
Attributes:
 
     
  •  EndianType           \u2013            
    •  
  •  FMT_LITTLE_ENDIAN           \u2013            
    •  
  •  FMT_BIG_ENDIAN           \u2013            
    •  
  •  registered_architectures               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, PwndbgArchitecture])           \u2013            
    •  
  •  CAPSTONE_ENDIAN_MAPPING               (dict[EndianType, int])           \u2013            
    •  
  •  all_arches           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.EndianType","title":"EndianType  module-attribute","text":"
EndianType = Literal['little', 'big']\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.FMT_LITTLE_ENDIAN","title":"FMT_LITTLE_ENDIAN  module-attribute","text":"
FMT_LITTLE_ENDIAN = {1: 'B', 2: '<H', 4: '<I', 8: '<Q'}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.FMT_BIG_ENDIAN","title":"FMT_BIG_ENDIAN  module-attribute","text":"
FMT_BIG_ENDIAN = {1: 'B', 2: '>H', 4: '>I', 8: '>Q'}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.registered_architectures","title":"registered_architectures  module-attribute","text":"
registered_architectures: dict[\n    PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, PwndbgArchitecture\n] = {}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.CAPSTONE_ENDIAN_MAPPING","title":"CAPSTONE_ENDIAN_MAPPING  module-attribute","text":"
CAPSTONE_ENDIAN_MAPPING: dict[EndianType, int] = {\n    \"little\": CS_MODE_LITTLE_ENDIAN,\n    \"big\": CS_MODE_BIG_ENDIAN,\n}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.all_arches","title":"all_arches  module-attribute","text":"
all_arches = [\n    AMD64Arch(),\n    i386Arch(),\n    i8086Arch(),\n    ArmArch(),\n    ArmCortexArch(),\n    AArch64Arch(),\n    PowerPCArch(),\n    SparcArch(),\n    RISCV32Arch(),\n    RISCV64Arch(),\n    MipsArch(),\n    Loongarch64Arch(),\n    S390xArch(),\n]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture","title":"PwndbgArchitecture","text":"
PwndbgArchitecture(name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)\n
 
               Bases: ArchDefinition
 
This class defines the context of the currently debugged architecture as well as other related information of the platform.
 
This includes the following information: - Capstone/Unicorn constants - ABI information
 
Methods:
 
     
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_constants             \u2013              
    Return tuple of (CAPSTONE ARCH, CAPSTONE MODE) used to instantiate the Capstone disassembler for this architecture.
     
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size               (int)           \u2013            
    •  
  •  instruction_alignment               (int)           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.max_instruction_size","title":"max_instruction_size  instance-attribute","text":"
max_instruction_size: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.instruction_alignment","title":"instruction_alignment  instance-attribute","text":"
instruction_alignment: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int] | None\n
 
Return tuple of (CAPSTONE ARCH, CAPSTONE MODE) used to instantiate the Capstone disassembler for this architecture.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch","title":"AMD64Arch","text":"
AMD64Arch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 1\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch","title":"i386Arch","text":"
i386Arch()\n
 
               Bases: PwndbgArchitecture
 
32-bit mode x86
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 1\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch","title":"i8086Arch","text":"
i8086Arch()\n
 
               Bases: PwndbgArchitecture
 
16-bit mode x86
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 1\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch","title":"ArmArch","text":"
ArmArch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch","title":"ArmCortexArch","text":"
ArmCortexArch()\n
 
               Bases: PwndbgArchitecture
 
Cortex-M processors run the M-profile Arm architecture. This architecture is prevalent in bare-metal/embedded systems that lack operating systems. Only Thumb-2 instructions are supported, and the Thumb bit is always 1.
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    On Cortex-M processors, the Thumb bit is architecturally defined to be 1.
     
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1]\n
 
On Cortex-M processors, the Thumb bit is architecturally defined to be 1.
 
This is the (xpsr >> 24) & 1, which is always 1.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch","title":"AArch64Arch","text":"
AArch64Arch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  constant_instruction_size           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size = True\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch","title":"PowerPCArch","text":"
PowerPCArch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch","title":"SparcArch","text":"
SparcArch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch","title":"RISCV32Arch","text":"
RISCV32Arch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 22\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch","title":"RISCV64Arch","text":"
RISCV64Arch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 22\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch","title":"MipsArch","text":"
MipsArch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 8\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch","title":"Loongarch64Arch","text":"
Loongarch64Arch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  constant_instruction_size           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size = True\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch","title":"S390xArch","text":"
S390xArch()\n
 
               Bases: PwndbgArchitecture
 
Methods:
 
     
  •  get_capstone_constants             \u2013              
    •  
  •  update             \u2013              
    While debugging a process, certain aspects of the architecture can change.
     
    •  
  •  pack             \u2013              
    •  
  •  unpack             \u2013              
    •  
  •  pack_size             \u2013              
    •  
  •  unpack_size             \u2013              
    •  
  •  get_capstone_endianness             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
 
Attributes:
 
     
  •  max_instruction_size           \u2013            
    •  
  •  instruction_alignment           \u2013            
    •  
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (EndianType)           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
  •  constant_instruction_size               (bool)           \u2013            
    •  
  •  ptrbits               (int)           \u2013            
    Pointer size in bits
     
    •  
  •  ptrmask               (int)           \u2013            
    •  
  •  function_abi               (ABI | None)           \u2013            
    •  
  •  syscall_abi               (SyscallABI | None)           \u2013            
    •  
  •  sigreturn_abi               (SyscallABI | None)           \u2013            
    •  
  •  fmts               (dict[int, str])           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.max_instruction_size","title":"max_instruction_size  class-attribute instance-attribute","text":"
max_instruction_size = 6\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.instruction_alignment","title":"instruction_alignment  class-attribute instance-attribute","text":"
instruction_alignment = 2\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.endian","title":"endian  instance-attribute","text":"
endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.attributes","title":"attributes  instance-attribute","text":"
attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.constant_instruction_size","title":"constant_instruction_size  class-attribute instance-attribute","text":"
constant_instruction_size: bool = False\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrbits","title":"ptrbits  instance-attribute","text":"
ptrbits: int\n
 
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrmask","title":"ptrmask  instance-attribute","text":"
ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.function_abi","title":"function_abi  instance-attribute","text":"
function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.syscall_abi","title":"syscall_abi  instance-attribute","text":"
syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.sigreturn_abi","title":"sigreturn_abi  instance-attribute","text":"
sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.fmts","title":"fmts  instance-attribute","text":"
fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.get_capstone_constants","title":"get_capstone_constants","text":"
get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.update","title":"update","text":"
update(arch_definition: ArchDefinition) -> None\n
 
While debugging a process, certain aspects of the architecture can change.
 
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.pack","title":"pack","text":"
pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.unpack","title":"unpack","text":"
unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.pack_size","title":"pack_size","text":"
pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.unpack_size","title":"unpack_size","text":"
unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.get_capstone_endianness","title":"get_capstone_endianness","text":"
get_capstone_endianness() -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> Literal[0, 1, None]\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.register_arch","title":"register_arch","text":"
register_arch(arch: PwndbgArchitecture)\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.get_pwndbg_architecture","title":"get_pwndbg_architecture","text":"
get_pwndbg_architecture(\n    name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n) -> PwndbgArchitecture | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.get_thumb_mode_string","title":"get_thumb_mode_string","text":"
get_thumb_mode_string() -> Literal['arm', 'thumb'] | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/","title":"argv","text":""},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv","title":"argv","text":"
Functions:
 
     
  •  update             \u2013              
    •  
  •  update_state             \u2013              
    •  
  •  argc             \u2013              
    •  
  •  argv             \u2013              
    •  
  •  envc             \u2013              
    •  
  •  envp             \u2013              
    •  
  •  environ             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.update_state","title":"update_state","text":"
update_state() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argc","title":"argc","text":"
argc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argv","title":"argv","text":"
argv(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envc","title":"envc","text":"
envc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envp","title":"envp","text":"
envp(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.environ","title":"environ","text":"
environ(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/asm/","title":"asm","text":""},{"location":"reference/pwndbg/aglib/asm/#pwndbg.aglib.asm","title":"asm","text":"
Functions:
 
     
  •  asm             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/asm/#pwndbg.aglib.asm.asm","title":"asm","text":"
asm(data: str) -> bytes\n
"},{"location":"reference/pwndbg/aglib/commpage/","title":"commpage","text":""},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage","title":"commpage","text":"
Classes:
 
     
  •  CommPageField           \u2013            
    •  
 
Functions:
 
     
  •  get_commpage_fields             \u2013              
    •  
  •  get_commpage_mappings             \u2013              
    •  
 
Attributes:
 
     
  •  rw_flags           \u2013            
    •  
  •  ro_flags           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.rw_flags","title":"rw_flags  module-attribute","text":"
rw_flags = R_OK | W_OK\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.ro_flags","title":"ro_flags  module-attribute","text":"
ro_flags = R_OK\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField","title":"CommPageField","text":"
               Bases: NamedTuple
 
Methods:
 
     
  •  is_undocumented             \u2013              
    •  
  •  is_unused             \u2013              
    •  
  •  is_readonly             \u2013              
    •  
  •  real_addr             \u2013              
    •  
  •  real_size             \u2013              
    •  
  •  unpack             \u2013              
    •  
 
Attributes:
 
     
  •  flags               (int)           \u2013            
    •  
  •  ctype               (str)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  offset               (int)           \u2013            
    •  
  •  desc               (str)           \u2013            
    •  
  •  fmt               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.flags","title":"flags  instance-attribute","text":"
flags: int\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.ctype","title":"ctype  instance-attribute","text":"
ctype: str\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.offset","title":"offset  instance-attribute","text":"
offset: int\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.desc","title":"desc  instance-attribute","text":"
desc: str\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.fmt","title":"fmt  instance-attribute","text":"
fmt: str\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.is_undocumented","title":"is_undocumented","text":"
is_undocumented()\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.is_unused","title":"is_unused","text":"
is_unused()\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.is_readonly","title":"is_readonly","text":"
is_readonly()\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.real_addr","title":"real_addr","text":"
real_addr() -> int\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.real_size","title":"real_size","text":"
real_size() -> int\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.CommPageField.unpack","title":"unpack","text":"
unpack() -> Any\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.get_commpage_fields","title":"get_commpage_fields","text":"
get_commpage_fields() -> tuple[CommPageField, ...]\n
"},{"location":"reference/pwndbg/aglib/commpage/#pwndbg.aglib.commpage.get_commpage_mappings","title":"get_commpage_mappings","text":"
get_commpage_mappings() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/ctypes/","title":"ctypes","text":""},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes","title":"ctypes","text":"
On-the-fly endianness switching for ctypes structures.
 
We cannot make use of ctypes.LittleEndianStructure and ctypes.BigEndianStructure, since these use metaclass hooks to catch fields being set when the class is declared.
 
We need to catch on the fly.  We do this by swapping out the base classes of the Structure type, and incurring a performance penalty for foreign-endianness targets.
 
Functions:
 
     
  •  update             \u2013              
    •  
 
Attributes:
 
     
  •  module           \u2013            
    •  
  •  Structure           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.module","title":"module  module-attribute","text":"
module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.Structure","title":"Structure  module-attribute","text":"
Structure = LittleEndianStructure\n
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/","title":"disasm","text":""},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm","title":"disasm","text":"
Modules:
 
     
  •  aarch64           \u2013            
    •  
  •  arch           \u2013            
    •  
  •  arm           \u2013            
    •  
  •  disassembly           \u2013            
    Functionality for disassmebling code at an address, or at an
     
    •  
  •  instruction           \u2013            
    •  
  •  loongarch64           \u2013            
    •  
  •  mips           \u2013            
    •  
  •  ppc           \u2013            
    •  
  •  riscv           \u2013            
    •  
  •  sparc           \u2013            
    •  
  •  x86           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/","title":"aarch64","text":""},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64","title":"aarch64","text":"
Classes:
 
     
  •  AArch64DisassemblyAssistant           \u2013            
    •  
 
Functions:
 
     
  •  resolve_condition             \u2013              
    Given a condition and the NZCV flag bits, determine when the condition is satisfied
     
    •  
 
Attributes:
 
     
  •  AARCH64_SINGLE_LOAD_INSTRUCTIONS               (dict[int, int | None])           \u2013            
    •  
  •  AARCH64_SINGLE_STORE_INSTRUCTIONS               (dict[int, int | None])           \u2013            
    •  
  •  AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS           \u2013            
    •  
  •  CONDITIONAL_SELECT_INSTRUCTIONS           \u2013            
    •  
  •  AARCH64_EMULATED_ANNOTATIONS           \u2013            
    •  
  •  AARCH64_CONSTANT_SHIFTS           \u2013            
    •  
  •  AARCH64_BIT_SHIFT_MAP               (dict[int, Callable[[int, int, int], int]])           \u2013            
    •  
  •  AARCH64_EXTEND_MAP               (dict[int, Callable[[int], int]])           \u2013            
    •  
  •  AARCH64_MATH_INSTRUCTIONS           \u2013            
    •  
  •  AARCH64_SHIFT_INSTRUCTIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SINGLE_LOAD_INSTRUCTIONS","title":"AARCH64_SINGLE_LOAD_INSTRUCTIONS  module-attribute","text":"
AARCH64_SINGLE_LOAD_INSTRUCTIONS: dict[int, int | None] = {\n    AARCH64_INS_LDRB: 1,\n    AARCH64_INS_ALIAS_LDRB: 1,\n    AARCH64_INS_LDURB: 1,\n    AARCH64_INS_ALIAS_LDURB: 1,\n    AARCH64_INS_LDRSB: -1,\n    AARCH64_INS_ALIAS_LDRSB: -1,\n    AARCH64_INS_LDURSB: -1,\n    AARCH64_INS_ALIAS_LDURSB: -1,\n    AARCH64_INS_LDRH: 2,\n    AARCH64_INS_ALIAS_LDRH: 2,\n    AARCH64_INS_LDURH: 2,\n    AARCH64_INS_ALIAS_LDURH: 2,\n    AARCH64_INS_LDRSH: -2,\n    AARCH64_INS_ALIAS_LDRSH: -2,\n    AARCH64_INS_LDURSH: -2,\n    AARCH64_INS_ALIAS_LDURSH: -2,\n    AARCH64_INS_LDURSW: -4,\n    AARCH64_INS_ALIAS_LDURSW: -4,\n    AARCH64_INS_LDRSW: -4,\n    AARCH64_INS_ALIAS_LDRSW: -4,\n    AARCH64_INS_LDUR: None,\n    AARCH64_INS_ALIAS_LDUR: None,\n    AARCH64_INS_LDR: None,\n    AARCH64_INS_ALIAS_LDR: None,\n    AARCH64_INS_LDTRB: 1,\n    AARCH64_INS_LDTRSB: -1,\n    AARCH64_INS_LDTRH: 2,\n    AARCH64_INS_LDTRSH: -2,\n    AARCH64_INS_LDTRSW: -4,\n    AARCH64_INS_LDTR: None,\n    AARCH64_INS_ALIAS_LDTR: None,\n    AARCH64_INS_LDXRB: 1,\n    AARCH64_INS_LDXRH: 2,\n    AARCH64_INS_LDXR: None,\n    AARCH64_INS_LDARB: 1,\n    AARCH64_INS_LDARH: 2,\n    AARCH64_INS_LDAR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SINGLE_STORE_INSTRUCTIONS","title":"AARCH64_SINGLE_STORE_INSTRUCTIONS  module-attribute","text":"
AARCH64_SINGLE_STORE_INSTRUCTIONS: dict[int, int | None] = {\n    AARCH64_INS_STRB: 1,\n    AARCH64_INS_ALIAS_STRB: 1,\n    AARCH64_INS_STURB: 1,\n    AARCH64_INS_ALIAS_STURB: 1,\n    AARCH64_INS_STRH: 2,\n    AARCH64_INS_ALIAS_STRH: 2,\n    AARCH64_INS_STURH: 2,\n    AARCH64_INS_ALIAS_STURH: 2,\n    AARCH64_INS_STUR: None,\n    AARCH64_INS_ALIAS_STUR: None,\n    AARCH64_INS_STR: None,\n    AARCH64_INS_ALIAS_STR: None,\n    AARCH64_INS_STTRB: 1,\n    AARCH64_INS_STTRH: 2,\n    AARCH64_INS_STTR: None,\n    AARCH64_INS_STLRB: 1,\n    AARCH64_INS_STLRH: 2,\n    AARCH64_INS_STLR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS","title":"AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS  module-attribute","text":"
AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS = {\n    AARCH64_INS_STXRB: 1,\n    AARCH64_INS_STXRH: 2,\n    AARCH64_INS_STXR: None,\n    AARCH64_INS_STLXRB: 1,\n    AARCH64_INS_STLXRH: 2,\n    AARCH64_INS_STLXR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.CONDITIONAL_SELECT_INSTRUCTIONS","title":"CONDITIONAL_SELECT_INSTRUCTIONS  module-attribute","text":"
CONDITIONAL_SELECT_INSTRUCTIONS = {\n    AARCH64_INS_CSEL,\n    AARCH64_INS_CSINC,\n    AARCH64_INS_CSINV,\n    AARCH64_INS_CSNEG,\n    AARCH64_INS_ALIAS_CSET,\n    AARCH64_INS_ALIAS_CSETM,\n    AARCH64_INS_ALIAS_CINC,\n    AARCH64_INS_ALIAS_CINV,\n    AARCH64_INS_ALIAS_CNEG,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EMULATED_ANNOTATIONS","title":"AARCH64_EMULATED_ANNOTATIONS  module-attribute","text":"
AARCH64_EMULATED_ANNOTATIONS = CONDITIONAL_SELECT_INSTRUCTIONS | {\n    AARCH64_INS_SXTB,\n    AARCH64_INS_SXTH,\n    AARCH64_INS_SXTW,\n    AARCH64_INS_UXTB,\n    AARCH64_INS_UXTH,\n    AARCH64_INS_UXTW,\n    AARCH64_INS_RBIT,\n    AARCH64_INS_CLS,\n    AARCH64_INS_CLZ,\n    AARCH64_INS_ALIAS_BFXIL,\n    AARCH64_INS_ALIAS_UBFIZ,\n    AARCH64_INS_UBFM,\n    AARCH64_INS_ALIAS_UBFX,\n    AARCH64_INS_ALIAS_SBFIZ,\n    AARCH64_INS_SBFM,\n    AARCH64_INS_ALIAS_SBFX,\n    AARCH64_INS_ALIAS_BFI,\n    AARCH64_INS_NEG,\n    AARCH64_INS_ALIAS_NEGS,\n    AARCH64_INS_REV,\n    AARCH64_INS_BIC,\n    AARCH64_INS_BICS,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_CONSTANT_SHIFTS","title":"AARCH64_CONSTANT_SHIFTS  module-attribute","text":"
AARCH64_CONSTANT_SHIFTS = {\n    AARCH64_SFT_LSL,\n    AARCH64_SFT_LSR,\n    AARCH64_SFT_ASR,\n    AARCH64_SFT_ROR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_BIT_SHIFT_MAP","title":"AARCH64_BIT_SHIFT_MAP  module-attribute","text":"
AARCH64_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n    AARCH64_SFT_LSL: logical_shift_left,\n    AARCH64_SFT_LSR: logical_shift_right,\n    AARCH64_SFT_ASR: arithmetic_shift_right,\n    AARCH64_SFT_ROR: rotate_right,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXTEND_MAP","title":"AARCH64_EXTEND_MAP  module-attribute","text":"
AARCH64_EXTEND_MAP: dict[int, Callable[[int], int]] = {\n    AARCH64_EXT_UXTB: lambda x: x & (1 << 8) - 1,\n    AARCH64_EXT_UXTH: lambda x: x & (1 << 16) - 1,\n    AARCH64_EXT_UXTW: lambda x: x & (1 << 32) - 1,\n    AARCH64_EXT_UXTX: lambda x: x,\n    AARCH64_EXT_SXTB: lambda x: to_signed(x, 8),\n    AARCH64_EXT_SXTH: lambda x: to_signed(x, 16),\n    AARCH64_EXT_SXTW: lambda x: to_signed(x, 32),\n    AARCH64_EXT_SXTX: lambda x: to_signed(x, 64),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_MATH_INSTRUCTIONS","title":"AARCH64_MATH_INSTRUCTIONS  module-attribute","text":"
AARCH64_MATH_INSTRUCTIONS = {\n    AARCH64_INS_ADD: \"+\",\n    AARCH64_INS_ALIAS_ADD: \"+\",\n    AARCH64_INS_ADDS: \"+\",\n    AARCH64_INS_ALIAS_ADDS: \"+\",\n    AARCH64_INS_SUB: \"-\",\n    AARCH64_INS_ALIAS_SUB: \"-\",\n    AARCH64_INS_SUBS: \"-\",\n    AARCH64_INS_ALIAS_SUBS: \"-\",\n    AARCH64_INS_AND: \"&\",\n    AARCH64_INS_ALIAS_AND: \"&\",\n    AARCH64_INS_ANDS: \"&\",\n    AARCH64_INS_ALIAS_ANDS: \"&\",\n    AARCH64_INS_ORR: \"|\",\n    AARCH64_INS_ALIAS_ORR: \"|\",\n    AARCH64_INS_EOR: \"^\",\n    AARCH64_INS_ALIAS_EOR: \"^\",\n    AARCH64_INS_UDIV: \"/\",\n    AARCH64_INS_SDIV: \"/\",\n    AARCH64_INS_SMULH: \"*\",\n    AARCH64_INS_SMULL: \"*\",\n    AARCH64_INS_ALIAS_SMULL: \"*\",\n    AARCH64_INS_UMULH: \"*\",\n    AARCH64_INS_UMULL: \"*\",\n    AARCH64_INS_ALIAS_UMULL: \"*\",\n    AARCH64_INS_MUL: \"*\",\n    AARCH64_INS_ALIAS_MUL: \"*\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SHIFT_INSTRUCTIONS","title":"AARCH64_SHIFT_INSTRUCTIONS  module-attribute","text":"
AARCH64_SHIFT_INSTRUCTIONS = {\n    AARCH64_INS_LSL: \"<<\",\n    AARCH64_INS_ALIAS_LSL: \"<<\",\n    AARCH64_INS_LSR: \">>\",\n    AARCH64_INS_ALIAS_LSR: \">>\",\n    AARCH64_INS_ASR: \">>s\",\n    AARCH64_INS_ALIAS_ASR: \">>s\",\n    AARCH64_INS_ROR: \">>r\",\n    AARCH64_INS_ALIAS_ROR: \">>r\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant","title":"AArch64DisassemblyAssistant","text":"
AArch64DisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n    AARCH64_INS_MOV: _common_move_annotator,\n    AARCH64_INS_ALIAS_MOV: _common_move_annotator,\n    AARCH64_INS_MOVZ: _common_move_annotator,\n    AARCH64_INS_MOVK: _common_generic_register_destination,\n    AARCH64_INS_ADR: _common_generic_register_destination,\n    AARCH64_INS_ADRP: _handle_adrp,\n    AARCH64_INS_ALIAS_CMP: _common_cmp_annotator_builder(\"cpsr\", \"-\"),\n    AARCH64_INS_ALIAS_CMN: _common_cmp_annotator_builder(\"cpsr\", \"+\"),\n    AARCH64_INS_ALIAS_TST: _common_cmp_annotator_builder(\"cpsr\", \"&\"),\n    AARCH64_INS_CCMP: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n    AARCH64_INS_CCMN: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.resolve_condition","title":"resolve_condition","text":"
resolve_condition(condition: int, cpsr: int) -> InstructionCondition\n
 
Given a condition and the NZCV flag bits, determine when the condition is satisfied
 
The condition is a Capstone constant
"},{"location":"reference/pwndbg/aglib/disasm/arch/","title":"arch","text":""},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch","title":"arch","text":"
Classes:
 
     
  •  DisassemblyAssistant           \u2013            
    •  
 
Functions:
 
     
  •  syntax_highlight             \u2013              
    •  
  •  register_assign             \u2013              
    •  
  •  memory_assign             \u2013              
    •  
  •  memory_or_register_assign             \u2013              
    Used when we don't know until runtime whether a codepath will annotate a register or memory location.
     
    •  
  •  basic_enhance             \u2013              
    •  
 
Attributes:
 
     
  •  DEBUG_ENHANCEMENT           \u2013            
    •  
  •  groups           \u2013            
    •  
  •  ops           \u2013            
    •  
  •  access           \u2013            
    •  
  •  DO_NOT_EMULATE           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DEBUG_ENHANCEMENT","title":"DEBUG_ENHANCEMENT  module-attribute","text":"
DEBUG_ENHANCEMENT = False\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.groups","title":"groups  module-attribute","text":"
groups = {v: _wfor (k, v) in (items()) if startswith('CS_GRP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.ops","title":"ops  module-attribute","text":"
ops = {v: _afor (k, v) in (items()) if startswith('CS_OP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.access","title":"access  module-attribute","text":"
access = {v: _Sfor (k, v) in (items()) if startswith('CS_AC_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DO_NOT_EMULATE","title":"DO_NOT_EMULATE  module-attribute","text":"
DO_NOT_EMULATE = {CS_GRP_INT, CS_GRP_INVALID, CS_GRP_IRET}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant","title":"DisassemblyAssistant","text":"
DisassemblyAssistant(architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)\n
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.syntax_highlight","title":"syntax_highlight","text":"
syntax_highlight(ins)\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.register_assign","title":"register_assign","text":"
register_assign(left: str, right: str) -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_assign","title":"memory_assign","text":"
memory_assign(left: str, right: str) -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_or_register_assign","title":"memory_or_register_assign","text":"
memory_or_register_assign(left: str, right: str, mem_assign: bool) -> str\n
 
Used when we don't know until runtime whether a codepath will annotate a register or memory location.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.basic_enhance","title":"basic_enhance","text":"
basic_enhance(ins: PwndbgInstruction) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/","title":"arm","text":""},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm","title":"arm","text":"
Classes:
 
     
  •  ArmDisassemblyAssistant           \u2013            
    •  
 
Functions:
 
     
  •  itstate_from_cpsr             \u2013              
    ITSTATE == If-Then execution state bits for the Thumb IT instruction
     
    •  
 
Attributes:
 
     
  •  ARM_BIT_SHIFT_MAP               (dict[int, Callable[[int, int, int], int]])           \u2013            
    •  
  •  ARM_SINGLE_LOAD_INSTRUCTIONS           \u2013            
    •  
  •  ARM_SINGLE_STORE_INSTRUCTIONS           \u2013            
    •  
  •  ARM_EXCLUSIVE_STORE_INSTRUCTIONS           \u2013            
    •  
  •  ARM_MATH_INSTRUCTIONS           \u2013            
    •  
  •  ARM_SHIFT_INSTRUCTIONS           \u2013            
    •  
  •  ARM_CAN_WRITE_TO_PC_INSTRUCTIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_BIT_SHIFT_MAP","title":"ARM_BIT_SHIFT_MAP  module-attribute","text":"
ARM_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n    ARM_SFT_ASR: arithmetic_shift_right,\n    ARM_SFT_LSL: logical_shift_left,\n    ARM_SFT_LSR: logical_shift_right,\n    ARM_SFT_ROR: rotate_right,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_LOAD_INSTRUCTIONS","title":"ARM_SINGLE_LOAD_INSTRUCTIONS  module-attribute","text":"
ARM_SINGLE_LOAD_INSTRUCTIONS = {\n    ARM_INS_LDRB: 1,\n    ARM_INS_LDRSB: -1,\n    ARM_INS_LDRH: 2,\n    ARM_INS_LDRSH: -2,\n    ARM_INS_LDR: 4,\n    ARM_INS_LDRBT: 1,\n    ARM_INS_LDRSBT: -1,\n    ARM_INS_LDRHT: 2,\n    ARM_INS_LDRSHT: -2,\n    ARM_INS_LDRT: 4,\n    ARM_INS_LDREXB: 1,\n    ARM_INS_LDREXH: 2,\n    ARM_INS_LDREX: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_STORE_INSTRUCTIONS","title":"ARM_SINGLE_STORE_INSTRUCTIONS  module-attribute","text":"
ARM_SINGLE_STORE_INSTRUCTIONS = {\n    ARM_INS_STRB: 1,\n    ARM_INS_STRH: 2,\n    ARM_INS_STR: 4,\n    ARM_INS_STRBT: 1,\n    ARM_INS_STRHT: 2,\n    ARM_INS_STRT: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_EXCLUSIVE_STORE_INSTRUCTIONS","title":"ARM_EXCLUSIVE_STORE_INSTRUCTIONS  module-attribute","text":"
ARM_EXCLUSIVE_STORE_INSTRUCTIONS = {\n    ARM_INS_STREXB: 1,\n    ARM_INS_STREXH: 2,\n    ARM_INS_STREX: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_MATH_INSTRUCTIONS","title":"ARM_MATH_INSTRUCTIONS  module-attribute","text":"
ARM_MATH_INSTRUCTIONS = {\n    ARM_INS_ADD: \"+\",\n    ARM_INS_ADDW: \"+\",\n    ARM_INS_SUB: \"-\",\n    ARM_INS_ORR: \"|\",\n    ARM_INS_AND: \"&\",\n    ARM_INS_EOR: \"^\",\n    ARM_INS_UDIV: \"/\",\n    ARM_INS_SDIV: \"/\",\n    ARM_INS_MUL: \"*\",\n    ARM_INS_UMULL: \"*\",\n    ARM_INS_SMULL: \"*\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SHIFT_INSTRUCTIONS","title":"ARM_SHIFT_INSTRUCTIONS  module-attribute","text":"
ARM_SHIFT_INSTRUCTIONS = {\n    ARM_INS_ASR: \">>s\",\n    ARM_INS_ALIAS_ASR: \">>s\",\n    ARM_INS_LSR: \">>\",\n    ARM_INS_ALIAS_LSR: \">>\",\n    ARM_INS_LSL: \"<<\",\n    ARM_INS_ALIAS_LSL: \"<<\",\n    ARM_INS_ROR: \">>r\",\n    ARM_INS_ALIAS_ROR: \">>r\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_CAN_WRITE_TO_PC_INSTRUCTIONS","title":"ARM_CAN_WRITE_TO_PC_INSTRUCTIONS  module-attribute","text":"
ARM_CAN_WRITE_TO_PC_INSTRUCTIONS = {\n    ARM_INS_LDM,\n    ARM_INS_ALIAS_LDM,\n    ARM_INS_POP,\n    ARM_INS_ALIAS_POP,\n    ARM_INS_LDR,\n    ARM_INS_ADC,\n    ARM_INS_ADD,\n    ARM_INS_ADR,\n    ARM_INS_AND,\n    ARM_INS_ASR,\n    ARM_INS_ALIAS_ASR,\n    ARM_INS_BIC,\n    ARM_INS_EOR,\n    ARM_INS_LSL,\n    ARM_INS_ALIAS_LSL,\n    ARM_INS_LSR,\n    ARM_INS_ALIAS_LSR,\n    ARM_INS_MOV,\n    ARM_INS_MVN,\n    ARM_INS_ORR,\n    ARM_INS_ROR,\n    ARM_INS_ALIAS_ROR,\n    ARM_INS_RRX,\n    ARM_INS_ALIAS_RRX,\n    ARM_INS_RSB,\n    ARM_INS_RSC,\n    ARM_INS_SBC,\n    ARM_INS_SUB,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant","title":"ArmDisassemblyAssistant","text":"
ArmDisassemblyAssistant(architecture, flags_reg: Literal['cpsr', 'xpsr'])\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  read_thumb_bit             \u2013              
    •  
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  flags_reg           \u2013            
    •  
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.flags_reg","title":"flags_reg  instance-attribute","text":"
flags_reg = flags_reg\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n    ARM_INS_MOV: _common_move_annotator,\n    ARM_INS_MOVW: _common_move_annotator,\n    ARM_INS_MOVT: _common_generic_register_destination,\n    ARM_INS_MVN: _common_generic_register_destination,\n    ARM_INS_CMP: _common_cmp_annotator_builder(flags_reg, \"-\"),\n    ARM_INS_CMN: _common_cmp_annotator_builder(flags_reg, \"+\"),\n    ARM_INS_TST: _common_cmp_annotator_builder(flags_reg, \"&\"),\n    ARM_INS_TEQ: _common_cmp_annotator_builder(flags_reg, \"^\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit(instruction: PwndbgInstruction, emu: Emulator) -> int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.itstate_from_cpsr","title":"itstate_from_cpsr","text":"
itstate_from_cpsr(cpsr_value: int) -> int\n
 
ITSTATE == If-Then execution state bits for the Thumb IT instruction The ITSTATE bits are spread across 3 sections of Arm flags register to a total of 8 bits. This function extracts them and reorders the bits into their logical order - https://developer.arm.com/documentation/ddi0403/d/System-Level-Architecture/System-Level-Programmers--Model/Registers/The-special-purpose-program-status-registers--xPSR#:~:text=shows%20the%20assignment%20of%20the%20ICI/IT%20bits.
 
Bits of the flags register: EPSR[26:25]    EPSR[15:12]    EPSR[11:10] Bits of ITSTATE:            IT[1:0]        IT[7:4]        IT[3:2]
 
The lower 5 bits has information that indicates the number of instructions in the IT Block. The top 3 bits indicate the base condition of the block. - https://developer.arm.com/documentation/ddi0406/cb/Application-Level-Architecture/Application-Level-Programmers--Model/Execution-state-registers/IT-block-state-register--ITSTATE?lang=en
 
If the value is zero, it means we are not in an IT block.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/","title":"disassembly","text":""},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly","title":"disassembly","text":"
Functionality for disassmebling code at an address, or at an address \u00b1 a few instructions.
 
Functions:
 
     
  •  enhance_cache_listener             \u2013              
    •  
  •  clear_on_reg_mem_change             \u2013              
    •  
  •  get_previous_instruction             \u2013              
    •  
  •  get_disassembler             \u2013              
    •  
  •  get_one_instruction             \u2013              
    If passed an emulator, this will pass it to the DisassemblyAssistant which will
     
    •  
  •  one             \u2013              
    •  
  •  one_raw             \u2013              
    •  
  •  get             \u2013              
    •  
  •  can_run_first_emulate             \u2013              
    Disable the emulate config variable if we don't have enough memory to use it
     
    •  
  •  no_emulate_one             \u2013              
    •  
  •  emulate_one             \u2013              
    •  
  •  one_with_config             \u2013              
    Returns a single Pwndbg Instruction at the current PC.
     
    •  
  •  near             \u2013              
    Disassembles instructions near given address. Passing emulate makes use of
     
    •  
  •  get_disassembly_assistant_for_current_arch             \u2013              
    •  
  •  arch_has_disassembly_assistant             \u2013              
    •  
 
Attributes:
 
     
  •  CapstoneSyntax           \u2013            
    •  
  •  force_register_alias           \u2013            
    •  
  •  next_addresses_cache               (set[int])           \u2013            
    •  
  •  backward_cache               (DefaultDict[int, int])           \u2013            
    •  
  •  linear_backward_cache               (DefaultDict[int, int])           \u2013            
    •  
  •  computed_instruction_cache               (DefaultDict[int, PwndbgInstruction])           \u2013            
    •  
  •  emulated_arm_mode_cache               (DefaultDict[int, int | None])           \u2013            
    •  
  •  first_time_emulate           \u2013            
    •  
  •  ALL_DISASSEMBLY_ASSISTANTS               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, Callable[[], DisassemblyAssistant]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.CapstoneSyntax","title":"CapstoneSyntax  module-attribute","text":"
CapstoneSyntax = {'intel': CS_OPT_SYNTAX_INTEL, 'att': CS_OPT_SYNTAX_ATT}\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.force_register_alias","title":"force_register_alias  module-attribute","text":"
force_register_alias = add_param(\n    \"disasm-reg-alias\",\n    False,\n    \"force the disassembly to use register aliases (e.g. aarch64 x29 -> fp)\",\n    param_class=PARAM_BOOLEAN,\n    help_docstring=\"The register aliasing is done by capstone, see:\\nhttps://github.com/capstone-engine/capstone/blob/next/docs/cs_v6_release_guide.md#:~:text=None.-,Register%20alias,-Register%20alias%20\\n\\nEnabling this may make disassembly slower.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.next_addresses_cache","title":"next_addresses_cache  module-attribute","text":"
next_addresses_cache: set[int] = set()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.backward_cache","title":"backward_cache  module-attribute","text":"
backward_cache: DefaultDict[int, int] = defaultdict(lambda: None)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.linear_backward_cache","title":"linear_backward_cache  module-attribute","text":"
linear_backward_cache: DefaultDict[int, int] = defaultdict(lambda: None)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.computed_instruction_cache","title":"computed_instruction_cache  module-attribute","text":"
computed_instruction_cache: DefaultDict[int, PwndbgInstruction] = defaultdict(\n    lambda: None\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.emulated_arm_mode_cache","title":"emulated_arm_mode_cache  module-attribute","text":"
emulated_arm_mode_cache: DefaultDict[int, int | None] = defaultdict(\n    lambda: None\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.first_time_emulate","title":"first_time_emulate  module-attribute","text":"
first_time_emulate = True\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.ALL_DISASSEMBLY_ASSISTANTS","title":"ALL_DISASSEMBLY_ASSISTANTS  module-attribute","text":"
ALL_DISASSEMBLY_ASSISTANTS: dict[\n    PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, Callable[[], DisassemblyAssistant]\n] = {\n    \"aarch64\": lambda: AArch64DisassemblyAssistant(\"aarch64\"),\n    \"i386\": lambda: X86DisassemblyAssistant(\"i386\"),\n    \"x86-64\": lambda: X86DisassemblyAssistant(\"x86-64\"),\n    \"arm\": lambda: ArmDisassemblyAssistant(\"arm\", \"cpsr\"),\n    \"armcm\": lambda: ArmDisassemblyAssistant(\"armcm\", \"xpsr\"),\n    \"mips\": lambda: MipsDisassemblyAssistant(\"mips\"),\n    \"rv32\": lambda: RISCVDisassemblyAssistant(\"rv32\"),\n    \"rv64\": lambda: RISCVDisassemblyAssistant(\"rv64\"),\n    \"loongarch64\": lambda: Loong64DisassemblyAssistant(\"loongarch64\"),\n    \"powerpc\": lambda: PowerPCDisassemblyAssistant(\"powerpc\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.enhance_cache_listener","title":"enhance_cache_listener","text":"
enhance_cache_listener() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.clear_on_reg_mem_change","title":"clear_on_reg_mem_change","text":"
clear_on_reg_mem_change() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_previous_instruction","title":"get_previous_instruction","text":"
get_previous_instruction(\n    address: int, use_cache: bool, linear: bool\n) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_disassembler","title":"get_disassembler","text":"
get_disassembler(cs_info: tuple[int, int])\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_one_instruction","title":"get_one_instruction","text":"
get_one_instruction(\n    address,\n    emu: Emulator = None,\n    enhance=True,\n    from_cache=False,\n    put_cache=False,\n    assistant: DisassemblyAssistant = None,\n) -> PwndbgInstruction\n
 
If passed an emulator, this will pass it to the DisassemblyAssistant which will single_step the emulator to determine the operand values before and after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one","title":"one","text":"
one(\n    address=None,\n    emu: Emulator = None,\n    enhance=True,\n    from_cache=False,\n    put_cache=False,\n    put_backward_cache=True,\n    linear=False,\n    assistant: DisassemblyAssistant = None,\n) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one_raw","title":"one_raw","text":"
one_raw(address=None) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get","title":"get","text":"
get(\n    address,\n    instructions=1,\n    emu: Emulator = None,\n    enhance=True,\n    from_cache=False,\n    put_cache=False,\n    assistant: DisassemblyAssistant = None,\n) -> list[PwndbgInstruction]\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.can_run_first_emulate","title":"can_run_first_emulate","text":"
can_run_first_emulate() -> bool\n
 
Disable the emulate config variable if we don't have enough memory to use it See #1534 And unicorn-engine/unicorn!1743
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.no_emulate_one","title":"no_emulate_one","text":"
no_emulate_one()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.emulate_one","title":"emulate_one","text":"
emulate_one()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one_with_config","title":"one_with_config","text":"
one_with_config()\n
 
Returns a single Pwndbg Instruction at the current PC.
 
Emulation determined by the pwndbg.config.emulate setting.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.near","title":"near","text":"
near(\n    address,\n    forward_count: int = 1,\n    backward_count: int = 0,\n    total_count: int = None,\n    emulate=False,\n    show_prev_insns=True,\n    use_cache=False,\n    linear=False,\n) -> tuple[list[PwndbgInstruction], int]\n
 
Disassembles instructions near given address. Passing emulate makes use of unicorn engine to emulate instructions to predict branches that will be taken. show_prev_insns makes this show previously cached instructions
 
This allows us to maintain a context of surrounding instructions while single-stepping instructions.
 
Parameters:
 
     
  •  forward_count               (int, default:                   1 )           \u2013            
    number of instructions forward from this instruction
     
    •  
  •  backward_count               (int, default:                   0 )           \u2013            
    maximum number of previously executed instructions
     
    •  
  •  total_count               (int, default:                   None )           \u2013            
    if set, returns a list with this many instructions in total. The number of backward instructions is limited by backward_count. If this is set, forward_count is ignored.
     
    •  
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_disassembly_assistant_for_current_arch","title":"get_disassembly_assistant_for_current_arch","text":"
get_disassembly_assistant_for_current_arch() -> DisassemblyAssistant\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.arch_has_disassembly_assistant","title":"arch_has_disassembly_assistant","text":"
arch_has_disassembly_assistant(\n    arch: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE | None = None,\n) -> bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/","title":"instruction","text":""},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction","title":"instruction","text":"
Classes:
 
     
  •  InstructionCondition           \u2013            
    •  
  •  SplitType           \u2013            
    •  
  •  PwndbgInstruction           \u2013            
    •  
  •  PwndbgInstructionImpl           \u2013            
    •  
  •  EnhancedOperand           \u2013            
    •  
  •  ManualPwndbgInstruction           \u2013            
    •  
 
Functions:
 
     
  •  boolean_to_instruction_condition             \u2013              
    •  
 
Attributes:
 
     
  •  UNCONDITIONAL_JUMP_INSTRUCTIONS               (dict[int, set[int]])           \u2013            
    •  
  •  BRANCH_AND_LINK_INSTRUCTIONS               (dict[int, set[int]])           \u2013            
    •  
  •  GENERIC_JUMP_GROUPS           \u2013            
    •  
  •  ALL_JUMP_GROUPS           \u2013            
    •  
  •  FORWARD_JUMP_GROUP           \u2013            
    •  
  •  CAPSTONE_ARCH_MAPPING_STRING           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.UNCONDITIONAL_JUMP_INSTRUCTIONS","title":"UNCONDITIONAL_JUMP_INSTRUCTIONS  module-attribute","text":"
UNCONDITIONAL_JUMP_INSTRUCTIONS: dict[int, set[int]] = {\n    CS_ARCH_X86: {X86_INS_CALL, X86_INS_RET, X86_INS_JMP},\n    CS_ARCH_MIPS: {\n        MIPS_INS_J,\n        MIPS_INS_JR,\n        MIPS_INS_JAL,\n        MIPS_INS_JALR,\n        MIPS_INS_JALR_HB,\n        MIPS_INS_BAL,\n        MIPS_INS_ALIAS_BAL,\n        MIPS_INS_B,\n        MIPS_INS_ALIAS_B,\n    },\n    CS_ARCH_SPARC: {SPARC_INS_CALL, SPARC_INS_ALIAS_CALL, SPARC_INS_JMPL},\n    CS_ARCH_ARM: {ARM_INS_TBB, ARM_INS_TBH},\n    CS_ARCH_AARCH64: {AARCH64_INS_BL, AARCH64_INS_BLR, AARCH64_INS_BR},\n    CS_ARCH_RISCV: {\n        RISCV_INS_JAL,\n        RISCV_INS_JALR,\n        RISCV_INS_C_JAL,\n        RISCV_INS_C_JALR,\n        RISCV_INS_C_J,\n        RISCV_INS_C_JR,\n    },\n    CS_ARCH_PPC: {PPC_INS_B, PPC_INS_BA, PPC_INS_BL, PPC_INS_BLA},\n    CS_ARCH_SYSTEMZ: {\n        SYSTEMZ_INS_J,\n        SYSTEMZ_INS_JL,\n        SYSTEMZ_INS_B,\n        SYSTEMZ_INS_BR,\n        SYSTEMZ_INS_BAL,\n        SYSTEMZ_INS_BALR,\n        SYSTEMZ_INS_BRAS,\n        SYSTEMZ_INS_BRASL,\n    },\n    CS_ARCH_LOONGARCH: {\n        LOONGARCH_INS_B,\n        LOONGARCH_INS_BL,\n        LOONGARCH_INS_JIRL,\n        LOONGARCH_INS_ALIAS_JR,\n        LOONGARCH_INS_CALL36,\n    },\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.BRANCH_AND_LINK_INSTRUCTIONS","title":"BRANCH_AND_LINK_INSTRUCTIONS  module-attribute","text":"
BRANCH_AND_LINK_INSTRUCTIONS: dict[int, set[int]] = defaultdict(set)\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.GENERIC_JUMP_GROUPS","title":"GENERIC_JUMP_GROUPS  module-attribute","text":"
GENERIC_JUMP_GROUPS = {CS_GRP_JUMP, CS_GRP_BRANCH_RELATIVE}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ALL_JUMP_GROUPS","title":"ALL_JUMP_GROUPS  module-attribute","text":"
ALL_JUMP_GROUPS = GENERIC_JUMP_GROUPS | {CS_GRP_CALL, CS_GRP_RET, CS_GRP_IRET}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.FORWARD_JUMP_GROUP","title":"FORWARD_JUMP_GROUP  module-attribute","text":"
FORWARD_JUMP_GROUP = {CS_GRP_CALL} | GENERIC_JUMP_GROUPS\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.CAPSTONE_ARCH_MAPPING_STRING","title":"CAPSTONE_ARCH_MAPPING_STRING  module-attribute","text":"
CAPSTONE_ARCH_MAPPING_STRING = {\n    CS_ARCH_ARM: \"arm\",\n    CS_ARCH_AARCH64: \"aarch64\",\n    CS_ARCH_X86: \"x86\",\n    CS_ARCH_PPC: \"powerpc\",\n    CS_ARCH_MIPS: \"mips\",\n    CS_ARCH_SPARC: \"sparc\",\n    CS_ARCH_RISCV: \"RISCV\",\n    CS_ARCH_SYSTEMZ: \"s390x\",\n    CS_ARCH_LOONGARCH: \"loongarch\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition","title":"InstructionCondition","text":"
               Bases: Enum
 
Attributes:
 
     
  •  TRUE           \u2013            
    •  
  •  FALSE           \u2013            
    •  
  •  UNDETERMINED           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.TRUE","title":"TRUE  class-attribute instance-attribute","text":"
TRUE = 1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.FALSE","title":"FALSE  class-attribute instance-attribute","text":"
FALSE = 2\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.UNDETERMINED","title":"UNDETERMINED  class-attribute instance-attribute","text":"
UNDETERMINED = 3\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType","title":"SplitType","text":"
               Bases: Enum
 
Attributes:
 
     
  •  NO_SPLIT           \u2013            
    •  
  •  BRANCH_TAKEN           \u2013            
    •  
  •  BRANCH_NOT_TAKEN           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.NO_SPLIT","title":"NO_SPLIT  class-attribute instance-attribute","text":"
NO_SPLIT = 1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_TAKEN","title":"BRANCH_TAKEN  class-attribute instance-attribute","text":"
BRANCH_TAKEN = 2\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_NOT_TAKEN","title":"BRANCH_NOT_TAKEN  class-attribute instance-attribute","text":"
BRANCH_NOT_TAKEN = 3\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction","title":"PwndbgInstruction","text":"
               Bases: Protocol
 
Methods:
 
     
  •  op_find             \u2013              
    •  
  •  op_count             \u2013              
    •  
 
Attributes:
 
     
  •  cs_insn               (CsInsn)           \u2013            
    •  
  •  address               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    •  
  •  mnemonic               (str)           \u2013            
    •  
  •  op_str               (str)           \u2013            
    •  
  •  groups               (set[int])           \u2013            
    •  
  •  id               (int)           \u2013            
    •  
  •  operands               (list[EnhancedOperand])           \u2013            
    •  
  •  asm_string               (str)           \u2013            
    •  
  •  next               (int)           \u2013            
    •  
  •  target               (int)           \u2013            
    •  
  •  target_string               (str | None)           \u2013            
    •  
  •  target_const               (bool | None)           \u2013            
    •  
  •  condition               (InstructionCondition)           \u2013            
    •  
  •  declare_is_unconditional_jump               (bool)           \u2013            
    •  
  •  force_unconditional_jump_target               (bool)           \u2013            
    •  
  •  annotation               (str | None)           \u2013            
    •  
  •  annotation_padding               (int | None)           \u2013            
    •  
  •  syscall               (int | None)           \u2013            
    •  
  •  syscall_name               (str | None)           \u2013            
    •  
  •  causes_branch_delay               (bool)           \u2013            
    •  
  •  split               (SplitType)           \u2013            
    •  
  •  emulated               (bool)           \u2013            
    •  
  •  register_writes               (dict[int, int])           \u2013            
    •  
  •  call_like               (bool)           \u2013            
    •  
  •  jump_like               (bool)           \u2013            
    •  
  •  has_jump_target               (bool)           \u2013            
    •  
  •  is_conditional_jump               (bool)           \u2013            
    •  
  •  is_unconditional_jump               (bool)           \u2013            
    •  
  •  is_conditional_jump_taken               (bool)           \u2013            
    •  
  •  jump_result_is_known               (bool)           \u2013            
    •  
  •  bytes               (bytearray)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.cs_insn","title":"cs_insn  instance-attribute","text":"
cs_insn: CsInsn\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.address","title":"address  instance-attribute","text":"
address: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.size","title":"size  instance-attribute","text":"
size: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.mnemonic","title":"mnemonic  instance-attribute","text":"
mnemonic: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_str","title":"op_str  instance-attribute","text":"
op_str: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.groups","title":"groups  instance-attribute","text":"
groups: set[int]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.id","title":"id  instance-attribute","text":"
id: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.operands","title":"operands  instance-attribute","text":"
operands: list[EnhancedOperand]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.asm_string","title":"asm_string  instance-attribute","text":"
asm_string: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.next","title":"next  instance-attribute","text":"
next: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target","title":"target  instance-attribute","text":"
target: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_string","title":"target_string  instance-attribute","text":"
target_string: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_const","title":"target_const  instance-attribute","text":"
target_const: bool | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.condition","title":"condition  instance-attribute","text":"
condition: InstructionCondition\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jump  instance-attribute","text":"
declare_is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_target  instance-attribute","text":"
force_unconditional_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation","title":"annotation  instance-attribute","text":"
annotation: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation_padding","title":"annotation_padding  instance-attribute","text":"
annotation_padding: int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall","title":"syscall  instance-attribute","text":"
syscall: int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall_name","title":"syscall_name  instance-attribute","text":"
syscall_name: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.causes_branch_delay","title":"causes_branch_delay  instance-attribute","text":"
causes_branch_delay: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.split","title":"split  instance-attribute","text":"
split: SplitType\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.emulated","title":"emulated  instance-attribute","text":"
emulated: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.register_writes","title":"register_writes  instance-attribute","text":"
register_writes: dict[int, int]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.call_like","title":"call_like  property","text":"
call_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.jump_like","title":"jump_like  property","text":"
jump_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.has_jump_target","title":"has_jump_target  property","text":"
has_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump","title":"is_conditional_jump  property","text":"
is_conditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jump  property","text":"
is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_taken  property","text":"
is_conditional_jump_taken: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.jump_result_is_known","title":"jump_result_is_known  property","text":"
jump_result_is_known: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.bytes","title":"bytes  property","text":"
bytes: bytearray\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_find","title":"op_find","text":"
op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_count","title":"op_count","text":"
op_count(op_type: int) -> int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl","title":"PwndbgInstructionImpl","text":"
PwndbgInstructionImpl(cs_insn: CsInsn)\n
 
               Bases: PwndbgInstruction
 
Methods:
 
     
  •  op_find             \u2013              
    Get the operand at position @position of all operands having the same type @op_type
     
    •  
  •  op_count             \u2013              
    Return number of operands having same operand Capstone type 'op_type'
     
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  cs_insn               (CsInsn)           \u2013            
    The underlying Capstone instruction object.
     
    •  
  •  address               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    Length of the instruction
     
    •  
  •  mnemonic               (str)           \u2013            
    Ex: 'MOV'
     
    •  
  •  op_str               (str)           \u2013            
    Ex: 'RAX, RDX'
     
    •  
  •  groups               (set[int])           \u2013            
    Capstone instruction groups that we belong to.
     
    •  
  •  id               (int)           \u2013            
    The underlying Capstone ID for the instruction
     
    •  
  •  operands               (list[EnhancedOperand])           \u2013            
    •  
  •  asm_string               (str)           \u2013            
    The full string representing the instruction - mov    rdi, rsp with appropriate padding.
     
    •  
  •  next               (int)           \u2013            
    This is the address that the instruction pointer will be set to after using the \"nexti\" GDB command.
     
    •  
  •  target               (int)           \u2013            
    This is target of instructions that change the PC, regardless of if it's conditional or not,
     
    •  
  •  target_string               (str | None)           \u2013            
    String representation of the target address.
     
    •  
  •  target_const               (bool | None)           \u2013            
    Whether the target is a constant expression
     
    •  
  •  condition               (InstructionCondition)           \u2013            
    Does the condition that the instruction checks for pass?
     
    •  
  •  declare_is_unconditional_jump               (bool)           \u2013            
    This field is used to declare that this instruction is an unconditional jump.
     
    •  
  •  force_unconditional_jump_target               (bool)           \u2013            
    This asserts that the .target attribute is the real target of the instruction.
     
    •  
  •  annotation               (str | None)           \u2013            
    The string is set in the \"DisassemblyAssistant.enhance\" function.
     
    •  
  •  annotation_padding               (int | None)           \u2013            
    The left adjustment padding that was used to previously print this.
     
    •  
  •  syscall               (int | None)           \u2013            
    The syscall number for this instruction, if it is a syscall. Otherwise None.
     
    •  
  •  syscall_name               (str | None)           \u2013            
    The syscall name as a string
     
    •  
  •  causes_branch_delay               (bool)           \u2013            
    Whether or not this instruction has a single branch delay slot
     
    •  
  •  split               (SplitType)           \u2013            
    The type of split in the disasm display this instruction causes:
     
    •  
  •  emulated               (bool)           \u2013            
    If the enhancement successfully used emulation for this instruction
     
    •  
  •  register_writes           \u2013            
    Mapping of Capstone register id to integer value. During enhancement, we might manually determine
     
    •  
  •  call_like               (bool)           \u2013            
    True if this is a call-like instruction, meaning either it's a CALL or a branch and link.
     
    •  
  •  jump_like               (bool)           \u2013            
    True if this instruction is \"jump-like\", such as a JUMP, CALL, or RET.
     
    •  
  •  has_jump_target               (bool)           \u2013            
    True if we have determined that this instruction can explicitly change the program counter, and
     
    •  
  •  is_conditional_jump               (bool)           \u2013            
    True if this instruction can change the program counter conditionally.
     
    •  
  •  is_unconditional_jump               (bool)           \u2013            
    True if we know the instruction can change the program counter, and does so unconditionally.
     
    •  
  •  is_conditional_jump_taken               (bool)           \u2013            
    True if this is a conditional jump, and we predicted that we will take the jump
     
    •  
  •  jump_result_is_known               (bool)           \u2013            
    True under the following conditions:
     
    •  
  •  bytes               (bytearray)           \u2013            
    Raw machine instruction bytes
     
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.cs_insn","title":"cs_insn  instance-attribute","text":"
cs_insn: CsInsn = cs_insn\n
 
The underlying Capstone instruction object. Only the enhancement code should access the 'cs_insn' property
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.address","title":"address  instance-attribute","text":"
address: int = address\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.size","title":"size  instance-attribute","text":"
size: int = size\n
 
Length of the instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.mnemonic","title":"mnemonic  instance-attribute","text":"
mnemonic: str = mnemonic\n
 
Ex: 'MOV'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_str","title":"op_str  instance-attribute","text":"
op_str: str = op_str\n
 
Ex: 'RAX, RDX'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.groups","title":"groups  instance-attribute","text":"
groups: set[int] = set(groups)\n
 
Capstone instruction groups that we belong to. Groups that apply to all architectures: CS_GRP_INVALID | CS_GRP_JUMP | CS_GRP_CALL | CS_GRP_RET | CS_GRP_INT | CS_GRP_IRET | CS_GRP_PRIVILEGE | CS_GRP_BRANCH_RELATIVE
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.id","title":"id  instance-attribute","text":"
id: int = alias_id if is_alias else id\n
 
The underlying Capstone ID for the instruction If it's an alias, use the id of the alias
 
Examples: X86_INS_JMP, X86_INS_CALL, RISCV_INS_C_JAL
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.operands","title":"operands  instance-attribute","text":"
operands: list[EnhancedOperand] = [(EnhancedOperand(op)) for op in (operands)]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.asm_string","title":"asm_string  instance-attribute","text":"
asm_string: str = f'{mnemonic} {op_str}'\n
 
The full string representing the instruction - mov    rdi, rsp with appropriate padding.
 
This is syntax highlighted during enhancement.
 
This is additionally modified during enhancement for the purposes of replacing immediate values with their corresponding symbols
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.next","title":"next  instance-attribute","text":"
next: int = address + size\n
 
This is the address that the instruction pointer will be set to after using the \"nexti\" GDB command. This means it is the address of the next instruction to be executed in all cases except \"call\" instructions.
 
Typically, it is self.address + self.size (the next instruction in memory)
 
If it is a jump and we know it is taken, then it is the value of the jump target.
 
Not set to \"call\" instruction targets, to indicate we will eventually (probably) return to this address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target","title":"target  instance-attribute","text":"
target: int = None\n
 
This is target of instructions that change the PC, regardless of if it's conditional or not, and whether or not we take the jump. This includes \"call\" and all other instructions that set the PC
 
If the instruction is not one that changes the PC, target is set to \"next\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_string","title":"target_string  instance-attribute","text":"
target_string: str | None = None\n
 
String representation of the target address.
 
Colorized symbol if a symbol exists at address, else colorized address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_const","title":"target_const  instance-attribute","text":"
target_const: bool | None = None\n
 
Whether the target is a constant expression
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.condition","title":"condition  instance-attribute","text":"
condition: InstructionCondition = UNDETERMINED\n
 
Does the condition that the instruction checks for pass?
 
For example, \"JNE\" jumps if Zero Flag is 0, else it does nothing. \"CMOVA\" conditionally performs a move depending on a flag. See 'condition' function in pwndbg.aglib.disasm.x86 for example on setting this.
 
UNDETERMINED if we cannot reason about the condition, or if the instruction always executes unconditionally (most instructions).
 
TRUE if the instruction has a conditional action, and we determine it is taken.
 
FALSE if the instruction has a conditional action, and we know it is not taken.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.declare_is_unconditional_jump","title":"declare_is_unconditional_jump  instance-attribute","text":"
declare_is_unconditional_jump: bool = False\n
 
This field is used to declare that this instruction is an unconditional jump. Most of the time, we depend on Capstone groups to check for jump instructions. However, some instructions become branches depending on the operands, such as Arm add, sub, ldr, pop, where PC is the destination register
 
In these cases, we want to forcefully state that this instruction mutates the PC, so we set this attribute to True.
 
This helps in two cases: 1. Disassembly splits 2. Instructions like stepuntilasm work better, as they detect these as branches to stop at.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.force_unconditional_jump_target","title":"force_unconditional_jump_target  instance-attribute","text":"
force_unconditional_jump_target: bool = False\n
 
This asserts that the .target attribute is the real target of the instruction. This is only relevent in the edge case that the target is the next instruction in memory (address + size). The normal check for \"target\" checks that the target is NOT the next address in memory, and here we can assert that even if that is the case, we know that the jump really does just go to where self.target is.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation","title":"annotation  instance-attribute","text":"
annotation: str | None = None\n
 
The string is set in the \"DisassemblyAssistant.enhance\" function. It is used in the disasm print view to add context to the instruction, mostly operand value. This string is not used for all cases - if the instruction is a call or a jump, the 'target'. variables is used instead. See 'pwndbg.color.disasm.instruction()' for specific usage.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation_padding","title":"annotation_padding  instance-attribute","text":"
annotation_padding: int | None = None\n
 
The left adjustment padding that was used to previously print this. We retain it so the output is consistent between prints
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall","title":"syscall  instance-attribute","text":"
syscall: int | None = None\n
 
The syscall number for this instruction, if it is a syscall. Otherwise None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall_name","title":"syscall_name  instance-attribute","text":"
syscall_name: str | None = None\n
 
The syscall name as a string
 
Ex: \"openat\", \"read\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.causes_branch_delay","title":"causes_branch_delay  instance-attribute","text":"
causes_branch_delay: bool = False\n
 
Whether or not this instruction has a single branch delay slot
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.split","title":"split  instance-attribute","text":"
split: SplitType = NO_SPLIT\n
 
The type of split in the disasm display this instruction causes:
 
NO_SPLIT            - no extra spacing between this and the next instruction\nBRANCH_TAKEN        - a newline with an arrow pointing down\nBRANCH_NOT_TAKEN    - an empty newline\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.emulated","title":"emulated  instance-attribute","text":"
emulated: bool = False\n
 
If the enhancement successfully used emulation for this instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.register_writes","title":"register_writes  instance-attribute","text":"
register_writes = {}\n
 
Mapping of Capstone register id to integer value. During enhancement, we might manually determine that an instruction writes some value to a register, and this is stored here.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.call_like","title":"call_like  property","text":"
call_like: bool\n
 
True if this is a call-like instruction, meaning either it's a CALL or a branch and link.
 
Checking for the CS_GRP_CALL is insufficient, as there are many \"branch and link\" instructions that are not labeled as a call
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.jump_like","title":"jump_like  property","text":"
jump_like: bool\n
 
True if this instruction is \"jump-like\", such as a JUMP, CALL, or RET. Basically, the PC is set to some target by means of this instruction.
 
It may still be a conditional jump - this property does not indicate whether the jump is taken or not.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.has_jump_target","title":"has_jump_target  property","text":"
has_jump_target: bool\n
 
True if we have determined that this instruction can explicitly change the program counter, and we have determined the jump target.
 
Edge case - the jump target MAY be the next address in memory - so we check force_unconditional_jump_target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump","title":"is_conditional_jump  property","text":"
is_conditional_jump: bool\n
 
True if this instruction can change the program counter conditionally.
 
This is used, in part, to determine if the instruction deserves a \"checkmark\" in the disasm view.
 
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_unconditional_jump","title":"is_unconditional_jump  property","text":"
is_unconditional_jump: bool\n
 
True if we know the instruction can change the program counter, and does so unconditionally.
 
This includes things like RET, CALL, and JMP (in x86).
 
This property is used in enhancement to determine certain codepaths when resolving .next for this instruction.
 
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump_taken","title":"is_conditional_jump_taken  property","text":"
is_conditional_jump_taken: bool\n
 
True if this is a conditional jump, and we predicted that we will take the jump
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.jump_result_is_known","title":"jump_result_is_known  property","text":"
jump_result_is_known: bool\n
 
True under the following conditions: - If it's an unconditional jump, we know the target of the jump - If it's a conditional jump, we know the target of the branch and know whether or not we take it Otherwise, false
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.bytes","title":"bytes  property","text":"
bytes: bytearray\n
 
Raw machine instruction bytes
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_find","title":"op_find","text":"
op_find(op_type: int, position: int) -> EnhancedOperand\n
 
Get the operand at position @position of all operands having the same type @op_type
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_count","title":"op_count","text":"
op_count(op_type: int) -> int\n
 
Return number of operands having same operand Capstone type 'op_type'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand","title":"EnhancedOperand","text":"
EnhancedOperand(cs_op)\n
 
Methods:
 
     
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  cs_op               (Any)           \u2013            
    Underlying Capstone operand. Takes on a different value depending on the architecture.
     
    •  
  •  before_value               (int | None)           \u2013            
    The value of the operand before the instruction executes.
     
    •  
  •  after_value               (int | None)           \u2013            
    The value of the operand after the instruction executes.
     
    •  
  •  before_value_resolved               (int | None)           \u2013            
    The 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes.
     
    •  
  •  before_value_no_modifiers               (int | None)           \u2013            
    This is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm.
     
    •  
  •  after_value_resolved               (int | None)           \u2013            
    The 'resolved' value of the operand after the instruction executes.
     
    •  
  •  str               (str | None)           \u2013            
    String representing the operand
     
    •  
  •  symbol               (str | None)           \u2013            
    Colorized symbol name for this operand, if .before_value is set and symbol exists, else None.
     
    •  
  •  type               (int)           \u2013            
    CS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
     
    •  
  •  reg               (int)           \u2013            
    The underlying Capstone ID for the register
     
    •  
  •  imm               (int)           \u2013            
    The immediate value of the operand (if applicable)
     
    •  
  •  mem               (Any)           \u2013            
    Return the underlying Capstone mem object (if applicable)
     
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.cs_op","title":"cs_op  instance-attribute","text":"
cs_op: Any = cs_op\n
 
Underlying Capstone operand. Takes on a different value depending on the architecture.
 
x86 = capstone.x86.X86Op, arm = capstone.arm.ArmOp, mips = capstone.mips.MipsOp
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value","title":"before_value  instance-attribute","text":"
before_value: int | None = None\n
 
The value of the operand before the instruction executes. This is set only if the operand value can be reasoned about.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value","title":"after_value  instance-attribute","text":"
after_value: int | None = None\n
 
The value of the operand after the instruction executes. Only set when using emulation.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_resolved","title":"before_value_resolved  instance-attribute","text":"
before_value_resolved: int | None = None\n
 
The 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes. This is the same as before_value if it's not a memory operand, in which cases it's the dereferenced value.
 
Helpful for cases like  cmp    byte ptr [rip + 0x166669], 0, where first operand could be a register or a memory value to dereference, and we want the actual value used.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_no_modifiers","title":"before_value_no_modifiers  instance-attribute","text":"
before_value_no_modifiers: int | None = None\n
 
This is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm. Capstone bundles the modifier with the operand, and when we are resolving concrete operand values, we apply the modifier. However, in some annotations we need to un-modified raw register value, which is what this field is for.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value_resolved","title":"after_value_resolved  instance-attribute","text":"
after_value_resolved: int | None = None\n
 
The 'resolved' value of the operand after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.str","title":"str  instance-attribute","text":"
str: str | None = ''\n
 
String representing the operand
 
Ex: \"RAX\", or \"[0x7fffffffd9e8]\". None if value cannot be determined.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.symbol","title":"symbol  instance-attribute","text":"
symbol: str | None = None\n
 
Colorized symbol name for this operand, if .before_value is set and symbol exists, else None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.type","title":"type  property","text":"
type: int\n
 
CS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.reg","title":"reg  property","text":"
reg: int\n
 
The underlying Capstone ID for the register
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.imm","title":"imm  property","text":"
imm: int\n
 
The immediate value of the operand (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.mem","title":"mem  property","text":"
mem: Any\n
 
Return the underlying Capstone mem object (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction","title":"ManualPwndbgInstruction","text":"
ManualPwndbgInstruction(address: int)\n
 
               Bases: PwndbgInstruction
 
GDB/LLDB's built-in disassemblers.
 
Instances of this class do not go through the 'enhancement' process due to lacking important information provided by Capstone. As a result of this, some of the methods raise NotImplementedError, because if they are called it indicates a bug elsewhere in the codebase.
 
Methods:
 
     
  •  op_find             \u2013              
    •  
  •  op_count             \u2013              
    •  
 
Attributes:
 
     
  •  cs_insn               (CsInsn)           \u2013            
    •  
  •  address           \u2013            
    •  
  •  size           \u2013            
    •  
  •  mnemonic           \u2013            
    •  
  •  op_str           \u2013            
    •  
  •  groups           \u2013            
    •  
  •  id           \u2013            
    •  
  •  operands           \u2013            
    •  
  •  asm_string           \u2013            
    •  
  •  next           \u2013            
    •  
  •  target           \u2013            
    •  
  •  target_string           \u2013            
    •  
  •  target_const           \u2013            
    •  
  •  condition           \u2013            
    •  
  •  declare_is_unconditional_jump           \u2013            
    •  
  •  force_unconditional_jump_target           \u2013            
    •  
  •  annotation           \u2013            
    •  
  •  annotation_padding           \u2013            
    •  
  •  syscall           \u2013            
    •  
  •  syscall_name           \u2013            
    •  
  •  causes_branch_delay           \u2013            
    •  
  •  split           \u2013            
    •  
  •  emulated           \u2013            
    •  
  •  register_writes           \u2013            
    •  
  •  bytes               (bytearray)           \u2013            
    •  
  •  call_like               (bool)           \u2013            
    •  
  •  jump_like               (bool)           \u2013            
    •  
  •  has_jump_target               (bool)           \u2013            
    •  
  •  is_conditional_jump               (bool)           \u2013            
    •  
  •  is_unconditional_jump               (bool)           \u2013            
    •  
  •  is_conditional_jump_taken               (bool)           \u2013            
    •  
  •  jump_result_is_known               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.cs_insn","title":"cs_insn  instance-attribute","text":"
cs_insn: CsInsn = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.size","title":"size  instance-attribute","text":"
size = ins['length']\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.mnemonic","title":"mnemonic  instance-attribute","text":"
mnemonic = strip()\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_str","title":"op_str  instance-attribute","text":"
op_str = strip() if len(asm) > 1 else ''\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.groups","title":"groups  instance-attribute","text":"
groups = set()\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.id","title":"id  instance-attribute","text":"
id = -1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.operands","title":"operands  instance-attribute","text":"
operands = []\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.asm_string","title":"asm_string  instance-attribute","text":"
asm_string = f'{mnemonic} {op_str}'\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.next","title":"next  instance-attribute","text":"
next = address + size\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target","title":"target  instance-attribute","text":"
target = next\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_string","title":"target_string  instance-attribute","text":"
target_string = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_const","title":"target_const  instance-attribute","text":"
target_const = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.condition","title":"condition  instance-attribute","text":"
condition = UNDETERMINED\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jump  instance-attribute","text":"
declare_is_unconditional_jump = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_target  instance-attribute","text":"
force_unconditional_jump_target = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation","title":"annotation  instance-attribute","text":"
annotation = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation_padding","title":"annotation_padding  instance-attribute","text":"
annotation_padding = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall","title":"syscall  instance-attribute","text":"
syscall = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall_name","title":"syscall_name  instance-attribute","text":"
syscall_name = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.causes_branch_delay","title":"causes_branch_delay  instance-attribute","text":"
causes_branch_delay = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.split","title":"split  instance-attribute","text":"
split = NO_SPLIT\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.emulated","title":"emulated  instance-attribute","text":"
emulated = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.register_writes","title":"register_writes  instance-attribute","text":"
register_writes = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.bytes","title":"bytes  property","text":"
bytes: bytearray\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.call_like","title":"call_like  property","text":"
call_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.jump_like","title":"jump_like  property","text":"
jump_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.has_jump_target","title":"has_jump_target  property","text":"
has_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump","title":"is_conditional_jump  property","text":"
is_conditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jump  property","text":"
is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_taken  property","text":"
is_conditional_jump_taken: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.jump_result_is_known","title":"jump_result_is_known  property","text":"
jump_result_is_known: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_find","title":"op_find","text":"
op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_count","title":"op_count","text":"
op_count(op_type: int) -> int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.boolean_to_instruction_condition","title":"boolean_to_instruction_condition","text":"
boolean_to_instruction_condition(condition: bool) -> InstructionCondition\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/","title":"loongarch64","text":""},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64","title":"loongarch64","text":"
Classes:
 
     
  •  Loong64DisassemblyAssistant           \u2013            
    •  
 
Attributes:
 
     
  •  CONDITION_RESOLVERS               (dict[int, Callable[[list[int]], bool]])           \u2013            
    •  
  •  LOONGARCH_LOAD_INSTRUCTIONS               (dict[int, int])           \u2013            
    •  
  •  LOONGARCH_STORE_INSTRUCTIONS               (dict[int, int])           \u2013            
    •  
  •  LOONGARCH_BINARY_OPERATIONS               (dict[int, str])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.CONDITION_RESOLVERS","title":"CONDITION_RESOLVERS  module-attribute","text":"
CONDITION_RESOLVERS: dict[int, Callable[[list[int]], bool]] = {\n    LOONGARCH_INS_BEQZ: lambda ops: ops[0] == 0,\n    LOONGARCH_INS_BNEZ: lambda ops: ops[0] != 0,\n    LOONGARCH_INS_BEQ: lambda ops: ops[0] == ops[1],\n    LOONGARCH_INS_BNE: lambda ops: ops[0] != ops[1],\n    LOONGARCH_INS_BGE: lambda ops: to_signed(ops[0], ptrsize * 8)\n    >= to_signed(ops[1], ptrsize * 8),\n    LOONGARCH_INS_BLT: lambda ops: to_signed(ops[0], ptrsize * 8)\n    < to_signed(ops[1], ptrsize * 8),\n    LOONGARCH_INS_BLTU: lambda ops: ops[0] < ops[1],\n    LOONGARCH_INS_BGEU: lambda ops: ops[0] >= ops[1],\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_LOAD_INSTRUCTIONS","title":"LOONGARCH_LOAD_INSTRUCTIONS  module-attribute","text":"
LOONGARCH_LOAD_INSTRUCTIONS: dict[int, int] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_STORE_INSTRUCTIONS","title":"LOONGARCH_STORE_INSTRUCTIONS  module-attribute","text":"
LOONGARCH_STORE_INSTRUCTIONS: dict[int, int] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_BINARY_OPERATIONS","title":"LOONGARCH_BINARY_OPERATIONS  module-attribute","text":"
LOONGARCH_BINARY_OPERATIONS: dict[int, str] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant","title":"Loong64DisassemblyAssistant","text":"
Loong64DisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/mips/","title":"mips","text":""},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips","title":"mips","text":"
Classes:
 
     
  •  MipsDisassemblyAssistant           \u2013            
    •  
 
Attributes:
 
     
  •  BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS           \u2013            
    •  
  •  BRANCH_LIKELY_INSTRUCTIONS           \u2013            
    •  
  •  CONDITION_RESOLVERS               (dict[int, Callable[[list[int]], bool]])           \u2013            
    •  
  •  MIPS_SIMPLE_DESTINATION_INSTRUCTIONS           \u2013            
    •  
  •  MIPS_LOAD_INSTRUCTIONS           \u2013            
    •  
  •  MIPS_STORE_INSTRUCTIONS           \u2013            
    •  
  •  MIPS_BINARY_OPERATIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS","title":"BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS  module-attribute","text":"
BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS = {\n    MIPS_INS_BC,\n    MIPS_INS_BALC,\n    MIPS_INS_JIALC,\n    MIPS_INS_JIC,\n    MIPS_INS_BLEZALC,\n    MIPS_INS_BGEZALC,\n    MIPS_INS_BGTZALC,\n    MIPS_INS_BLTZALC,\n    MIPS_INS_BEQZALC,\n    MIPS_INS_BNEZALC,\n    MIPS_INS_BLEZC,\n    MIPS_INS_BGEZC,\n    MIPS_INS_BGEUC,\n    MIPS_INS_BGEIC,\n    MIPS_INS_BGEUC,\n    MIPS_INS_BGEIUC,\n    MIPS_INS_BGTZC,\n    MIPS_INS_BLTZC,\n    MIPS_INS_BEQZC,\n    MIPS_INS_ALIAS_BEQZC,\n    MIPS_INS_BNEZC,\n    MIPS_INS_ALIAS_BNEZC,\n    MIPS_INS_BEQC,\n    MIPS_INS_ALIAS_BEQC,\n    MIPS_INS_BEQIC,\n    MIPS_INS_BNEC,\n    MIPS_INS_ALIAS_BNEC,\n    MIPS_INS_BNEIC,\n    MIPS_INS_BLTC,\n    MIPS_INS_BLTIC,\n    MIPS_INS_BLTUC,\n    MIPS_INS_BLTIUC,\n    MIPS_INS_BGEC,\n    MIPS_INS_BLTUC,\n    MIPS_INS_BNVC,\n    MIPS_INS_BOVC,\n    MIPS_INS_BRSC,\n    MIPS_INS_BALRSC,\n    MIPS_INS_BBEQZC,\n    MIPS_INS_BBNEZC,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.BRANCH_LIKELY_INSTRUCTIONS","title":"BRANCH_LIKELY_INSTRUCTIONS  module-attribute","text":"
BRANCH_LIKELY_INSTRUCTIONS = {\n    MIPS_INS_BC1FL,\n    MIPS_INS_ALIAS_BC1FL,\n    MIPS_INS_BC1TL,\n    MIPS_INS_ALIAS_BC1TL,\n    MIPS_INS_BEQL,\n    MIPS_INS_BGEZALL,\n    MIPS_INS_BGEZL,\n    MIPS_INS_BGTZL,\n    MIPS_INS_BLEZL,\n    MIPS_INS_BLTZALL,\n    MIPS_INS_BLTZL,\n    MIPS_INS_BNEL,\n    MIPS_INS_ALIAS_BNEZL,\n    MIPS_INS_ALIAS_BEQZL,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.CONDITION_RESOLVERS","title":"CONDITION_RESOLVERS  module-attribute","text":"
CONDITION_RESOLVERS: dict[int, Callable[[list[int]], bool]] = {\n    MIPS_INS_BEQZ: lambda ops: ops[0] == 0,\n    MIPS_INS_BNEZ: lambda ops: ops[0] != 0,\n    MIPS_INS_BEQ: lambda ops: ops[0] == ops[1],\n    MIPS_INS_BNE: lambda ops: ops[0] != ops[1],\n    MIPS_INS_BGEZ: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n    MIPS_INS_BGEZAL: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n    MIPS_INS_BGTZ: lambda ops: to_signed(ops[0], ptrsize * 8) > 0,\n    MIPS_INS_BLEZ: lambda ops: to_signed(ops[0], ptrsize * 8) <= 0,\n    MIPS_INS_BLTZAL: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n    MIPS_INS_BLTZ: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_SIMPLE_DESTINATION_INSTRUCTIONS","title":"MIPS_SIMPLE_DESTINATION_INSTRUCTIONS  module-attribute","text":"
MIPS_SIMPLE_DESTINATION_INSTRUCTIONS = {\n    MIPS_INS_CLO,\n    MIPS_INS_CLZ,\n    MIPS_INS_DCLO,\n    MIPS_INS_DCLZ,\n    MIPS_INS_LSA,\n    MIPS_INS_DLSA,\n    MIPS_INS_MFHI,\n    MIPS_INS_MFLO,\n    MIPS_INS_SEB,\n    MIPS_INS_SEH,\n    MIPS_INS_WSBH,\n    MIPS_INS_SLT,\n    MIPS_INS_SLTI,\n    MIPS_INS_SLTIU,\n    MIPS_INS_SLTU,\n    MIPS_INS_MOVN,\n    MIPS_INS_LDL,\n    MIPS_INS_LDR,\n    MIPS_INS_LWL,\n    MIPS_INS_LWR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_LOAD_INSTRUCTIONS","title":"MIPS_LOAD_INSTRUCTIONS  module-attribute","text":"
MIPS_LOAD_INSTRUCTIONS = {\n    MIPS_INS_LB: -1,\n    MIPS_INS_LBU: 1,\n    MIPS_INS_LH: -2,\n    MIPS_INS_LHU: 2,\n    MIPS_INS_LW: -4,\n    MIPS_INS_LWU: 4,\n    MIPS_INS_LWPC: -4,\n    MIPS_INS_LWUPC: 4,\n    MIPS_INS_LD: -8,\n    MIPS_INS_LDPC: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_STORE_INSTRUCTIONS","title":"MIPS_STORE_INSTRUCTIONS  module-attribute","text":"
MIPS_STORE_INSTRUCTIONS = {\n    MIPS_INS_SB: 1,\n    MIPS_INS_SH: 2,\n    MIPS_INS_SW: 4,\n    MIPS_INS_SD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_BINARY_OPERATIONS","title":"MIPS_BINARY_OPERATIONS  module-attribute","text":"
MIPS_BINARY_OPERATIONS = {\n    MIPS_INS_ADD: \"+\",\n    MIPS_INS_ADDI: \"+\",\n    MIPS_INS_ADDIU: \"+\",\n    MIPS_INS_ADDU: \"+\",\n    MIPS_INS_DADD: \"+\",\n    MIPS_INS_DADDI: \"+\",\n    MIPS_INS_DADDIU: \"+\",\n    MIPS_INS_DADDU: \"+\",\n    MIPS_INS_SUB: \"-\",\n    MIPS_INS_SUBU: \"-\",\n    MIPS_INS_DSUB: \"-\",\n    MIPS_INS_DSUBU: \"-\",\n    MIPS_INS_ANDI: \"&\",\n    MIPS_INS_AND: \"&\",\n    MIPS_INS_ORI: \"|\",\n    MIPS_INS_OR: \"|\",\n    MIPS_INS_XOR: \"^\",\n    MIPS_INS_XORI: \"^\",\n    MIPS_INS_SLL: \"<<\",\n    MIPS_INS_SLLV: \"<<\",\n    MIPS_INS_DSLL: \"<<\",\n    MIPS_INS_DSLLV: \"<<\",\n    MIPS_INS_SRL: \">>\",\n    MIPS_INS_SRLV: \">>\",\n    MIPS_INS_DSRL: \">>\",\n    MIPS_INS_DSRLV: \">>\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant","title":"MipsDisassemblyAssistant","text":"
MipsDisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n    MIPS_INS_MOVE: _common_move_annotator,\n    MIPS_INS_ALIAS_MOVE: _common_move_annotator,\n    MIPS_INS_LI: _common_move_annotator,\n    MIPS_INS_LUI: _lui_annotator,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/ppc/","title":"ppc","text":""},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc","title":"ppc","text":"
Classes:
 
     
  •  PowerPCDisassemblyAssistant           \u2013            
    •  
 
Functions:
 
     
  •  is_branch_taken             \u2013              
    •  
 
Attributes:
 
     
  •  POWERPC_CONDITIONAL_BRANCHES           \u2013            
    •  
  •  POWERPC_RETURN_INSTRUCTION           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.POWERPC_CONDITIONAL_BRANCHES","title":"POWERPC_CONDITIONAL_BRANCHES  module-attribute","text":"
POWERPC_CONDITIONAL_BRANCHES = {\n    PPC_INS_BC,\n    PPC_INS_ALIAS_BT,\n    PPC_INS_ALIAS_BF,\n    PPC_INS_ALIAS_BTLR,\n    PPC_INS_ALIAS_BFLR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.POWERPC_RETURN_INSTRUCTION","title":"POWERPC_RETURN_INSTRUCTION  module-attribute","text":"
POWERPC_RETURN_INSTRUCTION = {\n    PPC_INS_ALIAS_BLR,\n    PPC_INS_ALIAS_BTLR,\n    PPC_INS_ALIAS_BFLR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant","title":"PowerPCDisassemblyAssistant","text":"
PowerPCDisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  saved_ctr               (int | None)           \u2013            
    •  
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.saved_ctr","title":"saved_ctr  class-attribute instance-attribute","text":"
saved_ctr: int | None = None\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.PowerPCDisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc.is_branch_taken","title":"is_branch_taken","text":"
is_branch_taken(cr: int, ctr: int, bi: int, bo: int) -> bool | None\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/","title":"riscv","text":""},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv","title":"riscv","text":"
Classes:
 
     
  •  RISCVDisassemblyAssistant           \u2013            
    •  
 
Attributes:
 
     
  •  RISCV_LOAD_INSTRUCTIONS           \u2013            
    •  
  •  RISCV_STORE_INSTRUCTIONS           \u2013            
    •  
  •  RISCV_MATH_INSTRUCTIONS           \u2013            
    •  
  •  RISCV_EMULATED_ANNOTATIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_LOAD_INSTRUCTIONS","title":"RISCV_LOAD_INSTRUCTIONS  module-attribute","text":"
RISCV_LOAD_INSTRUCTIONS = {\n    RISCV_INS_LB: -1,\n    RISCV_INS_LH: -2,\n    RISCV_INS_LW: -4,\n    RISCV_INS_LBU: 1,\n    RISCV_INS_LHU: 2,\n    RISCV_INS_LWU: 4,\n    RISCV_INS_LD: 8,\n    RISCV_INS_C_LW: -4,\n    RISCV_INS_C_LWSP: -4,\n    RISCV_INS_C_LD: 8,\n    RISCV_INS_C_LDSP: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_STORE_INSTRUCTIONS","title":"RISCV_STORE_INSTRUCTIONS  module-attribute","text":"
RISCV_STORE_INSTRUCTIONS = {\n    RISCV_INS_SB: 1,\n    RISCV_INS_SH: 2,\n    RISCV_INS_SW: 4,\n    RISCV_INS_SD: 8,\n    RISCV_INS_C_SW: 4,\n    RISCV_INS_C_SWSP: 4,\n    RISCV_INS_C_SD: 8,\n    RISCV_INS_C_SDSP: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_MATH_INSTRUCTIONS","title":"RISCV_MATH_INSTRUCTIONS  module-attribute","text":"
RISCV_MATH_INSTRUCTIONS = {\n    RISCV_INS_ADDI: \"+\",\n    RISCV_INS_ADD: \"+\",\n    RISCV_INS_C_ADDI: \"+\",\n    RISCV_INS_C_ADD: \"+\",\n    RISCV_INS_SUB: \"-\",\n    RISCV_INS_C_SUB: \"-\",\n    RISCV_INS_XORI: \"^\",\n    RISCV_INS_XOR: \"^\",\n    RISCV_INS_C_XOR: \"^\",\n    RISCV_INS_ORI: \"|\",\n    RISCV_INS_OR: \"|\",\n    RISCV_INS_C_OR: \"|\",\n    RISCV_INS_ANDI: \"&\",\n    RISCV_INS_C_ANDI: \"&\",\n    RISCV_INS_AND: \"&\",\n    RISCV_INS_C_AND: \"&\",\n    RISCV_INS_SLLI: \"<<\",\n    RISCV_INS_C_SLLI: \"<<\",\n    RISCV_INS_SLL: \"<<\",\n    RISCV_INS_SRLI: \">>\",\n    RISCV_INS_C_SRLI: \">>\",\n    RISCV_INS_SRL: \">>\",\n    RISCV_INS_SRAI: \">>s\",\n    RISCV_INS_C_SRAI: \">>s\",\n    RISCV_INS_SRA: \">>s\",\n    RISCV_INS_MUL: \"*\",\n    RISCV_INS_MULH: \"*\",\n    RISCV_INS_MULHSU: \"*\",\n    RISCV_INS_MULHU: \"*\",\n    RISCV_INS_DIV: \"/\",\n    RISCV_INS_DIVU: \"/\",\n    RISCV_INS_REM: \"%\",\n    RISCV_INS_REMU: \"%\",\n    RISCV_INS_C_ADDI4SPN: \"+\",\n    RISCV_INS_C_ADDI16SP: \"+\",\n    RISCV_INS_ADDIW: \"+\",\n    RISCV_INS_ADDW: \"+\",\n    RISCV_INS_SUBW: \"-\",\n    RISCV_INS_SLLIW: \"<<\",\n    RISCV_INS_SLLW: \"<<\",\n    RISCV_INS_SRLIW: \">>\",\n    RISCV_INS_SRLW: \">>\",\n    RISCV_INS_SRAIW: \">>s\",\n    RISCV_INS_SRAW: \">>s\",\n    RISCV_INS_MULW: \"*\",\n    RISCV_INS_DIVW: \"/\",\n    RISCV_INS_DIVUW: \"/\",\n    RISCV_INS_REMW: \"%\",\n    RISCV_INS_REMUW: \"%\",\n    RISCV_INS_C_ADDIW: \"+\",\n    RISCV_INS_C_ADDW: \"+\",\n    RISCV_INS_C_SUBW: \"-\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_EMULATED_ANNOTATIONS","title":"RISCV_EMULATED_ANNOTATIONS  module-attribute","text":"
RISCV_EMULATED_ANNOTATIONS = {\n    RISCV_INS_SLT,\n    RISCV_INS_SLTU,\n    RISCV_INS_SLTI,\n    RISCV_INS_SLTIU,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant","title":"RISCVDisassemblyAssistant","text":"
RISCVDisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  architecture           \u2013            
    •  
  •  annotation_handlers               (Dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  supports_manual_emulation           \u2013            
    This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
     
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: Dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n    RISCV_INS_AUIPC: _auipc_annotator,\n    RISCV_INS_C_MV: _common_move_annotator,\n    RISCV_INS_C_LI: _common_move_annotator,\n    RISCV_INS_LUI: _lui_annotator,\n    RISCV_INS_C_LUI: _lui_annotator,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = False\n
 
This feature relies on the Capstone .regs_access() features that not all architectures have reliable support for
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/sparc/","title":"sparc","text":""},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc","title":"sparc","text":"
Attributes:
 
     
  •  SPARC_LOAD_INSTRUCTIONS           \u2013            
    •  
  •  SPARC_STORE_INSTRUCTIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc.SPARC_LOAD_INSTRUCTIONS","title":"SPARC_LOAD_INSTRUCTIONS  module-attribute","text":"
SPARC_LOAD_INSTRUCTIONS = {\n    SPARC_INS_LDUB: 1,\n    SPARC_INS_LDSB: 1,\n    SPARC_INS_LDUH: 2,\n    SPARC_INS_LDSH: 2,\n    SPARC_INS_LD: 4,\n    SPARC_INS_LDD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc.SPARC_STORE_INSTRUCTIONS","title":"SPARC_STORE_INSTRUCTIONS  module-attribute","text":"
SPARC_STORE_INSTRUCTIONS = {\n    SPARC_INS_STB: 1,\n    SPARC_INS_STH: 2,\n    SPARC_INS_ST: 4,\n    SPARC_INS_STD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/","title":"x86","text":""},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86","title":"x86","text":"
Classes:
 
     
  •  X86DisassemblyAssistant           \u2013            
    •  
 
Attributes:
 
     
  •  groups           \u2013            
    •  
  •  ops           \u2013            
    •  
  •  regs           \u2013            
    •  
  •  access           \u2013            
    •  
  •  X86_MATH_INSTRUCTIONS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.groups","title":"groups  module-attribute","text":"
groups = {v: _Mfor (k, v) in (items()) if startswith('X86_GRP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.ops","title":"ops  module-attribute","text":"
ops = {v: _Wfor (k, v) in (items()) if startswith('X86_OP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.regs","title":"regs  module-attribute","text":"
regs = {v: _Kfor (k, v) in (items()) if startswith('X86_REG_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.access","title":"access  module-attribute","text":"
access = {v: _Ifor (k, v) in (items()) if startswith('CS_AC_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86_MATH_INSTRUCTIONS","title":"X86_MATH_INSTRUCTIONS  module-attribute","text":"
X86_MATH_INSTRUCTIONS = {\n    X86_INS_ADD: \"+\",\n    X86_INS_SUB: \"-\",\n    X86_INS_AND: \"&\",\n    X86_INS_OR: \"|\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant","title":"X86DisassemblyAssistant","text":"
X86DisassemblyAssistant(architecture)\n
 
               Bases: DisassemblyAssistant
 
Methods:
 
     
  •  handle_mov             \u2013              
    •  
  •  handle_vmovaps             \u2013              
    •  
  •  handle_lea             \u2013              
    •  
  •  handle_xchg             \u2013              
    •  
  •  handle_pop             \u2013              
    •  
  •  handle_xor             \u2013              
    •  
  •  handle_inc             \u2013              
    •  
  •  handle_dec             \u2013              
    •  
  •  memory_string_with_components_resolved             \u2013              
    •  
  •  enhance             \u2013              
    Enhance the instruction - resolving branch targets, conditionals, and adding annotations
     
    •  
  •  can_reason_about_process_state             \u2013              
    Determine if the program counter of the process equals the address of the instruction being enhanced.
     
    •  
  •  dump             \u2013              
    Debug-only method.
     
    •  
 
Attributes:
 
     
  •  supports_manual_emulation           \u2013            
    •  
  •  annotation_handlers               (dict[int, Callable[[PwndbgInstruction, Emulator], None]])           \u2013            
    •  
  •  architecture               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  manual_register_values               (PseudoEmulatedRegisterFile)           \u2013            
    •  
  •  op_handlers               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]])           \u2013            
    •  
  •  op_names               (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.supports_manual_emulation","title":"supports_manual_emulation  class-attribute instance-attribute","text":"
supports_manual_emulation = True\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.annotation_handlers","title":"annotation_handlers  instance-attribute","text":"
annotation_handlers: dict[\n    int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n    X86_INS_MOV: handle_mov,\n    X86_INS_MOVABS: handle_mov,\n    X86_INS_MOVZX: handle_mov,\n    X86_INS_MOVD: handle_mov,\n    X86_INS_MOVQ: handle_mov,\n    X86_INS_MOVSXD: handle_mov,\n    X86_INS_MOVSX: handle_mov,\n    X86_INS_MOVAPS: handle_vmovaps,\n    X86_INS_VMOVAPS: handle_vmovaps,\n    X86_INS_LEA: handle_lea,\n    X86_INS_XCHG: handle_xchg,\n    X86_INS_POP: handle_pop,\n    X86_INS_CMP: _common_cmp_annotator_builder(\"eflags\", \"-\"),\n    X86_INS_TEST: _common_cmp_annotator_builder(\"eflags\", \"&\"),\n    X86_INS_XOR: handle_xor,\n    X86_INS_INC: handle_inc,\n    X86_INS_DEC: handle_dec,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.architecture","title":"architecture  instance-attribute","text":"
architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.manual_register_values","title":"manual_register_values  instance-attribute","text":"
manual_register_values: PseudoEmulatedRegisterFile = PseudoEmulatedRegisterFile(\n    current, ptrsize\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.op_handlers","title":"op_handlers  instance-attribute","text":"
op_handlers: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n    CS_OP_IMM: _parse_immediate,\n    CS_OP_REG: _parse_register,\n    CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.op_names","title":"op_names  instance-attribute","text":"
op_names: dict[\n    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n    CS_OP_IMM: _immediate_string,\n    CS_OP_REG: _register_string,\n    CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_mov","title":"handle_mov","text":"
handle_mov(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_vmovaps","title":"handle_vmovaps","text":"
handle_vmovaps(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_lea","title":"handle_lea","text":"
handle_lea(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_xchg","title":"handle_xchg","text":"
handle_xchg(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_pop","title":"handle_pop","text":"
handle_pop(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_xor","title":"handle_xor","text":"
handle_xor(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_inc","title":"handle_inc","text":"
handle_inc(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_dec","title":"handle_dec","text":"
handle_dec(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.memory_string_with_components_resolved","title":"memory_string_with_components_resolved","text":"
memory_string_with_components_resolved(\n    instruction: PwndbgInstruction, op: EnhancedOperand\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.enhance","title":"enhance","text":"
enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
 
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
 
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"
can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
 
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.dump","title":"dump","text":"
dump(instruction: PwndbgInstruction)\n
 
Debug-only method.
"},{"location":"reference/pwndbg/aglib/dt/","title":"dt","text":""},{"location":"reference/pwndbg/aglib/dt/#pwndbg.aglib.dt","title":"dt","text":"
Prints structures in a manner similar to WinDbg's \"dt\" command.
 
Functions:
 
     
  •  dt             \u2013              
    Dump out a structure type WinDbg style.
     
    •  
"},{"location":"reference/pwndbg/aglib/dt/#pwndbg.aglib.dt.dt","title":"dt","text":"
dt(\n    name: str = \"\", addr: int | Value | None = None, obj: Value | None = None\n) -> str\n
 
Dump out a structure type WinDbg style.
"},{"location":"reference/pwndbg/aglib/dynamic/","title":"dynamic","text":""},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic","title":"dynamic","text":"
Dynamic linking interface.
 
This module provides an interface to analyze various aspects of dynamically linked programs.
 
It also defines a hook that watches for changes to the link map communicated by ld.so, and exposes an event that other parts of pwndbg can tap into, but one that may have a somewhat obtuse beahvior, due to limitations in GDB. See r_debug_install_link_map_changed_hook for more information.
 
Classes:
 
     
  •  LinkMapEntry           \u2013            
    An entry in the link map.
     
    •  
  •  DynamicSegment           \u2013            
    Parser for the DYNAMIC segment present in a binary image.
     
    •  
  •  CStruct           \u2013            
    Utility class for reading fields off of C structs.
     
    •  
 
Functions:
 
     
  •  is_dynamic             \u2013              
    Returns whether the current inferior is dynamic.
     
    •  
  •  r_debug_link_map_changed_hook             \u2013              
    Hook that gets activated whenever the link map changes.
     
    •  
  •  r_debug_install_link_map_changed_hook             \u2013              
    Installs the r_debug-based hook to the change event of the link map.
     
    •  
  •  r_debug_link_map_changed_add_listener             \u2013              
    Install a callback to be called whenever r_debug signal of there being a
     
    •  
  •  r_debug_link_map_changed_remove_listener             \u2013              
    Removes a listener previously installed with
     
    •  
  •  link_map_head             \u2013              
    Acquires a reference to the head entry of the link map.
     
    •  
  •  link_map             \u2013              
    Iterator over all the entries in the link map.
     
    •  
  •  elf32_r_sym             \u2013              
    Returns the r_sym portion of the r_info relocation field for ELF32.
     
    •  
  •  elf32_r_type             \u2013              
    Returns the r_type portion of the r_info relocation field for ELF32.
     
    •  
  •  elf64_r_sym             \u2013              
    Returns the r_sym portion of the r_info relocation field for ELF64.
     
    •  
  •  elf64_r_type             \u2013              
    Returns the r_type portion of the r_info relocation field for ELF64.
     
    •  
 
Attributes:
 
     
  •  R_DEBUG_LINK_MAP_CHANGED_HOOK           \u2013            
    •  
  •  R_DEBUG_LINK_MAP_CHANGED_LISTENERS               (set[Callable[..., Any]])           \u2013            
    •  
  •  DYNAMIC_SECTION_ALLOW_MULTIPLE           \u2013            
    •  
  •  DYNAMIC_SECTION_REQUIRED_TAGS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.R_DEBUG_LINK_MAP_CHANGED_HOOK","title":"R_DEBUG_LINK_MAP_CHANGED_HOOK  module-attribute","text":"
R_DEBUG_LINK_MAP_CHANGED_HOOK = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.R_DEBUG_LINK_MAP_CHANGED_LISTENERS","title":"R_DEBUG_LINK_MAP_CHANGED_LISTENERS  module-attribute","text":"
R_DEBUG_LINK_MAP_CHANGED_LISTENERS: set[Callable[..., Any]] = set()\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_ALLOW_MULTIPLE","title":"DYNAMIC_SECTION_ALLOW_MULTIPLE  module-attribute","text":"
DYNAMIC_SECTION_ALLOW_MULTIPLE = {DT_NEEDED}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_REQUIRED_TAGS","title":"DYNAMIC_SECTION_REQUIRED_TAGS  module-attribute","text":"
DYNAMIC_SECTION_REQUIRED_TAGS = {DT_STRTAB, DT_STRSZ, DT_SYMTAB, DT_SYMENT}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry","title":"LinkMapEntry","text":"
LinkMapEntry(address)\n
 
An entry in the link map.
 
Methods:
 
     
  •  name             \u2013              
    The name of the binary image this entry describes.
     
    •  
  •  dynamic             \u2013              
    The pointer to the memory mapped dynamic segment of the binary image.
     
    •  
  •  load_bias             \u2013              
    The difference between the addresses in the data structures of the
     
    •  
  •  next             \u2013              
    The next entry in the chain, if any.
     
    •  
  •  prev             \u2013              
    The previous entry in the chain, if any.
     
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  link_map           \u2013            
    •  
  •  link_map_address           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.link_map","title":"link_map  instance-attribute","text":"
link_map = link_map()\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.link_map_address","title":"link_map_address  instance-attribute","text":"
link_map_address = address\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.name","title":"name","text":"
name()\n
 
The name of the binary image this entry describes.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.dynamic","title":"dynamic","text":"
dynamic()\n
 
The pointer to the memory mapped dynamic segment of the binary image.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.load_bias","title":"load_bias","text":"
load_bias()\n
 
The difference between the addresses in the data structures of the binary image and the actual location of the data being pointed to by them in the address space of the inferior. This number will never be negative.
 
Aditionally, for DYN images, such as PIE executables and shared libraries, this value is the same as the base load address of the image.
 
The term \"load bias\" comes from the ELF binary format loading procedure in the Linux Kernel.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.next","title":"next","text":"
next()\n
 
The next entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.prev","title":"prev","text":"
prev()\n
 
The previous entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment","title":"DynamicSegment","text":"
DynamicSegment(address, load_bias)\n
 
Parser for the DYNAMIC segment present in a binary image.
 
Methods:
 
     
  •  jmprel_has_addend             \u2013              
    Returns whether the r_addend field is available in entries of JMPREL.
     
    •  
  •  rela_read             \u2013              
    Reads the requested field from the entry of the given index in RELA.
     
    •  
  •  rel_read             \u2013              
    Reads the requested field from the entry of the given index in REL.
     
    •  
  •  jmprel_read             \u2013              
    Reads the requested field from the entry of the given index in JMPREL.
     
    •  
  •  rela_entry_count             \u2013              
    Returns the number of RELA entries.
     
    •  
  •  rel_entry_count             \u2013              
    Returns the number of REL entries.
     
    •  
  •  jmprel_entry_count             \u2013              
    Returns the number of JMPREL entries.
     
    •  
  •  string             \u2013              
    Reads the string at index i from the string table.
     
    •  
  •  symtab_read             \u2013              
    Reads the requested field from the entry of given index in the symbol
     
    •  
  •  dyn_array_read             \u2013              
    Reads the requested field from the entry of given index in the dynamic
     
    •  
  •  dyn_array_read_tag_val             \u2013              
    Reads the d_un field from the entry of given tag in the dynamic
     
    •  
 
Attributes:
 
     
  •  symtab_elem           \u2013            
    •  
  •  jmprel_addr           \u2013            
    •  
  •  rela_addr           \u2013            
    •  
  •  rel_addr           \u2013            
    •  
  •  jmprel_elem           \u2013            
    •  
  •  rela_elem           \u2013            
    •  
  •  rel_elem           \u2013            
    •  
  •  jmprel_r_sym_fn           \u2013            
    •  
  •  jmprel_r_info_fn           \u2013            
    •  
  •  rela_r_sym_fn           \u2013            
    •  
  •  rela_r_info_fn           \u2013            
    •  
  •  rel_r_sym_fn           \u2013            
    •  
  •  rel_r_info_fn           \u2013            
    •  
  •  entries           \u2013            
    •  
  •  address           \u2013            
    •  
  •  load_bias           \u2013            
    •  
  •  elf_dyn           \u2013            
    •  
  •  entries_by_tag               (dict[Any, Any])           \u2013            
    •  
  •  strtab_addr           \u2013            
    •  
  •  strtab_size           \u2013            
    •  
  •  symtab_addr           \u2013            
    •  
  •  has_jmprel           \u2013            
    •  
  •  has_rela           \u2013            
    •  
  •  has_rel           \u2013            
    •  
  •  rela_r_sym           \u2013            
    •  
  •  rela_r_type           \u2013            
    •  
  •  rel_r_sym           \u2013            
    •  
  •  rel_r_type           \u2013            
    •  
  •  jmprel_r_sym           \u2013            
    •  
  •  jmprel_r_type           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_elem","title":"symtab_elem  class-attribute instance-attribute","text":"
symtab_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_addr","title":"jmprel_addr  class-attribute instance-attribute","text":"
jmprel_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_addr","title":"rela_addr  class-attribute instance-attribute","text":"
rela_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_addr","title":"rel_addr  class-attribute instance-attribute","text":"
rel_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_elem","title":"jmprel_elem  class-attribute instance-attribute","text":"
jmprel_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_elem","title":"rela_elem  class-attribute instance-attribute","text":"
rela_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_elem","title":"rel_elem  class-attribute instance-attribute","text":"
rel_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym_fn","title":"jmprel_r_sym_fn  class-attribute instance-attribute","text":"
jmprel_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_info_fn","title":"jmprel_r_info_fn  class-attribute instance-attribute","text":"
jmprel_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym_fn","title":"rela_r_sym_fn  class-attribute instance-attribute","text":"
rela_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_info_fn","title":"rela_r_info_fn  class-attribute instance-attribute","text":"
rela_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym_fn","title":"rel_r_sym_fn  class-attribute instance-attribute","text":"
rel_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_info_fn","title":"rel_r_info_fn  class-attribute instance-attribute","text":"
rel_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries","title":"entries  instance-attribute","text":"
entries = count\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.load_bias","title":"load_bias  instance-attribute","text":"
load_bias = load_bias\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.elf_dyn","title":"elf_dyn  instance-attribute","text":"
elf_dyn = elf_dyn\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries_by_tag","title":"entries_by_tag  class-attribute instance-attribute","text":"
entries_by_tag: dict[Any, Any] = sections\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_addr","title":"strtab_addr  class-attribute instance-attribute","text":"
strtab_addr = dyn_array_read_tag_val(DT_STRTAB)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_size","title":"strtab_size  class-attribute instance-attribute","text":"
strtab_size = dyn_array_read_tag_val(DT_STRSZ)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_addr","title":"symtab_addr  class-attribute instance-attribute","text":"
symtab_addr = dyn_array_read_tag_val(DT_SYMTAB)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_jmprel","title":"has_jmprel  class-attribute instance-attribute","text":"
has_jmprel = (\n    DT_JMPREL in sections and DT_PLTREL in sections and DT_PLTRELSZ in sections\n)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rela","title":"has_rela  class-attribute instance-attribute","text":"
has_rela = (\n    DT_RELA in sections and DT_RELASZ in sections and DT_RELAENT in sections\n)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rel","title":"has_rel  class-attribute instance-attribute","text":"
has_rel = DT_REL in sections and DT_RELSZ in sections and DT_RELENT in sections\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym","title":"rela_r_sym  instance-attribute","text":"
rela_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_type","title":"rela_r_type  instance-attribute","text":"
rela_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym","title":"rel_r_sym  instance-attribute","text":"
rel_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_type","title":"rel_r_type  instance-attribute","text":"
rel_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym","title":"jmprel_r_sym  instance-attribute","text":"
jmprel_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_type","title":"jmprel_r_type  instance-attribute","text":"
jmprel_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_has_addend","title":"jmprel_has_addend","text":"
jmprel_has_addend()\n
 
Returns whether the r_addend field is available in entries of JMPREL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_read","title":"rela_read","text":"
rela_read(i, field)\n
 
Reads the requested field from the entry of the given index in RELA.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_read","title":"rel_read","text":"
rel_read(i, field)\n
 
Reads the requested field from the entry of the given index in REL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_read","title":"jmprel_read","text":"
jmprel_read(i, field)\n
 
Reads the requested field from the entry of the given index in JMPREL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_entry_count","title":"rela_entry_count","text":"
rela_entry_count()\n
 
Returns the number of RELA entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_entry_count","title":"rel_entry_count","text":"
rel_entry_count()\n
 
Returns the number of REL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_entry_count","title":"jmprel_entry_count","text":"
jmprel_entry_count()\n
 
Returns the number of JMPREL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.string","title":"string","text":"
string(i)\n
 
Reads the string at index i from the string table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_read","title":"symtab_read","text":"
symtab_read(i, field)\n
 
Reads the requested field from the entry of given index in the symbol table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read","title":"dyn_array_read","text":"
dyn_array_read(i, field)\n
 
Reads the requested field from the entry of given index in the dynamic array.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read_tag_val","title":"dyn_array_read_tag_val","text":"
dyn_array_read_tag_val(tag)\n
 
Reads the d_un field from the entry of given tag in the dynamic array. Must not be a tag that allows multiple entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct","title":"CStruct","text":"
CStruct(fields: list[tuple[str, Type, type]])\n
 
Utility class for reading fields off of C structs.
 
Without proper debug information it cannot be guaranteed that the calculated field offsets are correct, therefore, reasonable caution should be exercised when using this class. The assumptions made are:  - Padding is added between fields so that all internal members are    correctly aligned, as long as the struct itself is correctly aligned.  - The alignment of the struct is the same as the alignment of its most    strictly aligned member.  - Padding is added to the end of the struct so that sequentially laid out    instances are always correctly aligned.  - Stuct sizes must be greater than or equal to 1 byte.
 
While these assumptions do not apply in all cases, they should be good enough for the structs in ld.so and in the ELF program images.
 
Methods:
 
     
  •  link_map             \u2013              
    Creates a new instance describing the ABI-stable part of the link_map
     
    •  
  •  r_debug             \u2013              
    Creates a new instance describing the ABI-stable part of the r_debug
     
    •  
  •  elfNN_dyn             \u2013              
    Creates a new instance describing the ElfNN_Dyn structure, suitable for
     
    •  
  •  elfNN_rel             \u2013              
    Creates a new instance describing the ElfNN_Rel structure, suitable for
     
    •  
  •  elfNN_rela             \u2013              
    Creates a new instance describing the ElfNN_Rela structure, suitable for
     
    •  
  •  elf32_sym             \u2013              
    Creates a new instance describing the Elf32_Sym srtucture.
     
    •  
  •  elf64_sym             \u2013              
    Creates a new instance describing the Elf64_Sym structure.
     
    •  
  •  read             \u2013              
    Reads the field with the given name from the struct instance located at
     
    •  
  •  has_field             \u2013              
    Returns whether a field with the given name exists in this struct.
     
    •  
 
Attributes:
 
     
  •  types               (dict[str, Type])           \u2013            
    •  
  •  offsets               (dict[str, int])           \u2013            
    •  
  •  converters               (dict[str, type])           \u2013            
    •  
  •  size           \u2013            
    •  
  •  align           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.types","title":"types  class-attribute instance-attribute","text":"
types: dict[str, Type] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.offsets","title":"offsets  class-attribute instance-attribute","text":"
offsets: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.converters","title":"converters  class-attribute instance-attribute","text":"
converters: dict[str, type] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.size","title":"size  class-attribute instance-attribute","text":"
size = current_offset\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.align","title":"align  class-attribute instance-attribute","text":"
align = alignment\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.link_map","title":"link_map  staticmethod","text":"
link_map()\n
 
Creates a new instance describing the ABI-stable part of the link_map struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.r_debug","title":"r_debug  staticmethod","text":"
r_debug()\n
 
Creates a new instance describing the ABI-stable part of the r_debug struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_dyn","title":"elfNN_dyn  staticmethod","text":"
elfNN_dyn()\n
 
Creates a new instance describing the ElfNN_Dyn structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rel","title":"elfNN_rel  staticmethod","text":"
elfNN_rel()\n
 
Creates a new instance describing the ElfNN_Rel structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rela","title":"elfNN_rela  staticmethod","text":"
elfNN_rela()\n
 
Creates a new instance describing the ElfNN_Rela structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf32_sym","title":"elf32_sym  staticmethod","text":"
elf32_sym()\n
 
Creates a new instance describing the Elf32_Sym srtucture.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf64_sym","title":"elf64_sym  staticmethod","text":"
elf64_sym()\n
 
Creates a new instance describing the Elf64_Sym structure.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.read","title":"read","text":"
read(address, name)\n
 
Reads the field with the given name from the struct instance located at the given address.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.has_field","title":"has_field","text":"
has_field(name) -> bool\n
 
Returns whether a field with the given name exists in this struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.is_dynamic","title":"is_dynamic","text":"
is_dynamic() -> bool\n
 
Returns whether the current inferior is dynamic.
 
Not all programs are dynamically linked, or even need the dynamic loader at all. Since this module is entirely reliant on at least the presence of the dynamic loader, and really only makes sense for dynamic programs, it should not be used at all with programs that don't participate in dynamic linkage, or when there is a dynamic linker, but we have no way to talk to it.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_hook","title":"r_debug_link_map_changed_hook","text":"
r_debug_link_map_changed_hook() -> Callable[[StopPoint], bool]\n
 
Hook that gets activated whenever the link map changes.
 
The r_debug structure, in addition to having a refence to the head of the link map, also has, in its ABI-stable part, a reference to an address that can have a breakpoint attached to it, such that whenever the contents of the link map change, that breakpoint will be triggered1.
 
We take advantage of that here, by installing our own breakpoint in that location, and watching for trigger events, so that we can notify other bits of pwndbg that the contents of the link_map() function will be different.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_install_link_map_changed_hook","title":"r_debug_install_link_map_changed_hook","text":"
r_debug_install_link_map_changed_hook() -> None\n
 
Installs the r_debug-based hook to the change event of the link map.
 
This function is a bit tricky, because ideally we want it to be run as soon as possible, before even the dynamic linker runs, but after both it and the main binary have been mapped into the address space of the inferior. While doing this manually would be trivial - seeing as there is a command in GDB that gives the user control at the exact place we would like -, there does not seem to be a way of easily doing this from inside Python.
 
Because of this, parts of the code that rely on the hook should try calling this function and firing their own listeners manually at least once.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_add_listener","title":"r_debug_link_map_changed_add_listener","text":"
r_debug_link_map_changed_add_listener(handler: Callable[..., Any]) -> None\n
 
Install a callback to be called whenever r_debug signal of there being a change in the link map link map is triggered.
 
Keep in mind this function may be called before the hook that calls the listeners is installed, and, until it is installed, no listener callbacks will actually be triggered. See r_debug_install_link_map_changed_hook.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_remove_listener","title":"r_debug_link_map_changed_remove_listener","text":"
r_debug_link_map_changed_remove_listener(handler: Callable[..., Any]) -> None\n
 
Removes a listener previously installed with r_debug_link_map_changed_add_listener().
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map_head","title":"link_map_head","text":"
link_map_head()\n
 
Acquires a reference to the head entry of the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map","title":"link_map","text":"
link_map()\n
 
Iterator over all the entries in the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_sym","title":"elf32_r_sym","text":"
elf32_r_sym(r_info)\n
 
Returns the r_sym portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_type","title":"elf32_r_type","text":"
elf32_r_type(r_info)\n
 
Returns the r_type portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_sym","title":"elf64_r_sym","text":"
elf64_r_sym(r_info)\n
 
Returns the r_sym portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_type","title":"elf64_r_type","text":"
elf64_r_type(r_info)\n
 
Returns the r_type portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/elf/","title":"elf","text":""},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf","title":"elf","text":"
This file declares types and methods useful for enumerating all of the address spaces and permissions of an ELF file in memory.
 
This is necessary for when access to /proc is restricted, or when working on a BSD system which simply does not have /proc.
 
Classes:
 
     
  •  ELFInfo           \u2013            
    ELF metadata and structures.
     
    •  
 
Functions:
 
     
  •  update             \u2013              
    •  
  •  read             \u2013              
    •  
  •  get_elf_info             \u2013              
    Parse and return ELFInfo.
     
    •  
  •  get_elf_info_rebased             \u2013              
    Parse and return ELFInfo with all virtual addresses rebased to vaddr
     
    •  
  •  get_containing_segments             \u2013              
    •  
  •  get_containing_sections             \u2013              
    •  
  •  get_vmlinux_unrand_base             \u2013              
    •  
  •  dump_section_by_name             \u2013              
    Dump the content of a section from an ELF file, return the start address, size and content.
     
    •  
  •  dump_relocations_by_section_name             \u2013              
    Dump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
     
    •  
  •  exe             \u2013              
    Return a loaded ELF header object pointing to the Ehdr of the
     
    •  
  •  entry             \u2013              
    Return the address of the entry point for the main executable.
     
    •  
  •  load             \u2013              
    •  
  •  reset_ehdr_type_loaded             \u2013              
    •  
  •  get_ehdr             \u2013              
    Returns an ehdr object for the ELF pointer points into.
     
    •  
  •  get_phdrs             \u2013              
    Returns a tuple containing (phnum, phentsize, gdb.Value),
     
    •  
  •  iter_phdrs             \u2013              
    •  
  •  map             \u2013              
    Given a pointer into an ELF module, return a list of all loaded
     
    •  
  •  map_inner             \u2013              
    •  
 
Attributes:
 
     
  •  module           \u2013            
    •  
  •  Ehdr           \u2013            
    •  
  •  Phdr           \u2013            
    •  
  •  T           \u2013            
    •  
  •  ehdr_type_loaded           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.module","title":"module  module-attribute","text":"
module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Ehdr","title":"Ehdr  module-attribute","text":"
Ehdr = Union[Elf32_Ehdr, Elf64_Ehdr]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Phdr","title":"Phdr  module-attribute","text":"
Phdr = Union[Elf32_Phdr, Elf64_Phdr]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.T","title":"T  module-attribute","text":"
T = TypeVar('T', Union[Elf32_Ehdr, Elf64_Ehdr], Union[Elf32_Phdr, Elf64_Phdr])\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ehdr_type_loaded","title":"ehdr_type_loaded  module-attribute","text":"
ehdr_type_loaded = 0\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo","title":"ELFInfo","text":"
               Bases: NamedTuple
 
ELF metadata and structures.
 
Attributes:
 
     
  •  header               (dict[str, int | str])           \u2013            
    •  
  •  sections               (list[dict[str, int | str]])           \u2013            
    •  
  •  segments               (list[dict[str, int | str]])           \u2013            
    •  
  •  is_pic               (bool)           \u2013            
    •  
  •  is_pie               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.header","title":"header  instance-attribute","text":"
header: dict[str, int | str]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.sections","title":"sections  instance-attribute","text":"
sections: list[dict[str, int | str]]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.segments","title":"segments  instance-attribute","text":"
segments: list[dict[str, int | str]]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pic","title":"is_pic  property","text":"
is_pic: bool\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pie","title":"is_pie  property","text":"
is_pie: bool\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.read","title":"read","text":"
read(typ: T, address: int, blob: bytearray | None = None) -> T\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info","title":"get_elf_info","text":"
get_elf_info(filepath: str) -> ELFInfo\n
 
Parse and return ELFInfo.
 
Adds various calculated properties to the ELF header, segments and sections. Such added properties are those with prefix 'x_' in the returned dicts.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info_rebased","title":"get_elf_info_rebased","text":"
get_elf_info_rebased(filepath: str, vaddr: int) -> ELFInfo\n
 
Parse and return ELFInfo with all virtual addresses rebased to vaddr
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_segments","title":"get_containing_segments","text":"
get_containing_segments(elf_filepath: str, elf_loadaddr: int, vaddr: int)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_sections","title":"get_containing_sections","text":"
get_containing_sections(elf_filepath: str, elf_loadaddr: int, vaddr: int)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_vmlinux_unrand_base","title":"get_vmlinux_unrand_base","text":"
get_vmlinux_unrand_base(elf_filepath: str)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_section_by_name","title":"dump_section_by_name","text":"
dump_section_by_name(\n    filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[int, int, bytes] | None\n
 
Dump the content of a section from an ELF file, return the start address, size and content.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"
dump_relocations_by_section_name(\n    filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[Relocation, ...] | None\n
 
Dump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.exe","title":"exe","text":"
exe() -> Ehdr | None\n
 
Return a loaded ELF header object pointing to the Ehdr of the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.entry","title":"entry","text":"
entry() -> int\n
 
Return the address of the entry point for the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.load","title":"load","text":"
load(pointer: int) -> Ehdr | None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.reset_ehdr_type_loaded","title":"reset_ehdr_type_loaded","text":"
reset_ehdr_type_loaded() -> None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_ehdr","title":"get_ehdr","text":"
get_ehdr(pointer: int) -> tuple[int | None, Ehdr | None]\n
 
Returns an ehdr object for the ELF pointer points into.
 
We expect the pointer to be an address from the binary.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_phdrs","title":"get_phdrs","text":"
get_phdrs(pointer: int)\n
 
Returns a tuple containing (phnum, phentsize, gdb.Value), where the gdb.Value object is an ELF Program Header with the architecture-appropriate structure type.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.iter_phdrs","title":"iter_phdrs","text":"
iter_phdrs(ehdr: Ehdr)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map","title":"map","text":"
map(pointer: int, objfile: str = '') -> tuple[Page, ...]\n
 
Given a pointer into an ELF module, return a list of all loaded sections in the ELF.
 
Returns:
 
     
  •  tuple[Page, ...]           \u2013            
    A sorted list of pwndbg.lib.memory.Page objects
     
    •  
 
Example:
 
>>> pwndbg.aglib.elf.load(pwndbg.aglib.regs.pc)\n[Page('400000-4ef000 r-xp 0'),\n Page('6ef000-6f0000 r--p ef000'),\n Page('6f0000-6ff000 rw-p f0000')]\n>>> pwndbg.aglib.elf.load(0x7ffff77a2000)\n[Page('7ffff75e7000-7ffff77a2000 r-xp 0x1bb000 0'),\n Page('7ffff77a2000-7ffff79a2000 ---p 0x200000 1bb000'),\n Page('7ffff79a2000-7ffff79a6000 r--p 0x4000 1bb000'),\n Page('7ffff79a6000-7ffff79ad000 rw-p 0x7000 1bf000')]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map_inner","title":"map_inner","text":"
map_inner(ei_class: int, ehdr: Ehdr, objfile: str) -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/file/","title":"file","text":""},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file","title":"file","text":"
Retrieve files from the debuggee's filesystem.  Useful when debugging a remote process over SSH or similar, where e.g. /proc/FOO/maps is needed from the remote system.
 
Functions:
 
     
  •  reset_remote_files             \u2013              
    •  
  •  remote_files_dir             \u2013              
    •  
  •  get_proc_exe_file             \u2013              
    Returns the local path to the debugged file name.
     
    •  
  •  can_download_remote_file             \u2013              
    •  
  •  get_file             \u2013              
    Downloads the specified file from the system where the current process is
     
    •  
  •  get             \u2013              
    Retrieves the contents of the specified file on the system
     
    •  
  •  readlink             \u2013              
    readlink(path) -> str
     
    •  
  •  is_vfile_qemu_user_bug             \u2013              
    •  
  •  vfile_readlink             \u2013              
    Reads the target of a symbolic link on the remote system.
     
    •  
  •  vfile_readfile             \u2013              
    Reads the entire content of a file on the remote system.
     
    •  
  •  vfile_open             \u2013              
    Opens a file on the remote system and returns the file descriptor.
     
    •  
  •  gdb_memtox_inverse             \u2013              
    •  
  •  vfile_pread             \u2013              
    Reads data from a file descriptor.
     
    •  
  •  vfile_close             \u2013              
    Closes a previously opened file descriptor.
     
    •  
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.reset_remote_files","title":"reset_remote_files","text":"
reset_remote_files() -> None\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.remote_files_dir","title":"remote_files_dir","text":"
remote_files_dir()\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_proc_exe_file","title":"get_proc_exe_file","text":"
get_proc_exe_file() -> str\n
 
Returns the local path to the debugged file name.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.can_download_remote_file","title":"can_download_remote_file","text":"
can_download_remote_file() -> bool\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_file","title":"get_file","text":"
get_file(path: str, try_local_path: bool = False) -> str\n
 
Downloads the specified file from the system where the current process is being debugged.
 
If the path is prefixed with \"target:\" the prefix is stripped (to support remote target paths properly).
 
If the try_local_path is set to True and the path exists locally and \"target:\" prefix is not present, it will return the local path instead of downloading the file.
 
Returns:
 
     
  •  str           \u2013            
    The local path to the file
     
    •  
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get","title":"get","text":"
get(path: str) -> bytes\n
 
Retrieves the contents of the specified file on the system where the current process is being debugged.
 
Returns:
 
     
  •  bytes           \u2013            
    A byte array, or None.
     
    •  
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.readlink","title":"readlink","text":"
readlink(path: str) -> str\n
 
readlink(path) -> str
 
Read the link specified by 'path' on the system being debugged.
 
Handles local, qemu-usermode, and remote debugging cases.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.is_vfile_qemu_user_bug","title":"is_vfile_qemu_user_bug","text":"
is_vfile_qemu_user_bug() -> bool\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readlink","title":"vfile_readlink","text":"
vfile_readlink(pathname: str | bytes) -> bytes\n
 
Reads the target of a symbolic link on the remote system.
 
:param pathname: The path to the symbolic link (string). :param buffer_size: The size of the buffer to read into (integer). :return: The target of the symbolic link as a string.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readfile","title":"vfile_readfile","text":"
vfile_readfile(filename: str, chunk_size=1000) -> Iterator[bytes]\n
 
Reads the entire content of a file on the remote system.
 
:param filename: The path to the file (string). :param chunk_size: The number of bytes to read in each iteration (integer). :return: The complete content of the file as bytes.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_open","title":"vfile_open","text":"
vfile_open(filename: str, flags: int, mode: int) -> int\n
 
Opens a file on the remote system and returns the file descriptor.
 
:param filename: The path to the file (string). :param flags: Flags passed to the open call (integer, base 16).     These correspond to the constant values in the enum OpenOptions from LLDB\u2019s File.h,     not the traditional open(2) flags. :param mode: Mode bits for the file (integer, base 16). :return: File descriptor (integer), or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.gdb_memtox_inverse","title":"gdb_memtox_inverse","text":"
gdb_memtox_inverse(data: bytes) -> bytes\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_pread","title":"vfile_pread","text":"
vfile_pread(fd: int, size: int, offset: int) -> tuple[int, bytes]\n
 
Reads data from a file descriptor.
 
:param fd: File descriptor (integer). :param size: Number of bytes to read (integer, base 16). :param offset: Offset in the file to start reading from (integer, base 16). :return: Tuple of (bytes_read, data) where bytes_read is an integer and data is the binary data.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_close","title":"vfile_close","text":"
vfile_close(fd)\n
 
Closes a previously opened file descriptor.
 
:param fd: File descriptor (integer). :return: None, or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/godbg/","title":"godbg","text":""},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg","title":"godbg","text":"
Classes:
 
     
  •  FormatOpts           \u2013            
    •  
  •  Type           \u2013            
    •  
  •  GoTypeKind           \u2013            
    •  
  •  GoTypeMeta           \u2013            
    •  
  •  BackrefType           \u2013            
    A temporary placeholder type used when dumping recursive types, e.g. type a []a
     
    •  
  •  BasicType           \u2013            
    A primitive Go type.
     
    •  
  •  SliceType           \u2013            
    A slice type in Go, notated as []inner.
     
    •  
  •  PointerType           \u2013            
    A pointer type in Go, notated as *inner.
     
    •  
  •  ArrayType           \u2013            
    An array type in Go, notated as [count]inner.
     
    •  
  •  MapType           \u2013            
    A map type in Go, notated as map[key]val.
     
    •  
  •  StructType           \u2013            
    A struct type in Go, notated as struct(SIZE){FIELDS},
     
    •  
  •  RuntimeType           \u2013            
    A value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS,
     
    •  
 
Functions:
 
     
  •  word_size             \u2013              
    Gets the Go word size for the current architecture.
     
    •  
  •  max_align             \u2013              
    Gets the Go maximum alignment for the current architecture.
     
    •  
  •  compute_offsets             \u2013              
    Given a list of (size, alignment) for struct field types,
     
    •  
  •  compute_named_offsets             \u2013              
    Like compute_offsets, but takes in field names and returns a dictionary
     
    •  
  •  load_uint             \u2013              
    •  
  •  load_int             \u2013              
    •  
  •  load_float             \u2013              
    •  
  •  emit_warning             \u2013              
    •  
  •  get_elf             \u2013              
    •  
  •  read_buildversion             \u2013              
    Reads a Go runtime.buildVersion string to extract the version.
     
    •  
  •  get_go_version             \u2013              
    Try to determine the Go version used to compile the binary.
     
    •  
  •  get_type_start             \u2013              
    Given the address to a type, try to find the moduledata types section containing it.
     
    •  
  •  read_varint_str             \u2013              
    Read a length-prefix string encoded with Go's variable length encoding.
     
    •  
  •  read_type_name             \u2013              
    Reads a Go type name given the address to the name.
     
    •  
  •  decode_runtime_type             \u2013              
    Decodes a runtime reflection type from memory, returning a (meta, type) tuplee.
     
    •  
  •  parse_type             \u2013              
    •  
 
Attributes:
 
     
  •  line_width           \u2013            
    •  
  •  indent_amount           \u2013            
    •  
  •  debug_color           \u2013            
    •  
  •  hex_digits           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.line_width","title":"line_width  module-attribute","text":"
line_width = add_param(\n    \"go-dump-line-width\", 80, \"the soft line width for go-dump pretty printing\"\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.indent_amount","title":"indent_amount  module-attribute","text":"
indent_amount = add_param(\n    \"go-dump-indent-amount\", 4, \"the indent amount for go-dump pretty printing\"\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.debug_color","title":"debug_color  module-attribute","text":"
debug_color = add_color_param(\n    \"go-dump-debug\",\n    \"blue\",\n    \"color for 'go-dump' command's debug info when --debug is specified\",\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.hex_digits","title":"hex_digits  module-attribute","text":"
hex_digits = set('0123456789abcdefABCDEFxX')\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts","title":"FormatOpts  dataclass","text":"
FormatOpts(\n    int_hex: bool = False,\n    debug: bool = False,\n    pretty: bool = False,\n    float_decimals: int | None = None,\n)\n
 
Methods:
 
     
  •  fmt_int             \u2013              
    •  
  •  fmt_float             \u2013              
    •  
  •  fmt_str             \u2013              
    •  
  •  fmt_bytes             \u2013              
    •  
  •  fmt_debug             \u2013              
    •  
  •  fmt_elems             \u2013              
    •  
  •  fmt_ptr             \u2013              
    •  
 
Attributes:
 
     
  •  int_hex               (bool)           \u2013            
    •  
  •  debug               (bool)           \u2013            
    •  
  •  pretty               (bool)           \u2013            
    •  
  •  float_decimals               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.int_hex","title":"int_hex  class-attribute instance-attribute","text":"
int_hex: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.debug","title":"debug  class-attribute instance-attribute","text":"
debug: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.pretty","title":"pretty  class-attribute instance-attribute","text":"
pretty: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.float_decimals","title":"float_decimals  class-attribute instance-attribute","text":"
float_decimals: int | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_int","title":"fmt_int","text":"
fmt_int(val: int) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_float","title":"fmt_float","text":"
fmt_float(val: float) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_str","title":"fmt_str","text":"
fmt_str(val: str) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_bytes","title":"fmt_bytes","text":"
fmt_bytes(val: bytes) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_debug","title":"fmt_debug","text":"
fmt_debug(val: str, default: str = '') -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_elems","title":"fmt_elems","text":"
fmt_elems(elems: Iterable[str]) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_ptr","title":"fmt_ptr","text":"
fmt_ptr(val: int) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type","title":"Type  dataclass","text":"
Type(meta: GoTypeMeta | None)\n
 
               Bases: ABC
 
Methods:
 
     
  •  dump             \u2013              
    Dump a type from memory given an address and format.
     
    •  
  •  size             \u2013              
    Returns the size of a type in bytes.
     
    •  
  •  align             \u2013              
    Returns the alignment of a type in bytes.
     
    •  
  •  get_typename             \u2013              
    Returns the typename of a type. Should be reparsable via _parse_ty.
     
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  additional_metadata             \u2013              
    Returns a list of lines of additional metadata to dump from the go-type command.
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.dump","title":"dump  abstractmethod","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
 
Dump a type from memory given an address and format.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.size","title":"size  abstractmethod","text":"
size() -> int\n
 
Returns the size of a type in bytes.
 
Used for computing array and struct layouts.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.align","title":"align  abstractmethod","text":"
align() -> int\n
 
Returns the alignment of a type in bytes.
 
Used for computing array and struct layouts.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.get_typename","title":"get_typename  abstractmethod","text":"
get_typename() -> str\n
 
Returns the typename of a type. Should be reparsable via _parse_ty.
 
Also used to get the string representation.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
 
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind","title":"GoTypeKind","text":"
               Bases: IntEnum
 
Methods:
 
     
  •  get_simple_name             \u2013              
    •  
 
Attributes:
 
     
  •  INVALID           \u2013            
    •  
  •  BOOL           \u2013            
    •  
  •  INT           \u2013            
    •  
  •  INT8           \u2013            
    •  
  •  INT16           \u2013            
    •  
  •  INT32           \u2013            
    •  
  •  INT64           \u2013            
    •  
  •  UINT           \u2013            
    •  
  •  UINT8           \u2013            
    •  
  •  UINT16           \u2013            
    •  
  •  UINT32           \u2013            
    •  
  •  UINT64           \u2013            
    •  
  •  UINTPTR           \u2013            
    •  
  •  FLOAT32           \u2013            
    •  
  •  FLOAT64           \u2013            
    •  
  •  COMPLEX64           \u2013            
    •  
  •  COMPLEX128           \u2013            
    •  
  •  ARRAY           \u2013            
    •  
  •  CHAN           \u2013            
    •  
  •  FUNC           \u2013            
    •  
  •  INTERFACE           \u2013            
    •  
  •  MAP           \u2013            
    •  
  •  POINTER           \u2013            
    •  
  •  SLICE           \u2013            
    •  
  •  STRING           \u2013            
    •  
  •  STRUCT           \u2013            
    •  
  •  UNSAFEPOINTER           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INVALID","title":"INVALID  class-attribute instance-attribute","text":"
INVALID = 0\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.BOOL","title":"BOOL  class-attribute instance-attribute","text":"
BOOL = 1\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT","title":"INT  class-attribute instance-attribute","text":"
INT = 2\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT8","title":"INT8  class-attribute instance-attribute","text":"
INT8 = 3\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT16","title":"INT16  class-attribute instance-attribute","text":"
INT16 = 4\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT32","title":"INT32  class-attribute instance-attribute","text":"
INT32 = 5\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT64","title":"INT64  class-attribute instance-attribute","text":"
INT64 = 6\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT","title":"UINT  class-attribute instance-attribute","text":"
UINT = 7\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT8","title":"UINT8  class-attribute instance-attribute","text":"
UINT8 = 8\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT16","title":"UINT16  class-attribute instance-attribute","text":"
UINT16 = 9\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT32","title":"UINT32  class-attribute instance-attribute","text":"
UINT32 = 10\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT64","title":"UINT64  class-attribute instance-attribute","text":"
UINT64 = 11\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINTPTR","title":"UINTPTR  class-attribute instance-attribute","text":"
UINTPTR = 12\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT32","title":"FLOAT32  class-attribute instance-attribute","text":"
FLOAT32 = 13\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT64","title":"FLOAT64  class-attribute instance-attribute","text":"
FLOAT64 = 14\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX64","title":"COMPLEX64  class-attribute instance-attribute","text":"
COMPLEX64 = 15\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX128","title":"COMPLEX128  class-attribute instance-attribute","text":"
COMPLEX128 = 16\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.ARRAY","title":"ARRAY  class-attribute instance-attribute","text":"
ARRAY = 17\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.CHAN","title":"CHAN  class-attribute instance-attribute","text":"
CHAN = 18\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FUNC","title":"FUNC  class-attribute instance-attribute","text":"
FUNC = 19\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INTERFACE","title":"INTERFACE  class-attribute instance-attribute","text":"
INTERFACE = 20\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.MAP","title":"MAP  class-attribute instance-attribute","text":"
MAP = 21\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.POINTER","title":"POINTER  class-attribute instance-attribute","text":"
POINTER = 22\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.SLICE","title":"SLICE  class-attribute instance-attribute","text":"
SLICE = 23\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRING","title":"STRING  class-attribute instance-attribute","text":"
STRING = 24\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRUCT","title":"STRUCT  class-attribute instance-attribute","text":"
STRUCT = 25\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UNSAFEPOINTER","title":"UNSAFEPOINTER  class-attribute instance-attribute","text":"
UNSAFEPOINTER = 26\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.get_simple_name","title":"get_simple_name","text":"
get_simple_name() -> str | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta","title":"GoTypeMeta  dataclass","text":"
GoTypeMeta(\n    name: str,\n    kind: GoTypeKind,\n    addr: int,\n    size: int = 0,\n    align: int = 1,\n    direct_iface: bool = False,\n)\n
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  kind               (GoTypeKind)           \u2013            
    •  
  •  addr               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    •  
  •  align               (int)           \u2013            
    •  
  •  direct_iface               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.kind","title":"kind  instance-attribute","text":"
kind: GoTypeKind\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.addr","title":"addr  instance-attribute","text":"
addr: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.size","title":"size  class-attribute instance-attribute","text":"
size: int = 0\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.align","title":"align  class-attribute instance-attribute","text":"
align: int = 1\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.direct_iface","title":"direct_iface  class-attribute instance-attribute","text":"
direct_iface: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType","title":"BackrefType  dataclass","text":"
BackrefType(meta: GoTypeMeta | None, key: int)\n
 
               Bases: Type
 
A temporary placeholder type used when dumping recursive types, e.g. type a []a
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  additional_metadata             \u2013              
    Returns a list of lines of additional metadata to dump from the go-type command.
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  key               (int)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.key","title":"key  instance-attribute","text":"
key: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts())\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
 
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType","title":"BasicType  dataclass","text":"
BasicType(meta: GoTypeMeta | None, name: str, extra_meta: list[str] = list())\n
 
               Bases: Type
 
A primitive Go type.
 
Complex numbers are laid out as a real and imaginary part (both floats). Strings are laid out as a pointer and a length.
 
Methodless interfaces (the interface{} type) are denoted as any, and interfaces with methods are denoted as interface.
 
Function pointers are denoted as funcptr.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  __post_init__             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  sz               (int)           \u2013            
    •  
  •  algn               (int)           \u2013            
    •  
  •  extra_meta               (list[str])           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.sz","title":"sz  class-attribute instance-attribute","text":"
sz: int = field(init=False)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.algn","title":"algn  class-attribute instance-attribute","text":"
algn: int = field(init=False)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.extra_meta","title":"extra_meta  class-attribute instance-attribute","text":"
extra_meta: list[str] = field(default_factory=list)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__post_init__","title":"__post_init__","text":"
__post_init__() -> None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType","title":"SliceType  dataclass","text":"
SliceType(meta: GoTypeMeta | None, inner: Type)\n
 
               Bases: Type
 
A slice type in Go, notated as []inner.
 
Slices are laid out as a pointer, length, and capacity.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (Type)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.inner","title":"inner  instance-attribute","text":"
inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType","title":"PointerType  dataclass","text":"
PointerType(meta: GoTypeMeta | None, inner: Type)\n
 
               Bases: Type
 
A pointer type in Go, notated as *inner.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (Type)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.inner","title":"inner  instance-attribute","text":"
inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType","title":"ArrayType  dataclass","text":"
ArrayType(meta: GoTypeMeta | None, inner: Type, count: int)\n
 
               Bases: Type
 
An array type in Go, notated as [count]inner.
 
Arrays are laid out as contiguous data.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (Type)           \u2013            
    •  
  •  count               (int)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.inner","title":"inner  instance-attribute","text":"
inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.count","title":"count  instance-attribute","text":"
count: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType","title":"MapType  dataclass","text":"
MapType(meta: GoTypeMeta | None, key: Type, val: Type)\n
 
               Bases: Type
 
A map type in Go, notated as map[key]val.
 
Note that maps in Go are actually pointers to the inner map, but the map type printer here directly prints the inner map.
 
Maps don't have a simple layout, and may reasonably change.
 
Methods:
 
     
  •  is_swiss             \u2013              
    •  
  •  field_offsets_noswiss             \u2013              
    The layout for pre-1.24 maps is as follows (taken from src/runtime/map.go commit 1b4f1dc):
     
    •  
  •  field_offsets_swiss             \u2013              
    The layout for post-1.24 maps is as follows (taken from src/internal/runtime/map.go commit 4e63ae4):
     
    •  
  •  field_offsets_swiss_inner             \u2013              
    The layout for the inner swissmap is as follows (taken from src/internal/runtime/maps/table.go commit 4e63ae4):
     
    •  
  •  field_offsets             \u2013              
    •  
  •  format_entries             \u2013              
    •  
  •  dump_noswiss             \u2013              
    •  
  •  dump_swiss             \u2013              
    •  
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  key               (Type)           \u2013            
    •  
  •  val               (Type)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.key","title":"key  instance-attribute","text":"
key: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.val","title":"val  instance-attribute","text":"
val: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.is_swiss","title":"is_swiss  staticmethod","text":"
is_swiss() -> bool\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets_noswiss","title":"field_offsets_noswiss  staticmethod","text":"
field_offsets_noswiss() -> dict[str, int]\n
 
The layout for pre-1.24 maps is as follows (taken from src/runtime/map.go commit 1b4f1dc):
 
type hmap struct {     count      int     flags      uint8     B          uint8     noverflow  uint16     hash0      uint32     buckets    unsafe.Pointer     oldbuckets unsafe.Pointer     nevacuate  uintptr     extra      *mapextra }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets_swiss","title":"field_offsets_swiss  staticmethod","text":"
field_offsets_swiss() -> dict[str, int]\n
 
The layout for post-1.24 maps is as follows (taken from src/internal/runtime/map.go commit 4e63ae4):
 
type Map struct {     used              uint64     seed              uintptr     dirPtr            unsafe.Pointer     dirLen            int     globalDepth       uint8     globalShift       uint8     writing           uint8     tombstonePossible bool     clearSeq          uint64 }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets_swiss_inner","title":"field_offsets_swiss_inner  staticmethod","text":"
field_offsets_swiss_inner() -> dict[str, int]\n
 
The layout for the inner swissmap is as follows (taken from src/internal/runtime/maps/table.go commit 4e63ae4):
 
type table struct {     used       uint16     capacity   uint16     growthLeft uint16     localDepth uint8     index      int     groups     groupsReference }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets","title":"field_offsets  classmethod","text":"
field_offsets() -> dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.format_entries","title":"format_entries  staticmethod","text":"
format_entries(\n    entries: list[tuple[int, int, str, str]], fmt: FormatOpts = FormatOpts()\n) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.dump_noswiss","title":"dump_noswiss","text":"
dump_noswiss(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.dump_swiss","title":"dump_swiss","text":"
dump_swiss(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType","title":"StructType  dataclass","text":"
StructType(\n    meta: GoTypeMeta | None,\n    fields: list[tuple[str, str | Type, int]],\n    sz: int,\n    algn: int | None = None,\n    name: str | None = None,\n)\n
 
               Bases: Type
 
A struct type in Go, notated as struct(SIZE){FIELDS}, where SIZE is the size of the struct in bytes, and FIELDS is a semicolon-separated list of OFFSET:NAME:TYPE fields.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  additional_metadata             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  fields               (list[tuple[str, str | Type, int]])           \u2013            
    •  
  •  sz               (int)           \u2013            
    •  
  •  algn               (int | None)           \u2013            
    •  
  •  name               (str | None)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.fields","title":"fields  instance-attribute","text":"
fields: list[tuple[str, str | Type, int]]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.sz","title":"sz  instance-attribute","text":"
sz: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.algn","title":"algn  class-attribute instance-attribute","text":"
algn: int | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.name","title":"name  class-attribute instance-attribute","text":"
name: str | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType","title":"RuntimeType  dataclass","text":"
RuntimeType(meta: GoTypeMeta | None, sz: int, addr: int)\n
 
               Bases: Type
 
A value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS, where SIZE is the size of the type's value in bytes, and ADDRESS is the address of the type.
 
This type is useful for serializing cyclic types.
 
Methods:
 
     
  •  dump             \u2013              
    •  
  •  size             \u2013              
    •  
  •  align             \u2013              
    •  
  •  get_typename             \u2013              
    •  
  •  is_cyclic             \u2013              
    Checks if a type is cyclic (contains references to itself), e.g. type a []a
     
    •  
  •  additional_metadata             \u2013              
    Returns a list of lines of additional metadata to dump from the go-type command.
     
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  sz               (int)           \u2013            
    •  
  •  addr               (int)           \u2013            
    •  
  •  algn               (int | None)           \u2013            
    •  
  •  meta               (GoTypeMeta | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.sz","title":"sz  instance-attribute","text":"
sz: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.addr","title":"addr  instance-attribute","text":"
addr: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.algn","title":"algn  class-attribute instance-attribute","text":"
algn: int | None = field(init=False, default=None)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.meta","title":"meta  instance-attribute","text":"
meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.dump","title":"dump","text":"
dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.size","title":"size","text":"
size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.align","title":"align","text":"
align() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.get_typename","title":"get_typename","text":"
get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> bool\n
 
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.additional_metadata","title":"additional_metadata","text":"
additional_metadata() -> list[str]\n
 
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.word_size","title":"word_size","text":"
word_size() -> int\n
 
Gets the Go word size for the current architecture.
 
Values taken from https://github.com/golang/go/blob/49cdf0c42e320dfed044baa551610f081eafb781/src/cmd/compile/internal/types2/sizes.go#L230-L249
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.max_align","title":"max_align","text":"
max_align() -> int\n
 
Gets the Go maximum alignment for the current architecture.
 
Values taken from https://github.com/golang/go/blob/49cdf0c42e320dfed044baa551610f081eafb781/src/cmd/compile/internal/types2/sizes.go#L230-L249
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_offsets","title":"compute_offsets","text":"
compute_offsets(fields: Iterable[tuple[int, int]]) -> list[int]\n
 
Given a list of (size, alignment) for struct field types, returns a list of field offsets for the struct. The last element will be the offset of the struct's end (the struct size).
 
Layout computation taken from src/go/types/sizes.go commit 1b4f1dc
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_named_offsets","title":"compute_named_offsets","text":"
compute_named_offsets(fields: Iterable[tuple[str, int, int]]) -> dict[str, int]\n
 
Like compute_offsets, but takes in field names and returns a dictionary mapping field name to offset instead.
 
Also maps in a special $size field with the size of the struct.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_uint","title":"load_uint","text":"
load_uint(data: bytes, endian: Literal['little', 'big'] | None = None) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_int","title":"load_int","text":"
load_int(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_float","title":"load_float","text":"
load_float(data: bytes) -> float\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.emit_warning","title":"emit_warning","text":"
emit_warning(msg: str)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_elf","title":"get_elf","text":"
get_elf() -> ELFInfo | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_buildversion","title":"read_buildversion","text":"
read_buildversion(addr: int) -> str\n
 
Reads a Go runtime.buildVersion string to extract the version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_go_version","title":"get_go_version","text":"
get_go_version() -> tuple[int, ...] | None\n
 
Try to determine the Go version used to compile the binary.
 
None can be returned if the version couldn't be inferred, at which point it's probably best to assume latest version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_type_start","title":"get_type_start","text":"
get_type_start(addr: int | None = None) -> int | None\n
 
Given the address to a type, try to find the moduledata types section containing it.
 
Necessary to determine the base address that the type name is offset by.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_varint_str","title":"read_varint_str","text":"
read_varint_str(addr: int) -> bytes\n
 
Read a length-prefix string encoded with Go's variable length encoding.
 
Implementation taken from https://github.com/golang/go/blob/9d33956503c0d96c0c5666d374173f7ac9756d98/src/internal/abi/type.go#L640-L649
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_type_name","title":"read_type_name","text":"
read_type_name(addr: int) -> bytes\n
 
Reads a Go type name given the address to the name.
 
Go type names are stored as a 1 byte bitfield followed by a varint length prefixed string after 1.17.
 
Prior to 1.17, they were stored as a 1 byte bitfield followed by a 2 byte length prefixed string.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.decode_runtime_type","title":"decode_runtime_type","text":"
decode_runtime_type(\n    addr: int, keep_backrefs: bool = False\n) -> tuple[GoTypeMeta, Type | None]\n
 
Decodes a runtime reflection type from memory, returning a (meta, type) tuplee.
 
The layout assumed is as follows (taken from src/internal/abi/type.go commit 1b4f1dc):
 
type Type struct {     Size_       uintptr     PtrBytes    uintptr     Hash        uint32     TFlag       TFlag     Align_      uint8     FieldAlign_ uint8     Kind_       Kind     Equal       func(unsafe.Pointer, unsafe.Pointer) bool     GCData      *byte     Str         NameOff     PtrToThis   TypeOff }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.parse_type","title":"parse_type","text":"
parse_type(ty: str) -> Type\n
"},{"location":"reference/pwndbg/aglib/heap/","title":"heap","text":""},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap","title":"heap","text":"
Modules:
 
     
  •  heap           \u2013            
    •  
  •  jemalloc           \u2013            
    •  
  •  mallocng           \u2013            
    Implements handling of musl's allocator mallocng.
     
    •  
  •  ptmalloc           \u2013            
    •  
  •  structs           \u2013            
    •  
 
Functions:
 
     
  •  add_heap_param             \u2013              
    •  
  •  update             \u2013              
    •  
  •  reset             \u2013              
    •  
  •  resolve_heap             \u2013              
    •  
 
Attributes:
 
     
  •  current               (MemoryAllocator | None)           \u2013            
    •  
  •  main_arena           \u2013            
    •  
  •  thread_arena           \u2013            
    •  
  •  mp_           \u2013            
    •  
  •  tcache           \u2013            
    •  
  •  global_max_fast           \u2013            
    •  
  •  symbol_list           \u2013            
    •  
  •  heap_chain_limit           \u2013            
    •  
  •  heap_corruption_check_limit           \u2013            
    •  
  •  extra_hint_for_gdb           \u2013            
    •  
  •  resolve_heap_via_heuristic           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.current","title":"current  module-attribute","text":"
current: MemoryAllocator | None = None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.main_arena","title":"main_arena  module-attribute","text":"
main_arena = add_heap_param('main-arena', '0', 'the address of main_arena')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.thread_arena","title":"thread_arena  module-attribute","text":"
thread_arena = add_heap_param(\n    \"thread-arena\", \"0\", \"the address pointed by thread_arena\"\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.mp_","title":"mp_  module-attribute","text":"
mp_ = add_heap_param('mp', '0', 'the address of mp_')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.tcache","title":"tcache  module-attribute","text":"
tcache = add_heap_param('tcache', '0', 'the address pointed by tcache')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.global_max_fast","title":"global_max_fast  module-attribute","text":"
global_max_fast = add_heap_param(\n    \"global-max-fast\", \"0\", \"the address of global_max_fast\"\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.symbol_list","title":"symbol_list  module-attribute","text":"
symbol_list = [main_arena, thread_arena, mp_, tcache, global_max_fast]\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_chain_limit","title":"heap_chain_limit  module-attribute","text":"
heap_chain_limit = add_heap_param(\n    \"heap-dereference-limit\",\n    8,\n    \"number of chunks to dereference in each bin\",\n    param_class=PARAM_UINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_corruption_check_limit","title":"heap_corruption_check_limit  module-attribute","text":"
heap_corruption_check_limit = add_heap_param(\n    \"heap-corruption-check-limit\",\n    64,\n    \"amount of chunks to traverse for the bin corruption check\",\n    param_class=PARAM_UINTEGER,\n    help_docstring=\"\\nThe bins are traversed both forwards and backwards.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.extra_hint_for_gdb","title":"extra_hint_for_gdb  module-attribute","text":"
extra_hint_for_gdb = \"\\nIn addition, even you have the debug symbols of libc, you might still see the\\nfollowing warning when debugging a multi-threaded program:\\n```\\nwarning: Unable to find libthread_db matching inferior's thread library, thread\\ndebugging will not be available.\\n```\\n\\nYou'll need to ensure that the correct `libthread_db.so` is loaded. To do this,\\nset the search path using:\\n```\\nset libthread-db-search-path <path having correct libthread_db.so>\\n```\\nThen, restart your program to enable proper thread debugging.\\n\"\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap_via_heuristic","title":"resolve_heap_via_heuristic  module-attribute","text":"
resolve_heap_via_heuristic = add_heap_param(\n    \"resolve-heap-via-heuristic\",\n    \"auto\",\n    \"the strategy to resolve heap via heuristic\",\n    help_docstring=\"Values explained:\\n\\n+ `auto` - Pwndbg will try to use heuristics if debug symbols are missing\\n+ `force` - Pwndbg will always try to use heuristics, even if debug symbols are available\\n+ `never` - Pwndbg will never use heuristics to resolve the heap\\n\\nIf the output of the heap related command produces errors with heuristics, you\\ncan try manually setting the libc symbol addresses.\\nFor this, see the `heap_config` command output and set the `main_arena`, `mp_`,\\n`global_max_fast`, `tcache` and `thread_arena` addresses.\\n\\nNote: Pwndbg will generate more reliable results with proper debug symbols.\\nTherefore, when debug symbols are missing, you should try to install them first\\nif you haven't already.\\n\\nThey can probably be installed via the package manager of your choice.\\nSee also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .\\n\\nE.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and\\n32-bit binaries):\\n```bash\\nsudo apt-get install libc6-dbg\\nsudo dpkg --add-architecture i386\\nsudo apt-get install libc-dbg:i386\\n```\\nIf you used setup.sh on Arch based distro you'll need to do a power cycle or set\\nenvironment variable manually like this:\\n```bash\\nexport DEBUGINFOD_URLS=https://debuginfod.archlinux.org\\n```\\n\"\n    + extra_hint_for_gdb,\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"auto\", \"force\", \"never\"],\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.add_heap_param","title":"add_heap_param","text":"
add_heap_param(\n    name: str,\n    default: Any,\n    set_show_doc: str,\n    *,\n    help_docstring: str = \"\",\n    param_class: int | None = None,\n    enum_sequence: Sequence[str] | None = None,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.reset","title":"reset","text":"
reset() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap","title":"resolve_heap","text":"
resolve_heap(is_first_run: bool = False) -> None\n
"},{"location":"reference/pwndbg/aglib/heap/heap/","title":"heap","text":""},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap","title":"heap","text":"
Classes:
 
     
  •  MemoryAllocator           \u2013            
    Heap abstraction layer.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator","title":"MemoryAllocator","text":"
Heap abstraction layer.
 
Methods:
 
     
  •  containing             \u2013              
    Returns the address of the allocation which contains 'address'.
     
    •  
  •  is_initialized             \u2013              
    Returns whether the allocator is initialized or not.
     
    •  
  •  libc_has_debug_syms             \u2013              
    Returns whether the libc has debug symbols or not.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.containing","title":"containing","text":"
containing(address: int) -> int\n
 
Returns the address of the allocation which contains 'address'.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to look up.
     
    •  
 
Returns:
 
     
  •  int           \u2013            
    An integer.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.is_initialized","title":"is_initialized","text":"
is_initialized() -> bool\n
 
Returns whether the allocator is initialized or not.
 
Returns:
 
     
  •  bool           \u2013            
    A boolean.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.libc_has_debug_syms","title":"libc_has_debug_syms","text":"
libc_has_debug_syms() -> bool\n
 
Returns whether the libc has debug symbols or not.
 
Returns:
 
     
  •  bool           \u2013            
    A boolean.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/","title":"jemalloc","text":""},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc","title":"jemalloc","text":"
Classes:
 
     
  •  RTree           \u2013            
    RTree is used by jemalloc to keep track of extents that are allocated by jemalloc.
     
    •  
  •  Extent           \u2013            
    Concept of extent (edata) is similar to chunk in glibc malloc but allocation algorithm differs a lot.
     
    •  
 
Functions:
 
     
  •  mask             \u2013              
    •  
  •  lg_floor_1             \u2013              
    •  
  •  lg_floor_2             \u2013              
    •  
  •  lg_floor_4             \u2013              
    •  
  •  lg_floor_8             \u2013              
    •  
  •  lg_floor_16             \u2013              
    •  
  •  lg_floor_32             \u2013              
    •  
  •  lg_floor_64             \u2013              
    •  
  •  lg_floor             \u2013              
    •  
  •  lg_ceil             \u2013              
    •  
 
Attributes:
 
     
  •  LG_VADDR           \u2013            
    •  
  •  LG_PAGE           \u2013            
    •  
  •  MALLOCX_ARENA_BITS           \u2013            
    •  
  •  LG_SIZEOF_PTR           \u2013            
    •  
  •  RTREE_NHIB           \u2013            
    •  
  •  RTREE_NLIB           \u2013            
    •  
  •  RTREE_NSB           \u2013            
    •  
  •  RTREE_HEIGHT           \u2013            
    •  
  •  LG_QUANTUM           \u2013            
    •  
  •  SC_LG_TINY_MIN           \u2013            
    •  
  •  SC_NTINY           \u2013            
    •  
  •  SC_LG_NGROUP           \u2013            
    •  
  •  SC_NGROUP           \u2013            
    •  
  •  SC_NPSEUDO           \u2013            
    •  
  •  SC_PTR_BITS           \u2013            
    •  
  •  SC_LG_BASE_MAX           \u2013            
    •  
  •  SC_LG_FIRST_REGULAR_BASE           \u2013            
    •  
  •  SC_NREGULAR           \u2013            
    •  
  •  SC_NSIZES           \u2013            
    •  
  •  SC_LG_SLAB_MAXREGS           \u2013            
    •  
  •  EDATA_BITS_ARENA_WIDTH           \u2013            
    •  
  •  EDATA_BITS_ARENA_SHIFT           \u2013            
    •  
  •  EDATA_BITS_ARENA_MASK           \u2013            
    •  
  •  EDATA_BITS_SLAB_WIDTH           \u2013            
    •  
  •  EDATA_BITS_SLAB_SHIFT           \u2013            
    •  
  •  EDATA_BITS_SLAB_MASK           \u2013            
    •  
  •  EDATA_BITS_COMMITTED_WIDTH           \u2013            
    •  
  •  EDATA_BITS_COMMITTED_SHIFT           \u2013            
    •  
  •  EDATA_BITS_COMMITTED_MASK           \u2013            
    •  
  •  EDATA_BITS_PAI_WIDTH           \u2013            
    •  
  •  EDATA_BITS_PAI_SHIFT           \u2013            
    •  
  •  EDATA_BITS_PAI_MASK           \u2013            
    •  
  •  EDATA_BITS_ZEROED_WIDTH           \u2013            
    •  
  •  EDATA_BITS_ZEROED_SHIFT           \u2013            
    •  
  •  EDATA_BITS_ZEROED_MASK           \u2013            
    •  
  •  EDATA_BITS_GUARDED_WIDTH           \u2013            
    •  
  •  EDATA_BITS_GUARDED_SHIFT           \u2013            
    •  
  •  EDATA_BITS_GUARDED_MASK           \u2013            
    •  
  •  EDATA_BITS_STATE_WIDTH           \u2013            
    •  
  •  EDATA_BITS_STATE_SHIFT           \u2013            
    •  
  •  EDATA_BITS_STATE_MASK           \u2013            
    •  
  •  EDATA_BITS_SZIND_WIDTH           \u2013            
    •  
  •  EDATA_BITS_SZIND_SHIFT           \u2013            
    •  
  •  EDATA_BITS_SZIND_MASK           \u2013            
    •  
  •  EDATA_BITS_NFREE_WIDTH           \u2013            
    •  
  •  EDATA_BITS_NFREE_SHIFT           \u2013            
    •  
  •  EDATA_BITS_NFREE_MASK           \u2013            
    •  
  •  EDATA_BITS_BINSHARD_WIDTH           \u2013            
    •  
  •  EDATA_BITS_BINSHARD_SHIFT           \u2013            
    •  
  •  EDATA_BITS_BINSHARD_MASK           \u2013            
    •  
  •  EDATA_BITS_IS_HEAD_WIDTH           \u2013            
    •  
  •  EDATA_BITS_IS_HEAD_SHIFT           \u2013            
    •  
  •  EDATA_BITS_IS_HEAD_MASK           \u2013            
    •  
  •  rtree_levels           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_VADDR","title":"LG_VADDR  module-attribute","text":"
LG_VADDR = 48\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_PAGE","title":"LG_PAGE  module-attribute","text":"
LG_PAGE = 12\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.MALLOCX_ARENA_BITS","title":"MALLOCX_ARENA_BITS  module-attribute","text":"
MALLOCX_ARENA_BITS = 12\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_SIZEOF_PTR","title":"LG_SIZEOF_PTR  module-attribute","text":"
LG_SIZEOF_PTR = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NHIB","title":"RTREE_NHIB  module-attribute","text":"
RTREE_NHIB = (1 << LG_SIZEOF_PTR + 3) - LG_VADDR\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NLIB","title":"RTREE_NLIB  module-attribute","text":"
RTREE_NLIB = LG_PAGE\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NSB","title":"RTREE_NSB  module-attribute","text":"
RTREE_NSB = LG_VADDR - RTREE_NLIB\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_HEIGHT","title":"RTREE_HEIGHT  module-attribute","text":"
RTREE_HEIGHT = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_QUANTUM","title":"LG_QUANTUM  module-attribute","text":"
LG_QUANTUM = 4\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_TINY_MIN","title":"SC_LG_TINY_MIN  module-attribute","text":"
SC_LG_TINY_MIN = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NTINY","title":"SC_NTINY  module-attribute","text":"
SC_NTINY = LG_QUANTUM - SC_LG_TINY_MIN\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_NGROUP","title":"SC_LG_NGROUP  module-attribute","text":"
SC_LG_NGROUP = 2\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NGROUP","title":"SC_NGROUP  module-attribute","text":"
SC_NGROUP = 1 << SC_LG_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NPSEUDO","title":"SC_NPSEUDO  module-attribute","text":"
SC_NPSEUDO = SC_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_PTR_BITS","title":"SC_PTR_BITS  module-attribute","text":"
SC_PTR_BITS = (1 << LG_SIZEOF_PTR) * 8\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_BASE_MAX","title":"SC_LG_BASE_MAX  module-attribute","text":"
SC_LG_BASE_MAX = SC_PTR_BITS - 2\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_FIRST_REGULAR_BASE","title":"SC_LG_FIRST_REGULAR_BASE  module-attribute","text":"
SC_LG_FIRST_REGULAR_BASE = LG_QUANTUM + SC_LG_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NREGULAR","title":"SC_NREGULAR  module-attribute","text":"
SC_NREGULAR = SC_NGROUP * (SC_LG_BASE_MAX - SC_LG_FIRST_REGULAR_BASE + 1) - 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NSIZES","title":"SC_NSIZES  module-attribute","text":"
SC_NSIZES = SC_NTINY + SC_NPSEUDO + SC_NREGULAR\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_SLAB_MAXREGS","title":"SC_LG_SLAB_MAXREGS  module-attribute","text":"
SC_LG_SLAB_MAXREGS = LG_PAGE - SC_LG_TINY_MIN\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_WIDTH","title":"EDATA_BITS_ARENA_WIDTH  module-attribute","text":"
EDATA_BITS_ARENA_WIDTH = MALLOCX_ARENA_BITS\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_SHIFT","title":"EDATA_BITS_ARENA_SHIFT  module-attribute","text":"
EDATA_BITS_ARENA_SHIFT = 0\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_MASK","title":"EDATA_BITS_ARENA_MASK  module-attribute","text":"
EDATA_BITS_ARENA_MASK = mask(EDATA_BITS_ARENA_WIDTH, EDATA_BITS_ARENA_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_WIDTH","title":"EDATA_BITS_SLAB_WIDTH  module-attribute","text":"
EDATA_BITS_SLAB_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_SHIFT","title":"EDATA_BITS_SLAB_SHIFT  module-attribute","text":"
EDATA_BITS_SLAB_SHIFT = EDATA_BITS_ARENA_WIDTH + EDATA_BITS_ARENA_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_MASK","title":"EDATA_BITS_SLAB_MASK  module-attribute","text":"
EDATA_BITS_SLAB_MASK = mask(EDATA_BITS_SLAB_WIDTH, EDATA_BITS_SLAB_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_WIDTH","title":"EDATA_BITS_COMMITTED_WIDTH  module-attribute","text":"
EDATA_BITS_COMMITTED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_SHIFT","title":"EDATA_BITS_COMMITTED_SHIFT  module-attribute","text":"
EDATA_BITS_COMMITTED_SHIFT = EDATA_BITS_SLAB_WIDTH + EDATA_BITS_SLAB_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_MASK","title":"EDATA_BITS_COMMITTED_MASK  module-attribute","text":"
EDATA_BITS_COMMITTED_MASK = mask(\n    EDATA_BITS_COMMITTED_WIDTH, EDATA_BITS_COMMITTED_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_WIDTH","title":"EDATA_BITS_PAI_WIDTH  module-attribute","text":"
EDATA_BITS_PAI_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_SHIFT","title":"EDATA_BITS_PAI_SHIFT  module-attribute","text":"
EDATA_BITS_PAI_SHIFT = EDATA_BITS_COMMITTED_WIDTH + EDATA_BITS_COMMITTED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_MASK","title":"EDATA_BITS_PAI_MASK  module-attribute","text":"
EDATA_BITS_PAI_MASK = mask(EDATA_BITS_PAI_WIDTH, EDATA_BITS_PAI_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_WIDTH","title":"EDATA_BITS_ZEROED_WIDTH  module-attribute","text":"
EDATA_BITS_ZEROED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_SHIFT","title":"EDATA_BITS_ZEROED_SHIFT  module-attribute","text":"
EDATA_BITS_ZEROED_SHIFT = EDATA_BITS_PAI_WIDTH + EDATA_BITS_PAI_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_MASK","title":"EDATA_BITS_ZEROED_MASK  module-attribute","text":"
EDATA_BITS_ZEROED_MASK = mask(EDATA_BITS_ZEROED_WIDTH, EDATA_BITS_ZEROED_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_WIDTH","title":"EDATA_BITS_GUARDED_WIDTH  module-attribute","text":"
EDATA_BITS_GUARDED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_SHIFT","title":"EDATA_BITS_GUARDED_SHIFT  module-attribute","text":"
EDATA_BITS_GUARDED_SHIFT = EDATA_BITS_ZEROED_WIDTH + EDATA_BITS_ZEROED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_MASK","title":"EDATA_BITS_GUARDED_MASK  module-attribute","text":"
EDATA_BITS_GUARDED_MASK = mask(\n    EDATA_BITS_GUARDED_WIDTH, EDATA_BITS_GUARDED_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_WIDTH","title":"EDATA_BITS_STATE_WIDTH  module-attribute","text":"
EDATA_BITS_STATE_WIDTH = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_SHIFT","title":"EDATA_BITS_STATE_SHIFT  module-attribute","text":"
EDATA_BITS_STATE_SHIFT = EDATA_BITS_GUARDED_WIDTH + EDATA_BITS_GUARDED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_MASK","title":"EDATA_BITS_STATE_MASK  module-attribute","text":"
EDATA_BITS_STATE_MASK = mask(EDATA_BITS_STATE_WIDTH, EDATA_BITS_STATE_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_WIDTH","title":"EDATA_BITS_SZIND_WIDTH  module-attribute","text":"
EDATA_BITS_SZIND_WIDTH = lg_ceil(SC_NSIZES)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_SHIFT","title":"EDATA_BITS_SZIND_SHIFT  module-attribute","text":"
EDATA_BITS_SZIND_SHIFT = EDATA_BITS_STATE_WIDTH + EDATA_BITS_STATE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_MASK","title":"EDATA_BITS_SZIND_MASK  module-attribute","text":"
EDATA_BITS_SZIND_MASK = mask(EDATA_BITS_SZIND_WIDTH, EDATA_BITS_SZIND_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_WIDTH","title":"EDATA_BITS_NFREE_WIDTH  module-attribute","text":"
EDATA_BITS_NFREE_WIDTH = SC_LG_SLAB_MAXREGS + 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_SHIFT","title":"EDATA_BITS_NFREE_SHIFT  module-attribute","text":"
EDATA_BITS_NFREE_SHIFT = EDATA_BITS_SZIND_WIDTH + EDATA_BITS_SZIND_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_MASK","title":"EDATA_BITS_NFREE_MASK  module-attribute","text":"
EDATA_BITS_NFREE_MASK = mask(EDATA_BITS_NFREE_WIDTH, EDATA_BITS_NFREE_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_WIDTH","title":"EDATA_BITS_BINSHARD_WIDTH  module-attribute","text":"
EDATA_BITS_BINSHARD_WIDTH = 6\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_SHIFT","title":"EDATA_BITS_BINSHARD_SHIFT  module-attribute","text":"
EDATA_BITS_BINSHARD_SHIFT = EDATA_BITS_NFREE_WIDTH + EDATA_BITS_NFREE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_MASK","title":"EDATA_BITS_BINSHARD_MASK  module-attribute","text":"
EDATA_BITS_BINSHARD_MASK = mask(\n    EDATA_BITS_BINSHARD_WIDTH, EDATA_BITS_BINSHARD_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_WIDTH","title":"EDATA_BITS_IS_HEAD_WIDTH  module-attribute","text":"
EDATA_BITS_IS_HEAD_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_SHIFT","title":"EDATA_BITS_IS_HEAD_SHIFT  module-attribute","text":"
EDATA_BITS_IS_HEAD_SHIFT = EDATA_BITS_BINSHARD_WIDTH + EDATA_BITS_BINSHARD_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_MASK","title":"EDATA_BITS_IS_HEAD_MASK  module-attribute","text":"
EDATA_BITS_IS_HEAD_MASK = mask(\n    EDATA_BITS_IS_HEAD_WIDTH, EDATA_BITS_IS_HEAD_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.rtree_levels","title":"rtree_levels  module-attribute","text":"
rtree_levels = [\n    [{\"bits\": RTREE_NSB, \"cumbits\": RTREE_NHIB + RTREE_NSB}],\n    [\n        {\"bits\": RTREE_NSB // 2, \"cumbits\": RTREE_NHIB + RTREE_NSB // 2},\n        {\n            \"bits\": RTREE_NSB // 2 + RTREE_NSB % 2,\n            \"cumbits\": RTREE_NHIB + RTREE_NSB,\n        },\n    ],\n    [\n        {\"bits\": RTREE_NSB // 3, \"cumbits\": RTREE_NHIB + RTREE_NSB // 3},\n        {\n            \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 // 2,\n            \"cumbits\": RTREE_NHIB + RTREE_NSB // 3 * 2 + RTREE_NSB % 3 // 2,\n        },\n        {\n            \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 - RTREE_NSB % 3 // 2,\n            \"cumbits\": RTREE_NHIB + RTREE_NSB,\n        },\n    ],\n]\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree","title":"RTree","text":"
RTree(addr: int)\n
 
RTree is used by jemalloc to keep track of extents that are allocated by jemalloc. Since extent data is not stored in a doubly linked list, rtree is used to find the extent belonging to a pointer that is being freed. Implementation of rtree is similar to Linux Radix tree: https://lwn.net/Articles/175432/
 
Methods:
 
     
  •  get_rtree             \u2013              
    •  
  •  lookup_hard             \u2013              
    Lookup the key in the rtree and return the value.
     
    •  
 
Attributes:
 
     
  •  root           \u2013            
    •  
  •  extents           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.root","title":"root  property","text":"
root\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.extents","title":"extents  property","text":"
extents\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.get_rtree","title":"get_rtree  staticmethod","text":"
get_rtree() -> RTree\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leaf_maskbits","title":"__rtree_leaf_maskbits","text":"
__rtree_leaf_maskbits(level)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leafkey","title":"__rtree_leafkey","text":"
__rtree_leafkey(key: int, level: int) -> int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__subkey","title":"__subkey","text":"
__subkey(key: int, level: int) -> int\n
 
Return a portion of the key that is used to find the node/leaf in the rtree at a specific level. Source: https://github.com/jemalloc/jemalloc/blob/5b72ac098abce464add567869d082f2097bd59a2/include/jemalloc/internal/rtree.h#L161
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__alignment_addr2base","title":"__alignment_addr2base  staticmethod","text":"
__alignment_addr2base(addr, alignment=64)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.lookup_hard","title":"lookup_hard","text":"
lookup_hard(key: int)\n
 
Lookup the key in the rtree and return the value.
 
How it works: - Jemalloc stores the extent address in the rtree as a node and to find a specific node we need a address key.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent","title":"Extent","text":"
Extent(addr: int)\n
 
Concept of extent (edata) is similar to chunk in glibc malloc but allocation algorithm differs a lot. - Extents are used to manage memory blocks (including jemalloc metadata) where extents sizes can vary but each block is always a multiple of the page size. - jemalloc will either allocate one large class request or multiple small class request (called slab) depending on request size. - Unlike chunks in glibc malloc, extents are not doubly linked list but are managed using rtree. - This tree is mostly used during deallocation to find the extent belonging to a pointer that is being freed. - Extents are also not stored as a header structure but externally (therefore extent metadata and actually mapped data may be very far apart).
 
Attributes:
 
     
  •  size           \u2013            
    May be larger in case of large size class allocation when cache_oblivious is enabled.
     
    •  
  •  extent_address               (int)           \u2013            
    Address of the extent data structure (not the actual memory).
     
    •  
  •  allocated_address               (int)           \u2013            
    Starting address of allocated memory
     
    •  
  •  bsize               (int)           \u2013            
    •  
  •  bits               (int)           \u2013            
    •  
  •  bitfields               (dict[str, int])           \u2013            
    Extract bitfields
     
    •  
  •  state_name               (str)           \u2013            
    •  
  •  has_slab               (bool)           \u2013            
    Returns True if the extent is used for small size classes.
     
    •  
  •  is_free               (bool)           \u2013            
    Returns True if the extent is free.
     
    •  
  •  pai               (str)           \u2013            
    Page Allocator Interface
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.size","title":"size  property","text":"
size\n
 
May be larger in case of large size class allocation when cache_oblivious is enabled.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.extent_address","title":"extent_address  property","text":"
extent_address: int\n
 
Address of the extent data structure (not the actual memory).
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.allocated_address","title":"allocated_address  property","text":"
allocated_address: int\n
 
Starting address of allocated memory cache-oblivious large allocation alignment:     When a large class allocation is made, jemalloc selects the closest size class that can fit the request and allocates that size + 4 KiB (0x1000).     However, the pointer returned to user is randomized between the 'base' and 'base + 4 KiB' (0x1000) range.     Source code: https://github.com/jemalloc/jemalloc/blob/a25b9b8ba91881964be3083db349991bbbbf1661/include/jemalloc/internal/arena_inlines_b.h#L505
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bsize","title":"bsize  property","text":"
bsize: int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bits","title":"bits  property","text":"
bits: int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bitfields","title":"bitfields  property","text":"
bitfields: dict[str, int]\n
 
Extract bitfields
 
arena_ind: Arena from which this extent came, or all 1 bits if unassociated. slab: The slab flag indicates whether the extent is used for a slab of small regions. This helps differentiate small size classes, and it indicates whether interior pointers can be looked up via iealloc(). committed: The committed flag indicates whether physical memory is committed to the extent, whether explicitly or implicitly as on a system that overcommits and satisfies physical memory needs on demand via soft page faults. pai: The pai flag is an extent_pai_t. zeroed: The zeroed flag is used by extent recycling code to track whether memory is zero-filled. guarded: The guarded flag is used by the sanitizer to track whether the extent has page guards around it. state: The state flag is an extent_state_t. szind: The szind flag indicates usable size class index for allocations residing in this extent, regardless of whether the extent is a slab. Extent size and usable size often differ even for non-slabs, either due to sz_large_pad or promotion of sampled small regions. nfree: Number of free regions in slab. bin_shard: The shard of the bin from which this extent came.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.state_name","title":"state_name  property","text":"
state_name: str\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.has_slab","title":"has_slab  property","text":"
has_slab: bool\n
 
Returns True if the extent is used for small size classes. Reference for size in Table 1 at https://jemalloc.net/jemalloc.3.html At time of writing, allocations <= 0x3800 are considered as small allocations and has slabs.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.is_free","title":"is_free  property","text":"
is_free: bool\n
 
Returns True if the extent is free.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.pai","title":"pai  property","text":"
pai: str\n
 
Page Allocator Interface
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.mask","title":"mask","text":"
mask(current_field_width, current_field_shift)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_1","title":"lg_floor_1","text":"
lg_floor_1(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_2","title":"lg_floor_2","text":"
lg_floor_2(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_4","title":"lg_floor_4","text":"
lg_floor_4(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_8","title":"lg_floor_8","text":"
lg_floor_8(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_16","title":"lg_floor_16","text":"
lg_floor_16(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_32","title":"lg_floor_32","text":"
lg_floor_32(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_64","title":"lg_floor_64","text":"
lg_floor_64(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor","title":"lg_floor","text":"
lg_floor(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_ceil","title":"lg_ceil","text":"
lg_ceil(x)\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/","title":"mallocng","text":""},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng","title":"mallocng","text":"
Implements handling of musl's allocator mallocng. https://elixir.bootlin.com/musl/v1.2.5/source/src/malloc/mallocng
 
Classes:
 
     
  •  SlotState           \u2013            
    •  
  •  Group           \u2013            
    A group is an array of slots.
     
    •  
  •  Slot           \u2013            
    The \"unit of allocation\" (analogous to glibc's \"chunk\").
     
    •  
  •  GroupedSlot           \u2013            
    This is not a mallocng concept, this is a pwndbg abstraction.
     
    •  
  •  Meta           \u2013            
    The metadata of a group.
     
    •  
  •  MetaArea           \u2013            
    Slabs that contain metas, linked in a singly-linked list.
     
    •  
  •  MallocContext           \u2013            
    The global object that holds all allocator state.
     
    •  
  •  Mallocng           \u2013            
    Tracks the allocator state.
     
    •  
 
Functions:
 
     
  •  int_size             \u2013              
    •  
 
Attributes:
 
     
  •  UNIT               (int)           \u2013            
    •  
  •  IB               (int)           \u2013            
    •  
  •  size_classes               (list[int])           \u2013            
    •  
  •  mallocng           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.UNIT","title":"UNIT  module-attribute","text":"
UNIT: int = 16\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.IB","title":"IB  module-attribute","text":"
IB: int = 4\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.size_classes","title":"size_classes  module-attribute","text":"
size_classes: list[int] = [\n    1,\n    2,\n    3,\n    4,\n    5,\n    6,\n    7,\n    8,\n    9,\n    10,\n    12,\n    15,\n    18,\n    20,\n    25,\n    31,\n    36,\n    42,\n    50,\n    63,\n    72,\n    84,\n    102,\n    127,\n    146,\n    170,\n    204,\n    255,\n    292,\n    340,\n    409,\n    511,\n    584,\n    682,\n    818,\n    1023,\n    1169,\n    1364,\n    1637,\n    2047,\n    2340,\n    2730,\n    3276,\n    4095,\n    4680,\n    5460,\n    6552,\n    8191,\n]\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.mallocng","title":"mallocng  module-attribute","text":"
mallocng = Mallocng()\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.SlotState","title":"SlotState","text":"
               Bases: Enum
 
Attributes:
 
     
  •  ALLOCATED           \u2013            
    •  
  •  FREED           \u2013            
    •  
  •  AVAIL           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.SlotState.ALLOCATED","title":"ALLOCATED  class-attribute instance-attribute","text":"
ALLOCATED = 'allocated'\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.SlotState.FREED","title":"FREED  class-attribute instance-attribute","text":"
FREED = 'freed'\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.SlotState.AVAIL","title":"AVAIL  class-attribute instance-attribute","text":"
AVAIL = 'available'\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group","title":"Group","text":"
Group(addr: int)\n
 
A group is an array of slots.
 
https://elixir.bootlin.com/musl/v1.2.5/source/src/malloc/mallocng/meta.h#L17 struct group {   struct meta *meta;   unsigned char active_idx:5;   char pad[UNIT - sizeof(struct meta *) - 1];   unsigned char storage[]; };
 
Methods:
 
     
  •  preload             \u2013              
    Read all the necessary process memory to populate the group's
     
    •  
  •  set_meta             \u2013              
    Sets the meta object for this group.
     
    •  
  •  at_index             \u2013              
    Get the address of the slot at index idx.
     
    •  
 
Attributes:
 
     
  •  addr           \u2013            
    •  
  •  meta               (Meta)           \u2013            
    Raises:
     
    •  
  •  active_idx               (int)           \u2013            
    Raises:
     
    •  
  •  storage               (int)           \u2013            
    •  
  •  group_size               (int)           \u2013            
    The size of this group, in bytes.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.addr","title":"addr  instance-attribute","text":"
addr = addr\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.meta","title":"meta  property","text":"
meta: Meta\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.active_idx","title":"active_idx  property","text":"
active_idx: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.storage","title":"storage  property","text":"
storage: int\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.group_size","title":"group_size  property","text":"
group_size: int\n
 
The size of this group, in bytes.
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.preload","title":"preload","text":"
preload() -> None\n
 
Read all the necessary process memory to populate the group's fields.
 
Do this if you know you will be using most of the fields of the group. It will be faster, since we can do one reads instead of two small ones. You may also catch inaccessible memory exceptions here and not worry about it later.
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.set_meta","title":"set_meta","text":"
set_meta(meta: Meta) -> None\n
 
Sets the meta object for this group.
 
If the meta for this group is already calculated by the callee, use this to prevent it from being wastefully recalculated.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Group.at_index","title":"at_index","text":"
at_index(idx: int) -> int\n
 
Get the address of the slot at index idx.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot","title":"Slot","text":"
Slot(p: int)\n
 
The \"unit of allocation\" (analogous to glibc's \"chunk\"). There is no struct in the source code that describes it.
 
Methods:
 
     
  •  preload             \u2013              
    Read all the necessary process memory to populate the slot's
     
    •  
  •  preload_meta_dependants             \u2013              
    Preloads all fields that depend on a sane meta.
     
    •  
  •  is_cyclic             \u2013              
    Returns whether mallocng reports that p != start.
     
    •  
  •  contains_group             \u2013              
    Does this slot nest a group?
     
    •  
  •  set_group             \u2013              
    If the slot is FREED or AVAIL, it is impossible for it to
     
    •  
  •  from_p             \u2013              
    •  
  •  from_start             \u2013              
    •  
 
Attributes:
 
     
  •  p               (int)           \u2013            
    •  
  •  offset               (int)           \u2013            
    Raises:
     
    •  
  •  pn3               (int)           \u2013            
    Raises:
     
    •  
  •  idx               (int)           \u2013            
    Raises:
     
    •  
  •  reserved_in_header               (int)           \u2013            
    •  
  •  big_offset_check               (int)           \u2013            
    Raises:
     
    •  
  •  start               (int)           \u2013            
    Raises:
     
    •  
  •  cyclic_offset               (int)           \u2013            
    Returns zero if is_cyclic() is False.
     
    •  
  •  startn3               (int)           \u2013            
    Raises:
     
    •  
  •  reserved_in_footer               (int)           \u2013            
    Returns -1 if the value is invalid, i.e.
     
    •  
  •  end               (int)           \u2013            
    Raises:
     
    •  
  •  reserved               (int)           \u2013            
    Returns 0 if reserved_in_header() == 6.
     
    •  
  •  nominal_size               (int)           \u2013            
    Raises:
     
    •  
  •  user_size               (int)           \u2013            
    Raises:
     
    •  
  •  slack               (int)           \u2013            
    Raises:
     
    •  
  •  group               (Group)           \u2013            
    •  
  •  meta               (Meta)           \u2013            
    Raises:
     
    •  
  •  slot_state               (SlotState)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.p","title":"p  instance-attribute","text":"
p: int = p\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.offset","title":"offset  property","text":"
offset: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.pn3","title":"pn3  property","text":"
pn3: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.idx","title":"idx  property","text":"
idx: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.reserved_in_header","title":"reserved_in_header  property","text":"
reserved_in_header: int\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.big_offset_check","title":"big_offset_check  property","text":"
big_offset_check: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.start","title":"start  property","text":"
start: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.cyclic_offset","title":"cyclic_offset  property","text":"
cyclic_offset: int\n
 
Returns zero if is_cyclic() is False.
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.startn3","title":"startn3  property","text":"
startn3: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.reserved_in_footer","title":"reserved_in_footer  property","text":"
reserved_in_footer: int\n
 
Returns -1 if the value is invalid, i.e. reserved_in_header() != 5.
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.end","title":"end  property","text":"
end: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.reserved","title":"reserved  property","text":"
reserved: int\n
 
Returns 0 if reserved_in_header() == 6. Returns -1 if reserved_in_header() == 7.
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.nominal_size","title":"nominal_size  property","text":"
nominal_size: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.user_size","title":"user_size  property","text":"
user_size: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.slack","title":"slack  property","text":"
slack: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading meta fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.group","title":"group  property","text":"
group: Group\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.meta","title":"meta  property","text":"
meta: Meta\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.slot_state","title":"slot_state  property","text":"
slot_state: SlotState\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.preload","title":"preload","text":"
preload() -> None\n
 
Read all the necessary process memory to populate the slot's p header fields.
 
Do this if you know you will be using most of the fields of the slot. It will be faster, since we can do a few big reads instead of many small ones. You may also catch inaccessible memory exceptions here and not worry about it later.
 
Fields dependant on the meta are not loaded - you will still need to worry about exceptions coming from them.
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.preload_meta_dependants","title":"preload_meta_dependants","text":"
preload_meta_dependants() -> None\n
 
Preloads all fields that depend on a sane meta.
 
It generally only makes sense to run this after preload(). Calling this reduces the amount of process writes and centralizes field exceptions to this function.
 
If both preload() and preload_meta_dependants() return without exceptions, all the fields in this class are guaranteed to not cause any more memory reads nor raise any more exceptions.
 
Raises:
 
     
  •  Error             \u2013            
    When the meta is corrupt and/or reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.is_cyclic","title":"is_cyclic","text":"
is_cyclic() -> int\n
 
Returns whether mallocng reports that p != start.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.contains_group","title":"contains_group","text":"
contains_group() -> bool\n
 
Does this slot nest a group?
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.set_group","title":"set_group","text":"
set_group(group: Group) -> None\n
 
If the slot is FREED or AVAIL, it is impossible for it to recover the start of its group, and ergo its meta.
 
You can thus use this to set it externally.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.from_p","title":"from_p  classmethod","text":"
from_p(p: int) -> 'Slot'\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Slot.from_start","title":"from_start  classmethod","text":"
from_start(start: int) -> 'Slot'\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot","title":"GroupedSlot","text":"
GroupedSlot(group: Group, idx: int)\n
 
This is not a mallocng concept, this is a pwndbg abstraction.
 
A Slot object uses its inband metadata to recover all its fields and uncover more information about itself by locating its group and meta. It works essentially the same way mallocng's free() works.
 
However, if a slot is freed or available, most of its in-band metadata will be invalid and it will not be able to recover group and meta. But, given the start of the slot, we can infer which group it belongs to and what its index is by walking allocator state i.e. ctx i.e. by using Mallocng.find_slot().
 
A GroupedSlot then describes all information we can glean about a slot which is described by a (group, idx) pair. Many of its fields can be completely different from a Slot at the same location. They are guaranteed to be the same only if the slot is ALLOCATED and hasn't been corrupted.
 
Not all fields that are available in Slot are available in GroupedSlot.
 
Make sure the group you are passing to the constructor points to a valid meta object.
 
Attributes:
 
     
  •  group           \u2013            
    •  
  •  meta           \u2013            
    •  
  •  idx           \u2013            
    •  
  •  stride           \u2013            
    •  
  •  slot_state           \u2013            
    •  
  •  start           \u2013            
    •  
  •  end           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.group","title":"group  instance-attribute","text":"
group = group\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.meta","title":"meta  instance-attribute","text":"
meta = meta\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.idx","title":"idx  instance-attribute","text":"
idx = idx\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.stride","title":"stride  instance-attribute","text":"
stride = stride\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.slot_state","title":"slot_state  instance-attribute","text":"
slot_state = slotstate_at_index(idx)\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.start","title":"start  instance-attribute","text":"
start = storage + stride * idx\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.GroupedSlot.end","title":"end  instance-attribute","text":"
end = start + stride - IB\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta","title":"Meta","text":"
Meta(addr: int)\n
 
The metadata of a group.
 
https://elixir.bootlin.com/musl/v1.2.5/source/src/malloc/mallocng/meta.h#L24 struct meta {   struct meta *prev, *next;   struct group *mem;   volatile int avail_mask, freed_mask;   uintptr_t last_idx:5;   uintptr_t freeable:1;   uintptr_t sizeclass:6;   uintptr_t maplen:8*sizeof(uintptr_t)-12; };
 
Methods:
 
     
  •  preload             \u2013              
    Read all the necessary process memory to populate the meta's
     
    •  
  •  parent_group             \u2013              
    If this group is nested, returns the address of the group which
     
    •  
  •  root_group             \u2013              
    Returns the topmost/biggest parent group. It will never be a nested
     
    •  
  •  slotstate_at_index             \u2013              
    •  
  •  sizeof             \u2013              
    •  
 
Attributes:
 
     
  •  addr               (int)           \u2013            
    •  
  •  prev               (int)           \u2013            
    Raises:
     
    •  
  •  next               (int)           \u2013            
    Raises:
     
    •  
  •  mem               (int)           \u2013            
    Raises:
     
    •  
  •  avail_mask               (int)           \u2013            
    Raises:
     
    •  
  •  freed_mask               (int)           \u2013            
    Raises:
     
    •  
  •  last_idx               (int)           \u2013            
    Raises:
     
    •  
  •  freeable               (int)           \u2013            
    Raises:
     
    •  
  •  sizeclass               (int)           \u2013            
    Raises:
     
    •  
  •  maplen               (int)           \u2013            
    Raises:
     
    •  
  •  stride               (int)           \u2013            
    Returns -1 if sizeclass >= len(size_classes).
     
    •  
  •  cnt               (int)           \u2013            
    Number of slots in the group.
     
    •  
  •  is_donated               (bool)           \u2013            
    Returns whether the group object referred to by this meta has been
     
    •  
  •  is_mmaped               (bool)           \u2013            
    Returns whether the group object referred to by this meta has been
     
    •  
  •  is_nested               (bool)           \u2013            
    Returns whether the group object referred to by this meta has been
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.addr","title":"addr  instance-attribute","text":"
addr: int = addr\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.prev","title":"prev  property","text":"
prev: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.next","title":"next  property","text":"
next: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.mem","title":"mem  property","text":"
mem: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.avail_mask","title":"avail_mask  property","text":"
avail_mask: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.freed_mask","title":"freed_mask  property","text":"
freed_mask: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.last_idx","title":"last_idx  property","text":"
last_idx: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.freeable","title":"freeable  property","text":"
freeable: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.sizeclass","title":"sizeclass  property","text":"
sizeclass: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.maplen","title":"maplen  property","text":"
maplen: int\n
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.stride","title":"stride  property","text":"
stride: int\n
 
Returns -1 if sizeclass >= len(size_classes).
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.cnt","title":"cnt  property","text":"
cnt: int\n
 
Number of slots in the group.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.is_donated","title":"is_donated  property","text":"
is_donated: bool\n
 
Returns whether the group object referred to by this meta has been created by being donated by ld.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.is_mmaped","title":"is_mmaped  property","text":"
is_mmaped: bool\n
 
Returns whether the group object referred to by this meta has been created by being mmaped.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.is_nested","title":"is_nested  property","text":"
is_nested: bool\n
 
Returns whether the group object referred to by this meta has been created by being nested into a slot.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.preload","title":"preload","text":"
preload() -> None\n
 
Read all the necessary process memory to populate the meta's fields.
 
Do this if you know you will be using most of the fields of the meta. It will be faster, since we can do a one big read instead of many small ones. You may also catch inaccessible memory exceptions here and not worry about it later.
 
Raises:
 
     
  •  Error             \u2013            
    When reading memory fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.parent_group","title":"parent_group","text":"
parent_group() -> int\n
 
If this group is nested, returns the address of the group which contains the slot in which this group is in. Otherwise, returns -1.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.root_group","title":"root_group","text":"
root_group() -> Group\n
 
Returns the topmost/biggest parent group. It will never be a nested group. If this group isn't nested, this group is returned.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.slotstate_at_index","title":"slotstate_at_index","text":"
slotstate_at_index(idx: int) -> SlotState\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Meta.sizeof","title":"sizeof  staticmethod","text":"
sizeof() -> int\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea","title":"MetaArea","text":"
MetaArea(addr: int)\n
 
Slabs that contain metas, linked in a singly-linked list.
 
https://elixir.bootlin.com/musl/v1.2.5/source/src/malloc/mallocng/meta.h#L34 struct meta_area {   uint64_t check;   struct meta_area *next;   int nslots;   struct meta slots[]; };
 
Methods:
 
     
  •  load             \u2013              
    •  
  •  at_index             \u2013              
    Returns the address of the meta object located
     
    •  
 
Attributes:
 
     
  •  addr               (int)           \u2013            
    •  
  •  check               (int)           \u2013            
    •  
  •  meta_area               (int)           \u2013            
    •  
  •  nslots               (int)           \u2013            
    •  
  •  slots               (int)           \u2013            
    •  
  •  area_size               (int)           \u2013            
    Returns not the size of struct meta_area but rather
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.addr","title":"addr  instance-attribute","text":"
addr: int = addr\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.check","title":"check  instance-attribute","text":"
check: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.meta_area","title":"meta_area  instance-attribute","text":"
meta_area: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.nslots","title":"nslots  instance-attribute","text":"
nslots: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.slots","title":"slots  instance-attribute","text":"
slots: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.area_size","title":"area_size  property","text":"
area_size: int\n
 
Returns not the size of struct meta_area but rather the size of the memory this object represents.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.load","title":"load","text":"
load() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MetaArea.at_index","title":"at_index","text":"
at_index(idx: int) -> int\n
 
Returns the address of the meta object located at index idx.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext","title":"MallocContext","text":"
MallocContext(addr: int)\n
 
The global object that holds all allocator state.
 
https://elixir.bootlin.com/musl/v1.2.5/source/src/malloc/mallocng/meta.h#L41 struct malloc_context {   uint64_t secret;
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext--ifndef-pagesize","title":"ifndef PAGESIZE","text":"
size_t pagesize;
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext--endif","title":"endif","text":"
int init_done;   unsigned mmap_counter;   struct meta *free_meta_head;   struct meta *avail_meta;   size_t avail_meta_count, avail_meta_area_count, meta_alloc_shift;   struct meta_area *meta_area_head, *meta_area_tail;   unsigned char *avail_meta_areas;   struct meta *active[48];   size_t usage_by_class[48];   uint8_t unmap_seq[32], bounces[32];   uint8_t seq;   uintptr_t brk; };
 
Methods:
 
     
  •  load             \u2013              
    •  
  •  looks_valid             \u2013              
    Returns true if this object looks like a valid struct malloc_context object
     
    •  
 
Attributes:
 
     
  •  addr               (int)           \u2013            
    •  
  •  secret               (int)           \u2013            
    •  
  •  pagesize               (int)           \u2013            
    •  
  •  init_done               (int)           \u2013            
    •  
  •  mmap_counter               (int)           \u2013            
    •  
  •  free_meta_head               (int)           \u2013            
    •  
  •  avail_meta               (int)           \u2013            
    •  
  •  avail_meta_count               (int)           \u2013            
    •  
  •  avail_meta_area_count               (int)           \u2013            
    •  
  •  meta_alloc_shift               (int)           \u2013            
    •  
  •  meta_area_head               (int)           \u2013            
    •  
  •  meta_area_tail               (int)           \u2013            
    •  
  •  avail_meta_areas               (int)           \u2013            
    •  
  •  active               (list[int])           \u2013            
    •  
  •  usage_by_class               (list[int])           \u2013            
    •  
  •  unmap_seq               (list[int])           \u2013            
    •  
  •  bounces               (list[int])           \u2013            
    •  
  •  seq               (int)           \u2013            
    •  
  •  brk               (int)           \u2013            
    •  
  •  sizeof               (int)           \u2013            
    •  
  •  has_pagesize_field               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.addr","title":"addr  instance-attribute","text":"
addr: int = addr\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.secret","title":"secret  instance-attribute","text":"
secret: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.pagesize","title":"pagesize  instance-attribute","text":"
pagesize: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.init_done","title":"init_done  instance-attribute","text":"
init_done: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.mmap_counter","title":"mmap_counter  instance-attribute","text":"
mmap_counter: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.free_meta_head","title":"free_meta_head  instance-attribute","text":"
free_meta_head: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.avail_meta","title":"avail_meta  instance-attribute","text":"
avail_meta: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.avail_meta_count","title":"avail_meta_count  instance-attribute","text":"
avail_meta_count: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.avail_meta_area_count","title":"avail_meta_area_count  instance-attribute","text":"
avail_meta_area_count: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.meta_alloc_shift","title":"meta_alloc_shift  instance-attribute","text":"
meta_alloc_shift: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.meta_area_head","title":"meta_area_head  instance-attribute","text":"
meta_area_head: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.meta_area_tail","title":"meta_area_tail  instance-attribute","text":"
meta_area_tail: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.avail_meta_areas","title":"avail_meta_areas  instance-attribute","text":"
avail_meta_areas: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.active","title":"active  instance-attribute","text":"
active: list[int] = []\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.usage_by_class","title":"usage_by_class  instance-attribute","text":"
usage_by_class: list[int] = []\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.unmap_seq","title":"unmap_seq  instance-attribute","text":"
unmap_seq: list[int] = []\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.bounces","title":"bounces  instance-attribute","text":"
bounces: list[int] = []\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.seq","title":"seq  instance-attribute","text":"
seq: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.brk","title":"brk  instance-attribute","text":"
brk: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.sizeof","title":"sizeof  instance-attribute","text":"
sizeof: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.has_pagesize_field","title":"has_pagesize_field  instance-attribute","text":"
has_pagesize_field: bool = False\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.load","title":"load","text":"
load() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.MallocContext.looks_valid","title":"looks_valid","text":"
looks_valid() -> bool\n
 
Returns true if this object looks like a valid struct malloc_context object describing an initialized heap. False otherwise.
 
This is used by class Mallocng to find the correct ctx object.
 
We consider it invalid if the heap reads as uninitialized because: 1. Performing this check filters out invalid ctx objects very well. 2. When musl is dynmically linked, due to the ld donation logic,    the heap will usually be initialized before the start of main().
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng","title":"Mallocng","text":"
Mallocng()\n
 
               Bases: MemoryAllocator
 
Tracks the allocator state. By leveraging the __malloc_context symbol.
 
Import this singleton class like: from pwndbg.aglib.heap.mallocng import mallocng as ng
 
and make sure that you have run ng.init_if_needed() before you used the object.
 
Methods:
 
     
  •  init_if_needed             \u2013              
    We want this class to be a singleton, but also we can't
     
    •  
  •  set_ctx_addr             \u2013              
    Find where the __malloc_context global symbol is. Try using debug information,
     
    •  
  •  libc_has_debug_syms             \u2013              
    •  
  •  find_slot             \u2013              
    Get the slot which contains this address.
     
    •  
  •  containing             \u2013              
    Same as find_slot() but returns only the start address of the slot, or zero
     
    •  
  •  get_free_metas             \u2013              
    Get all free metas by traversing the ctx.free_meta_head doubly
     
    •  
  •  meta_is_avail             \u2013              
    Checks whether a meta is available.
     
    •  
  •  is_initialized             \u2013              
    Returns whether the allocator is initialized or not.
     
    •  
 
Attributes:
 
     
  •  finished_init               (bool)           \u2013            
    •  
  •  ctx_addr               (int)           \u2013            
    •  
  •  ctx               (MallocContext | None)           \u2013            
    •  
  •  has_debug_syms               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.finished_init","title":"finished_init  instance-attribute","text":"
finished_init: bool = False\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.ctx_addr","title":"ctx_addr  instance-attribute","text":"
ctx_addr: int = 0\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.ctx","title":"ctx  instance-attribute","text":"
ctx: MallocContext | None = None\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.has_debug_syms","title":"has_debug_syms  instance-attribute","text":"
has_debug_syms: bool = False\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.init_if_needed","title":"init_if_needed","text":"
init_if_needed() -> bool\n
 
We want this class to be a singleton, but also we can't initialize it as soon as pwndbg is loaded.
 
Users of the object are responsible for calling this to make sure the object is initialized. This also ensures our view of the heap is up-to-date.
 
Returns:
 
     
  •  bool           \u2013            
    True if this object is successfully initialized (whether
     
    •  
  •  bool           \u2013            
    now or before). False otherswise. If this returns False
     
    •  
  •  bool           \u2013            
    you may not use this object for heap operations.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.set_ctx_addr","title":"set_ctx_addr","text":"
set_ctx_addr() -> None\n
 
Find where the __malloc_context global symbol is. Try using debug information, but if it isn't available try using a heuristic.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.libc_has_debug_syms","title":"libc_has_debug_syms","text":"
libc_has_debug_syms() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.find_slot","title":"find_slot","text":"
find_slot(\n    address: int, metadata: bool = False, shallow: bool = False\n) -> tuple[GroupedSlot | None, Slot | None]\n
 
Get the slot which contains this address.
 
We say a slot \"contains\" an address, if the address is in [start, start + stride). Thus, this will match the previous slot if you provide the address of the header inband metadata of a slot.
 
If metadata is True, then we check [start - IB, end) for containment.
 
If shallow is True, return the biggest slot which contains this address. The group that owns this slot will not be a nested group.
 
Returns (None, None) if nothing is found.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.containing","title":"containing","text":"
containing(address: int, metadata: bool = False, shallow: bool = False) -> int\n
 
Same as find_slot() but returns only the start address of the slot, or zero if no slot is found.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.get_free_metas","title":"get_free_metas","text":"
get_free_metas() -> dict[int, tuple[int, Meta]]\n
 
Get all free metas by traversing the ctx.free_meta_head doubly linked list. Map them to their index in the list.
 
Raises:
 
     
  •  Error             \u2013            
    If some meta cannot be read or is corrupted.
     
    •  
 
Returns:
 
     
  •  dict[int, tuple[int, Meta]]           \u2013            
    A dictionary that maps: meta address -> (meta index in list, Meta object).
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.meta_is_avail","title":"meta_is_avail","text":"
meta_is_avail(addr: int) -> bool\n
 
Checks whether a meta is available.
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.Mallocng.is_initialized","title":"is_initialized","text":"
is_initialized() -> bool\n
 
Returns whether the allocator is initialized or not.
 
Returns:
 
     
  •  bool           \u2013            
    A boolean.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/mallocng/#pwndbg.aglib.heap.mallocng.int_size","title":"int_size","text":"
int_size() -> int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/","title":"ptmalloc","text":""},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc","title":"ptmalloc","text":"
Classes:
 
     
  •  BinType           \u2013            
    •  
  •  Bin           \u2013            
    •  
  •  Bins           \u2013            
    •  
  •  ChunkField           \u2013            
    •  
  •  Chunk           \u2013            
    •  
  •  Heap           \u2013            
    •  
  •  Arena           \u2013            
    •  
  •  GlibcMemoryAllocator           \u2013            
    •  
  •  DebugSymsHeap           \u2013            
    •  
  •  SymbolUnresolvableError           \u2013            
    •  
  •  HeuristicHeap           \u2013            
    •  
 
Functions:
 
     
  •  heap_for_ptr             \u2013              
    Round a pointer to a chunk down to find its corresponding heap_info
     
    •  
  •  fetch_chunk_metadata             \u2013              
    •  
 
Attributes:
 
     
  •  PREV_INUSE           \u2013            
    •  
  •  IS_MMAPPED           \u2013            
    •  
  •  NON_MAIN_ARENA           \u2013            
    •  
  •  SIZE_BITS           \u2013            
    •  
  •  NONCONTIGUOUS_BIT           \u2013            
    •  
  •  TheType           \u2013            
    •  
  •  TheValue           \u2013            
    •  
  •  HEAP_MAX_SIZE               (int)           \u2013            
    •  
  •  NBINS           \u2013            
    •  
  •  BINMAPSIZE           \u2013            
    •  
  •  NFASTBINS           \u2013            
    •  
  •  NSMALLBINS           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.PREV_INUSE","title":"PREV_INUSE  module-attribute","text":"
PREV_INUSE = 1\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.IS_MMAPPED","title":"IS_MMAPPED  module-attribute","text":"
IS_MMAPPED = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NON_MAIN_ARENA","title":"NON_MAIN_ARENA  module-attribute","text":"
NON_MAIN_ARENA = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SIZE_BITS","title":"SIZE_BITS  module-attribute","text":"
SIZE_BITS = PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NONCONTIGUOUS_BIT","title":"NONCONTIGUOUS_BIT  module-attribute","text":"
NONCONTIGUOUS_BIT = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheType","title":"TheType  module-attribute","text":"
TheType = TypeVar('TheType', Type, Type[CStruct2GDB])\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheValue","title":"TheValue  module-attribute","text":"
TheValue = TypeVar('TheValue', Value, CStruct2GDB)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HEAP_MAX_SIZE","title":"HEAP_MAX_SIZE  module-attribute","text":"
HEAP_MAX_SIZE: int = None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NBINS","title":"NBINS  module-attribute","text":"
NBINS = 128\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BINMAPSIZE","title":"BINMAPSIZE  module-attribute","text":"
BINMAPSIZE = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NFASTBINS","title":"NFASTBINS  module-attribute","text":"
NFASTBINS = 10\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NSMALLBINS","title":"NSMALLBINS  module-attribute","text":"
NSMALLBINS = 64\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType","title":"BinType","text":"
               Bases: str, Enum
 
Methods:
 
     
  •  valid_fields             \u2013              
    •  
 
Attributes:
 
     
  •  TCACHE           \u2013            
    •  
  •  FAST           \u2013            
    •  
  •  SMALL           \u2013            
    •  
  •  LARGE           \u2013            
    •  
  •  UNSORTED           \u2013            
    •  
  •  NOT_IN_BIN           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.TCACHE","title":"TCACHE  class-attribute instance-attribute","text":"
TCACHE = 'tcachebins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.FAST","title":"FAST  class-attribute instance-attribute","text":"
FAST = 'fastbins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.SMALL","title":"SMALL  class-attribute instance-attribute","text":"
SMALL = 'smallbins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.LARGE","title":"LARGE  class-attribute instance-attribute","text":"
LARGE = 'largebins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.UNSORTED","title":"UNSORTED  class-attribute instance-attribute","text":"
UNSORTED = 'unsortedbin'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.NOT_IN_BIN","title":"NOT_IN_BIN  class-attribute instance-attribute","text":"
NOT_IN_BIN = 'not_in_bin'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.valid_fields","title":"valid_fields","text":"
valid_fields() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin","title":"Bin","text":"
Bin(\n    fd_chain: list[int],\n    bk_chain: list[int] | None = None,\n    count: int | None = None,\n    is_corrupted: bool = False,\n)\n
 
Methods:
 
     
  •  contains_chunk             \u2013              
    •  
  •  size_to_display_name             \u2013              
    •  
 
Attributes:
 
     
  •  fd_chain           \u2013            
    •  
  •  bk_chain           \u2013            
    •  
  •  count           \u2013            
    •  
  •  is_corrupted           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.fd_chain","title":"fd_chain  instance-attribute","text":"
fd_chain = fd_chain\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.bk_chain","title":"bk_chain  instance-attribute","text":"
bk_chain = bk_chain\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.count","title":"count  instance-attribute","text":"
count = count\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.is_corrupted","title":"is_corrupted  instance-attribute","text":"
is_corrupted = is_corrupted\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.contains_chunk","title":"contains_chunk","text":"
contains_chunk(chunk: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.size_to_display_name","title":"size_to_display_name  staticmethod","text":"
size_to_display_name(size: int | str) -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins","title":"Bins","text":"
Bins(bin_type: BinType)\n
 
Methods:
 
     
  •  contains_chunk             \u2013              
    •  
 
Attributes:
 
     
  •  bins               (OrderedDict[int | str, Bin])           \u2013            
    •  
  •  bin_type           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.bins","title":"bins  instance-attribute","text":"
bins: OrderedDict[int | str, Bin] = OrderedDict()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.bin_type","title":"bin_type  instance-attribute","text":"
bin_type = bin_type\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.contains_chunk","title":"contains_chunk","text":"
contains_chunk(size: int, chunk: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField","title":"ChunkField","text":"
               Bases: int, Enum
 
Attributes:
 
     
  •  PREV_SIZE           \u2013            
    •  
  •  SIZE           \u2013            
    •  
  •  FD           \u2013            
    •  
  •  BK           \u2013            
    •  
  •  FD_NEXTSIZE           \u2013            
    •  
  •  BK_NEXTSIZE           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.PREV_SIZE","title":"PREV_SIZE  class-attribute instance-attribute","text":"
PREV_SIZE = 1\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.SIZE","title":"SIZE  class-attribute instance-attribute","text":"
SIZE = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD","title":"FD  class-attribute instance-attribute","text":"
FD = 3\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK","title":"BK  class-attribute instance-attribute","text":"
BK = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD_NEXTSIZE","title":"FD_NEXTSIZE  class-attribute instance-attribute","text":"
FD_NEXTSIZE = 5\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK_NEXTSIZE","title":"BK_NEXTSIZE  class-attribute instance-attribute","text":"
BK_NEXTSIZE = 6\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk","title":"Chunk","text":"
Chunk(addr: int, heap: Heap | None = None, arena: Arena | None = None)\n
 
Methods:
 
     
  •  next_chunk             \u2013              
    •  
  •  __contains__             \u2013              
    This allow us to avoid extra constructions like 'if start_addr <= ptr < end_addr', etc.
     
    •  
 
Attributes:
 
     
  •  __slots__           \u2013            
    •  
  •  address           \u2013            
    •  
  •  prev_size               (int | None)           \u2013            
    •  
  •  size               (int | None)           \u2013            
    •  
  •  real_size               (int | None)           \u2013            
    •  
  •  flags               (dict[str, bool] | None)           \u2013            
    •  
  •  non_main_arena               (bool | None)           \u2013            
    •  
  •  is_mmapped               (bool | None)           \u2013            
    •  
  •  prev_inuse               (bool | None)           \u2013            
    •  
  •  fd           \u2013            
    •  
  •  bk           \u2013            
    •  
  •  fd_nextsize           \u2013            
    •  
  •  bk_nextsize           \u2013            
    •  
  •  heap               (Heap)           \u2013            
    •  
  •  arena               (Arena | None)           \u2013            
    •  
  •  is_top_chunk           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__slots__","title":"__slots__  class-attribute instance-attribute","text":"
__slots__ = (\n    \"_gdbValue\",\n    \"address\",\n    \"_prev_size\",\n    \"_size\",\n    \"_real_size\",\n    \"_flags\",\n    \"_non_main_arena\",\n    \"_is_mmapped\",\n    \"_prev_inuse\",\n    \"_fd\",\n    \"_bk\",\n    \"_fd_nextsize\",\n    \"_bk_nextsize\",\n    \"_heap\",\n    \"_arena\",\n    \"_is_top_chunk\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.address","title":"address  instance-attribute","text":"
address = int(address)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_size","title":"prev_size  property","text":"
prev_size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.size","title":"size  property","text":"
size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.real_size","title":"real_size  property","text":"
real_size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.flags","title":"flags  property","text":"
flags: dict[str, bool] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.non_main_arena","title":"non_main_arena  property","text":"
non_main_arena: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_mmapped","title":"is_mmapped  property","text":"
is_mmapped: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_inuse","title":"prev_inuse  property","text":"
prev_inuse: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd","title":"fd  property","text":"
fd\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk","title":"bk  property","text":"
bk\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd_nextsize","title":"fd_nextsize  property","text":"
fd_nextsize\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk_nextsize","title":"bk_nextsize  property","text":"
bk_nextsize\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.heap","title":"heap  property","text":"
heap: Heap\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.arena","title":"arena  property","text":"
arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_top_chunk","title":"is_top_chunk  property","text":"
is_top_chunk\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__match_renamed_field","title":"__match_renamed_field","text":"
__match_renamed_field(field: str)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.next_chunk","title":"next_chunk","text":"
next_chunk()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__contains__","title":"__contains__","text":"
__contains__(addr: int) -> bool\n
 
This allow us to avoid extra constructions like 'if start_addr <= ptr < end_addr', etc.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap","title":"Heap","text":"
Heap(addr: int, arena: Arena | None = None)\n
 
1) main_arena - uses the sbrk heap 2) non-main arena - heap starts after its heap_info struct (and possibly an arena) 3) non-contiguous main_arena - just a memory region 4) no arena - for fake/mmapped chunks
 
Methods:
 
     
  •  __iter__             \u2013              
    •  
  •  __contains__             \u2013              
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  __slots__           \u2013            
    •  
  •  arena           \u2013            
    •  
  •  start               (int)           \u2013            
    •  
  •  end               (int)           \u2013            
    •  
  •  first_chunk           \u2013            
    •  
  •  prev           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__slots__","title":"__slots__  class-attribute instance-attribute","text":"
__slots__ = (\n    \"_gdbValue\",\n    \"arena\",\n    \"_memory_region\",\n    \"start\",\n    \"end\",\n    \"_prev\",\n    \"first_chunk\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.arena","title":"arena  instance-attribute","text":"
arena = main_arena if arena is None else arena\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.start","title":"start  instance-attribute","text":"
start: int = start\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.end","title":"end  instance-attribute","text":"
end: int = end\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.first_chunk","title":"first_chunk  instance-attribute","text":"
first_chunk = Chunk(start)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.prev","title":"prev  property","text":"
prev\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__iter__","title":"__iter__","text":"
__iter__()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__contains__","title":"__contains__","text":"
__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena","title":"Arena","text":"
Arena(addr: int)\n
 
Methods:
 
     
  •  fastbins             \u2013              
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  __slots__           \u2013            
    •  
  •  address           \u2013            
    •  
  •  is_main_arena               (bool)           \u2013            
    •  
  •  mutex               (int | None)           \u2013            
    •  
  •  flags               (int | None)           \u2013            
    •  
  •  non_contiguous               (bool | None)           \u2013            
    •  
  •  have_fastchunks               (int | None)           \u2013            
    •  
  •  top               (int | None)           \u2013            
    •  
  •  fastbinsY               (list[int])           \u2013            
    •  
  •  bins               (list[int])           \u2013            
    •  
  •  binmap               (list[int])           \u2013            
    •  
  •  next               (int | None)           \u2013            
    •  
  •  next_free               (int | None)           \u2013            
    •  
  •  system_mem               (int | None)           \u2013            
    •  
  •  active_heap               (Heap)           \u2013            
    •  
  •  heaps           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.__slots__","title":"__slots__  class-attribute instance-attribute","text":"
__slots__ = (\n    \"_gdbValue\",\n    \"address\",\n    \"_is_main_arena\",\n    \"_top\",\n    \"_active_heap\",\n    \"_heaps\",\n    \"_mutex\",\n    \"_flags\",\n    \"_non_contiguous\",\n    \"_have_fastchunks\",\n    \"_fastbinsY\",\n    \"_bins\",\n    \"_binmap\",\n    \"_next\",\n    \"_next_free\",\n    \"_system_mem\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.address","title":"address  instance-attribute","text":"
address = int(address)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.is_main_arena","title":"is_main_arena  property","text":"
is_main_arena: bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.mutex","title":"mutex  property","text":"
mutex: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.flags","title":"flags  property","text":"
flags: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.non_contiguous","title":"non_contiguous  property","text":"
non_contiguous: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.have_fastchunks","title":"have_fastchunks  property","text":"
have_fastchunks: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.top","title":"top  property","text":"
top: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbinsY","title":"fastbinsY  property","text":"
fastbinsY: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.bins","title":"bins  property","text":"
bins: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.binmap","title":"binmap  property","text":"
binmap: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next","title":"next  property","text":"
next: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next_free","title":"next_free  property","text":"
next_free: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.system_mem","title":"system_mem  property","text":"
system_mem: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.active_heap","title":"active_heap  property","text":"
active_heap: Heap\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.heaps","title":"heaps  property","text":"
heaps\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbins","title":"fastbins","text":"
fastbins() -> Bins\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator","title":"GlibcMemoryAllocator","text":"
GlibcMemoryAllocator()\n
 
               Bases: MemoryAllocator, Generic[TheType, TheValue]
 
Methods:
 
     
  •  largebin_reverse_lookup             \u2013              
    Pick the appropriate largebin_reverse_lookup_ function for this architecture.
     
    •  
  •  largebin_size_range_from_index             \u2013              
    •  
  •  can_be_resolved             \u2013              
    •  
  •  has_tcache             \u2013              
    •  
  •  chunk_flags             \u2013              
    •  
  •  chunk_key_offset             \u2013              
    Find the index of a field in the malloc_chunk struct.
     
    •  
  •  get_heap             \u2013              
    •  
  •  get_tcache             \u2013              
    •  
  •  get_sbrk_heap_region             \u2013              
    •  
  •  get_region             \u2013              
    Find the memory map containing 'addr'.
     
    •  
  •  get_bins             \u2013              
    •  
  •  fastbin_index             \u2013              
    •  
  •  fastbins             \u2013              
    Returns: chain or None
     
    •  
  •  tcachebins             \u2013              
    Returns: tuple(chain, count) or None
     
    •  
  •  check_chain_corrupted             \u2013              
    Checks if the doubly linked list (of a {unsorted, small, large} bin)
     
    •  
  •  bin_at             \u2013              
    Modeled after glibc's bin_at function - so starts indexing from 1
     
    •  
  •  unsortedbin             \u2013              
    •  
  •  smallbins             \u2013              
    •  
  •  largebins             \u2013              
    •  
  •  largebin_index_32             \u2013              
    Modeled on the GLIBC malloc largebin_index_32 macro.
     
    •  
  •  largebin_index_32_big             \u2013              
    Modeled on the GLIBC malloc largebin_index_32_big macro.
     
    •  
  •  largebin_index_64             \u2013              
    Modeled on the GLIBC malloc largebin_index_64 macro.
     
    •  
  •  largebin_index             \u2013              
    Pick the appropriate largebin_index_ function for this architecture.
     
    •  
  •  is_initialized             \u2013              
    •  
  •  is_statically_linked             \u2013              
    •  
  •  libc_has_debug_syms             \u2013              
    The struct malloc_chunk comes from debugging symbols and it will not be there
     
    •  
  •  containing             \u2013              
    Returns the address of the allocation which contains 'address'.
     
    •  
 
Attributes:
 
     
  •  largebin_reverse_lookup_32           \u2013            
    •  
  •  largebin_reverse_lookup_32_big           \u2013            
    •  
  •  largebin_reverse_lookup_64           \u2013            
    •  
  •  main_arena               (Arena | None)           \u2013            
    •  
  •  arenas               (tuple[Arena, ...])           \u2013            
    Return a tuple of all current arenas.
     
    •  
  •  thread_arena               (Arena | None)           \u2013            
    •  
  •  thread_cache               (TheValue | None)           \u2013            
    •  
  •  mp               (TheValue | None)           \u2013            
    •  
  •  global_max_fast               (int | None)           \u2013            
    •  
  •  heap_info               (TheType | None)           \u2013            
    •  
  •  malloc_chunk               (TheType | None)           \u2013            
    •  
  •  malloc_state               (TheType | None)           \u2013            
    •  
  •  tcache_perthread_struct               (TheType | None)           \u2013            
    •  
  •  tcache_entry               (TheType | None)           \u2013            
    •  
  •  tcache_small_bins               (int | None)           \u2013            
    •  
  •  mallinfo               (TheType | None)           \u2013            
    •  
  •  malloc_par               (TheType | None)           \u2013            
    •  
  •  malloc_alignment               (int)           \u2013            
    Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
     
    •  
  •  size_sz               (int)           \u2013            
    Corresponds to SIZE_SZ in glibc malloc.c
     
    •  
  •  malloc_align_mask               (int)           \u2013            
    Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
     
    •  
  •  minsize               (int)           \u2013            
    Corresponds to MINSIZE in glibc malloc.c
     
    •  
  •  min_chunk_size               (int)           \u2013            
    Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
     
    •  
  •  multithreaded               (bool)           \u2013            
    Is malloc operating within a multithreaded environment.
     
    •  
  •  tcache_next_offset               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32 = (\n    512,\n    576,\n    640,\n    704,\n    768,\n    832,\n    896,\n    960,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32_big = (\n    1008,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    2944,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64  class-attribute instance-attribute","text":"
largebin_reverse_lookup_64 = (\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    3008,\n    3072,\n    3136,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.main_arena","title":"main_arena  property","text":"
main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.arenas","title":"arenas  property","text":"
arenas: tuple[Arena, ...]\n
 
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_arena","title":"thread_arena  property","text":"
thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_cache","title":"thread_cache  property","text":"
thread_cache: TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mp","title":"mp  property","text":"
mp: TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.global_max_fast","title":"global_max_fast  property","text":"
global_max_fast: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.heap_info","title":"heap_info  property","text":"
heap_info: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_chunk","title":"malloc_chunk  property","text":"
malloc_chunk: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_state","title":"malloc_state  property","text":"
malloc_state: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_perthread_struct","title":"tcache_perthread_struct  property","text":"
tcache_perthread_struct: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_entry","title":"tcache_entry  property","text":"
tcache_entry: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_small_bins","title":"tcache_small_bins  property","text":"
tcache_small_bins: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mallinfo","title":"mallinfo  property","text":"
mallinfo: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_par","title":"malloc_par  property","text":"
malloc_par: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_alignment","title":"malloc_alignment  property","text":"
malloc_alignment: int\n
 
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.size_sz","title":"size_sz  property","text":"
size_sz: int\n
 
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_align_mask","title":"malloc_align_mask  property","text":"
malloc_align_mask: int\n
 
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.minsize","title":"minsize  property","text":"
minsize: int\n
 
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.min_chunk_size","title":"min_chunk_size  property","text":"
min_chunk_size: int\n
 
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.multithreaded","title":"multithreaded  property","text":"
multithreaded: bool\n
 
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_next_offset","title":"tcache_next_offset  property","text":"
tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"
largebin_reverse_lookup(index: int) -> int\n
 
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.can_be_resolved","title":"can_be_resolved","text":"
can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.has_tcache","title":"has_tcache","text":"
has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_flags","title":"chunk_flags","text":"
chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_key_offset","title":"chunk_key_offset","text":"
chunk_key_offset(key: str) -> int | None\n
 
Find the index of a field in the malloc_chunk struct.
 64bit example 
prev_size == 0 size      == 8 fd        == 16 bk        == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_heap","title":"get_heap","text":"
get_heap(addr: int) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_tcache","title":"get_tcache","text":"
get_tcache(tcache_addr: int | None = None) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"
get_sbrk_heap_region() -> Page | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_region","title":"get_region","text":"
get_region(addr: int | Value | None) -> Page | None\n
 
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_bins","title":"get_bins","text":"
get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbin_index","title":"fastbin_index","text":"
fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbins","title":"fastbins","text":"
fastbins(arena_addr: int | None = None) -> Bins | None\n
 
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcachebins","title":"tcachebins","text":"
tcachebins(tcache_addr: int | None = None) -> Bins | None\n
 
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.check_chain_corrupted","title":"check_chain_corrupted","text":"
check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
 
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
 
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
 
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.bin_at","title":"bin_at","text":"
bin_at(\n    index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
 
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
 
bin_at(1) returns the unsorted bin
 
Bin 1          - Unsorted BiN Bin 2 to 63    - Smallbins Bin 64 to 126  - Largebins
 
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.unsortedbin","title":"unsortedbin","text":"
unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.smallbins","title":"smallbins","text":"
smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebins","title":"largebins","text":"
largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32","title":"largebin_index_32","text":"
largebin_index_32(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32_big","title":"largebin_index_32_big","text":"
largebin_index_32_big(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32_big macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_64","title":"largebin_index_64","text":"
largebin_index_64(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_64 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index","title":"largebin_index","text":"
largebin_index(sz: int)\n
 
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_initialized","title":"is_initialized","text":"
is_initialized()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_statically_linked","title":"is_statically_linked","text":"
is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.libc_has_debug_syms","title":"libc_has_debug_syms","text":"
libc_has_debug_syms() -> bool\n
 
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.containing","title":"containing","text":"
containing(address: int) -> int\n
 
Returns the address of the allocation which contains 'address'.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to look up.
     
    •  
 
Returns:
 
     
  •  int           \u2013            
    An integer.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap","title":"DebugSymsHeap","text":"
DebugSymsHeap()\n
 
               Bases: GlibcMemoryAllocator[Type, Value]
 
Methods:
 
     
  •  can_be_resolved             \u2013              
    •  
  •  has_tcache             \u2013              
    •  
  •  get_heap             \u2013              
    Find & read the heap_info struct belonging to the chunk at 'addr'.
     
    •  
  •  get_tcache             \u2013              
    •  
  •  get_sbrk_heap_region             \u2013              
    Return a Page object representing the sbrk heap region.
     
    •  
  •  is_initialized             \u2013              
    •  
  •  containing             \u2013              
    Returns the address of the allocation which contains 'address'.
     
    •  
  •  libc_has_debug_syms             \u2013              
    The struct malloc_chunk comes from debugging symbols and it will not be there
     
    •  
  •  largebin_reverse_lookup             \u2013              
    Pick the appropriate largebin_reverse_lookup_ function for this architecture.
     
    •  
  •  largebin_size_range_from_index             \u2013              
    •  
  •  chunk_flags             \u2013              
    •  
  •  chunk_key_offset             \u2013              
    Find the index of a field in the malloc_chunk struct.
     
    •  
  •  get_region             \u2013              
    Find the memory map containing 'addr'.
     
    •  
  •  get_bins             \u2013              
    •  
  •  fastbin_index             \u2013              
    •  
  •  fastbins             \u2013              
    Returns: chain or None
     
    •  
  •  tcachebins             \u2013              
    Returns: tuple(chain, count) or None
     
    •  
  •  check_chain_corrupted             \u2013              
    Checks if the doubly linked list (of a {unsorted, small, large} bin)
     
    •  
  •  bin_at             \u2013              
    Modeled after glibc's bin_at function - so starts indexing from 1
     
    •  
  •  unsortedbin             \u2013              
    •  
  •  smallbins             \u2013              
    •  
  •  largebins             \u2013              
    •  
  •  largebin_index_32             \u2013              
    Modeled on the GLIBC malloc largebin_index_32 macro.
     
    •  
  •  largebin_index_32_big             \u2013              
    Modeled on the GLIBC malloc largebin_index_32_big macro.
     
    •  
  •  largebin_index_64             \u2013              
    Modeled on the GLIBC malloc largebin_index_64 macro.
     
    •  
  •  largebin_index             \u2013              
    Pick the appropriate largebin_index_ function for this architecture.
     
    •  
  •  is_statically_linked             \u2013              
    •  
 
Attributes:
 
     
  •  main_arena               (Arena | None)           \u2013            
    •  
  •  thread_arena               (Arena | None)           \u2013            
    •  
  •  thread_cache               (Value | None)           \u2013            
    Locate a thread's tcache struct. If it doesn't have one, use the main
     
    •  
  •  mp               (Value | None)           \u2013            
    •  
  •  global_max_fast               (int | None)           \u2013            
    •  
  •  heap_info               (Type | None)           \u2013            
    •  
  •  malloc_chunk               (Type | None)           \u2013            
    •  
  •  malloc_state               (Type | None)           \u2013            
    •  
  •  tcache_perthread_struct               (Type | None)           \u2013            
    •  
  •  tcache_entry               (Type | None)           \u2013            
    •  
  •  mallinfo               (Type | None)           \u2013            
    •  
  •  malloc_par               (Type | None)           \u2013            
    •  
  •  largebin_reverse_lookup_32           \u2013            
    •  
  •  largebin_reverse_lookup_32_big           \u2013            
    •  
  •  largebin_reverse_lookup_64           \u2013            
    •  
  •  arenas               (tuple[Arena, ...])           \u2013            
    Return a tuple of all current arenas.
     
    •  
  •  tcache_small_bins               (int | None)           \u2013            
    •  
  •  malloc_alignment               (int)           \u2013            
    Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
     
    •  
  •  size_sz               (int)           \u2013            
    Corresponds to SIZE_SZ in glibc malloc.c
     
    •  
  •  malloc_align_mask               (int)           \u2013            
    Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
     
    •  
  •  minsize               (int)           \u2013            
    Corresponds to MINSIZE in glibc malloc.c
     
    •  
  •  min_chunk_size               (int)           \u2013            
    Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
     
    •  
  •  multithreaded               (bool)           \u2013            
    Is malloc operating within a multithreaded environment.
     
    •  
  •  tcache_next_offset               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.main_arena","title":"main_arena  property","text":"
main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_arena","title":"thread_arena  property","text":"
thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_cache","title":"thread_cache  property","text":"
thread_cache: Value | None\n
 
Locate a thread's tcache struct. If it doesn't have one, use the main thread's tcache.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mp","title":"mp  property","text":"
mp: Value | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.global_max_fast","title":"global_max_fast  property","text":"
global_max_fast: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.heap_info","title":"heap_info  property","text":"
heap_info: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_chunk","title":"malloc_chunk  property","text":"
malloc_chunk: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_state","title":"malloc_state  property","text":"
malloc_state: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_perthread_struct","title":"tcache_perthread_struct  property","text":"
tcache_perthread_struct: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_entry","title":"tcache_entry  property","text":"
tcache_entry: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mallinfo","title":"mallinfo  property","text":"
mallinfo: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_par","title":"malloc_par  property","text":"
malloc_par: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32 = (\n    512,\n    576,\n    640,\n    704,\n    768,\n    832,\n    896,\n    960,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32_big = (\n    1008,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    2944,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64  class-attribute instance-attribute","text":"
largebin_reverse_lookup_64 = (\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    3008,\n    3072,\n    3136,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.arenas","title":"arenas  property","text":"
arenas: tuple[Arena, ...]\n
 
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_small_bins","title":"tcache_small_bins  property","text":"
tcache_small_bins: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_alignment","title":"malloc_alignment  property","text":"
malloc_alignment: int\n
 
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.size_sz","title":"size_sz  property","text":"
size_sz: int\n
 
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_align_mask","title":"malloc_align_mask  property","text":"
malloc_align_mask: int\n
 
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.minsize","title":"minsize  property","text":"
minsize: int\n
 
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.min_chunk_size","title":"min_chunk_size  property","text":"
min_chunk_size: int\n
 
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.multithreaded","title":"multithreaded  property","text":"
multithreaded: bool\n
 
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_next_offset","title":"tcache_next_offset  property","text":"
tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.can_be_resolved","title":"can_be_resolved","text":"
can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.has_tcache","title":"has_tcache","text":"
has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_heap","title":"get_heap","text":"
get_heap(addr: int) -> Value | None\n
 
Find & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_tcache","title":"get_tcache","text":"
get_tcache(tcache_addr: int | Value | None = None) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"
get_sbrk_heap_region() -> Page | None\n
 
Return a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_initialized","title":"is_initialized","text":"
is_initialized() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.containing","title":"containing","text":"
containing(address: int) -> int\n
 
Returns the address of the allocation which contains 'address'.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to look up.
     
    •  
 
Returns:
 
     
  •  int           \u2013            
    An integer.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.libc_has_debug_syms","title":"libc_has_debug_syms","text":"
libc_has_debug_syms() -> bool\n
 
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"
largebin_reverse_lookup(index: int) -> int\n
 
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_flags","title":"chunk_flags","text":"
chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_key_offset","title":"chunk_key_offset","text":"
chunk_key_offset(key: str) -> int | None\n
 
Find the index of a field in the malloc_chunk struct.
 64bit example 
prev_size == 0 size      == 8 fd        == 16 bk        == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_region","title":"get_region","text":"
get_region(addr: int | Value | None) -> Page | None\n
 
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_bins","title":"get_bins","text":"
get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbin_index","title":"fastbin_index","text":"
fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbins","title":"fastbins","text":"
fastbins(arena_addr: int | None = None) -> Bins | None\n
 
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcachebins","title":"tcachebins","text":"
tcachebins(tcache_addr: int | None = None) -> Bins | None\n
 
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"
check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
 
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
 
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
 
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.bin_at","title":"bin_at","text":"
bin_at(\n    index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
 
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
 
bin_at(1) returns the unsorted bin
 
Bin 1          - Unsorted BiN Bin 2 to 63    - Smallbins Bin 64 to 126  - Largebins
 
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.unsortedbin","title":"unsortedbin","text":"
unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.smallbins","title":"smallbins","text":"
smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebins","title":"largebins","text":"
largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32","title":"largebin_index_32","text":"
largebin_index_32(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"
largebin_index_32_big(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32_big macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_64","title":"largebin_index_64","text":"
largebin_index_64(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_64 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index","title":"largebin_index","text":"
largebin_index(sz: int)\n
 
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_statically_linked","title":"is_statically_linked","text":"
is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SymbolUnresolvableError","title":"SymbolUnresolvableError","text":"
SymbolUnresolvableError(symbol: str)\n
 
               Bases: Exception
 
Attributes:
 
     
  •  symbol           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SymbolUnresolvableError.symbol","title":"symbol  instance-attribute","text":"
symbol = symbol\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap","title":"HeuristicHeap","text":"
HeuristicHeap()\n
 
               Bases: GlibcMemoryAllocator[Type['pwndbg.aglib.heap.structs.CStruct2GDB'], 'pwndbg.aglib.heap.structs.CStruct2GDB']
 
Methods:
 
     
  •  can_be_resolved             \u2013              
    •  
  •  has_tcache             \u2013              
    •  
  •  prompt_for_brute_force_thread_arena_permission             \u2013              
    Check if the user wants to brute force the thread_arena's value.
     
    •  
  •  prompt_for_brute_force_thread_cache_permission             \u2013              
    Check if the user wants to brute force the tcache's value.
     
    •  
  •  prompt_for_tls_address             \u2013              
    Check if we can determine the TLS address and return it.
     
    •  
  •  brute_force_tls_reference_in_got_section             \u2013              
    Brute force the TLS-reference in the .got section to that can pass the validator.
     
    •  
  •  brute_force_thread_local_variable_near_tls_base             \u2013              
    Brute force the thread-local variable near the TLS base address that can pass the validator.
     
    •  
  •  get_heap             \u2013              
    Find & read the heap_info struct belonging to the chunk at 'addr'.
     
    •  
  •  get_tcache             \u2013              
    •  
  •  get_sbrk_heap_region             \u2013              
    Return a Page object representing the sbrk heap region.
     
    •  
  •  is_initialized             \u2013              
    •  
  •  containing             \u2013              
    Returns the address of the allocation which contains 'address'.
     
    •  
  •  libc_has_debug_syms             \u2013              
    The struct malloc_chunk comes from debugging symbols and it will not be there
     
    •  
  •  largebin_reverse_lookup             \u2013              
    Pick the appropriate largebin_reverse_lookup_ function for this architecture.
     
    •  
  •  largebin_size_range_from_index             \u2013              
    •  
  •  chunk_flags             \u2013              
    •  
  •  chunk_key_offset             \u2013              
    Find the index of a field in the malloc_chunk struct.
     
    •  
  •  get_region             \u2013              
    Find the memory map containing 'addr'.
     
    •  
  •  get_bins             \u2013              
    •  
  •  fastbin_index             \u2013              
    •  
  •  fastbins             \u2013              
    Returns: chain or None
     
    •  
  •  tcachebins             \u2013              
    Returns: tuple(chain, count) or None
     
    •  
  •  check_chain_corrupted             \u2013              
    Checks if the doubly linked list (of a {unsorted, small, large} bin)
     
    •  
  •  bin_at             \u2013              
    Modeled after glibc's bin_at function - so starts indexing from 1
     
    •  
  •  unsortedbin             \u2013              
    •  
  •  smallbins             \u2013              
    •  
  •  largebins             \u2013              
    •  
  •  largebin_index_32             \u2013              
    Modeled on the GLIBC malloc largebin_index_32 macro.
     
    •  
  •  largebin_index_32_big             \u2013              
    Modeled on the GLIBC malloc largebin_index_32_big macro.
     
    •  
  •  largebin_index_64             \u2013              
    Modeled on the GLIBC malloc largebin_index_64 macro.
     
    •  
  •  largebin_index             \u2013              
    Pick the appropriate largebin_index_ function for this architecture.
     
    •  
  •  is_statically_linked             \u2013              
    •  
 
Attributes:
 
     
  •  struct_module               (ModuleType | None)           \u2013            
    •  
  •  main_arena               (Arena | None)           \u2013            
    •  
  •  thread_arena               (Arena | None)           \u2013            
    •  
  •  thread_cache               ('pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None)           \u2013            
    Locate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first,
     
    •  
  •  mp               ('pwndbg.aglib.heap.structs.CStruct2GDB')           \u2013            
    •  
  •  global_max_fast               (int)           \u2013            
    •  
  •  heap_info               (type['pwndbg.aglib.heap.structs.HeapInfo'] | None)           \u2013            
    •  
  •  malloc_chunk               (type['pwndbg.aglib.heap.structs.MallocChunk'] | None)           \u2013            
    •  
  •  malloc_state               (type['pwndbg.aglib.heap.structs.MallocState'] | None)           \u2013            
    •  
  •  tcache_perthread_struct               (type['pwndbg.aglib.heap.structs.TcachePerthreadStruct'] | None)           \u2013            
    •  
  •  tcache_entry               (type['pwndbg.aglib.heap.structs.TcacheEntry'] | None)           \u2013            
    •  
  •  mallinfo               (type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None)           \u2013            
    •  
  •  malloc_par               (type['pwndbg.aglib.heap.structs.MallocPar'] | None)           \u2013            
    •  
  •  largebin_reverse_lookup_32           \u2013            
    •  
  •  largebin_reverse_lookup_32_big           \u2013            
    •  
  •  largebin_reverse_lookup_64           \u2013            
    •  
  •  arenas               (tuple[Arena, ...])           \u2013            
    Return a tuple of all current arenas.
     
    •  
  •  tcache_small_bins               (int | None)           \u2013            
    •  
  •  malloc_alignment               (int)           \u2013            
    Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
     
    •  
  •  size_sz               (int)           \u2013            
    Corresponds to SIZE_SZ in glibc malloc.c
     
    •  
  •  malloc_align_mask               (int)           \u2013            
    Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
     
    •  
  •  minsize               (int)           \u2013            
    Corresponds to MINSIZE in glibc malloc.c
     
    •  
  •  min_chunk_size               (int)           \u2013            
    Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
     
    •  
  •  multithreaded               (bool)           \u2013            
    Is malloc operating within a multithreaded environment.
     
    •  
  •  tcache_next_offset               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.struct_module","title":"struct_module  property","text":"
struct_module: ModuleType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.main_arena","title":"main_arena  property","text":"
main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_arena","title":"thread_arena  property","text":"
thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_cache","title":"thread_cache  property","text":"
thread_cache: 'pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None\n
 
Locate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first, and if that fails, we guess it's at the first chunk of the heap.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mp","title":"mp  property","text":"
mp: 'pwndbg.aglib.heap.structs.CStruct2GDB'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.global_max_fast","title":"global_max_fast  property","text":"
global_max_fast: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.heap_info","title":"heap_info  property","text":"
heap_info: type['pwndbg.aglib.heap.structs.HeapInfo'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_chunk","title":"malloc_chunk  property","text":"
malloc_chunk: type['pwndbg.aglib.heap.structs.MallocChunk'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_state","title":"malloc_state  property","text":"
malloc_state: type['pwndbg.aglib.heap.structs.MallocState'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_perthread_struct","title":"tcache_perthread_struct  property","text":"
tcache_perthread_struct: (\n    type[\"pwndbg.aglib.heap.structs.TcachePerthreadStruct\"] | None\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_entry","title":"tcache_entry  property","text":"
tcache_entry: type['pwndbg.aglib.heap.structs.TcacheEntry'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mallinfo","title":"mallinfo  property","text":"
mallinfo: type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_par","title":"malloc_par  property","text":"
malloc_par: type['pwndbg.aglib.heap.structs.MallocPar'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32 = (\n    512,\n    576,\n    640,\n    704,\n    768,\n    832,\n    896,\n    960,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big  class-attribute instance-attribute","text":"
largebin_reverse_lookup_32_big = (\n    1008,\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    2944,\n    3072,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64  class-attribute instance-attribute","text":"
largebin_reverse_lookup_64 = (\n    1024,\n    1088,\n    1152,\n    1216,\n    1280,\n    1344,\n    1408,\n    1472,\n    1536,\n    1600,\n    1664,\n    1728,\n    1792,\n    1856,\n    1920,\n    1984,\n    2048,\n    2112,\n    2176,\n    2240,\n    2304,\n    2368,\n    2432,\n    2496,\n    2560,\n    2624,\n    2688,\n    2752,\n    2816,\n    2880,\n    2944,\n    3008,\n    3072,\n    3136,\n    3584,\n    4096,\n    4608,\n    5120,\n    5632,\n    6144,\n    6656,\n    7168,\n    7680,\n    8192,\n    8704,\n    9216,\n    9728,\n    10240,\n    10752,\n    12288,\n    16384,\n    20480,\n    24576,\n    28672,\n    32768,\n    36864,\n    40960,\n    65536,\n    98304,\n    131072,\n    163840,\n    262144,\n    524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.arenas","title":"arenas  property","text":"
arenas: tuple[Arena, ...]\n
 
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_small_bins","title":"tcache_small_bins  property","text":"
tcache_small_bins: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_alignment","title":"malloc_alignment  property","text":"
malloc_alignment: int\n
 
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.size_sz","title":"size_sz  property","text":"
size_sz: int\n
 
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_align_mask","title":"malloc_align_mask  property","text":"
malloc_align_mask: int\n
 
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.minsize","title":"minsize  property","text":"
minsize: int\n
 
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.min_chunk_size","title":"min_chunk_size  property","text":"
min_chunk_size: int\n
 
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.multithreaded","title":"multithreaded  property","text":"
multithreaded: bool\n
 
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_next_offset","title":"tcache_next_offset  property","text":"
tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.can_be_resolved","title":"can_be_resolved","text":"
can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.has_tcache","title":"has_tcache","text":"
has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_arena_permission","title":"prompt_for_brute_force_thread_arena_permission","text":"
prompt_for_brute_force_thread_arena_permission() -> bool\n
 
Check if the user wants to brute force the thread_arena's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_cache_permission","title":"prompt_for_brute_force_thread_cache_permission","text":"
prompt_for_brute_force_thread_cache_permission() -> bool\n
 
Check if the user wants to brute force the tcache's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_tls_address","title":"prompt_for_tls_address","text":"
prompt_for_tls_address() -> int\n
 
Check if we can determine the TLS address and return it.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_tls_reference_in_got_section","title":"brute_force_tls_reference_in_got_section","text":"
brute_force_tls_reference_in_got_section(\n    tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\n
 
Brute force the TLS-reference in the .got section to that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_thread_local_variable_near_tls_base","title":"brute_force_thread_local_variable_near_tls_base","text":"
brute_force_thread_local_variable_near_tls_base(\n    tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\n
 
Brute force the thread-local variable near the TLS base address that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_heap","title":"get_heap","text":"
get_heap(addr: int) -> 'pwndbg.aglib.heap.structs.HeapInfo' | None\n
 
Find & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_tcache","title":"get_tcache","text":"
get_tcache(\n    tcache_addr: int | None = None,\n) -> \"pwndbg.aglib.heap.structs.TcachePerthreadStruct\" | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"
get_sbrk_heap_region() -> Page\n
 
Return a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES. This heuristic version requires some sanity checks and may raise SymbolUnresolvableError if malloc's mp_ struct can't be resolved.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_initialized","title":"is_initialized","text":"
is_initialized() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.containing","title":"containing","text":"
containing(address: int) -> int\n
 
Returns the address of the allocation which contains 'address'.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to look up.
     
    •  
 
Returns:
 
     
  •  int           \u2013            
    An integer.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.libc_has_debug_syms","title":"libc_has_debug_syms","text":"
libc_has_debug_syms() -> bool\n
 
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"
largebin_reverse_lookup(index: int) -> int\n
 
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"
largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_flags","title":"chunk_flags","text":"
chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_key_offset","title":"chunk_key_offset","text":"
chunk_key_offset(key: str) -> int | None\n
 
Find the index of a field in the malloc_chunk struct.
 64bit example 
prev_size == 0 size      == 8 fd        == 16 bk        == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_region","title":"get_region","text":"
get_region(addr: int | Value | None) -> Page | None\n
 
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_bins","title":"get_bins","text":"
get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbin_index","title":"fastbin_index","text":"
fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbins","title":"fastbins","text":"
fastbins(arena_addr: int | None = None) -> Bins | None\n
 
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcachebins","title":"tcachebins","text":"
tcachebins(tcache_addr: int | None = None) -> Bins | None\n
 
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"
check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
 
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
 
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
 
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.bin_at","title":"bin_at","text":"
bin_at(\n    index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
 
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
 
bin_at(1) returns the unsorted bin
 
Bin 1          - Unsorted BiN Bin 2 to 63    - Smallbins Bin 64 to 126  - Largebins
 
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.unsortedbin","title":"unsortedbin","text":"
unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.smallbins","title":"smallbins","text":"
smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebins","title":"largebins","text":"
largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32","title":"largebin_index_32","text":"
largebin_index_32(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"
largebin_index_32_big(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_32_big macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_64","title":"largebin_index_64","text":"
largebin_index_64(sz: int) -> int\n
 
Modeled on the GLIBC malloc largebin_index_64 macro.
 
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index","title":"largebin_index","text":"
largebin_index(sz: int)\n
 
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_statically_linked","title":"is_statically_linked","text":"
is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.heap_for_ptr","title":"heap_for_ptr","text":"
heap_for_ptr(ptr: int) -> int\n
 
Round a pointer to a chunk down to find its corresponding heap_info struct, the pointer must point inside a heap which does not belong to the main arena.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.fetch_chunk_metadata","title":"fetch_chunk_metadata","text":"
fetch_chunk_metadata(\n    address: int, include_only_fields: set[ChunkField] | None = None\n)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/","title":"structs","text":""},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs","title":"structs","text":"
Classes:
 
     
  •  c_pvoid           \u2013            
    Represents a pointer.
     
    •  
  •  c_size_t           \u2013            
    Represents a size_t.
     
    •  
  •  FakeGDBField           \u2013            
    Fake gdb.Field for compatibility
     
    •  
  •  CStruct2GDB           \u2013            
    •  
  •  c_malloc_state_2_26           \u2013            
    This class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
     
    •  
  •  c_malloc_state_2_12           \u2013            
    This class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
     
    •  
  •  c_malloc_state_2_27           \u2013            
    This class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
     
    •  
  •  MallocState           \u2013            
    This class represents malloc_state struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
  •  c_heap_info           \u2013            
    This class represents heap_info struct as a ctypes struct.
     
    •  
  •  HeapInfo           \u2013            
    This class represents heap_info struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
  •  c_malloc_chunk           \u2013            
    This class represents malloc_chunk struct as a ctypes struct.
     
    •  
  •  MallocChunk           \u2013            
    This class represents malloc_chunk struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
  •  c_tcache_perthread_struct_2_29           \u2013            
    This class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
     
    •  
  •  c_tcache_perthread_struct_2_30           \u2013            
    This class represents the tcache_perthread_struct for 2.30 <= GLIBC < 2.42 as a ctypes struct.
     
    •  
  •  c_tcache_perthread_struct_2_42           \u2013            
    This class represents the tcache_perthread_struct for 2.42 <= GLIBC as a ctypes struct.
     
    •  
  •  TcachePerthreadStruct           \u2013            
    This class represents tcache_perthread_struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
  •  c_tcache_entry_2_28           \u2013            
    This class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
     
    •  
  •  c_tcache_entry_2_29           \u2013            
    This class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
     
    •  
  •  TcacheEntry           \u2013            
    This class represents the tcache_entry struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
  •  c_malloc_par_2_23           \u2013            
    This class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
     
    •  
  •  c_malloc_par_2_12           \u2013            
    This class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
     
    •  
  •  c_malloc_par_2_24           \u2013            
    This class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
     
    •  
  •  c_malloc_par_2_26           \u2013            
    This class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
     
    •  
  •  c_malloc_par_2_35           \u2013            
    This class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
     
    •  
  •  c_malloc_par_2_42           \u2013            
    This class represents the malloc_par struct for GLIBC >= 2.42 as a ctypes struct.
     
    •  
  •  MallocPar           \u2013            
    This class represents the malloc_par struct with interface compatible with pwndbg.dbg_mod.Value.
     
    •  
 
Functions:
 
     
  •  request2size             \u2013              
    •  
  •  fastbin_index             \u2013              
    •  
 
Attributes:
 
     
  •  GLIBC_VERSION           \u2013            
    •  
  •  SIZE_SZ           \u2013            
    •  
  •  MINSIZE           \u2013            
    •  
  •  MALLOC_ALIGN           \u2013            
    •  
  •  long_double_alignment           \u2013            
    •  
  •  MALLOC_ALIGN_MASK           \u2013            
    •  
  •  MAX_FAST_SIZE           \u2013            
    •  
  •  NBINS           \u2013            
    •  
  •  BINMAPSIZE           \u2013            
    •  
  •  TCACHE_SMALL_BINS           \u2013            
    •  
  •  TCACHE_LARGE_BINS           \u2013            
    •  
  •  TCACHE_MAX_BINS           \u2013            
    •  
  •  NFASTBINS           \u2013            
    •  
  •  PTR           \u2013            
    •  
  •  SIZE_T           \u2013            
    •  
  •  DEFAULT_TOP_PAD           \u2013            
    •  
  •  DEFAULT_MMAP_MAX           \u2013            
    •  
  •  DEFAULT_MMAP_THRESHOLD           \u2013            
    •  
  •  DEFAULT_TRIM_THRESHOLD           \u2013            
    •  
  •  DEFAULT_PAGE_SIZE           \u2013            
    •  
  •  TCACHE_FILL_COUNT           \u2013            
    •  
  •  MAX_TCACHE_SMALL_SIZE           \u2013            
    •  
  •  C2GDB_MAPPING           \u2013            
    •  
  •  DEFAULT_MP_           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.GLIBC_VERSION","title":"GLIBC_VERSION  module-attribute","text":"
GLIBC_VERSION = get_version()\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_SZ","title":"SIZE_SZ  module-attribute","text":"
SIZE_SZ = ptrsize\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MINSIZE","title":"MINSIZE  module-attribute","text":"
MINSIZE = ptrsize * 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN","title":"MALLOC_ALIGN  module-attribute","text":"
MALLOC_ALIGN = 16\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.long_double_alignment","title":"long_double_alignment  module-attribute","text":"
long_double_alignment = alignof\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN_MASK","title":"MALLOC_ALIGN_MASK  module-attribute","text":"
MALLOC_ALIGN_MASK = MALLOC_ALIGN - 1\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MAX_FAST_SIZE","title":"MAX_FAST_SIZE  module-attribute","text":"
MAX_FAST_SIZE = 80 * SIZE_SZ // 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NBINS","title":"NBINS  module-attribute","text":"
NBINS = 128\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.BINMAPSIZE","title":"BINMAPSIZE  module-attribute","text":"
BINMAPSIZE = 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_SMALL_BINS","title":"TCACHE_SMALL_BINS  module-attribute","text":"
TCACHE_SMALL_BINS = 64\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_LARGE_BINS","title":"TCACHE_LARGE_BINS  module-attribute","text":"
TCACHE_LARGE_BINS = 12\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_MAX_BINS","title":"TCACHE_MAX_BINS  module-attribute","text":"
TCACHE_MAX_BINS = TCACHE_SMALL_BINS + TCACHE_LARGE_BINS\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NFASTBINS","title":"NFASTBINS  module-attribute","text":"
NFASTBINS = fastbin_index(request2size(MAX_FAST_SIZE)) + 1\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.PTR","title":"PTR  module-attribute","text":"
PTR = c_uint32\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_T","title":"SIZE_T  module-attribute","text":"
SIZE_T = c_uint32\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TOP_PAD","title":"DEFAULT_TOP_PAD  module-attribute","text":"
DEFAULT_TOP_PAD = 131072\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_MAX","title":"DEFAULT_MMAP_MAX  module-attribute","text":"
DEFAULT_MMAP_MAX = 65536\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_THRESHOLD","title":"DEFAULT_MMAP_THRESHOLD  module-attribute","text":"
DEFAULT_MMAP_THRESHOLD = 128 * 1024\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TRIM_THRESHOLD","title":"DEFAULT_TRIM_THRESHOLD  module-attribute","text":"
DEFAULT_TRIM_THRESHOLD = 128 * 1024\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_PAGE_SIZE","title":"DEFAULT_PAGE_SIZE  module-attribute","text":"
DEFAULT_PAGE_SIZE = 4096\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_FILL_COUNT","title":"TCACHE_FILL_COUNT  module-attribute","text":"
TCACHE_FILL_COUNT = 7\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MAX_TCACHE_SMALL_SIZE","title":"MAX_TCACHE_SMALL_SIZE  module-attribute","text":"
MAX_TCACHE_SMALL_SIZE = (\n    (TCACHE_SMALL_BINS - 1) * MALLOC_ALIGN + MINSIZE - SIZE_SZ\n)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.C2GDB_MAPPING","title":"C2GDB_MAPPING  module-attribute","text":"
C2GDB_MAPPING = {\n    c_char: char,\n    c_int8: int8,\n    c_int16: int16,\n    c_int32: int32,\n    c_int64: int64,\n    c_uint8: uint8,\n    c_uint16: uint16,\n    c_uint32: uint32,\n    c_uint64: uint64,\n    c_pvoid: pvoid,\n    c_size_t: size_t,\n}\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MP_","title":"DEFAULT_MP_  module-attribute","text":"
DEFAULT_MP_ = _c_struct()\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_pvoid","title":"c_pvoid","text":"
               Bases: PTR
 
Represents a pointer.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_size_t","title":"c_size_t","text":"
               Bases: SIZE_T
 
Represents a size_t.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField","title":"FakeGDBField","text":"
FakeGDBField(\n    bitpos: int,\n    name: str | None,\n    type,\n    parent_type,\n    enumval: int | None = None,\n    artificial: bool = False,\n    is_base_class: bool = False,\n    bitsize: int = 0,\n)\n
 
Fake gdb.Field for compatibility
 
Attributes:
 
     
  •  bitpos           \u2013            
    •  
  •  name           \u2013            
    •  
  •  type           \u2013            
    •  
  •  parent_type           \u2013            
    •  
  •  enumval           \u2013            
    •  
  •  artificial           \u2013            
    •  
  •  is_base_class           \u2013            
    •  
  •  bitsize           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.bitpos","title":"bitpos  instance-attribute","text":"
bitpos = bitpos\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.name","title":"name  instance-attribute","text":"
name = name\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.type","title":"type  instance-attribute","text":"
type = type\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.parent_type","title":"parent_type  instance-attribute","text":"
parent_type = parent_type\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.enumval","title":"enumval  instance-attribute","text":"
enumval = enumval\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.artificial","title":"artificial  instance-attribute","text":"
artificial = artificial\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.is_base_class","title":"is_base_class  instance-attribute","text":"
is_base_class = is_base_class\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.bitsize","title":"bitsize  instance-attribute","text":"
bitsize = bitsize\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB","title":"CStruct2GDB","text":"
CStruct2GDB(address: int)\n
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_26","title":"c_malloc_state_2_26","text":"
               Bases: Structure
 
This class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369/malloc/malloc.c#L1678-L1716
 
struct malloc_state {     /* Serialize access.  */     __libc_lock_define (, mutex);
 
/* Flags (formerly in max_fast).  */\nint flags;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas.  Access to this field is serialized\n    by free_list_lock in arena.c.  */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena.  0 if the arena is on\n    the free list.  Access to this field is serialized by\n    free_list_lock in arena.c.  */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena.  */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n
 
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12","title":"c_malloc_state_2_12","text":"
               Bases: Structure
 
This class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2362-L2400
 
struct malloc_state { /* Serialize access.  */ mutex_t mutex;
 
/* Flags (formerly in max_fast).  */ int flags;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--if-thread_stats","title":"if THREAD_STATS","text":"
/* Statistics for locking.  Only used if THREAD_STATS is defined.  */ long stat_lock_direct, stat_lock_loop, stat_lock_wait;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif","title":"endif","text":"
/* Fastbins */ mfastbinptr      fastbinsY[NFASTBINS];
 
/* Base of the topmost chunk -- not otherwise kept in a bin */ mchunkptr        top;
 
/* The remainder from the most recent split of a small request */ mchunkptr        last_remainder;
 
/* Normal bins packed as described above */ mchunkptr        bins[NBINS * 2 - 2];
 
/* Bitmap of bins */ unsigned int     binmap[BINMAPSIZE];
 
/* Linked list */ struct malloc_state *next;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"
/* Linked list for free arenas.  */ struct malloc_state *next_free;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif_1","title":"endif","text":"
/* Memory allocated from the system in this arena.  */ INTERNAL_SIZE_T system_mem; INTERNAL_SIZE_T max_system_mem; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_27","title":"c_malloc_state_2_27","text":"
               Bases: Structure
 
This class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1831
 
struct malloc_state {     /* Serialize access.  */     __libc_lock_define (, mutex);
 
/* Flags (formerly in max_fast).  */\nint flags;\n\n/* Set if the fastbin chunks contain recently inserted free blocks.  */\n/* Note this is a bool but not all targets support atomics on booleans.  */\nint have_fastchunks;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas.  Access to this field is serialized\n    by free_list_lock in arena.c.  */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena.  0 if the arena is on\n    the free list.  Access to this field is serialized by\n    free_list_lock in arena.c.  */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena.  */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n
 
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState","title":"MallocState","text":"
MallocState(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents malloc_state struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_heap_info","title":"c_heap_info","text":"
               Bases: Structure
 
This class represents heap_info struct as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/arena.c#L53
 
typedef struct _heap_info {     mstate ar_ptr; /* Arena for this heap. /     struct _heap_info *prev; / Previous heap. /     size_t size;   / Current size in bytes. /     size_t mprotect_size; / Size in bytes that has been mprotected                             PROT_READ|PROT_WRITE.  /     / Make sure the following data is properly aligned, particularly         that sizeof (heap_info) + 2 * SIZE_SZ is a multiple of         MALLOC_ALIGNMENT. */     char pad[-6 * SIZE_SZ & MALLOC_ALIGN_MASK]; } heap_info;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo","title":"HeapInfo","text":"
HeapInfo(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents heap_info struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_chunk","title":"c_malloc_chunk","text":"
               Bases: Structure
 
This class represents malloc_chunk struct as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1154
 
struct malloc_chunk {
 
INTERNAL_SIZE_T      mchunk_prev_size;  /* Size of previous chunk (if free).  */\nINTERNAL_SIZE_T      mchunk_size;       /* Size in bytes, including overhead. */\n\nstruct malloc_chunk* fd;         /* double links -- used only if free. */\nstruct malloc_chunk* bk;\n\n/* Only used for large blocks: pointer to next larger size.  */\nstruct malloc_chunk* fd_nextsize; /* double links -- used only if free. */\nstruct malloc_chunk* bk_nextsize;\n
 
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk","title":"MallocChunk","text":"
MallocChunk(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents malloc_chunk struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_29","title":"c_tcache_perthread_struct_2_29","text":"
               Bases: Structure
 
This class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.29/malloc/malloc.c#L2916
 
typedef struct tcache_perthread_struct {     char counts[TCACHE_MAX_BINS];     tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_30","title":"c_tcache_perthread_struct_2_30","text":"
               Bases: Structure
 
This class represents the tcache_perthread_struct for 2.30 <= GLIBC < 2.42 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3025
 
typedef struct tcache_perthread_struct {     uint16_t counts[TCACHE_MAX_BINS];     tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_42","title":"c_tcache_perthread_struct_2_42","text":"
               Bases: Structure
 
This class represents the tcache_perthread_struct for 2.42 <= GLIBC as a ctypes struct.
 
https://elixir.bootlin.com/glibc/glibc-2.42/source/malloc/malloc.c#L3127
 
typedef struct tcache_perthread_struct {     uint16_t num_slots[TCACHE_MAX_BINS];     tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct","title":"TcachePerthreadStruct","text":"
TcachePerthreadStruct(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents tcache_perthread_struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_28","title":"c_tcache_entry_2_28","text":"
               Bases: Structure
 
This class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.28/malloc/malloc.c#L2888
 
typedef struct tcache_entry {     struct tcache_entry *next; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_29","title":"c_tcache_entry_2_29","text":"
               Bases: Structure
 
This class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3013
 
typedef struct tcache_entry {     struct tcache_entry next;     / This field exists to detect double frees.  */     uintptr_t key; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry","title":"TcacheEntry","text":"
TcacheEntry(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents the tcache_entry struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_23","title":"c_malloc_par_2_23","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.23/malloc/malloc.c#L1726
 
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
 
/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets     it manually, at which point we need to disable any     dynamic behavior. */ int no_dyn_threshold;
 
/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T  sbrked_mem;/ /INTERNAL_SIZE_T  max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem;  /* only kept for NO_THREADS */
 
/* First address handed out by MORECORE/sbrk.  */ char *sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12","title":"c_malloc_par_2_12","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2402-L2433
 
struct malloc_par { /* Tunable parameters */ unsigned long    trim_threshold; INTERNAL_SIZE_T  top_pad; INTERNAL_SIZE_T  mmap_threshold;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"
INTERNAL_SIZE_T  arena_test; INTERNAL_SIZE_T  arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--endif","title":"endif","text":"
/* Memory map support / int              n_mmaps; int              n_mmaps_max; int              max_n_mmaps; / the mmap_threshold is dynamic, until the user sets     it manually, at which point we need to disable any     dynamic behavior. */ int              no_dyn_threshold;
 
/* Cache malloc_getpagesize */ unsigned int     pagesize;
 
/* Statistics / INTERNAL_SIZE_T  mmapped_mem; /*INTERNAL_SIZE_T  sbrked_mem;/ /INTERNAL_SIZE_T  max_sbrked_mem;/ INTERNAL_SIZE_T  max_mmapped_mem; INTERNAL_SIZE_T  max_total_mem; /* only kept for NO_THREADS */
 
/* First address handed out by MORECORE/sbrk.  / char            sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_24","title":"c_malloc_par_2_24","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.25/malloc/malloc.c#L1690 https://github.com/bminor/glibc/blob/glibc-2.24/malloc/malloc.c#L1719
 
struct malloc_par {     /* Tunable parameters */     unsigned long trim_threshold;     INTERNAL_SIZE_T top_pad;     INTERNAL_SIZE_T mmap_threshold;     INTERNAL_SIZE_T arena_test;     INTERNAL_SIZE_T arena_max;
 
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n    it manually, at which point we need to disable any\n    dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk.  */\nchar *sbrk_base;\n
 
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26","title":"c_malloc_par_2_26","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1875
 
struct malloc_par {     /* Tunable parameters */     unsigned long trim_threshold;     INTERNAL_SIZE_T top_pad;     INTERNAL_SIZE_T mmap_threshold;     INTERNAL_SIZE_T arena_test;     INTERNAL_SIZE_T arena_max;
 
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n    it manually, at which point we need to disable any\n    dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk.  */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--if-use_tcache","title":"if USE_TCACHE","text":"
/* Maximum number of buckets to use.  */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket.  */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n    aren't used to prefill the cache.  */\nsize_t tcache_unsorted_limit;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--endif","title":"endif","text":"
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35","title":"c_malloc_par_2_35","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
 
https://github.com/bminor/glibc/blob/glibc-2.35/malloc/malloc.c#L1874
 
struct malloc_par {     /* Tunable parameters */     unsigned long trim_threshold;     INTERNAL_SIZE_T top_pad;     INTERNAL_SIZE_T mmap_threshold;     INTERNAL_SIZE_T arena_test;     INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-have_tunables","title":"if HAVE_TUNABLES","text":"
/* Transparent Large Page support.  */\nINTERNAL_SIZE_T thp_pagesize;\n/* A value different than 0 means to align mmap allocation to hp_pagesize\n    add hp_flags on flags.  */\nINTERNAL_SIZE_T hp_pagesize;\nint hp_flags;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif","title":"endif","text":"
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n    it manually, at which point we need to disable any\n    dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk.  */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-use_tcache","title":"if USE_TCACHE","text":"
/* Maximum number of buckets to use.  */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket.  */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n    aren't used to prefill the cache.  */\nsize_t tcache_unsorted_limit;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif_1","title":"endif","text":"
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_42","title":"c_malloc_par_2_42","text":"
               Bases: Structure
 
This class represents the malloc_par struct for GLIBC >= 2.42 as a ctypes struct.
 
https://elixir.bootlin.com/glibc/glibc-2.42/source/malloc/malloc.c#L1864
 
struct malloc_par {   /* Tunable parameters */   unsigned long trim_threshold;   INTERNAL_SIZE_T top_pad;   INTERNAL_SIZE_T mmap_threshold;   INTERNAL_SIZE_T arena_test;   INTERNAL_SIZE_T arena_max;
 
/* Transparent Large Page support.  /   INTERNAL_SIZE_T thp_pagesize;   / A value different than 0 means to align mmap allocation to hp_pagesize     add hp_flags on flags.  */   INTERNAL_SIZE_T hp_pagesize;   int hp_flags;
 
/* Memory map support /   int n_mmaps;   int n_mmaps_max;   int max_n_mmaps;   / the mmap_threshold is dynamic, until the user sets     it manually, at which point we need to disable any     dynamic behavior. */   int no_dyn_threshold;
 
/* Statistics */   INTERNAL_SIZE_T mmapped_mem;   INTERNAL_SIZE_T max_mmapped_mem;
 
/* First address handed out by MORECORE/sbrk.  */   char *sbrk_base;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_42--if-use_tcache","title":"if USE_TCACHE","text":"
/* Maximum number of small buckets to use.  /   size_t tcache_small_bins;   size_t tcache_max_bytes;   / Maximum number of chunks in each bucket.  /   size_t tcache_count;   / Maximum number of chunks to remove from the unsorted list, which     aren't used to prefill the cache.  */   size_t tcache_unsorted_limit;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_42--endif","title":"endif","text":"
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar","title":"MallocPar","text":"
MallocPar(address: int)\n
 
               Bases: CStruct2GDB
 
This class represents the malloc_par struct with interface compatible with pwndbg.dbg_mod.Value.
 
Methods:
 
     
  •  __int__             \u2013              
    Returns the address of the C struct.
     
    •  
  •  __getitem__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __getattr__             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  __eq__             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
     
    •  
  •  read_field             \u2013              
    Returns the value of the specified field as a pwndbg.dbg_mod.Value.
     
    •  
  •  unqualified             \u2013              
    Returns cls to make it compatible with the gdb.types.has_field() interface.
     
    •  
  •  fields             \u2013              
    Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  keys             \u2013              
    Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
  •  get_field_address             \u2013              
    Returns the address of the specified field.
     
    •  
  •  get_field_offset             \u2013              
    Returns the offset of the specified field.
     
    •  
  •  items             \u2013              
    Returns a tuple of (field name, field value) pairs.
     
    •  
  •  has_field             \u2013              
    Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
     
    •  
 
Attributes:
 
     
  •  sizeof           \u2013            
    •  
  •  code           \u2013            
    •  
  •  address           \u2013            
    •  
  •  type           \u2013            
    Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
     
    •  
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.sizeof","title":"sizeof  class-attribute instance-attribute","text":"
sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.code","title":"code  class-attribute instance-attribute","text":"
code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.type","title":"type  property","text":"
type\n
 
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__int__","title":"__int__","text":"
__int__() -> int\n
 
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getitem__","title":"__getitem__","text":"
__getitem__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getattr__","title":"__getattr__","text":"
__getattr__(key: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__eq__","title":"__eq__","text":"
__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.read_field","title":"read_field","text":"
read_field(field: str) -> Value\n
 
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.unqualified","title":"unqualified  classmethod","text":"
unqualified()\n
 
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.fields","title":"fields  classmethod","text":"
fields() -> list[FakeGDBField]\n
 
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.keys","title":"keys  classmethod","text":"
keys() -> list[str]\n
 
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_address","title":"get_field_address","text":"
get_field_address(field: str) -> int\n
 
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_offset","title":"get_field_offset  classmethod","text":"
get_field_offset(field: str) -> int\n
 
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.items","title":"items","text":"
items() -> tuple[tuple[Any, Any], ...]\n
 
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.has_field","title":"has_field  classmethod","text":"
has_field(field: str) -> bool\n
 
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.request2size","title":"request2size","text":"
request2size(req: int) -> int\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.fastbin_index","title":"fastbin_index","text":"
fastbin_index(size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/","title":"kernel","text":""},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel","title":"kernel","text":"
Modules:
 
     
  •  bpf           \u2013            
    •  
  •  buddydump           \u2013            
    •  
  •  dmabuf           \u2013            
    •  
  •  kallsyms           \u2013            
    •  
  •  kmod           \u2013            
    •  
  •  macros           \u2013            
    •  
  •  nftables           \u2013            
    •  
  •  paging           \u2013            
    •  
  •  rbtree           \u2013            
    •  
  •  slab           \u2013            
    •  
  •  symbol           \u2013            
    •  
  •  vmmap           \u2013            
    •  
 
Classes:
 
     
  •  ArchOps           \u2013            
    •  
  •  x86Ops           \u2013            
    •  
  •  i386Ops           \u2013            
    •  
  •  x86_64Ops           \u2013            
    •  
  •  Aarch64Ops           \u2013            
    •  
 
Functions:
 
     
  •  BIT             \u2013              
    •  
  •  has_debug_symbols             \u2013              
    •  
  •  has_debug_info             \u2013              
    •  
  •  requires_debug_symbols             \u2013              
    •  
  •  requires_debug_info             \u2013              
    •  
  •  nproc             \u2013              
    Returns the number of processing units available, similar to nproc(1)
     
    •  
  •  first_kernel_ro_page             \u2013              
    Returns the first kernel mapping which contains the linux_banner
     
    •  
  •  kconfig             \u2013              
    •  
  •  kcmdline             \u2013              
    •  
  •  kversion             \u2013              
    •  
  •  krelease             \u2013              
    •  
  •  get_idt_entries             \u2013              
    Retrieves the IDT entries from memory.
     
    •  
  •  arch_paginginfo             \u2013              
    •  
  •  arch_ops             \u2013              
    •  
  •  arch_symbols             \u2013              
    •  
  •  ptr_size             \u2013              
    •  
  •  page_size             \u2013              
    •  
  •  per_cpu             \u2013              
    •  
  •  virt_to_phys             \u2013              
    •  
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  kbase             \u2013              
    •  
  •  pagewalk             \u2013              
    •  
  •  paging_enabled             \u2013              
    •  
  •  num_numa_nodes             \u2013              
    Returns the number of NUMA nodes that are online on the system
     
    •  
  •  node_data             \u2013              
    •  
  •  slab_caches             \u2013              
    •  
  •  per_cpu_offset             \u2013              
    •  
  •  modules             \u2013              
    •  
  •  db_list             \u2013              
    •  
  •  prog_idr             \u2013              
    •  
  •  map_idr             \u2013              
    •  
  •  current_task             \u2013              
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  D           \u2013            
    •  
  •  T           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.D","title":"D  module-attribute","text":"
D = TypeVar('D')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps","title":"ArchOps","text":"
               Bases: ABC
 
Methods:
 
     
  •  per_cpu             \u2013              
    •  
  •  virt_to_phys             \u2013              
    •  
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
 
Attributes:
 
     
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  page_offset               (int)           \u2013            
    •  
  •  phys_offset               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int | None)           \u2013            
    •  
  •  ptr_size               (int)           \u2013            
    •  
  •  page_size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_offset","title":"page_offset  property","text":"
page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_offset","title":"phys_offset  property","text":"
phys_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.kbase","title":"kbase  property","text":"
kbase: int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.ptr_size","title":"ptr_size  property","text":"
ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_size","title":"page_size  property","text":"
page_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.per_cpu","title":"per_cpu  abstractmethod","text":"
per_cpu(addr: int | Value, cpu=None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_phys","title":"virt_to_phys  abstractmethod","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_virt","title":"phys_to_virt  abstractmethod","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_pfn","title":"phys_to_pfn  abstractmethod","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_phys","title":"pfn_to_phys  abstractmethod","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_page","title":"pfn_to_page  abstractmethod","text":"
pfn_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_pfn","title":"page_to_pfn  abstractmethod","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops","title":"x86Ops","text":"
               Bases: ArchOps
 
Methods:
 
     
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  paging_enabled             \u2013              
    •  
  •  per_cpu             \u2013              
    •  
  •  virt_to_phys             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
 
Attributes:
 
     
  •  ptr_size               (int)           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  page_offset               (int)           \u2013            
    •  
  •  phys_offset               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int | None)           \u2013            
    •  
  •  page_size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.ptr_size","title":"ptr_size  abstractmethod property","text":"
ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_offset","title":"page_offset  property","text":"
page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_offset","title":"phys_offset  property","text":"
phys_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.kbase","title":"kbase  property","text":"
kbase: int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_size","title":"page_size  property","text":"
page_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_virt","title":"phys_to_virt","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_pfn","title":"phys_to_pfn","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_phys","title":"pfn_to_phys","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.paging_enabled","title":"paging_enabled  staticmethod","text":"
paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.per_cpu","title":"per_cpu  abstractmethod","text":"
per_cpu(addr: int | Value, cpu=None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_phys","title":"virt_to_phys  abstractmethod","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_page","title":"pfn_to_page  abstractmethod","text":"
pfn_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_pfn","title":"page_to_pfn  abstractmethod","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops","title":"i386Ops","text":"
               Bases: x86Ops
 
Methods:
 
     
  •  virt_to_phys             \u2013              
    •  
  •  per_cpu             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
  •  paging_enabled             \u2013              
    •  
 
Attributes:
 
     
  •  ptr_size               (int)           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  page_offset               (int)           \u2013            
    •  
  •  phys_offset               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int | None)           \u2013            
    •  
  •  page_size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.ptr_size","title":"ptr_size  property","text":"
ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_offset","title":"page_offset  property","text":"
page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_offset","title":"phys_offset  property","text":"
phys_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.kbase","title":"kbase  property","text":"
kbase: int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_size","title":"page_size  property","text":"
page_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_phys","title":"virt_to_phys","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.per_cpu","title":"per_cpu","text":"
per_cpu(addr: int | Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_page","title":"pfn_to_page","text":"
pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_pfn","title":"page_to_pfn","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_virt","title":"phys_to_virt","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_pfn","title":"phys_to_pfn","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_phys","title":"pfn_to_phys","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.paging_enabled","title":"paging_enabled  staticmethod","text":"
paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops","title":"x86_64Ops","text":"
x86_64Ops()\n
 
               Bases: x86Ops
 
Methods:
 
     
  •  per_cpu             \u2013              
    •  
  •  virt_to_phys             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
  •  paging_enabled             \u2013              
    •  
 
Attributes:
 
     
  •  phys_base           \u2013            
    •  
  •  ptr_size               (int)           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  page_offset               (int)           \u2013            
    •  
  •  phys_offset               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int | None)           \u2013            
    •  
  •  page_size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_base","title":"phys_base  instance-attribute","text":"
phys_base = 16777216\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.ptr_size","title":"ptr_size  property","text":"
ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_offset","title":"page_offset  property","text":"
page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_offset","title":"phys_offset  property","text":"
phys_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.kbase","title":"kbase  property","text":"
kbase: int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_size","title":"page_size  property","text":"
page_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.per_cpu","title":"per_cpu","text":"
per_cpu(addr: int | Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_phys","title":"virt_to_phys","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_page","title":"pfn_to_page","text":"
pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_pfn","title":"page_to_pfn","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_virt","title":"phys_to_virt","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_pfn","title":"phys_to_pfn","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_phys","title":"pfn_to_phys","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.paging_enabled","title":"paging_enabled  staticmethod","text":"
paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops","title":"Aarch64Ops","text":"
               Bases: ArchOps
 
Methods:
 
     
  •  per_cpu             \u2013              
    •  
  •  virt_to_phys             \u2013              
    •  
  •  phys_to_virt             \u2013              
    •  
  •  phys_to_pfn             \u2013              
    •  
  •  pfn_to_phys             \u2013              
    •  
  •  pfn_to_page             \u2013              
    •  
  •  page_to_pfn             \u2013              
    •  
  •  paging_enabled             \u2013              
    •  
  •  virt_to_pfn             \u2013              
    •  
  •  pfn_to_virt             \u2013              
    •  
  •  phys_to_page             \u2013              
    •  
  •  page_to_phys             \u2013              
    •  
  •  virt_to_page             \u2013              
    •  
  •  page_to_virt             \u2013              
    •  
 
Attributes:
 
     
  •  ptr_size           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  page_offset               (int)           \u2013            
    •  
  •  phys_offset               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int | None)           \u2013            
    •  
  •  page_size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.ptr_size","title":"ptr_size  property","text":"
ptr_size\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_offset","title":"page_offset  property","text":"
page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_offset","title":"phys_offset  property","text":"
phys_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.kbase","title":"kbase  property","text":"
kbase: int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_size","title":"page_size  property","text":"
page_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.per_cpu","title":"per_cpu","text":"
per_cpu(addr: int | Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_phys","title":"virt_to_phys","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_virt","title":"phys_to_virt","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_pfn","title":"phys_to_pfn","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_phys","title":"pfn_to_phys","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_page","title":"pfn_to_page","text":"
pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_pfn","title":"page_to_pfn","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.paging_enabled","title":"paging_enabled  staticmethod","text":"
paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.BIT","title":"BIT","text":"
BIT(shift: int)\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.has_debug_symbols","title":"has_debug_symbols","text":"
has_debug_symbols(*required: str, checkall: bool = True) -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.has_debug_info","title":"has_debug_info","text":"
has_debug_info() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_debug_symbols","title":"requires_debug_symbols","text":"
requires_debug_symbols(\n    *required: str, checkall=False, default: D = None\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_debug_info","title":"requires_debug_info","text":"
requires_debug_info(\n    default: D = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.nproc","title":"nproc","text":"
nproc() -> int\n
 
Returns the number of processing units available, similar to nproc(1)
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.first_kernel_ro_page","title":"first_kernel_ro_page","text":"
first_kernel_ro_page() -> Page | None\n
 
Returns the first kernel mapping which contains the linux_banner
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kconfig","title":"kconfig","text":"
kconfig() -> Kconfig | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kcmdline","title":"kcmdline","text":"
kcmdline() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kversion","title":"kversion","text":"
kversion() -> str | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.krelease","title":"krelease","text":"
krelease() -> tuple[int, ...] | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.get_idt_entries","title":"get_idt_entries","text":"
get_idt_entries() -> list[IDTEntry]\n
 
Retrieves the IDT entries from memory.
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.arch_paginginfo","title":"arch_paginginfo","text":"
arch_paginginfo() -> ArchPagingInfo | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.arch_ops","title":"arch_ops","text":"
arch_ops() -> ArchOps | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.arch_symbols","title":"arch_symbols","text":"
arch_symbols() -> ArchSymbols | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ptr_size","title":"ptr_size","text":"
ptr_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_size","title":"page_size","text":"
page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.per_cpu","title":"per_cpu","text":"
per_cpu(addr: int | Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_phys","title":"virt_to_phys","text":"
virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_virt","title":"phys_to_virt","text":"
phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_pfn","title":"phys_to_pfn","text":"
phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_phys","title":"pfn_to_phys","text":"
pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_page","title":"pfn_to_page","text":"
pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_pfn","title":"page_to_pfn","text":"
page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_page","title":"phys_to_page","text":"
phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_phys","title":"page_to_phys","text":"
page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_page","title":"virt_to_page","text":"
virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_virt","title":"page_to_virt","text":"
page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_virt","title":"pfn_to_virt","text":"
pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_pfn","title":"virt_to_pfn","text":"
virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kbase","title":"kbase","text":"
kbase() -> int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pagewalk","title":"pagewalk","text":"
pagewalk(addr, entry=None) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.paging_enabled","title":"paging_enabled","text":"
paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.num_numa_nodes","title":"num_numa_nodes","text":"
num_numa_nodes() -> int\n
 
Returns the number of NUMA nodes that are online on the system
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.node_data","title":"node_data","text":"
node_data() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.slab_caches","title":"slab_caches","text":"
slab_caches() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.per_cpu_offset","title":"per_cpu_offset","text":"
per_cpu_offset() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.modules","title":"modules","text":"
modules() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.db_list","title":"db_list","text":"
db_list() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.prog_idr","title":"prog_idr","text":"
prog_idr() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.map_idr","title":"map_idr","text":"
map_idr() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.current_task","title":"current_task","text":"
current_task() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/bpf/","title":"bpf","text":""},{"location":"reference/pwndbg/aglib/kernel/bpf/#pwndbg.aglib.kernel.bpf","title":"bpf","text":"
Functions:
 
     
  •  get_struct_bpf_prog             \u2013              
    •  
  •  get_struct_bpf_map             \u2013              
    •  
  •  get_bpf_struct_offsets             \u2013              
    •  
  •  load_bpf_typeinfo             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/bpf/#pwndbg.aglib.kernel.bpf.get_struct_bpf_prog","title":"get_struct_bpf_prog","text":"
get_struct_bpf_prog()\n
"},{"location":"reference/pwndbg/aglib/kernel/bpf/#pwndbg.aglib.kernel.bpf.get_struct_bpf_map","title":"get_struct_bpf_map","text":"
get_struct_bpf_map()\n
"},{"location":"reference/pwndbg/aglib/kernel/bpf/#pwndbg.aglib.kernel.bpf.get_bpf_struct_offsets","title":"get_bpf_struct_offsets","text":"
get_bpf_struct_offsets(prog_idr, map_idr) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/bpf/#pwndbg.aglib.kernel.bpf.load_bpf_typeinfo","title":"load_bpf_typeinfo","text":"
load_bpf_typeinfo()\n
"},{"location":"reference/pwndbg/aglib/kernel/buddydump/","title":"buddydump","text":""},{"location":"reference/pwndbg/aglib/kernel/buddydump/#pwndbg.aglib.kernel.buddydump","title":"buddydump","text":"
Functions:
 
     
  •  find_zone_offsets             \u2013              
    •  
  •  load_buddydump_typeinfo             \u2013              
    •  
 
Attributes:
 
     
  •  MAX_ORDER           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/buddydump/#pwndbg.aglib.kernel.buddydump.MAX_ORDER","title":"MAX_ORDER  module-attribute","text":"
MAX_ORDER = 11\n
"},{"location":"reference/pwndbg/aglib/kernel/buddydump/#pwndbg.aglib.kernel.buddydump.find_zone_offsets","title":"find_zone_offsets","text":"
find_zone_offsets() -> tuple[int, int, int, int, int]\n
"},{"location":"reference/pwndbg/aglib/kernel/buddydump/#pwndbg.aglib.kernel.buddydump.load_buddydump_typeinfo","title":"load_buddydump_typeinfo","text":"
load_buddydump_typeinfo()\n
"},{"location":"reference/pwndbg/aglib/kernel/dmabuf/","title":"dmabuf","text":""},{"location":"reference/pwndbg/aglib/kernel/dmabuf/#pwndbg.aglib.kernel.dmabuf","title":"dmabuf","text":"
Functions:
 
     
  •  find_dmabuf_offsets             \u2013              
    •  
  •  load_dmabuf_typeinfo             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/dmabuf/#pwndbg.aglib.kernel.dmabuf.find_dmabuf_offsets","title":"find_dmabuf_offsets","text":"
find_dmabuf_offsets(dmabuf) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/kernel/dmabuf/#pwndbg.aglib.kernel.dmabuf.load_dmabuf_typeinfo","title":"load_dmabuf_typeinfo","text":"
load_dmabuf_typeinfo(first_dmabuf: int)\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/","title":"kallsyms","text":""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms","title":"kallsyms","text":"
Classes:
 
     
  •  Kallsyms           \u2013            
       
    • linux_banner >= 6.4
      •  
     
    •  
 
Functions:
 
     
  •  get             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms","title":"Kallsyms","text":"
Kallsyms()\n
 
     
  • linux_banner >= 6.4
    •  
  • ... <= 6.4
    •  
  • kallsyms_offsets
    •  
  • kallsyms_relative_base
    •  
  • kallsyms_num_syms
    •  
  • kallsyms_names
    •  
  • kallsyms_markers
    •  
  • kallsyms_token_table
    •  
  • kallsyms_token_index
    •  
  • kallsyms_offsets >= 6.4
    •  
  • kallsyms_relative_base >= 6.4
    •  
 
Methods:
 
     
  •  find_token_table             \u2013              
    This function searches for the kallsyms_token_table structure in the kernel memory.
     
    •  
  •  find_token_index             \u2013              
    This function searches for the kallsyms_token_index structure in the kernel memory
     
    •  
  •  find_markers             \u2013              
    This function searches for the kallsyms_markers structure in the kernel memory
     
    •  
  •  find_num_syms             \u2013              
    This function searches for the kallsyms_num_syms variable in the kernel memory
     
    •  
  •  find_offsets             \u2013              
    This function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory
     
    •  
  •  find_relative_base             \u2013              
    This function searches for the kallsyms_relative_base variable in the kernel memory.
     
    •  
  •  find_names             \u2013              
    •  
  •  get_kernel_addresses             \u2013              
    •  
  •  parse_symbol_table             \u2013              
    •  
  •  get_token_table             \u2013              
    •  
  •  find_names_uncompressed             \u2013              
    •  
  •  find_markers_uncompressed             \u2013              
    This function searches for the kallsyms_markers structure in the kernel memory
     
    •  
 
Attributes:
 
     
  •  kallsyms               (list[tuple[str, str, int]])           \u2013            
    •  
  •  kbase           \u2013            
    •  
  •  r_base           \u2013            
    •  
  •  kernel_ro_mem           \u2013            
    •  
  •  kernel_version           \u2013            
    •  
  •  is_offsets           \u2013            
    •  
  •  rbase_offset           \u2013            
    •  
  •  is_big_endian           \u2013            
    •  
  •  token_table           \u2013            
    •  
  •  is_uncompressed           \u2013            
    •  
  •  markers           \u2013            
    •  
  •  token_index           \u2013            
    •  
  •  num_syms           \u2013            
    •  
  •  offsets           \u2013            
    •  
  •  names           \u2013            
    •  
  •  kernel_addresses           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kallsyms","title":"kallsyms  instance-attribute","text":"
kallsyms: list[tuple[str, str, int]] = []\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kbase","title":"kbase  instance-attribute","text":"
kbase = kbase()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.r_base","title":"r_base  instance-attribute","text":"
r_base = vaddr\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_ro_mem","title":"kernel_ro_mem  instance-attribute","text":"
kernel_ro_mem = read(vaddr, memsz)\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_version","title":"kernel_version  instance-attribute","text":"
kernel_version = krelease()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_offsets","title":"is_offsets  instance-attribute","text":"
is_offsets = False\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.rbase_offset","title":"rbase_offset  instance-attribute","text":"
rbase_offset = 0\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_big_endian","title":"is_big_endian  instance-attribute","text":"
is_big_endian = None\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_table","title":"token_table  instance-attribute","text":"
token_table = find_token_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_uncompressed","title":"is_uncompressed  instance-attribute","text":"
is_uncompressed = False\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.markers","title":"markers  instance-attribute","text":"
markers = find_markers_uncompressed()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_index","title":"token_index  instance-attribute","text":"
token_index = find_token_index()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.num_syms","title":"num_syms  instance-attribute","text":"
num_syms = find_num_syms()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.offsets","title":"offsets  instance-attribute","text":"
offsets = find_offsets()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.names","title":"names  instance-attribute","text":"
names = find_names()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_addresses","title":"kernel_addresses  instance-attribute","text":"
kernel_addresses = get_kernel_addresses()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_table","title":"find_token_table","text":"
find_token_table() -> int\n
 
This function searches for the kallsyms_token_table structure in the kernel memory. The kallsyms_token_table contains 256 zero-terminated tokens from which symbol names are built. Example structure: 0xffffffff827b2f00:     \"mm\" 0xffffffff827b2f03:     \"tim\" 0xffffffff827b2f07:     \"bu\" 0xffffffff827b2f0a:     \"ode_\" 0xffffffff827b2f0f:     \"robestub\"  0xffffffff827b2fdb:     \"0\" 0xffffffff827b2fdd:     \"1\" 0xffffffff827b2fdf:     \"2\" 0xffffffff827b2fe1:     \"3\" 0xffffffff827b2fe3:     \"4\" 0xffffffff827b2fe5:     \"5\" 0xffffffff827b2fe7:     \"6\" 0xffffffff827b2fe9:     \"7\" 0xffffffff827b2feb:     \"8\" 0xffffffff827b2fed:     \"9\""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_index","title":"find_token_index","text":"
find_token_index() -> int | None\n
 
This function searches for the kallsyms_token_index structure in the kernel memory starting at kallsyms_token_table. The token index table provides offsets into the kallsyms_token_table for each 256 byte-valued sub-table. The kallsyms_token_index is typically located immediately after the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b3288:     0x0000  0x0003  0x0007  0x000a  0x000f  0x0018  0x001f  0x0023 0xffffffff827b3298:     0x0027  0x0031  0x0035  0x0038  0x003b  0x0043  0x0047  0x004a 0xffffffff827b32a8:     0x004f  0x0053  0x0056  0x0059  0x005d  0x0061  0x0067  0x006b 0xffffffff827b32b8:     0x006e  0x0071  0x0076  0x007c  0x0080  0x0088  0x008b  0x008f 0xffffffff827b32c8:     0x0094  0x0098  0x009b  0x009f  0x00a3  0x00a8  0x00ab  0x00b0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers","title":"find_markers","text":"
find_markers() -> int | None\n
 
This function searches for the kallsyms_markers structure in the kernel memory starting at kallsyms_token_table and search backwards. The markers table contains offsets to the corresponding symbol name for each kernel symbol. The kallsyms_markers table is typically located immediately before the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b2430:     0x00000000      0x00000b2a      0x00001762      0x000023f6 0xffffffff827b2440:     0x00002fe4      0x00003c9d      0x0000487c      0x000056fd 0xffffffff827b2450:     0x00006597      0x000073b9      0x000081be      0x00008f21 0xffffffff827b2460:     0x00009c94      0x0000a958      0x0000b632      0x0000c193 0xffffffff827b2470:     0x0000ce0b      0x0000db98      0x0000ea3e      0x0000f80a 0xffffffff827b2480:     0x000105be      0x000112d3      0x00011f8c      0x00012d75 0xffffffff827b2490:     0x0001384d      0x0001446e      0x00015138      0x00015d8c
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_num_syms","title":"find_num_syms","text":"
find_num_syms()\n
 
This function searches for the kallsyms_num_syms variable in the kernel memory starting at kallsyms_markers. The kallsyms_num_syms holds the number of kernel symbols in the symbol table. The kallsyms_num_syms variable is typically located before the kallsyms_names table in the kernel's read-only data section. In newer kernel versions the kallsyms_num_syms is immediately behind the linux_banner and in older version its behind kallsyms_base_relative or kallsyms_addresses (it depends on CONFIG_KALLSYMS_BASE_RELATIVE y/n)
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_offsets","title":"find_offsets","text":"
find_offsets()\n
 
This function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory starting at kallsyms_token_index. The offsets/addresses table containts offsets / addresses of each symbol in the kernel. The kallsyms_addresses is typically located before the kallsyms_num_syms variable in the kernel's read-only data section. Example structure: 0xffffffff827b3488:     0x00000000      0x00000000      0x00001000      0x00002000 0xffffffff827b3498:     0x00006000      0x0000b000      0x0000c000      0x0000d000 0xffffffff827b34a8:     0x00015000      0x00015008      0x00015010      0x00015018 0xffffffff827b34b8:     0x00015020      0x00015022      0x00015030      0x00015050 0xffffffff827b34c8:     0x00015450      0x00015460      0x00015860      0x00015888 0xffffffff827b34d8:     0x00015890      0x00015898      0x000158a0      0x000159c0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_relative_base","title":"find_relative_base","text":"
find_relative_base()\n
 
This function searches for the kallsyms_relative_base variable in the kernel memory. The relative base is used to calculate the actual virtual addresses of symbols from their offsets in the kallsyms_offsets table. The kallsyms_relative_base variable is typically located after the kallsyms_offsets table in the kernel's read-only data section.
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names","title":"find_names","text":"
find_names()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_kernel_addresses","title":"get_kernel_addresses","text":"
get_kernel_addresses()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.parse_symbol_table","title":"parse_symbol_table","text":"
parse_symbol_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_token_table","title":"get_token_table","text":"
get_token_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names_uncompressed","title":"find_names_uncompressed","text":"
find_names_uncompressed()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers_uncompressed","title":"find_markers_uncompressed","text":"
find_markers_uncompressed()\n
 
This function searches for the kallsyms_markers structure in the kernel memory Original Source: https://github.com/marin-m/vmlinux-to-elf/blob/master/vmlinux_to_elf/kallsyms_finder.py
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.get","title":"get","text":"
get() -> tuple[tuple[str, str, int], ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/","title":"kmod","text":""},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod","title":"kmod","text":"
Classes:
 
     
  •  mod_mem_type           \u2013            
    •  
 
Functions:
 
     
  •  module_name_offset             \u2013              
    •  
  •  module_mem_offset             \u2013              
    •  
  •  module_layout_offset             \u2013              
    •  
  •  module_kallsyms_offset             \u2013              
    •  
  •  module_list_with_typeinfo             \u2013              
    •  
  •  module_list             \u2013              
    •  
  •  parse_module_kallsyms             \u2013              
    •  
  •  all_modules_kallsyms             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type","title":"mod_mem_type","text":"
               Bases: Enum
 
Attributes:
 
     
  •  MOD_TEXT           \u2013            
    •  
  •  MOD_DATA           \u2013            
    •  
  •  MOD_RODATA           \u2013            
    •  
  •  MOD_RO_AFTER_INIT           \u2013            
    •  
  •  MOD_MEM_NUM_TYPES           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type.MOD_TEXT","title":"MOD_TEXT  class-attribute instance-attribute","text":"
MOD_TEXT = 0\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type.MOD_DATA","title":"MOD_DATA  class-attribute instance-attribute","text":"
MOD_DATA = 1\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type.MOD_RODATA","title":"MOD_RODATA  class-attribute instance-attribute","text":"
MOD_RODATA = 2\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type.MOD_RO_AFTER_INIT","title":"MOD_RO_AFTER_INIT  class-attribute instance-attribute","text":"
MOD_RO_AFTER_INIT = 3\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.mod_mem_type.MOD_MEM_NUM_TYPES","title":"MOD_MEM_NUM_TYPES  class-attribute instance-attribute","text":"
MOD_MEM_NUM_TYPES = 4\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_name_offset","title":"module_name_offset","text":"
module_name_offset()\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_mem_offset","title":"module_mem_offset","text":"
module_mem_offset() -> tuple[int | None, int | None, int | None]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_layout_offset","title":"module_layout_offset","text":"
module_layout_offset() -> tuple[int | None, int | None]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_kallsyms_offset","title":"module_kallsyms_offset","text":"
module_kallsyms_offset()\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_list_with_typeinfo","title":"module_list_with_typeinfo","text":"
module_list_with_typeinfo() -> tuple[Value, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.module_list","title":"module_list","text":"
module_list() -> tuple[int, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.parse_module_kallsyms","title":"parse_module_kallsyms","text":"
parse_module_kallsyms(kallsyms: int) -> list[tuple[str, int, str]]\n
"},{"location":"reference/pwndbg/aglib/kernel/kmod/#pwndbg.aglib.kernel.kmod.all_modules_kallsyms","title":"all_modules_kallsyms","text":"
all_modules_kallsyms() -> list[tuple[str, int, str]]\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/","title":"macros","text":""},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros","title":"macros","text":"
Functions:
 
     
  •  container_of             \u2013              
    •  
  •  for_each_entry             \u2013              
    •  
  •  swab             \u2013              
    •  
  •  compound_head             \u2013              
    returns the head page of compound pages
     
    •  
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.container_of","title":"container_of","text":"
container_of(ptr: int, typename: str, fieldname: str) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.for_each_entry","title":"for_each_entry","text":"
for_each_entry(head: Value, typename: str, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.swab","title":"swab","text":"
swab(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.compound_head","title":"compound_head","text":"
compound_head(page: Value) -> Value\n
 
returns the head page of compound pages
"},{"location":"reference/pwndbg/aglib/kernel/nftables/","title":"nftables","text":""},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables","title":"nftables","text":"
Classes:
 
     
  •  NftFields           \u2013            
    •  
  •  Expr           \u2013            
    •  
  •  Rule           \u2013            
    •  
  •  ChainHook           \u2013            
    •  
  •  Chain           \u2013            
    •  
  •  Set           \u2013            
    •  
  •  Object           \u2013            
    •  
  •  FlowtableHook           \u2013            
    •  
  •  Flowtable           \u2013            
    •  
  •  Table           \u2013            
    •  
  •  Nftables           \u2013            
    •  
 
Functions:
 
     
  •  catch_error             \u2013              
    •  
  •  get_init_net_namespace             \u2013              
    •  
 
Attributes:
 
     
  •  NFPROTO_INET           \u2013            
    •  
  •  NFPROTO_IPV4           \u2013            
    •  
  •  NFPROTO_ARP           \u2013            
    •  
  •  NFPROTO_NETDEV           \u2013            
    •  
  •  NFPROTO_BRIDGE           \u2013            
    •  
  •  NFPROTO_IPV6           \u2013            
    •  
  •  nftables_table_family           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_INET","title":"NFPROTO_INET  module-attribute","text":"
NFPROTO_INET = 1\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV4","title":"NFPROTO_IPV4  module-attribute","text":"
NFPROTO_IPV4 = 2\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_ARP","title":"NFPROTO_ARP  module-attribute","text":"
NFPROTO_ARP = 3\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_NETDEV","title":"NFPROTO_NETDEV  module-attribute","text":"
NFPROTO_NETDEV = 5\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_BRIDGE","title":"NFPROTO_BRIDGE  module-attribute","text":"
NFPROTO_BRIDGE = 7\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV6","title":"NFPROTO_IPV6  module-attribute","text":"
NFPROTO_IPV6 = 10\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.nftables_table_family","title":"nftables_table_family  module-attribute","text":"
nftables_table_family = {\n    \"inet\": NFPROTO_INET,\n    \"ip\": NFPROTO_IPV4,\n    \"arp\": NFPROTO_ARP,\n    \"netdev\": NFPROTO_NETDEV,\n    \"bridge\": NFPROTO_BRIDGE,\n    \"ip6\": NFPROTO_IPV6,\n}\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields","title":"NftFields","text":"
               Bases: object
 
Methods:
 
     
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr","title":"Expr","text":"
Expr(addr: Value)\n
 
Methods:
 
     
  •  print_expr_iptables             \u2013              
    •  
  •  print_expr_nftables             \u2013              
    •  
  •  print             \u2013              
    •  
 
Attributes:
 
     
  •  expr_name               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.expr_name","title":"expr_name  property","text":"
expr_name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_iptables","title":"print_expr_iptables","text":"
print_expr_iptables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_nftables","title":"print_expr_nftables","text":"
print_expr_nftables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule","title":"Rule","text":"
Rule(addr: Value, chain: 'Chain')\n
 
               Bases: NftFields
 
Methods:
 
     
  •  find             \u2013              
    •  
  •  iter_exprs             \u2013              
    •  
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  handle               (int)           \u2013            
    •  
  •  userdata               (bytearray)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.userdata","title":"userdata  property","text":"
userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.find","title":"find  classmethod","text":"
find(\n    table_name: str,\n    table_family: int,\n    chain_name: str,\n    rule_id: int,\n    nsid: int | None = None,\n) -> Iterator[\"Rule\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.iter_exprs","title":"iter_exprs","text":"
iter_exprs() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook","title":"ChainHook","text":"
ChainHook(parent: 'Chain')\n
 
               Bases: NftFields
 
Methods:
 
     
  •  is_netdev             \u2013              
    •  
  •  get_netdevs             \u2013              
    •  
  •  nested_print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  hooknum               (int)           \u2013            
    •  
  •  priority               (int)           \u2013            
    •  
  •  dev               (str)           \u2013            
    •  
  •  devs               (list[str])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.hooknum","title":"hooknum  instance-attribute","text":"
hooknum: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.priority","title":"priority  instance-attribute","text":"
priority: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.dev","title":"dev  property","text":"
dev: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.devs","title":"devs  property","text":"
devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.is_netdev","title":"is_netdev","text":"
is_netdev() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_netdevs","title":"get_netdevs","text":"
get_netdevs() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.nested_print","title":"nested_print","text":"
nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain","title":"Chain","text":"
Chain(addr: Value)\n
 
               Bases: NftFields
 
Methods:
 
     
  •  find             \u2013              
    •  
  •  iter_rules             \u2013              
    •  
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  bound               (int)           \u2013            
    •  
  •  genmask               (int)           \u2013            
    •  
  •  handle               (int)           \u2013            
    •  
  •  use               (int)           \u2013            
    •  
  •  flags               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  hook               (ChainHook)           \u2013            
    •  
  •  userdata               (bytearray)           \u2013            
    •  
  •  policy               (int)           \u2013            
    •  
  •  type               (str)           \u2013            
    •  
  •  table               ('Table')           \u2013            
    •  
  •  basechain               (Value | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.bound","title":"bound  instance-attribute","text":"
bound: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.genmask","title":"genmask  instance-attribute","text":"
genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.use","title":"use  instance-attribute","text":"
use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.flags","title":"flags  instance-attribute","text":"
flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.hook","title":"hook  instance-attribute","text":"
hook: ChainHook = ChainHook(self)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.userdata","title":"userdata  property","text":"
userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.policy","title":"policy  property","text":"
policy: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.type","title":"type  property","text":"
type: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.table","title":"table  property","text":"
table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.basechain","title":"basechain  property","text":"
basechain: Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.find","title":"find  classmethod","text":"
find(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    chain_name: str | None = None,\n    nsid: int | None = None,\n) -> Iterator[\"Chain\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.iter_rules","title":"iter_rules","text":"
iter_rules() -> Iterator[Rule]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set","title":"Set","text":"
Set(addr: Value)\n
 
               Bases: NftFields
 
Methods:
 
     
  •  iter_expr             \u2013              
    •  
  •  iter_elems             \u2013              
    •  
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  use               (int)           \u2013            
    •  
  •  dead               (int)           \u2013            
    •  
  •  genmask               (int)           \u2013            
    •  
  •  field_count               (int)           \u2013            
    •  
  •  num_exprs               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  flags               (int)           \u2013            
    •  
  •  ktype               (int)           \u2013            
    •  
  •  klen               (int)           \u2013            
    •  
  •  dtype               (int)           \u2013            
    •  
  •  dlen               (int)           \u2013            
    •  
  •  policy               (int)           \u2013            
    •  
  •  timeout               (int)           \u2013            
    •  
  •  gc_int               (int)           \u2013            
    •  
  •  objtype               (int)           \u2013            
    •  
  •  handle               (int)           \u2013            
    •  
  •  nelems               (int)           \u2013            
    •  
  •  desc_size               (int)           \u2013            
    •  
  •  desc_concat               (list[int])           \u2013            
    •  
  •  table               ('Table')           \u2013            
    •  
  •  userdata               (bytearray)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.use","title":"use  instance-attribute","text":"
use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dead","title":"dead  instance-attribute","text":"
dead: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.genmask","title":"genmask  instance-attribute","text":"
genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.field_count","title":"field_count  instance-attribute","text":"
field_count: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.num_exprs","title":"num_exprs  instance-attribute","text":"
num_exprs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.flags","title":"flags  instance-attribute","text":"
flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.ktype","title":"ktype  instance-attribute","text":"
ktype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.klen","title":"klen  instance-attribute","text":"
klen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dtype","title":"dtype  instance-attribute","text":"
dtype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dlen","title":"dlen  instance-attribute","text":"
dlen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.policy","title":"policy  instance-attribute","text":"
policy: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.timeout","title":"timeout  instance-attribute","text":"
timeout: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.gc_int","title":"gc_int  instance-attribute","text":"
gc_int: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.objtype","title":"objtype  instance-attribute","text":"
objtype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.nelems","title":"nelems  property","text":"
nelems: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_size","title":"desc_size  property","text":"
desc_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_concat","title":"desc_concat  property","text":"
desc_concat: list[int]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.table","title":"table  property","text":"
table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.userdata","title":"userdata  property","text":"
userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_expr","title":"iter_expr","text":"
iter_expr() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_elems","title":"iter_elems","text":"
iter_elems() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object","title":"Object","text":"
Object(addr: Value)\n
 
               Bases: NftFields
 
Methods:
 
     
  •  iter_data             \u2013              
    •  
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  genmask               (int)           \u2013            
    •  
  •  use               (int)           \u2013            
    •  
  •  handle               (int)           \u2013            
    •  
  •  type               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  table               ('Table')           \u2013            
    •  
  •  userdata               (bytearray)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.genmask","title":"genmask  instance-attribute","text":"
genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.use","title":"use  instance-attribute","text":"
use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.type","title":"type  property","text":"
type: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.name","title":"name  property","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.table","title":"table  property","text":"
table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.userdata","title":"userdata  property","text":"
userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.iter_data","title":"iter_data","text":"
iter_data() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook","title":"FlowtableHook","text":"
FlowtableHook(parent: 'Flowtable')\n
 
               Bases: NftFields
 
Methods:
 
     
  •  nested_print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  hooknum               (int)           \u2013            
    •  
  •  priority               (int)           \u2013            
    •  
  •  devs               (list[str])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.hooknum","title":"hooknum  property","text":"
hooknum: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.priority","title":"priority  property","text":"
priority: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.devs","title":"devs  property","text":"
devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.nested_print","title":"nested_print","text":"
nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable","title":"Flowtable","text":"
Flowtable(addr: Value)\n
 
               Bases: NftFields
 
Methods:
 
     
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  genmask               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  use               (int)           \u2013            
    •  
  •  handle               (int)           \u2013            
    •  
  •  hook               (FlowtableHook)           \u2013            
    •  
  •  table               ('Table')           \u2013            
    •  
  •  flags               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.genmask","title":"genmask  instance-attribute","text":"
genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.use","title":"use  instance-attribute","text":"
use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.hook","title":"hook  instance-attribute","text":"
hook: FlowtableHook = FlowtableHook(self)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.table","title":"table  property","text":"
table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.flags","title":"flags  property","text":"
flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table","title":"Table","text":"
Table(addr: Value)\n
 
               Bases: NftFields
 
Methods:
 
     
  •  find             \u2013              
    •  
  •  iter_chains             \u2013              
    •  
  •  iter_sets             \u2013              
    •  
  •  iter_flowtables             \u2013              
    •  
  •  iter_objects             \u2013              
    •  
  •  nested_print             \u2013              
    •  
  •  print             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  get_hook_list_dev_names             \u2013              
    •  
  •  print_fields             \u2013              
    •  
 
Attributes:
 
     
  •  family               (int)           \u2013            
    •  
  •  genmask               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  handle               (int)           \u2013            
    •  
  •  use               (int)           \u2013            
    •  
  •  flags               (int)           \u2013            
    •  
  •  nlpid               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.family","title":"family  instance-attribute","text":"
family: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.genmask","title":"genmask  instance-attribute","text":"
genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.handle","title":"handle  instance-attribute","text":"
handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.use","title":"use  instance-attribute","text":"
use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.flags","title":"flags  instance-attribute","text":"
flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nlpid","title":"nlpid  instance-attribute","text":"
nlpid: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.find","title":"find  classmethod","text":"
find(\n    table_name: str | None = None,\n    table_family: int | None = None,\n    nsid: int | None = None,\n) -> Iterator[\"Table\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_chains","title":"iter_chains","text":"
iter_chains() -> Iterator[Chain]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_sets","title":"iter_sets","text":"
iter_sets() -> Iterator[Set]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_flowtables","title":"iter_flowtables","text":"
iter_flowtables() -> Iterator[Flowtable]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_objects","title":"iter_objects","text":"
iter_objects() -> Iterator[Object]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nested_print","title":"nested_print","text":"
nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print","title":"print","text":"
print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.get_hook_list_dev_names","title":"get_hook_list_dev_names  classmethod","text":"
get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print_fields","title":"print_fields","text":"
print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables","title":"Nftables","text":"
Nftables(addr: Value)\n
 
Methods:
 
     
  •  find             \u2013              
    •  
  •  iter_tables             \u2013              
    •  
  •  print             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.find","title":"find  classmethod","text":"
find(nsid: int | None = None) -> 'Nftables' | None\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.iter_tables","title":"iter_tables","text":"
iter_tables() -> Iterator[Table]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.print","title":"print","text":"
print()\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.catch_error","title":"catch_error","text":"
catch_error(func)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.get_init_net_namespace","title":"get_init_net_namespace","text":"
get_init_net_namespace() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/","title":"paging","text":""},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging","title":"paging","text":"
Classes:
 
     
  •  PageTableLevel           \u2013            
    •  
  •  ArchPagingInfo           \u2013            
    •  
  •  x86_64PagingInfo           \u2013            
    •  
  •  Aarch64PagingInfo           \u2013            
    •  
 
Functions:
 
     
  •  first_kernel_page_start             \u2013              
    •  
 
Attributes:
 
     
  •  INVALID_ADDR           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.INVALID_ADDR","title":"INVALID_ADDR  module-attribute","text":"
INVALID_ADDR = 1 << 64\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.PageTableLevel","title":"PageTableLevel  dataclass","text":"
PageTableLevel(name: str, entry: int, virt: int, idx: int)\n
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  entry               (int)           \u2013            
    •  
  •  virt               (int)           \u2013            
    •  
  •  idx               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.PageTableLevel.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.PageTableLevel.entry","title":"entry  instance-attribute","text":"
entry: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.PageTableLevel.virt","title":"virt  instance-attribute","text":"
virt: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.PageTableLevel.idx","title":"idx  instance-attribute","text":"
idx: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo","title":"ArchPagingInfo","text":"
Methods:
 
     
  •  adjust             \u2013              
    •  
  •  markers             \u2013              
    •  
  •  handle_kernel_pages             \u2013              
    •  
  •  kbase_helper             \u2013              
    •  
  •  pagewalk             \u2013              
    •  
  •  pagewalk_helper             \u2013              
    •  
  •  pageentry_flags             \u2013              
    •  
  •  should_stop_pagewalk             \u2013              
    •  
 
Attributes:
 
     
  •  USERLAND           \u2013            
    •  
  •  KERNELLAND           \u2013            
    •  
  •  KERNELRO           \u2013            
    •  
  •  KERNELBSS           \u2013            
    •  
  •  KERNELDRIVER           \u2013            
    •  
  •  ESPSTACK           \u2013            
    •  
  •  PHYSMAP           \u2013            
    •  
  •  VMALLOC           \u2013            
    •  
  •  VMEMMAP           \u2013            
    •  
  •  addr_marker_sz               (int)           \u2013            
    •  
  •  va_bits               (int)           \u2013            
    •  
  •  pagetable_cache               (dict[Value, dict[int, int]])           \u2013            
    •  
  •  pagetableptr_cache               (dict[int, Value])           \u2013            
    •  
  •  pagetable_level_names               (tuple[str, ...])           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  physmap               (int)           \u2013            
    •  
  •  vmalloc               (int)           \u2013            
    •  
  •  vmemmap               (int)           \u2013            
    •  
  •  kbase               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  paging_level               (int)           \u2013            
    •  
  •  phys_offset           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.USERLAND","title":"USERLAND  class-attribute instance-attribute","text":"
USERLAND = 'userland'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.KERNELLAND","title":"KERNELLAND  class-attribute instance-attribute","text":"
KERNELLAND = 'kernel [.text]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.KERNELRO","title":"KERNELRO  class-attribute instance-attribute","text":"
KERNELRO = 'kernel [.rodata]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.KERNELBSS","title":"KERNELBSS  class-attribute instance-attribute","text":"
KERNELBSS = 'kernel [.bss]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.KERNELDRIVER","title":"KERNELDRIVER  class-attribute instance-attribute","text":"
KERNELDRIVER = 'kernel [.driver .bpf]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.ESPSTACK","title":"ESPSTACK  class-attribute instance-attribute","text":"
ESPSTACK = 'espfix'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.PHYSMAP","title":"PHYSMAP  class-attribute instance-attribute","text":"
PHYSMAP = 'physmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.VMALLOC","title":"VMALLOC  class-attribute instance-attribute","text":"
VMALLOC = 'vmalloc'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.VMEMMAP","title":"VMEMMAP  class-attribute instance-attribute","text":"
VMEMMAP = 'vmemmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.addr_marker_sz","title":"addr_marker_sz  instance-attribute","text":"
addr_marker_sz: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.va_bits","title":"va_bits  instance-attribute","text":"
va_bits: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pagetable_cache","title":"pagetable_cache  class-attribute instance-attribute","text":"
pagetable_cache: dict[Value, dict[int, int]] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pagetableptr_cache","title":"pagetableptr_cache  class-attribute instance-attribute","text":"
pagetableptr_cache: dict[int, Value] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pagetable_level_names","title":"pagetable_level_names  instance-attribute","text":"
pagetable_level_names: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.physmap","title":"physmap  property","text":"
physmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.vmalloc","title":"vmalloc  property","text":"
vmalloc: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.vmemmap","title":"vmemmap  property","text":"
vmemmap: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.kbase","title":"kbase  property","text":"
kbase: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.paging_level","title":"paging_level  property","text":"
paging_level: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.phys_offset","title":"phys_offset  property","text":"
phys_offset\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.adjust","title":"adjust","text":"
adjust(name: str) -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.markers","title":"markers","text":"
markers() -> tuple[tuple[str, int], ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.handle_kernel_pages","title":"handle_kernel_pages","text":"
handle_kernel_pages(pages)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.kbase_helper","title":"kbase_helper","text":"
kbase_helper(address)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pagewalk","title":"pagewalk","text":"
pagewalk(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pagewalk_helper","title":"pagewalk_helper","text":"
pagewalk_helper(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.pageentry_flags","title":"pageentry_flags","text":"
pageentry_flags(level) -> BitFlags\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ArchPagingInfo.should_stop_pagewalk","title":"should_stop_pagewalk","text":"
should_stop_pagewalk(is_last)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo","title":"x86_64PagingInfo","text":"
x86_64PagingInfo()\n
 
               Bases: ArchPagingInfo
 
Methods:
 
     
  •  get_vmalloc_vmemmap_bases             \u2013              
    •  
  •  markers             \u2013              
    •  
  •  adjust             \u2013              
    •  
  •  handle_kernel_pages             \u2013              
    •  
  •  pagewalk             \u2013              
    •  
  •  pageentry_flags             \u2013              
    •  
  •  should_stop_pagewalk             \u2013              
    •  
  •  kbase_helper             \u2013              
    •  
  •  pagewalk_helper             \u2013              
    •  
 
Attributes:
 
     
  •  va_bits           \u2013            
    •  
  •  pagetable_level_names           \u2013            
    •  
  •  physmap           \u2013            
    •  
  •  kbase           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  vmalloc           \u2013            
    •  
  •  vmemmap           \u2013            
    •  
  •  paging_level               (int)           \u2013            
    •  
  •  USERLAND           \u2013            
    •  
  •  KERNELLAND           \u2013            
    •  
  •  KERNELRO           \u2013            
    •  
  •  KERNELBSS           \u2013            
    •  
  •  KERNELDRIVER           \u2013            
    •  
  •  ESPSTACK           \u2013            
    •  
  •  PHYSMAP           \u2013            
    •  
  •  VMALLOC           \u2013            
    •  
  •  VMEMMAP           \u2013            
    •  
  •  addr_marker_sz               (int)           \u2013            
    •  
  •  pagetable_cache               (dict[Value, dict[int, int]])           \u2013            
    •  
  •  pagetableptr_cache               (dict[int, Value])           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
  •  phys_offset           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.va_bits","title":"va_bits  instance-attribute","text":"
va_bits = 48 if paging_level == 4 else 51\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pagetable_level_names","title":"pagetable_level_names  instance-attribute","text":"
pagetable_level_names = (\n    (\"Page\", \"PT\", \"PMD\", \"PUD\", \"PGD\")\n    if paging_level == 4\n    else (\"Page\", \"PT\", \"PMD\", \"P4D\", \"PUD\", \"PGD\")\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.physmap","title":"physmap  property","text":"
physmap\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.kbase","title":"kbase  property","text":"
kbase\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.vmalloc","title":"vmalloc  property","text":"
vmalloc\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.vmemmap","title":"vmemmap  property","text":"
vmemmap\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.paging_level","title":"paging_level  property","text":"
paging_level: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.USERLAND","title":"USERLAND  class-attribute instance-attribute","text":"
USERLAND = 'userland'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.KERNELLAND","title":"KERNELLAND  class-attribute instance-attribute","text":"
KERNELLAND = 'kernel [.text]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.KERNELRO","title":"KERNELRO  class-attribute instance-attribute","text":"
KERNELRO = 'kernel [.rodata]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.KERNELBSS","title":"KERNELBSS  class-attribute instance-attribute","text":"
KERNELBSS = 'kernel [.bss]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.KERNELDRIVER","title":"KERNELDRIVER  class-attribute instance-attribute","text":"
KERNELDRIVER = 'kernel [.driver .bpf]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.ESPSTACK","title":"ESPSTACK  class-attribute instance-attribute","text":"
ESPSTACK = 'espfix'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.PHYSMAP","title":"PHYSMAP  class-attribute instance-attribute","text":"
PHYSMAP = 'physmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.VMALLOC","title":"VMALLOC  class-attribute instance-attribute","text":"
VMALLOC = 'vmalloc'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.VMEMMAP","title":"VMEMMAP  class-attribute instance-attribute","text":"
VMEMMAP = 'vmemmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.addr_marker_sz","title":"addr_marker_sz  instance-attribute","text":"
addr_marker_sz: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pagetable_cache","title":"pagetable_cache  class-attribute instance-attribute","text":"
pagetable_cache: dict[Value, dict[int, int]] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pagetableptr_cache","title":"pagetableptr_cache  class-attribute instance-attribute","text":"
pagetableptr_cache: dict[int, Value] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.phys_offset","title":"phys_offset  property","text":"
phys_offset\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.get_vmalloc_vmemmap_bases","title":"get_vmalloc_vmemmap_bases","text":"
get_vmalloc_vmemmap_bases()\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.markers","title":"markers","text":"
markers() -> tuple[tuple[str, int], ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.adjust","title":"adjust","text":"
adjust(name)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.handle_kernel_pages","title":"handle_kernel_pages","text":"
handle_kernel_pages(pages)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pagewalk","title":"pagewalk","text":"
pagewalk(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pageentry_flags","title":"pageentry_flags","text":"
pageentry_flags(is_last) -> BitFlags\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.should_stop_pagewalk","title":"should_stop_pagewalk","text":"
should_stop_pagewalk(entry)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.kbase_helper","title":"kbase_helper","text":"
kbase_helper(address)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.x86_64PagingInfo.pagewalk_helper","title":"pagewalk_helper","text":"
pagewalk_helper(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo","title":"Aarch64PagingInfo","text":"
Aarch64PagingInfo()\n
 
               Bases: ArchPagingInfo
 
Methods:
 
     
  •  markers             \u2013              
    •  
  •  adjust             \u2013              
    •  
  •  handle_kernel_pages             \u2013              
    •  
  •  pagewalk             \u2013              
    •  
  •  pageentry_flags             \u2013              
    •  
  •  should_stop_pagewalk             \u2013              
    •  
  •  kbase_helper             \u2013              
    •  
  •  pagewalk_helper             \u2013              
    •  
 
Attributes:
 
     
  •  tcr_el1           \u2013            
    •  
  •  va_bits           \u2013            
    •  
  •  PAGE_OFFSET           \u2013            
    •  
  •  va_bits_min           \u2013            
    •  
  •  pagetable_level_names           \u2013            
    •  
  •  vmalloc               (int)           \u2013            
    •  
  •  physmap           \u2013            
    •  
  •  kbase           \u2013            
    •  
  •  kversion           \u2013            
    •  
  •  module_start           \u2013            
    •  
  •  vmemmap           \u2013            
    •  
  •  pci           \u2013            
    •  
  •  fixmap           \u2013            
    •  
  •  ksize           \u2013            
    •  
  •  page_shift_heuristic               (int)           \u2013            
    •  
  •  page_shift               (int)           \u2013            
    •  
  •  page_shift_user               (int)           \u2013            
    •  
  •  paging_level           \u2013            
    •  
  •  phys_offset           \u2013            
    •  
  •  USERLAND           \u2013            
    •  
  •  KERNELLAND           \u2013            
    •  
  •  KERNELRO           \u2013            
    •  
  •  KERNELBSS           \u2013            
    •  
  •  KERNELDRIVER           \u2013            
    •  
  •  ESPSTACK           \u2013            
    •  
  •  PHYSMAP           \u2013            
    •  
  •  VMALLOC           \u2013            
    •  
  •  VMEMMAP           \u2013            
    •  
  •  addr_marker_sz               (int)           \u2013            
    •  
  •  pagetable_cache               (dict[Value, dict[int, int]])           \u2013            
    •  
  •  pagetableptr_cache               (dict[int, Value])           \u2013            
    •  
  •  STRUCT_PAGE_SIZE           \u2013            
    •  
  •  STRUCT_PAGE_SHIFT           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.tcr_el1","title":"tcr_el1  instance-attribute","text":"
tcr_el1 = aarch64_tcr_flags\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.va_bits","title":"va_bits  instance-attribute","text":"
va_bits = 64 - tcr_el1['T1SZ']\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.PAGE_OFFSET","title":"PAGE_OFFSET  instance-attribute","text":"
PAGE_OFFSET = _PAGE_OFFSET(va_bits)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.va_bits_min","title":"va_bits_min  instance-attribute","text":"
va_bits_min = 48 if va_bits > 48 else va_bits\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pagetable_level_names","title":"pagetable_level_names  instance-attribute","text":"
pagetable_level_names = ('Page', 'L3', 'L2', 'L1', 'L0')\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.vmalloc","title":"vmalloc  property","text":"
vmalloc: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.physmap","title":"physmap  property","text":"
physmap\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.kbase","title":"kbase  property","text":"
kbase\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.kversion","title":"kversion  property","text":"
kversion\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.module_start","title":"module_start  property","text":"
module_start\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.vmemmap","title":"vmemmap  property","text":"
vmemmap\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pci","title":"pci  property","text":"
pci\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.fixmap","title":"fixmap  property","text":"
fixmap\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.ksize","title":"ksize  property","text":"
ksize\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.page_shift_heuristic","title":"page_shift_heuristic  property","text":"
page_shift_heuristic: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.page_shift","title":"page_shift  property","text":"
page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.page_shift_user","title":"page_shift_user  property","text":"
page_shift_user: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.paging_level","title":"paging_level  property","text":"
paging_level\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.phys_offset","title":"phys_offset  property","text":"
phys_offset\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.USERLAND","title":"USERLAND  class-attribute instance-attribute","text":"
USERLAND = 'userland'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.KERNELLAND","title":"KERNELLAND  class-attribute instance-attribute","text":"
KERNELLAND = 'kernel [.text]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.KERNELRO","title":"KERNELRO  class-attribute instance-attribute","text":"
KERNELRO = 'kernel [.rodata]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.KERNELBSS","title":"KERNELBSS  class-attribute instance-attribute","text":"
KERNELBSS = 'kernel [.bss]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.KERNELDRIVER","title":"KERNELDRIVER  class-attribute instance-attribute","text":"
KERNELDRIVER = 'kernel [.driver .bpf]'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.ESPSTACK","title":"ESPSTACK  class-attribute instance-attribute","text":"
ESPSTACK = 'espfix'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.PHYSMAP","title":"PHYSMAP  class-attribute instance-attribute","text":"
PHYSMAP = 'physmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.VMALLOC","title":"VMALLOC  class-attribute instance-attribute","text":"
VMALLOC = 'vmalloc'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.VMEMMAP","title":"VMEMMAP  class-attribute instance-attribute","text":"
VMEMMAP = 'vmemmap'\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.addr_marker_sz","title":"addr_marker_sz  instance-attribute","text":"
addr_marker_sz: int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pagetable_cache","title":"pagetable_cache  class-attribute instance-attribute","text":"
pagetable_cache: dict[Value, dict[int, int]] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pagetableptr_cache","title":"pagetableptr_cache  class-attribute instance-attribute","text":"
pagetableptr_cache: dict[int, Value] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE  property","text":"
STRUCT_PAGE_SIZE\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT  property","text":"
STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.markers","title":"markers","text":"
markers() -> tuple[tuple[str, int], ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.adjust","title":"adjust","text":"
adjust(name)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.handle_kernel_pages","title":"handle_kernel_pages","text":"
handle_kernel_pages(pages)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pagewalk","title":"pagewalk","text":"
pagewalk(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pageentry_flags","title":"pageentry_flags","text":"
pageentry_flags(is_last) -> BitFlags\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.should_stop_pagewalk","title":"should_stop_pagewalk","text":"
should_stop_pagewalk(entry)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.kbase_helper","title":"kbase_helper","text":"
kbase_helper(address)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.Aarch64PagingInfo.pagewalk_helper","title":"pagewalk_helper","text":"
pagewalk_helper(target, entry) -> tuple[PageTableLevel, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.first_kernel_page_start","title":"first_kernel_page_start","text":"
first_kernel_page_start()\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/","title":"rbtree","text":""},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree","title":"rbtree","text":"
Functions:
 
     
  •  init             \u2013              
    •  
  •  for_each_rb_entry             \u2013              
    •  
  •  rb_first             \u2013              
    •  
  •  rb_last             \u2013              
    •  
  •  rb_parent             \u2013              
    •  
  •  rb_empty_node             \u2013              
    •  
  •  rb_next             \u2013              
    •  
  •  rb_prev             \u2013              
    •  
 
Attributes:
 
     
  •  rb_root_type               (Type)           \u2013            
    •  
  •  rb_node_type               (Type)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_root_type","title":"rb_root_type  module-attribute","text":"
rb_root_type: Type = None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_node_type","title":"rb_node_type  module-attribute","text":"
rb_node_type: Type = None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.init","title":"init","text":"
init()\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.for_each_rb_entry","title":"for_each_rb_entry","text":"
for_each_rb_entry(\n    root: Value, typename: str, fieldname: str\n) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_first","title":"rb_first","text":"
rb_first(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_last","title":"rb_last","text":"
rb_last(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_parent","title":"rb_parent","text":"
rb_parent(node: Value) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_empty_node","title":"rb_empty_node","text":"
rb_empty_node(node: Value) -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_next","title":"rb_next","text":"
rb_next(node: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_prev","title":"rb_prev","text":"
rb_prev(node: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/","title":"slab","text":""},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab","title":"slab","text":"
Classes:
 
     
  •  Freelist           \u2013            
    •  
  •  SlabCache           \u2013            
    •  
  •  CpuCache           \u2013            
    •  
  •  NodeCache           \u2013            
    •  
  •  Slab           \u2013            
    •  
 
Functions:
 
     
  •  caches             \u2013              
    •  
  •  get_cache             \u2013              
    •  
  •  slab_struct_type             \u2013              
    •  
  •  oo_order             \u2013              
    •  
  •  oo_objects             \u2013              
    •  
  •  get_flags_list             \u2013              
    •  
  •  find_containing_slab_cache             \u2013              
    •  
  •  kmem_cache_node_pad_sz             \u2013              
    •  
  •  kmem_cache_pad_sz             \u2013              
    •  
  •  kmem_cache_structs             \u2013              
    •  
  •  load_slab_typeinfo             \u2013              
    •  
 
Attributes:
 
     
  •  OO_SHIFT           \u2013            
    •  
  •  OO_MASK           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.OO_SHIFT","title":"OO_SHIFT  module-attribute","text":"
OO_SHIFT = 16\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.OO_MASK","title":"OO_MASK  module-attribute","text":"
OO_MASK = (1 << OO_SHIFT) - 1\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist","title":"Freelist","text":"
Freelist(start_addr: int, slab: Slab)\n
 
Methods:
 
     
  •  __iter__             \u2013              
    •  
  •  __int__             \u2013              
    •  
  •  __len__             \u2013              
    •  
  •  find_next             \u2013              
    •  
  •  is_valid_obj             \u2013              
    •  
 
Attributes:
 
     
  •  start_addr           \u2013            
    •  
  •  slab           \u2013            
    •  
  •  offset           \u2013            
    •  
  •  random           \u2013            
    •  
  •  cyclic           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.start_addr","title":"start_addr  instance-attribute","text":"
start_addr = start_addr\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.slab","title":"slab  instance-attribute","text":"
slab = slab\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.offset","title":"offset  instance-attribute","text":"
offset = offset\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.random","title":"random  instance-attribute","text":"
random = random\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.cyclic","title":"cyclic  instance-attribute","text":"
cyclic = None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__iter__","title":"__iter__","text":"
__iter__() -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__int__","title":"__int__","text":"
__int__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__len__","title":"__len__","text":"
__len__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.find_next","title":"find_next","text":"
find_next(addr: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.is_valid_obj","title":"is_valid_obj","text":"
is_valid_obj(addr)\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache","title":"SlabCache","text":"
SlabCache(slab_cache: Value)\n
 
Methods:
 
     
  •  find_containing_slab             \u2013              
    •  
 
Attributes:
 
     
  •  address               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  offset               (int)           \u2013            
    •  
  •  random               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    •  
  •  slab_size               (int)           \u2013            
    •  
  •  object_size               (int)           \u2013            
    •  
  •  align               (int)           \u2013            
    •  
  •  flags               (list[str])           \u2013            
    •  
  •  cpu_cache               (CpuCache | None)           \u2013            
    returns cpu cache associated to current thread
     
    •  
  •  cpu_caches               (Generator[CpuCache, None, None])           \u2013            
    •  
  •  node_caches               (Generator[NodeCache, None, None])           \u2013            
    returns node caches for all NUMA nodes
     
    •  
  •  cpu_partial               (int)           \u2013            
    •  
  •  cpu_partial_slabs               (int)           \u2013            
    •  
  •  min_partial               (int)           \u2013            
    •  
  •  inuse               (int)           \u2013            
    •  
  •  useroffset               (int)           \u2013            
    •  
  •  usersize               (int)           \u2013            
    •  
  •  oo_order           \u2013            
    •  
  •  oo_objects           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.address","title":"address  property","text":"
address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.name","title":"name  property","text":"
name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.offset","title":"offset  property","text":"
offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.random","title":"random  property","text":"
random: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.size","title":"size  property","text":"
size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.slab_size","title":"slab_size  property","text":"
slab_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.object_size","title":"object_size  property","text":"
object_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.align","title":"align  property","text":"
align: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.flags","title":"flags  property","text":"
flags: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_cache","title":"cpu_cache  property","text":"
cpu_cache: CpuCache | None\n
 
returns cpu cache associated to current thread
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_caches","title":"cpu_caches  property","text":"
cpu_caches: Generator[CpuCache, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.node_caches","title":"node_caches  property","text":"
node_caches: Generator[NodeCache, None, None]\n
 
returns node caches for all NUMA nodes
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_partial","title":"cpu_partial  property","text":"
cpu_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_partial_slabs","title":"cpu_partial_slabs  property","text":"
cpu_partial_slabs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.min_partial","title":"min_partial  property","text":"
min_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.inuse","title":"inuse  property","text":"
inuse: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.useroffset","title":"useroffset  property","text":"
useroffset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.usersize","title":"usersize  property","text":"
usersize: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.__oo_x","title":"__oo_x  property","text":"
__oo_x: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_order","title":"oo_order  property","text":"
oo_order\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_objects","title":"oo_objects  property","text":"
oo_objects\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.find_containing_slab","title":"find_containing_slab","text":"
find_containing_slab(address) -> Slab | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache","title":"CpuCache","text":"
CpuCache(cpu_cache: Value, slab_cache: SlabCache, cpu: int)\n
 
Attributes:
 
     
  •  slab_cache           \u2013            
    •  
  •  cpu           \u2013            
    •  
  •  address               (int)           \u2013            
    •  
  •  freelist               (Freelist)           \u2013            
    •  
  •  active_slab               (Slab | None)           \u2013            
    •  
  •  partial_slabs               (list[Slab])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.slab_cache","title":"slab_cache  instance-attribute","text":"
slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.cpu","title":"cpu  instance-attribute","text":"
cpu = cpu\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.address","title":"address  property","text":"
address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.freelist","title":"freelist  property","text":"
freelist: Freelist\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.active_slab","title":"active_slab  property","text":"
active_slab: Slab | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.partial_slabs","title":"partial_slabs  property","text":"
partial_slabs: list[Slab]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache","title":"NodeCache","text":"
NodeCache(node_cache: Value, slab_cache: SlabCache, node: int)\n
 
Attributes:
 
     
  •  slab_cache           \u2013            
    •  
  •  node           \u2013            
    •  
  •  address               (int)           \u2013            
    •  
  •  partial_slabs               (list[Slab])           \u2013            
    •  
  •  nr_partial               (int)           \u2013            
    •  
  •  min_partial               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.slab_cache","title":"slab_cache  instance-attribute","text":"
slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.node","title":"node  instance-attribute","text":"
node = node\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.address","title":"address  property","text":"
address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.partial_slabs","title":"partial_slabs  property","text":"
partial_slabs: list[Slab]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.nr_partial","title":"nr_partial  property","text":"
nr_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.min_partial","title":"min_partial  property","text":"
min_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab","title":"Slab","text":"
Slab(\n    slab: Value,\n    cpu_cache: CpuCache = None,\n    node_cache: NodeCache = None,\n    is_active: bool = False,\n)\n
 
Methods:
 
     
  •  __contains__             \u2013              
    •  
 
Attributes:
 
     
  •  is_active           \u2013            
    •  
  •  cpu_cache           \u2013            
    •  
  •  is_cpu           \u2013            
    •  
  •  slab_cache           \u2013            
    •  
  •  node_cache           \u2013            
    •  
  •  slab_address               (int)           \u2013            
    •  
  •  virt_address               (int)           \u2013            
    •  
  •  object_count               (int)           \u2013            
    •  
  •  objects               (Generator[int, None, None])           \u2013            
    •  
  •  frozen               (int)           \u2013            
    •  
  •  inuse               (int)           \u2013            
    •  
  •  slabs               (int)           \u2013            
    •  
  •  pobjects               (int)           \u2013            
    •  
  •  freelist               (Freelist)           \u2013            
    •  
  •  free_objects               (set[int])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.is_active","title":"is_active  instance-attribute","text":"
is_active = is_active\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.cpu_cache","title":"cpu_cache  instance-attribute","text":"
cpu_cache = cpu_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.is_cpu","title":"is_cpu  instance-attribute","text":"
is_cpu = True\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_cache","title":"slab_cache  instance-attribute","text":"
slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.node_cache","title":"node_cache  instance-attribute","text":"
node_cache = node_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_address","title":"slab_address  property","text":"
slab_address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.virt_address","title":"virt_address  property","text":"
virt_address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.object_count","title":"object_count  property","text":"
object_count: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.objects","title":"objects  property","text":"
objects: Generator[int, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.frozen","title":"frozen  property","text":"
frozen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.inuse","title":"inuse  property","text":"
inuse: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slabs","title":"slabs  property","text":"
slabs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.pobjects","title":"pobjects  property","text":"
pobjects: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.freelist","title":"freelist  property","text":"
freelist: Freelist\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.free_objects","title":"free_objects  property","text":"
free_objects: set[int]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.__contains__","title":"__contains__","text":"
__contains__(addr: int)\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.caches","title":"caches","text":"
caches() -> Generator[SlabCache, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_cache","title":"get_cache","text":"
get_cache(target_name: str) -> SlabCache | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.slab_struct_type","title":"slab_struct_type","text":"
slab_struct_type() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_order","title":"oo_order","text":"
oo_order(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_objects","title":"oo_objects","text":"
oo_objects(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_flags_list","title":"get_flags_list","text":"
get_flags_list(flags: int) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.find_containing_slab_cache","title":"find_containing_slab_cache","text":"
find_containing_slab_cache(addr: int) -> SlabCache | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.kmem_cache_node_pad_sz","title":"kmem_cache_node_pad_sz","text":"
kmem_cache_node_pad_sz(val)\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.kmem_cache_pad_sz","title":"kmem_cache_pad_sz","text":"
kmem_cache_pad_sz(kconfig) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.kmem_cache_structs","title":"kmem_cache_structs","text":"
kmem_cache_structs(node_cache_pad)\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.load_slab_typeinfo","title":"load_slab_typeinfo","text":"
load_slab_typeinfo()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/","title":"symbol","text":""},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol","title":"symbol","text":"
Classes:
 
     
  •  ArchSymbols           \u2013            
    •  
  •  x86_64Symbols           \u2013            
    •  
  •  Aarch64Symbols           \u2013            
    •  
 
Functions:
 
     
  •  migratetype_names             \u2013              
    •  
  •  try_usymbol             \u2013              
    •  
  •  nzones             \u2013              
    •  
  •  nmtypes             \u2013              
    •  
  •  npcplist             \u2013              
    returns NR_PCP_LISTS (https://elixir.bootlin.com/linux/v6.13/source/include/linux/mmzone.h#L671)
     
    •  
  •  kversion_cint             \u2013              
    •  
  •  load_common_structs             \u2013              
    •  
  •  load_common_structs_on_load             \u2013              
    •  
 
Attributes:
 
     
  •  POSSIBLE_ZONE_NAMES           \u2013            
    •  
  •  COMMON_TYPES           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.POSSIBLE_ZONE_NAMES","title":"POSSIBLE_ZONE_NAMES  module-attribute","text":"
POSSIBLE_ZONE_NAMES = (\"DMA\", \"DMA32\", \"Normal\", \"HighMem\", \"Movable\", \"Device\")\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.COMMON_TYPES","title":"COMMON_TYPES  module-attribute","text":"
COMMON_TYPES = '\\n#include <stdint.h>\\n#include <stddef.h>\\n#include <linux/version.h>\\ntypedef unsigned char u8;\\ntypedef char s8;\\ntypedef unsigned short u16;\\ntypedef unsigned int u32;\\ntypedef long long s64;\\n#define bool int\\n#if UINTPTR_MAX == 0xffffffff\\n    typedef int16_t arch_word_t;\\n#else\\n    typedef int32_t arch_word_t;\\n#endif\\ntypedef struct {\\n    int counter;\\n} atomic_t;\\n\\nstruct list_head {\\n    struct list_head *next, *prev;\\n};\\nstruct kmem_cache;\\nenum pageflags {\\n\\tPG_locked,\\t\\t/* Page is locked. Don\\'t touch. */\\n\\tPG_writeback,\\t\\t/* Page is under writeback */\\n\\tPG_referenced,\\n\\tPG_uptodate,\\n\\tPG_dirty,\\n\\tPG_lru,\\n\\tPG_head,\\t\\t/* Must be in bit 6 */\\n\\tPG_waiters,\\t\\t/* Page has waiters, check its waitqueue. Must be bit #7 and in the same byte as \"PG_locked\" */\\n\\tPG_active,\\n\\tPG_workingset,\\n\\tPG_owner_priv_1,\\t/* Owner use. If pagecache, fs may use */\\n\\tPG_owner_2,\\t\\t/* Owner use. If pagecache, fs may use */\\n\\tPG_arch_1,\\n\\tPG_reserved,\\n\\tPG_private,\\t\\t/* If pagecache, has fs-private data */\\n\\tPG_private_2,\\t\\t/* If pagecache, has fs aux data */\\n\\tPG_reclaim,\\t\\t/* To be reclaimed asap */\\n\\tPG_swapbacked,\\t\\t/* Page is backed by RAM/swap */\\n\\tPG_unevictable,\\t\\t/* Page is \"unevictable\"  */\\n\\tPG_dropbehind,\\t\\t/* drop pages on IO completion */\\n};\\n'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols","title":"ArchSymbols","text":"
ArchSymbols()\n
 
Methods:
 
     
  •  disass             \u2013              
    •  
  •  regex             \u2013              
    •  
  •  node_data             \u2013              
    •  
  •  slab_caches             \u2013              
    •  
  •  per_cpu_offset             \u2013              
    •  
  •  modules             \u2013              
    •  
  •  db_list             \u2013              
    •  
  •  map_idr             \u2013              
    •  
  •  prog_idr             \u2013              
    •  
  •  current_task             \u2013              
    •  
 
Attributes:
 
     
  •  node_data_heuristic_func           \u2013            
    •  
  •  slab_caches_heuristic_func           \u2013            
    •  
  •  per_cpu_offset_heuristic_func           \u2013            
    •  
  •  modules_heuristic_func           \u2013            
    •  
  •  db_list_heuristic_func           \u2013            
    •  
  •  bpf_prog_heuristic_func           \u2013            
    •  
  •  bpf_map_heuristic_func           \u2013            
    •  
  •  current_task_heuristic_func           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.node_data_heuristic_func","title":"node_data_heuristic_func  instance-attribute","text":"
node_data_heuristic_func = 'first_online_pgdat'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.slab_caches_heuristic_func","title":"slab_caches_heuristic_func  instance-attribute","text":"
slab_caches_heuristic_func = 'slab_next'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.per_cpu_offset_heuristic_func","title":"per_cpu_offset_heuristic_func  instance-attribute","text":"
per_cpu_offset_heuristic_func = 'nr_iowait_cpu'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.modules_heuristic_func","title":"modules_heuristic_func  instance-attribute","text":"
modules_heuristic_func = 'find_module_all'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.db_list_heuristic_func","title":"db_list_heuristic_func  instance-attribute","text":"
db_list_heuristic_func = (\n    \"dma_buf_file_release\" if krelease() >= (5, 10) else \"dma_buf_release\"\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.bpf_prog_heuristic_func","title":"bpf_prog_heuristic_func  instance-attribute","text":"
bpf_prog_heuristic_func = 'bpf_prog_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.bpf_map_heuristic_func","title":"bpf_map_heuristic_func  instance-attribute","text":"
bpf_map_heuristic_func = 'bpf_map_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.current_task_heuristic_func","title":"current_task_heuristic_func  instance-attribute","text":"
current_task_heuristic_func = 'common_cpu_up'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.disass","title":"disass","text":"
disass(name, lines=5)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.regex","title":"regex","text":"
regex(s, pattern, nth)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.node_data","title":"node_data","text":"
node_data()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.slab_caches","title":"slab_caches","text":"
slab_caches()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.per_cpu_offset","title":"per_cpu_offset","text":"
per_cpu_offset()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.modules","title":"modules","text":"
modules()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.db_list","title":"db_list","text":"
db_list()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.map_idr","title":"map_idr","text":"
map_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.prog_idr","title":"prog_idr","text":"
prog_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.ArchSymbols.current_task","title":"current_task","text":"
current_task()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols","title":"x86_64Symbols","text":"
x86_64Symbols()\n
 
               Bases: ArchSymbols
 
Methods:
 
     
  •  qword_op_reg_memoff             \u2013              
    •  
  •  qword_mov_reg_const             \u2013              
    •  
  •  dword_mov_reg_const             \u2013              
    •  
  •  qword_mov_reg_ripoff             \u2013              
    •  
  •  disass             \u2013              
    •  
  •  regex             \u2013              
    •  
  •  node_data             \u2013              
    •  
  •  slab_caches             \u2013              
    •  
  •  per_cpu_offset             \u2013              
    •  
  •  modules             \u2013              
    •  
  •  db_list             \u2013              
    •  
  •  map_idr             \u2013              
    •  
  •  prog_idr             \u2013              
    •  
  •  current_task             \u2013              
    •  
 
Attributes:
 
     
  •  node_data_heuristic_func           \u2013            
    •  
  •  slab_caches_heuristic_func           \u2013            
    •  
  •  per_cpu_offset_heuristic_func           \u2013            
    •  
  •  modules_heuristic_func           \u2013            
    •  
  •  db_list_heuristic_func           \u2013            
    •  
  •  bpf_prog_heuristic_func           \u2013            
    •  
  •  bpf_map_heuristic_func           \u2013            
    •  
  •  current_task_heuristic_func           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.node_data_heuristic_func","title":"node_data_heuristic_func  instance-attribute","text":"
node_data_heuristic_func = 'first_online_pgdat'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.slab_caches_heuristic_func","title":"slab_caches_heuristic_func  instance-attribute","text":"
slab_caches_heuristic_func = 'slab_next'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.per_cpu_offset_heuristic_func","title":"per_cpu_offset_heuristic_func  instance-attribute","text":"
per_cpu_offset_heuristic_func = 'nr_iowait_cpu'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.modules_heuristic_func","title":"modules_heuristic_func  instance-attribute","text":"
modules_heuristic_func = 'find_module_all'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.db_list_heuristic_func","title":"db_list_heuristic_func  instance-attribute","text":"
db_list_heuristic_func = (\n    \"dma_buf_file_release\" if krelease() >= (5, 10) else \"dma_buf_release\"\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.bpf_prog_heuristic_func","title":"bpf_prog_heuristic_func  instance-attribute","text":"
bpf_prog_heuristic_func = 'bpf_prog_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.bpf_map_heuristic_func","title":"bpf_map_heuristic_func  instance-attribute","text":"
bpf_map_heuristic_func = 'bpf_map_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.current_task_heuristic_func","title":"current_task_heuristic_func  instance-attribute","text":"
current_task_heuristic_func = 'common_cpu_up'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.qword_op_reg_memoff","title":"qword_op_reg_memoff","text":"
qword_op_reg_memoff(disass, op, sign='-', nth=0)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.qword_mov_reg_const","title":"qword_mov_reg_const","text":"
qword_mov_reg_const(disass, nth=0)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.dword_mov_reg_const","title":"dword_mov_reg_const","text":"
dword_mov_reg_const(disass, nth=0)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.qword_mov_reg_ripoff","title":"qword_mov_reg_ripoff","text":"
qword_mov_reg_ripoff(disass, nth=0)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.disass","title":"disass","text":"
disass(name, lines=5)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.regex","title":"regex","text":"
regex(s, pattern, nth)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.node_data","title":"node_data","text":"
node_data()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.slab_caches","title":"slab_caches","text":"
slab_caches()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.per_cpu_offset","title":"per_cpu_offset","text":"
per_cpu_offset()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.modules","title":"modules","text":"
modules()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.db_list","title":"db_list","text":"
db_list()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.map_idr","title":"map_idr","text":"
map_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.prog_idr","title":"prog_idr","text":"
prog_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.x86_64Symbols.current_task","title":"current_task","text":"
current_task()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols","title":"Aarch64Symbols","text":"
Aarch64Symbols()\n
 
               Bases: ArchSymbols
 
Methods:
 
     
  •  qword_adrp_add_const             \u2013              
    •  
  •  disass             \u2013              
    •  
  •  regex             \u2013              
    •  
  •  node_data             \u2013              
    •  
  •  slab_caches             \u2013              
    •  
  •  per_cpu_offset             \u2013              
    •  
  •  modules             \u2013              
    •  
  •  db_list             \u2013              
    •  
  •  map_idr             \u2013              
    •  
  •  prog_idr             \u2013              
    •  
  •  current_task             \u2013              
    •  
 
Attributes:
 
     
  •  node_data_heuristic_func           \u2013            
    •  
  •  slab_caches_heuristic_func           \u2013            
    •  
  •  per_cpu_offset_heuristic_func           \u2013            
    •  
  •  modules_heuristic_func           \u2013            
    •  
  •  db_list_heuristic_func           \u2013            
    •  
  •  bpf_prog_heuristic_func           \u2013            
    •  
  •  bpf_map_heuristic_func           \u2013            
    •  
  •  current_task_heuristic_func           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.node_data_heuristic_func","title":"node_data_heuristic_func  instance-attribute","text":"
node_data_heuristic_func = 'first_online_pgdat'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.slab_caches_heuristic_func","title":"slab_caches_heuristic_func  instance-attribute","text":"
slab_caches_heuristic_func = 'slab_next'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.per_cpu_offset_heuristic_func","title":"per_cpu_offset_heuristic_func  instance-attribute","text":"
per_cpu_offset_heuristic_func = 'nr_iowait_cpu'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.modules_heuristic_func","title":"modules_heuristic_func  instance-attribute","text":"
modules_heuristic_func = 'find_module_all'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.db_list_heuristic_func","title":"db_list_heuristic_func  instance-attribute","text":"
db_list_heuristic_func = (\n    \"dma_buf_file_release\" if krelease() >= (5, 10) else \"dma_buf_release\"\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.bpf_prog_heuristic_func","title":"bpf_prog_heuristic_func  instance-attribute","text":"
bpf_prog_heuristic_func = 'bpf_prog_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.bpf_map_heuristic_func","title":"bpf_map_heuristic_func  instance-attribute","text":"
bpf_map_heuristic_func = 'bpf_map_free_id'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.current_task_heuristic_func","title":"current_task_heuristic_func  instance-attribute","text":"
current_task_heuristic_func = 'common_cpu_up'\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.qword_adrp_add_const","title":"qword_adrp_add_const","text":"
qword_adrp_add_const(disass, nth=0)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.disass","title":"disass","text":"
disass(name, lines=5)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.regex","title":"regex","text":"
regex(s, pattern, nth)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.node_data","title":"node_data","text":"
node_data()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.slab_caches","title":"slab_caches","text":"
slab_caches()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.per_cpu_offset","title":"per_cpu_offset","text":"
per_cpu_offset()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.modules","title":"modules","text":"
modules()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.db_list","title":"db_list","text":"
db_list()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.map_idr","title":"map_idr","text":"
map_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.prog_idr","title":"prog_idr","text":"
prog_idr()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.Aarch64Symbols.current_task","title":"current_task","text":"
current_task()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.migratetype_names","title":"migratetype_names","text":"
migratetype_names() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.try_usymbol","title":"try_usymbol","text":"
try_usymbol(name: str, size=None) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.nzones","title":"nzones","text":"
nzones() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.nmtypes","title":"nmtypes","text":"
nmtypes() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.npcplist","title":"npcplist","text":"
npcplist() -> int\n
 
returns NR_PCP_LISTS (https://elixir.bootlin.com/linux/v6.13/source/include/linux/mmzone.h#L671)
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.kversion_cint","title":"kversion_cint","text":"
kversion_cint(kversion: tuple[int, int, int] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.load_common_structs","title":"load_common_structs","text":"
load_common_structs()\n
"},{"location":"reference/pwndbg/aglib/kernel/symbol/#pwndbg.aglib.kernel.symbol.load_common_structs_on_load","title":"load_common_structs_on_load","text":"
load_common_structs_on_load()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/","title":"vmmap","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap","title":"vmmap","text":"
Classes:
 
     
  •  KernelVmmap           \u2013            
    •  
  •  QemuMachine           \u2013            
    •  
 
Functions:
 
     
  •  kernel_vmmap_via_page_tables             \u2013              
    •  
  •  kernel_vmmap_via_monitor_info_mem             \u2013              
    Returns Linux memory maps information by parsing monitor info mem output
     
    •  
  •  kernel_vmmap_pages             \u2013              
    •  
  •  kernel_vmmap             \u2013              
    •  
 
Attributes:
 
     
  •  monitor_info_mem_not_warned           \u2013            
    •  
  •  kernel_vmmap_mode           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.monitor_info_mem_not_warned","title":"monitor_info_mem_not_warned  module-attribute","text":"
monitor_info_mem_not_warned = True\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_mode","title":"kernel_vmmap_mode  module-attribute","text":"
kernel_vmmap_mode = add_param(\n    \"kernel-vmmap\",\n    \"page-tables\",\n    \"the method to get vmmap information when debugging via QEMU kernel\",\n    help_docstring=\"Values explained:\\n\\n+ `page-tables` - read /proc/$qemu-pid/mem to parse kernel page tables to render vmmap\\n+ `monitor` - use QEMU's `monitor info mem` to render vmmap\\n+ `none` - disable vmmap rendering; useful if rendering is particularly slow\\n\\nNote that the page-tables method will require the QEMU kernel process to be on the same machine and within the same PID namespace. Running QEMU kernel and GDB in different Docker containers will not work. Consider running both containers with --pid=host (meaning they will see and so be able to interact with all processes on the machine).\\n\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"page-tables\", \"monitor\", \"none\"],\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap","title":"KernelVmmap","text":"
KernelVmmap(pages: tuple[Page, ...])\n
 
Methods:
 
     
  •  get_name             \u2013              
    •  
  •  adjust             \u2013              
    •  
  •  handle_user_pages             \u2013              
    •  
  •  handle_offsets             \u2013              
    •  
 
Attributes:
 
     
  •  pages           \u2013            
    •  
  •  sections           \u2013            
    •  
  •  pi           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.pages","title":"pages  instance-attribute","text":"
pages = pages\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.sections","title":"sections  instance-attribute","text":"
sections = None\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.pi","title":"pi  instance-attribute","text":"
pi = arch_paginginfo()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.get_name","title":"get_name","text":"
get_name(addr: int) -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.adjust","title":"adjust","text":"
adjust()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.handle_user_pages","title":"handle_user_pages","text":"
handle_user_pages()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.handle_offsets","title":"handle_offsets","text":"
handle_offsets()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine","title":"QemuMachine","text":"
QemuMachine()\n
 
               Bases: Machine
 
Methods:
 
     
  •  __del__             \u2013              
    •  
  •  search_pids_for_file             \u2013              
    •  
  •  get_qemu_pid             \u2013              
    •  
  •  read_physical_memory             \u2013              
    •  
  •  read_register             \u2013              
    •  
 
Attributes:
 
     
  •  pid           \u2013            
    •  
  •  file           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.pid","title":"pid  instance-attribute","text":"
pid = get_qemu_pid()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.file","title":"file  instance-attribute","text":"
file = open(f'/proc/{pid}/mem', O_RDONLY)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.__del__","title":"__del__","text":"
__del__()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.search_pids_for_file","title":"search_pids_for_file  staticmethod","text":"
search_pids_for_file(pids: list[str], filename: str) -> str | None\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.get_qemu_pid","title":"get_qemu_pid  staticmethod","text":"
get_qemu_pid()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_physical_memory","title":"read_physical_memory","text":"
read_physical_memory(physical_address: int, length: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_register","title":"read_register","text":"
read_register(register_name: str) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_page_tables","title":"kernel_vmmap_via_page_tables","text":"
kernel_vmmap_via_page_tables() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem","title":"kernel_vmmap_via_monitor_info_mem","text":"
kernel_vmmap_via_monitor_info_mem() -> tuple[Page, ...]\n
 
Returns Linux memory maps information by parsing monitor info mem output from QEMU kernel GDB stub. Works only on X86/X64/RISC-V as this is what QEMU supports.
 
Consider using the kernel_vmmap_via_page_tables method as it is probably more reliable/better.
 
See also: !685 (TODO: revisit with future QEMU versions)
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_pages","title":"kernel_vmmap_pages","text":"
kernel_vmmap_pages() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap","title":"kernel_vmmap","text":"
kernel_vmmap() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/macho/","title":"macho","text":""},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho","title":"macho","text":"
Classes:
 
     
  •  Trie           \u2013            
    Prefix Tree
     
    •  
  •  DyldSharedCacheMapping           \u2013            
    •  
  •  DyldSharedCacheHashSet           \u2013            
    A hash set from the DyLD Shared Cache.
     
    •  
  •  DyldSharedCache           \u2013            
    Handle to the DyLD Shared Cache in the address space of the inferior.
     
    •  
 
Functions:
 
     
  •  shared_cache             \u2013              
    Base address of the Darwin shared cache.
     
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.Trie","title":"Trie","text":"
Trie(ptr: int, ty: Callable[[int, int], T])\n
 
               Bases: _RawTrie, Generic[T]
 
Prefix Tree
 
The Mach-O format makes extensive use of prefix trees for any operation that involves string-based loookup.
 
Methods:
 
     
  •  get             \u2013              
    Get the data associated with the node of given name, if it exists.
     
    •  
  •  entries             \u2013              
    List all the entries in the trie, along with their associated data.
     
    •  
  •  keys             \u2013              
    List the name of all nodes in the trie.
     
    •  
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.Trie.get","title":"get","text":"
get(name: bytes) -> T | None\n
 
Get the data associated with the node of given name, if it exists.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.Trie.entries","title":"entries","text":"
entries() -> Generator[tuple[bytes, T]]\n
 
List all the entries in the trie, along with their associated data.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.Trie.keys","title":"keys","text":"
keys() -> Generator[bytes]\n
 
List the name of all nodes in the trie.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping","title":"DyldSharedCacheMapping","text":"
DyldSharedCacheMapping(\n    addr: int, size: int, file_offset: int, max_prot: int, init_prot: int\n)\n
 
Attributes:
 
     
  •  addr           \u2013            
    •  
  •  size           \u2013            
    •  
  •  file_offset           \u2013            
    •  
  •  max_prot           \u2013            
    •  
  •  init_prot           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping.addr","title":"addr  instance-attribute","text":"
addr = addr\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping.size","title":"size  instance-attribute","text":"
size = size\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping.file_offset","title":"file_offset  instance-attribute","text":"
file_offset = file_offset\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping.max_prot","title":"max_prot  instance-attribute","text":"
max_prot = max_prot\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheMapping.init_prot","title":"init_prot  instance-attribute","text":"
init_prot = init_prot\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet","title":"DyldSharedCacheHashSet","text":"
DyldSharedCacheHashSet(ptr: int)\n
 
A hash set from the DyLD Shared Cache.
 
The DyLD Shared Cache uses hash sets in all structures related to Objective-C Optimization. This class is an interface to them.
 
Methods:
 
     
  •  lookup             \u2013              
    Look up the given key in the hash set.
     
    •  
  •  keys             \u2013              
    Returns an iterator over all the keys present in the hash set.
     
    •  
 
Attributes:
 
     
  •  capacity           \u2013            
    •  
  •  shift           \u2013            
    •  
  •  mask           \u2013            
    •  
  •  salt           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.capacity","title":"capacity  instance-attribute","text":"
capacity = u32(_ptr + 4)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.shift","title":"shift  instance-attribute","text":"
shift = u32(_ptr + 12)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.mask","title":"mask  instance-attribute","text":"
mask = u32(_ptr + 16)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.salt","title":"salt  instance-attribute","text":"
salt = u64(_ptr + 24)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.lookup","title":"lookup","text":"
lookup(key: bytes) -> int | None\n
 
Look up the given key in the hash set.
 
Returns a pointer to the key if it is present, None otherwise.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCacheHashSet.keys","title":"keys","text":"
keys() -> Generator[bytes]\n
 
Returns an iterator over all the keys present in the hash set.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache","title":"DyldSharedCache","text":"
DyldSharedCache(addr: int)\n
 
Handle to the DyLD Shared Cache in the address space of the inferior.
 
The shared cache format handling code in libmacho has multiple paths for gathering the same information, depending on a value that is near the beggining of the header, which indicates that the format has likely evolved quite a bit since its first intoduction.
 
The way the version of a given shared cache is determined isn't exactly straighforward, and relies on a combination of the magic and mappingOffset values. Fortunately for us, however, when mappingOffset is used for this purpose, it follows the fairly widely used pattern of using the size of the struct to denote its version.
 
Methods:
 
     
  •  mappings             \u2013              
    Generate the list of memory mappings in the shared cache.
     
    •  
  •  image_base             \u2013              
    •  
  •  image_name             \u2013              
    •  
  •  is_address_in_shared_cache             \u2013              
    Whether the given address is in the shared cache.
     
    •  
  •  objc_builtin_selectors             \u2013              
    Looks up the hash table of builtin Objective-C selectors and returns it.
     
    •  
 
Attributes:
 
     
  •  addr           \u2013            
    •  
  •  slide               (int)           \u2013            
    The slide value of the DyLD Shared Cache, in bytes.
     
    •  
  •  image_count           \u2013            
    •  
  •  base               (int)           \u2013            
    The base virtual address of the DyLD Shared Cache.
     
    •  
  •  size               (int)           \u2013            
    The mapped size, in bytes, of the DyLD Shared Cache.
     
    •  
  •  image_index_trie               (Trie[int] | None)           \u2013            
    The trie of image indices, if available.
     
    •  
  •  images               (Generator[tuple[bytes, int]])           \u2013            
    •  
  •  images_sorted               (Generator[tuple[bytes, int]])           \u2013            
    Same as images, but guaranteed to be sorted by increasing base address
     
    •  
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.addr","title":"addr  instance-attribute","text":"
addr = addr\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.slide","title":"slide  instance-attribute","text":"
slide: int = _slide()\n
 
The slide value of the DyLD Shared Cache, in bytes.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.image_count","title":"image_count  instance-attribute","text":"
image_count = u32(addr + images_offset + 4)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.base","title":"base  property","text":"
base: int\n
 
The base virtual address of the DyLD Shared Cache.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.size","title":"size  property","text":"
size: int\n
 
The mapped size, in bytes, of the DyLD Shared Cache.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.image_index_trie","title":"image_index_trie  property","text":"
image_index_trie: Trie[int] | None\n
 
The trie of image indices, if available.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.images","title":"images  property","text":"
images: Generator[tuple[bytes, int]]\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.images_sorted","title":"images_sorted  property","text":"
images_sorted: Generator[tuple[bytes, int]]\n
 
Same as images, but guaranteed to be sorted by increasing base address
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.mappings","title":"mappings","text":"
mappings() -> Generator[DyldSharedCacheMapping]\n
 
Generate the list of memory mappings in the shared cache.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.image_base","title":"image_base","text":"
image_base(index: int)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.image_name","title":"image_name","text":"
image_name(index: int)\n
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.is_address_in_shared_cache","title":"is_address_in_shared_cache","text":"
is_address_in_shared_cache(addr: int) -> int\n
 
Whether the given address is in the shared cache.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.DyldSharedCache.objc_builtin_selectors","title":"objc_builtin_selectors","text":"
objc_builtin_selectors() -> DyldSharedCacheHashSet\n
 
Looks up the hash table of builtin Objective-C selectors and returns it.
"},{"location":"reference/pwndbg/aglib/macho/#pwndbg.aglib.macho.shared_cache","title":"shared_cache","text":"
shared_cache() -> DyldSharedCache | None\n
 
Base address of the Darwin shared cache.
 
In Darwin, the way the Objective-C Runtime queries for this value is to call _dyld_get_shared_cache_range from libdyld1, which then calls a routine that lives inside dyld itself, and that returns the values after poking into internal C++ structures.
 
From our perspective, that kind of sucks. Calling routines from debuggers can be quite unreliable, and so ideally we'd always be peeking into the data structures directly. But, in this case, even for Apple these are considered entirely private to dyld2, and so there's even less of a stability guarantee for the layout of these structures than normal.
 
Because of this, a level of care must be taken before calling this function, as it must be assumed that the state of the inferior can be changed by it.
"},{"location":"reference/pwndbg/aglib/memory/","title":"memory","text":""},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory","title":"memory","text":"
Functions:
 
     
  •  read             \u2013              
    read(addr, count, partial=False) -> bytearray
     
    •  
  •  readtype             \u2013              
    readtype(type, addr) -> int
     
    •  
  •  write             \u2013              
    write(addr, data)
     
    •  
  •  peek             \u2013              
    peek(address) -> bytearray
     
    •  
  •  is_readable_address             \u2013              
    is_readable_address(address) -> bool
     
    •  
  •  poke             \u2013              
    poke(address)
     
    •  
  •  string             \u2013              
    Reads a null-terminated string from memory.
     
    •  
  •  byte             \u2013              
    byte(addr) -> int
     
    •  
  •  uchar             \u2013              
    uchar(addr) -> int
     
    •  
  •  ushort             \u2013              
    ushort(addr) -> int
     
    •  
  •  uint             \u2013              
    uint(addr) -> int
     
    •  
  •  read_pointer_width             \u2013              
    Read one pointer-width integer at the specified address.
     
    •  
  •  u8             \u2013              
    u8(addr) -> int
     
    •  
  •  u16             \u2013              
    u16(addr) -> int
     
    •  
  •  u32             \u2013              
    u32(addr) -> int
     
    •  
  •  u64             \u2013              
    u64(addr) -> int
     
    •  
  •  u             \u2013              
    u(addr, size=None) -> int
     
    •  
  •  s8             \u2013              
    s8(addr) -> int
     
    •  
  •  s16             \u2013              
    s16(addr) -> int
     
    •  
  •  s32             \u2013              
    s32(addr) -> int
     
    •  
  •  s64             \u2013              
    s64(addr) -> int
     
    •  
  •  sint             \u2013              
    Read one signed int from the specified
     
    •  
  •  cast_pointer             \u2013              
    Create a Value containing given address and cast it to the pointer of specified type
     
    •  
  •  get_typed_pointer             \u2013              
    Look up a type by name if necessary and return a Value of addr cast to that type
     
    •  
  •  get_typed_pointer_value             \u2013              
    Read the pointer value of addr cast to type specified by type_name
     
    •  
  •  find_upper_boundary             \u2013              
    find_upper_boundary(addr, max_pages=1024) -> int
     
    •  
  •  find_lower_boundary             \u2013              
    find_lower_boundary(addr, max_pages=1024) -> int
     
    •  
  •  update_min_addr             \u2013              
    •  
  •  fetch_struct_as_dictionary             \u2013              
    •  
  •  pack_struct_into_dictionary             \u2013              
    •  
  •  convert_pwndbg_value_to_python_value             \u2013              
    •  
  •  resolve_renamed_struct_field             \u2013              
    •  
  •  is_pagefault_supported             \u2013              
    This function should be called before stray memory dereferences to protect against the following situations:
     
    •  
  •  is_kernel             \u2013              
    •  
 
Attributes:
 
     
  •  GdbDict           \u2013            
    •  
  •  MMAP_MIN_ADDR           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.GdbDict","title":"GdbDict  module-attribute","text":"
GdbDict = Dict[str, Union['GdbDict', int]]\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.MMAP_MIN_ADDR","title":"MMAP_MIN_ADDR  module-attribute","text":"
MMAP_MIN_ADDR = 32768\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.read","title":"read","text":"
read(addr: int, count: int, partial: bool = False) -> bytearray\n
 
read(addr, count, partial=False) -> bytearray
 
Read memory from the program being debugged.
 
Parameters:
 
     
  •  addr               (int)           \u2013            
    Address to read
     
    •  
  •  count               (int)           \u2013            
    Number of bytes to read
     
    •  
  •  partial               (bool, default:                   False )           \u2013            
    Whether less than count bytes can be returned
     
    •  
 
Returns:
 
     
  •  bytearray           \u2013            
    bytearray The memory at the specified address,
     
    •  
  •  bytearray           \u2013            
    or None.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.readtype","title":"readtype","text":"
readtype(type: Type, addr: int) -> int\n
 
readtype(type, addr) -> int
 
Reads an integer-type (e.g. uint64) and returns a Python native integer representation of the same.
 
Parameters:
 
     
  •  type               (Type)           \u2013            
    GDB type to read
     
    •  
  •  addr               (int)           \u2013            
    Address at which the value to be read resides
     
    •  
 
Returns:
 
     
  •  int           \u2013            
    int
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.write","title":"write","text":"
write(addr: int, data: str | bytes | bytearray) -> None\n
 
write(addr, data)
 
Writes data into the memory of the process being debugged.
 
Parameters:
 
     
  •  addr               (int)           \u2013            
    Address to write
     
    •  
  •  data               (str | bytes | bytearray)           \u2013            
    Data to write
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.peek","title":"peek","text":"
peek(address: int) -> bytearray | None\n
 
peek(address) -> bytearray
 
Read one byte from the specified address.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to read
     
    •  
 
Returns:
 
     
  •  bytearray | None           \u2013            
    bytearray A single byte of data, or None if the
     
    •  
  •  bytearray | None           \u2013            
    address cannot be read.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.is_readable_address","title":"is_readable_address","text":"
is_readable_address(address: int) -> bool\n
 
is_readable_address(address) -> bool
 
Check if the address can be read by GDB.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to read
     
    •  
 
Returns:
 
     
  •  bool           \u2013            
    bool: Whether the address is readable.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.poke","title":"poke","text":"
poke(address: int) -> bool\n
 
poke(address)
 
Checks whether an address is writable.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to check
     
    •  
 
Returns:
 
     
  •  bool           \u2013            
    bool: Whether the address is writable.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.string","title":"string","text":"
string(addr: int, max: int = 4096) -> bytearray\n
 
Reads a null-terminated string from memory.
 
Parameters:
 
     
  •  addr               (int)           \u2013            
    Address to read from
     
    •  
  •  max               (int, default:                   4096 )           \u2013            
    Maximum string length (default 4096)
     
    •  
 
Returns:
 
     
  •  bytearray           \u2013            
    An empty bytearray, or a NULL-terminated bytearray.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.byte","title":"byte","text":"
byte(addr: int) -> int\n
 
byte(addr) -> int
 
Read one byte at the specified address
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uchar","title":"uchar","text":"
uchar(addr: int) -> int\n
 
uchar(addr) -> int
 
Read one unsigned char at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.ushort","title":"ushort","text":"
ushort(addr: int) -> int\n
 
ushort(addr) -> int
 
Read one unisgned short at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uint","title":"uint","text":"
uint(addr: int) -> int\n
 
uint(addr) -> int
 
Read one unsigned int at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.read_pointer_width","title":"read_pointer_width","text":"
read_pointer_width(addr: int) -> int\n
 
Read one pointer-width integer at the specified address.
 
Raises:
 
     
  •  Error             \u2013            
    if memory read fails.
     
    •  
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u8","title":"u8","text":"
u8(addr: int) -> int\n
 
u8(addr) -> int
 
Read one uint8_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u16","title":"u16","text":"
u16(addr: int) -> int\n
 
u16(addr) -> int
 
Read one uint16_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u32","title":"u32","text":"
u32(addr: int) -> int\n
 
u32(addr) -> int
 
Read one uint32_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u64","title":"u64","text":"
u64(addr: int) -> int\n
 
u64(addr) -> int
 
Read one uint64_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u","title":"u","text":"
u(addr: int, size: int | None = None) -> int\n
 
u(addr, size=None) -> int
 
Read one unsigned integer from the specified address, with the bit-width specified by size, which defaults to the pointer width.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s8","title":"s8","text":"
s8(addr: int) -> int\n
 
s8(addr) -> int
 
Read one int8_t from the specified address
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s16","title":"s16","text":"
s16(addr: int) -> int\n
 
s16(addr) -> int
 
Read one int16_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s32","title":"s32","text":"
s32(addr: int) -> int\n
 
s32(addr) -> int
 
Read one int32_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s64","title":"s64","text":"
s64(addr: int) -> int\n
 
s64(addr) -> int
 
Read one int64_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.sint","title":"sint","text":"
sint(addr: int) -> int\n
 
Read one signed int from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.cast_pointer","title":"cast_pointer","text":"
cast_pointer(type: Type, addr: int | Value) -> Value\n
 
Create a Value containing given address and cast it to the pointer of specified type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer","title":"get_typed_pointer","text":"
get_typed_pointer(type: str | Type, addr: int | Value) -> Value\n
 
Look up a type by name if necessary and return a Value of addr cast to that type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer_value","title":"get_typed_pointer_value","text":"
get_typed_pointer_value(type_name: str | Type, addr: int | Value) -> Value\n
 
Read the pointer value of addr cast to type specified by type_name
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_upper_boundary","title":"find_upper_boundary","text":"
find_upper_boundary(addr: int, max_pages: int = 1024) -> int\n
 
find_upper_boundary(addr, max_pages=1024) -> int
 
Brute-force search the upper boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_lower_boundary","title":"find_lower_boundary","text":"
find_lower_boundary(addr: int, max_pages: int = 1024) -> int\n
 
find_lower_boundary(addr, max_pages=1024) -> int
 
Brute-force search the lower boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.update_min_addr","title":"update_min_addr","text":"
update_min_addr() -> None\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.fetch_struct_as_dictionary","title":"fetch_struct_as_dictionary","text":"
fetch_struct_as_dictionary(\n    struct_name: str,\n    struct_address: int | Value,\n    include_only_fields: set[str] | None = None,\n    exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.pack_struct_into_dictionary","title":"pack_struct_into_dictionary","text":"
pack_struct_into_dictionary(\n    fetched_struct: Value,\n    include_only_fields: set[str] | None = None,\n    exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.convert_pwndbg_value_to_python_value","title":"convert_pwndbg_value_to_python_value","text":"
convert_pwndbg_value_to_python_value(dbg_value: Value) -> int | GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.resolve_renamed_struct_field","title":"resolve_renamed_struct_field","text":"
resolve_renamed_struct_field(\n    struct_name: str, possible_field_names: set[str]\n) -> str\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.is_pagefault_supported","title":"is_pagefault_supported","text":"
is_pagefault_supported() -> bool\n
 
This function should be called before stray memory dereferences to protect against the following situations:
 
     
  1. On embedded systems, it's not uncommon for MMIO regions to exist where memory reads might mutate the hardware/process state.
    2.  
  2. On baremetal/embedded, paging doesn't always exist, so all memory is \"valid\" (and often initialized to zero) - this makes every value appear to be a pointer.
    3.  
 
As such, we disable dereferencing by default for bare metal targets.
 
See more discussion here: !385
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.is_kernel","title":"is_kernel","text":"
is_kernel(addr: int)\n
"},{"location":"reference/pwndbg/aglib/nearpc/","title":"nearpc","text":""},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc","title":"nearpc","text":"
Functions:
 
     
  •  ljust_padding             \u2013              
    •  
  •  nearpc             \u2013              
    Disassemble near a specified address.
     
    •  
 
Attributes:
 
     
  •  c           \u2013            
    •  
  •  nearpc_branch_marker           \u2013            
    •  
  •  nearpc_branch_marker_contiguous           \u2013            
    •  
  •  show_args           \u2013            
    •  
  •  show_comments           \u2013            
    •  
  •  show_opcode_bytes           \u2013            
    •  
  •  opcode_separator_bytes           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.c","title":"c  module-attribute","text":"
c = ColorConfig(\n    \"nearpc\",\n    [\n        ColorParamSpec(\"symbol\", \"normal\", \"color for nearpc command (symbol)\"),\n        ColorParamSpec(\n            \"address\", \"normal\", \"color for nearpc command (address)\"\n        ),\n        ColorParamSpec(\n            \"prefix\", \"none\", \"color for nearpc command (prefix marker)\"\n        ),\n        ColorParamSpec(\n            \"breakpoint\", \"red\", \"color for nearpc command (breakpoint marker)\"\n        ),\n        ColorParamSpec(\n            \"syscall-name\",\n            \"red\",\n            \"color for nearpc command (resolved syscall name)\",\n        ),\n        ColorParamSpec(\n            \"argument\", \"bold\", \"color for nearpc command (target argument)\"\n        ),\n        ColorParamSpec(\n            \"integration-comments\",\n            \"bold\",\n            \"color for nearpc command (integration comments)\",\n        ),\n        ColorParamSpec(\n            \"branch-marker\",\n            \"normal\",\n            \"color for nearpc command (branch marker line)\",\n        ),\n    ],\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker","title":"nearpc_branch_marker  module-attribute","text":"
nearpc_branch_marker = add_param(\n    \"nearpc-branch-marker\", \"    \u2193\", \"branch marker line for nearpc command\"\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker_contiguous","title":"nearpc_branch_marker_contiguous  module-attribute","text":"
nearpc_branch_marker_contiguous = add_param(\n    \"nearpc-branch-marker-contiguous\",\n    \" \",\n    \"contiguous branch marker line for nearpc command\",\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_args","title":"show_args  module-attribute","text":"
show_args = add_param(\n    \"nearpc-show-args\", True, \"whether to show call arguments below instruction\"\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_comments","title":"show_comments  module-attribute","text":"
show_comments = add_param(\n    \"nearpc-integration-comments\",\n    True,\n    \"whether to show comments from integration provider\",\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_opcode_bytes","title":"show_opcode_bytes  module-attribute","text":"
show_opcode_bytes = add_param(\n    \"nearpc-num-opcode-bytes\",\n    0,\n    \"number of opcode bytes to print for each instruction\",\n    param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.opcode_separator_bytes","title":"opcode_separator_bytes  module-attribute","text":"
opcode_separator_bytes = add_param(\n    \"nearpc-opcode-separator-bytes\",\n    1,\n    \"number of spaces between opcode bytes\",\n    param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.ljust_padding","title":"ljust_padding","text":"
ljust_padding(lst)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc","title":"nearpc","text":"
nearpc(\n    pc: int = None,\n    lines: int = 5,\n    back_lines: int = 0,\n    total_lines: int = None,\n    emulate=False,\n    repeat=False,\n    use_cache=False,\n    linear=False,\n) -> list[str]\n
 
Disassemble near a specified address.
 
The linear argument specifies if we should disassemble linearly in memory, or take jumps into account
"},{"location":"reference/pwndbg/aglib/next/","title":"next","text":""},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next","title":"next","text":"
Commands for setting temporary breakpoints on the next instruction of some type (call, branch, etc.)
 
Functions:
 
     
  •  next_int             \u2013              
    If there is a syscall in the current basic black,
     
    •  
  •  next_branch             \u2013              
    Return the next branch instruction that the process will encounter with repeated usage of the \"nexti\" command.
     
    •  
  •  next_matching_until_branch             \u2013              
    Finds the next instruction that matches the arguments between the given
     
    •  
  •  break_next_branch             \u2013              
    If including_current == True, do not step in case we are currently on a branch
     
    •  
  •  break_next_interrupt             \u2013              
    Break at the next interrupt if there is one in the current basic block
     
    •  
  •  break_next_call             \u2013              
    •  
  •  break_next_ret             \u2013              
    •  
  •  break_on_next_matching_instruction             \u2013              
    Breaks on next instuction that matches the arguments.
     
    •  
  •  break_on_program_code             \u2013              
    Breaks on next instruction that belongs to process' objfile code
     
    •  
  •  break_on_next             \u2013              
    •  
 
Attributes:
 
     
  •  interrupts           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.interrupts","title":"interrupts  module-attribute","text":"
interrupts = {CS_GRP_INT}\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_int","title":"next_int","text":"
next_int(address=None, honor_current_branch=False)\n
 
If there is a syscall in the current basic black, return the instruction of the one closest to $PC.
 
If honor_current_branch is True, then if the address is already a branch, return None.
 
If no interrupt exists or a jump is in the way, return None.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_branch","title":"next_branch","text":"
next_branch(address=None, including_current=False) -> PwndbgInstruction | None\n
 
Return the next branch instruction that the process will encounter with repeated usage of the \"nexti\" command.
 
If including_current == True, then if the instruction at the address is already a branch, return it.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_matching_until_branch","title":"next_matching_until_branch","text":"
next_matching_until_branch(address=None, mnemonic=None, op_str=None)\n
 
Finds the next instruction that matches the arguments between the given address and the branch closest to it.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_branch","title":"break_next_branch  async","text":"
break_next_branch(\n    ec: ExecutionController, address=None, including_current=False\n)\n
 
If including_current == True, do not step in case we are currently on a branch
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_interrupt","title":"break_next_interrupt  async","text":"
break_next_interrupt(\n    ec: ExecutionController, address=None, honor_current_branch=False\n) -> PwndbgInstruction | None\n
 
Break at the next interrupt if there is one in the current basic block and no jumps are between the current instruction and the interrupt.
 
If no such interrupt exists or a jump is in the way, return None.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_call","title":"break_next_call  async","text":"
break_next_call(ec: ExecutionController, symbol_regex=None)\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_ret","title":"break_next_ret  async","text":"
break_next_ret(ec: ExecutionController, address=None)\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next_matching_instruction","title":"break_on_next_matching_instruction  async","text":"
break_on_next_matching_instruction(\n    ec: ExecutionController, mnemonic=None, op_str=None\n) -> bool\n
 
Breaks on next instuction that matches the arguments.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_program_code","title":"break_on_program_code  async","text":"
break_on_program_code(ec: ExecutionController) -> bool\n
 
Breaks on next instruction that belongs to process' objfile code
 
:return: True for success, False when process ended or when pc is not at the code or if a signal occurred
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next","title":"break_on_next  async","text":"
break_on_next(ec: ExecutionController, address=None) -> None\n
"},{"location":"reference/pwndbg/aglib/objc/","title":"objc","text":""},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc","title":"objc","text":"
Apple Objective-C Runtime Support
 
This module implements support for analyzing the Apple Objective-C runtime. As expected, Apple provides no oficial specification for the internal ABI of ObjC and no guarantees of its stability, and so this module is not guaranteed to work on all versions of Darwin.
 
Classes:
 
     
  •  Object           \u2013            
    •  
  •  Class           \u2013            
    •  
  •  InstanceVariable           \u2013            
    An Objective-C Instance Variable.
     
    •  
  •  ClassProperty           \u2013            
    •  
  •  Selector           \u2013            
    An Objective-C Selector.
     
    •  
  •  Method           \u2013            
    An Objective-C Method Pointer.
     
    •  
 
Functions:
 
     
  •  try_resolve_call_at_current_pc             \u2013              
    Tries to resolve a call to an Objective-C method for an instruction in the
     
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
  •  max_method_argument_count           \u2013            
    •  
  •  max_method_type_depth           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.max_method_argument_count","title":"max_method_argument_count  module-attribute","text":"
max_method_argument_count = add_param(\n    \"objc-max-function-arguments\",\n    32,\n    \"maximum number of arguments to resolve for an Objective-C method call\",\n    param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.max_method_type_depth","title":"max_method_type_depth  module-attribute","text":"
max_method_type_depth = add_param(\n    \"objc-max-function-types-depth\",\n    32,\n    \"maximum allowed depth for a type in an Objective-C method call\",\n    param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Object","title":"Object","text":"
Object(addr: int)\n
 
Attributes:
 
     
  •  cls               (Class | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Object.cls","title":"cls  property","text":"
cls: Class | None\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class","title":"Class","text":"
Class(addr: int)\n
 
               Bases: Object
 
Attributes:
 
     
  •  superclass               (Class | None)           \u2013            
    •  
  •  name               (bytes)           \u2013            
    •  
  •  methods               (Generator[Method])           \u2013            
    •  
  •  ivars               (Generator[InstanceVariable])           \u2013            
    •  
  •  properties               (Generator[ClassProperty])           \u2013            
    •  
  •  is_metaclass               (bool)           \u2013            
    •  
  •  cls               (Class | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.superclass","title":"superclass  property","text":"
superclass: Class | None\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.name","title":"name  property","text":"
name: bytes\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.methods","title":"methods  property","text":"
methods: Generator[Method]\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.ivars","title":"ivars  property","text":"
ivars: Generator[InstanceVariable]\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.properties","title":"properties  property","text":"
properties: Generator[ClassProperty]\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.is_metaclass","title":"is_metaclass  property","text":"
is_metaclass: bool\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Class.cls","title":"cls  property","text":"
cls: Class | None\n
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable","title":"InstanceVariable","text":"
InstanceVariable(ptr: int)\n
 
An Objective-C Instance Variable.
 
Instance Variables are NOT objects!
 
Attributes:
 
     
  •  offset               (int)           \u2013            
    The offset in bytes of this value from the start of the object instance.
     
    •  
  •  name               (bytes)           \u2013            
    The name of this instance variable.
     
    •  
  •  typename               (bytes)           \u2013            
    The name of the type of this instance variable.
     
    •  
  •  alignment               (int)           \u2013            
    The alignment of this instance variable, in bytes.
     
    •  
  •  size               (int)           \u2013            
    The size of this instance variable, in bytes.
     
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable.offset","title":"offset  property","text":"
offset: int\n
 
The offset in bytes of this value from the start of the object instance.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable.name","title":"name  property","text":"
name: bytes\n
 
The name of this instance variable.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable.typename","title":"typename  property","text":"
typename: bytes\n
 
The name of the type of this instance variable.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable.alignment","title":"alignment  property","text":"
alignment: int\n
 
The alignment of this instance variable, in bytes.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.InstanceVariable.size","title":"size  property","text":"
size: int\n
 
The size of this instance variable, in bytes.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.ClassProperty","title":"ClassProperty","text":"
ClassProperty(ptr: int)\n
 
Attributes:
 
     
  •  name               (bytes)           \u2013            
    The name of this class property.
     
    •  
  •  value               (bytes)           \u2013            
    The value of this property.
     
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.ClassProperty.name","title":"name  property","text":"
name: bytes\n
 
The name of this class property.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.ClassProperty.value","title":"value  property","text":"
value: bytes\n
 
The value of this property.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Selector","title":"Selector","text":"
Selector(ptr: int)\n
 
An Objective-C Selector.
 
Selectors are NOT objects!
 
Attributes:
 
     
  •  name               (bytes)           \u2013            
    Retrieves the name of this selector.
     
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Selector.name","title":"name  property","text":"
name: bytes\n
 
Retrieves the name of this selector.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Method","title":"Method","text":"
Method(ptr: int)\n
 
An Objective-C Method Pointer.
 
Methods are NOT objects!
 
A method pointer can be one of three types: Small, small direct, and big.
 
Pointer types are distinguished by the two least significant bits in the integer representation of the pointer. A value of 1 is used for both small pointer types, while all other values are used to distinguish between the signing nuances of big pointers.
 
Small pointers 32-bit wide and relative to a given base value. Big pointers contain the pointers themselves, and they may or may not be signed.
 
Small direct pointers are small pointers that reside in the shared cache, and their selectors are relative to @selector(\ud83e\udd2f), while the selectors of regular small pointers are relative to the pointers themselves.
 
Attributes:
 
     
  •  sel               (Selector)           \u2013            
    The selector this method responds to.
     
    •  
  •  types               (bytes)           \u2013            
    The types of the arguments to this method.
     
    •  
  •  imp               (int)           \u2013            
    The pointer to the function that implements this method.
     
    •  
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Method.sel","title":"sel  property","text":"
sel: Selector\n
 
The selector this method responds to.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Method.types","title":"types  property","text":"
types: bytes\n
 
The types of the arguments to this method.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.Method.imp","title":"imp  property","text":"
imp: int\n
 
The pointer to the function that implements this method.
"},{"location":"reference/pwndbg/aglib/objc/#pwndbg.aglib.objc.try_resolve_call_at_current_pc","title":"try_resolve_call_at_current_pc","text":"
try_resolve_call_at_current_pc(insn: PwndbgInstruction) -> Function | None\n
 
Tries to resolve a call to an Objective-C method for an instruction in the current Program Counter.
"},{"location":"reference/pwndbg/aglib/onegadget/","title":"onegadget","text":""},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget","title":"onegadget","text":"
Classes:
 
     
  •  CheckSatResult           \u2013            
    •  
  •  Lambda           \u2013            
    Modified from onegadget's Lambda class
     
    •  
 
Functions:
 
     
  •  colorize_reg             \u2013              
    •  
  •  colorize_integer             \u2013              
    •  
  •  colorize_psuedo_code             \u2013              
    Colorize the pseudo code of onegadget
     
    •  
  •  compute_file_hash             \u2013              
    Compute the MD5 hash of the file, return the hash
     
    •  
  •  run_onegadget             \u2013              
    Run onegadget and return the output
     
    •  
  •  parse_expression             \u2013              
    Parse expression, return the result, colorized string and error message
     
    •  
  •  check_stack_argv             \u2013              
    Check argv that's on the stack, return the result and the message
     
    •  
  •  check_non_stack_argv             \u2013              
    Check argv that's not on the stack, return the result and the message
     
    •  
  •  check_argv             \u2013              
    Check argv, return the result and the message
     
    •  
  •  check_envp             \u2013              
    Check envp, return the result and the message
     
    •  
  •  check_constraint             \u2013              
    Parse constraint, return the result and the message
     
    •  
  •  check_gadget             \u2013              
    Check status of each gadget, return the gadget's status
     
    •  
  •  find_gadgets             \u2013              
    Find gadgets by parsing the output of onegadget, return there's any valid gadget
     
    •  
 
Attributes:
 
     
  •  ADDRESS_WRITABLE_PATTERN           \u2013            
    •  
  •  WRITABLE_COLON_PATTERN           \u2013            
    •  
  •  EQUAL_NULL_PATTERN           \u2013            
    •  
  •  VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN           \u2013            
    •  
  •  VALID_ARGV_PATTERN           \u2013            
    •  
  •  VALID_ENVP_PATTERN           \u2013            
    •  
  •  IS_ALIGNED_PATTERN           \u2013            
    •  
  •  IS_GOT_ADDRESS_PATTERN           \u2013            
    •  
  •  CAST_PATTERN           \u2013            
    •  
  •  XMM_SHIFT           \u2013            
    •  
  •  CONSTRAINT_SEPARATOR           \u2013            
    •  
  •  CAST_DEREF_MAPPING           \u2013            
    •  
  •  CAST_MAPPING           \u2013            
    •  
  •  ONEGADGET_COLOR           \u2013            
    •  
  •  ONEGADGET_CACHEDIR           \u2013            
    •  
  •  SAT           \u2013            
    •  
  •  UNSAT           \u2013            
    •  
  •  UNKNOWN           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ADDRESS_WRITABLE_PATTERN","title":"ADDRESS_WRITABLE_PATTERN  module-attribute","text":"
ADDRESS_WRITABLE_PATTERN = compile('address(?:es)? (.*) (?:is|are) writable')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.WRITABLE_COLON_PATTERN","title":"WRITABLE_COLON_PATTERN  module-attribute","text":"
WRITABLE_COLON_PATTERN = compile('writable: (.*)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.EQUAL_NULL_PATTERN","title":"EQUAL_NULL_PATTERN  module-attribute","text":"
EQUAL_NULL_PATTERN = compile('(.*) == NULL')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN","title":"VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN  module-attribute","text":"
VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN = compile('(.*) <= 0')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ARGV_PATTERN","title":"VALID_ARGV_PATTERN  module-attribute","text":"
VALID_ARGV_PATTERN = compile('(.+) is a valid argv')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ENVP_PATTERN","title":"VALID_ENVP_PATTERN  module-attribute","text":"
VALID_ENVP_PATTERN = compile('(.+) is a valid envp')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_ALIGNED_PATTERN","title":"IS_ALIGNED_PATTERN  module-attribute","text":"
IS_ALIGNED_PATTERN = compile('(.+) & 0xf == (\\\\d+)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_GOT_ADDRESS_PATTERN","title":"IS_GOT_ADDRESS_PATTERN  module-attribute","text":"
IS_GOT_ADDRESS_PATTERN = compile('(.+) is the GOT address of libc')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_PATTERN","title":"CAST_PATTERN  module-attribute","text":"
CAST_PATTERN = compile('^\\\\([s|u]\\\\d+\\\\)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.XMM_SHIFT","title":"XMM_SHIFT  module-attribute","text":"
XMM_SHIFT = ' >> '\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CONSTRAINT_SEPARATOR","title":"CONSTRAINT_SEPARATOR  module-attribute","text":"
CONSTRAINT_SEPARATOR = ' || '\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_DEREF_MAPPING","title":"CAST_DEREF_MAPPING  module-attribute","text":"
CAST_DEREF_MAPPING = {\n    \"(u16)\": u16,\n    \"(s16)\": s16,\n    \"(u32)\": u32,\n    \"(s32)\": s32,\n    \"(u64)\": u64,\n    \"(s64)\": s64,\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_MAPPING","title":"CAST_MAPPING  module-attribute","text":"
CAST_MAPPING = {\n    \"(u16)\": lambda x: value,\n    \"(s16)\": lambda x: value,\n    \"(u32)\": lambda x: value,\n    \"(s32)\": lambda x: value,\n    \"(u64)\": lambda x: value,\n    \"(s64)\": lambda x: value,\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_COLOR","title":"ONEGADGET_COLOR  module-attribute","text":"
ONEGADGET_COLOR = {\n    \"light_green\": lambda x: colorize(x, \"\\x1b[38;5;82m\"),\n    \"light_purple\": lambda x: colorize(x, \"\\x1b[38;5;153m\"),\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_CACHEDIR","title":"ONEGADGET_CACHEDIR  module-attribute","text":"
ONEGADGET_CACHEDIR = cachedir('onegadget')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.SAT","title":"SAT  module-attribute","text":"
SAT = SAT\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNSAT","title":"UNSAT  module-attribute","text":"
UNSAT = UNSAT\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNKNOWN","title":"UNKNOWN  module-attribute","text":"
UNKNOWN = UNKNOWN\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult","title":"CheckSatResult","text":"
               Bases: Enum
 
Methods:
 
     
  •  __str__             \u2013              
    •  
  •  __and__             \u2013              
    •  
  •  __or__             \u2013              
    •  
 
Attributes:
 
     
  •  SAT           \u2013            
    •  
  •  UNSAT           \u2013            
    •  
  •  UNKNOWN           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.SAT","title":"SAT  class-attribute instance-attribute","text":"
SAT = 1\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNSAT","title":"UNSAT  class-attribute instance-attribute","text":"
UNSAT = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNKNOWN","title":"UNKNOWN  class-attribute instance-attribute","text":"
UNKNOWN = -1\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__and__","title":"__and__","text":"
__and__(other: CheckSatResult) -> CheckSatResult\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__or__","title":"__or__","text":"
__or__(other: CheckSatResult) -> CheckSatResult\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda","title":"Lambda","text":"
Lambda(obj: str | Lambda)\n
 
Modified from onegadget's Lambda class
 
https://github.com/david942j/one_gadget/blob/65ce1dade70bf89e7496346ccf452ce5b2d139b3/lib/one_gadget/emulators/lambda.rb#L13
 
Methods:
 
     
  •  __add__             \u2013              
    •  
  •  __sub__             \u2013              
    •  
  •  __str__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
  •  deref             \u2013              
    •  
  •  deref_             \u2013              
    •  
  •  ref             \u2013              
    •  
  •  evaluate             \u2013              
    •  
  •  parse             \u2013              
    •  
  •  mem_obj             \u2013              
    •  
 
Attributes:
 
     
  •  immi           \u2013            
    •  
  •  obj           \u2013            
    •  
  •  deref_count           \u2013            
    •  
  •  gdb_expr               (str)           \u2013            
    •  
  •  color_str               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.immi","title":"immi  instance-attribute","text":"
immi = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.obj","title":"obj  instance-attribute","text":"
obj = obj\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_count","title":"deref_count  instance-attribute","text":"
deref_count = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.gdb_expr","title":"gdb_expr  property","text":"
gdb_expr: str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.color_str","title":"color_str  property","text":"
color_str: str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__add__","title":"__add__","text":"
__add__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__sub__","title":"__sub__","text":"
__sub__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref","title":"deref","text":"
deref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_","title":"deref_","text":"
deref_() -> None\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.ref","title":"ref","text":"
ref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.evaluate","title":"evaluate","text":"
evaluate(context: dict[Any, Any]) -> int | Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.parse","title":"parse  staticmethod","text":"
parse(argument: str, predefined: dict[Any, Any] = {}) -> int | Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.mem_obj","title":"mem_obj  staticmethod","text":"
mem_obj(arg: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_reg","title":"colorize_reg","text":"
colorize_reg(x: object) -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_integer","title":"colorize_integer","text":"
colorize_integer(x: object) -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_psuedo_code","title":"colorize_psuedo_code","text":"
colorize_psuedo_code(code: str) -> str\n
 
Colorize the pseudo code of onegadget
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.compute_file_hash","title":"compute_file_hash","text":"
compute_file_hash(filename: str) -> str\n
 
Compute the MD5 hash of the file, return the hash
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.run_onegadget","title":"run_onegadget","text":"
run_onegadget() -> str\n
 
Run onegadget and return the output
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.parse_expression","title":"parse_expression","text":"
parse_expression(expr: str) -> tuple[int | None, str, str | None]\n
 
Parse expression, return the result, colorized string and error message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_stack_argv","title":"check_stack_argv","text":"
check_stack_argv(expr: str) -> tuple[CheckSatResult, str]\n
 
Check argv that's on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_non_stack_argv","title":"check_non_stack_argv","text":"
check_non_stack_argv(expr: str) -> tuple[CheckSatResult, str]\n
 
Check argv that's not on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_argv","title":"check_argv","text":"
check_argv(expr: str) -> tuple[CheckSatResult, str]\n
 
Check argv, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_envp","title":"check_envp","text":"
check_envp(expr: str) -> tuple[bool, str]\n
 
Check envp, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_constraint","title":"check_constraint","text":"
check_constraint(constraint: str) -> tuple[CheckSatResult, str]\n
 
Parse constraint, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_gadget","title":"check_gadget","text":"
check_gadget(\n    gadget: str,\n    show_unsat: bool = False,\n    no_unknown: bool = False,\n    verbose: bool = False,\n) -> CheckSatResult\n
 
Check status of each gadget, return the gadget's status
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.find_gadgets","title":"find_gadgets","text":"
find_gadgets(\n    show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> dict[CheckSatResult, int]\n
 
Find gadgets by parsing the output of onegadget, return there's any valid gadget
"},{"location":"reference/pwndbg/aglib/proc/","title":"proc","text":""},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc","title":"proc","text":"
Provides values which would be available from /proc which are not fulfilled by other modules and some process/gdb flow related information.
 
Classes:
 
     
  •  module           \u2013            
    •  
 
Functions:
 
     
  •  OnlyWhenRunning             \u2013              
    •  
  •  OnlyWhenQemuKernel             \u2013              
    •  
  •  OnlyWithArch             \u2013              
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  pid               (int)           \u2013            
    •  
  •  tid               (int)           \u2013            
    •  
  •  thread_id               (int)           \u2013            
    •  
  •  alive               (bool)           \u2013            
    •  
  •  stopped_with_signal               (bool)           \u2013            
    •  
  •  exe               (str | None)           \u2013            
    •  
  •  binary_base_addr               (int)           \u2013            
    •  
  •  binary_vmmap               (tuple[Page, ...])           \u2013            
    •  
  •  tether           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.pid","title":"pid  module-attribute","text":"
pid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tid","title":"tid  module-attribute","text":"
tid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.thread_id","title":"thread_id  module-attribute","text":"
thread_id: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.alive","title":"alive  module-attribute","text":"
alive: bool\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.stopped_with_signal","title":"stopped_with_signal  module-attribute","text":"
stopped_with_signal: bool\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.exe","title":"exe  module-attribute","text":"
exe: str | None\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_base_addr","title":"binary_base_addr  module-attribute","text":"
binary_base_addr: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_vmmap","title":"binary_vmmap  module-attribute","text":"
binary_vmmap: tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tether","title":"tether  module-attribute","text":"
tether = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module","title":"module","text":"
               Bases: ModuleType
 
Methods:
 
     
  •  dump_elf_data_section             \u2013              
    Dump .data section of current process's ELF file
     
    •  
  •  dump_relocations_by_section_name             \u2013              
    Dump relocations of a section by section name of current process's ELF file
     
    •  
  •  get_section_address_by_name             \u2013              
    Find section address of current process by section name
     
    •  
  •  OnlyWhenRunning             \u2013              
    •  
  •  OnlyWhenQemuKernel             \u2013              
    •  
  •  OnlyWithArch             \u2013              
    Decorates function to work only with the specified archictectures.
     
    •  
 
Attributes:
 
     
  •  pid               (int)           \u2013            
    •  
  •  tid               (int)           \u2013            
    •  
  •  thread_id               (int)           \u2013            
    •  
  •  alive               (bool)           \u2013            
    Informs whether the process has a thread. However, note that it will
     
    •  
  •  stopped_with_signal               (bool)           \u2013            
    Returns whether the program has stopped with a signal
     
    •  
  •  exe               (str | None)           \u2013            
    Returns the executed file path.
     
    •  
  •  binary_base_addr               (int)           \u2013            
    •  
  •  binary_vmmap               (tuple[Page, ...])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.pid","title":"pid  property","text":"
pid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.tid","title":"tid  property","text":"
tid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.thread_id","title":"thread_id  property","text":"
thread_id: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.alive","title":"alive  property","text":"
alive: bool\n
 
Informs whether the process has a thread. However, note that it will still return True for a segfaulted thread. To detect that, consider using the stopped_with_signal method.
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.stopped_with_signal","title":"stopped_with_signal  property","text":"
stopped_with_signal: bool\n
 
Returns whether the program has stopped with a signal
 
Can be used to detect segfaults (but will also detect other signals)
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.exe","title":"exe  property","text":"
exe: str | None\n
 
Returns the executed file path.
 
On remote targets, this path may not exist locally.
 If you need the locally referenced file use 
gdb.current_process().filename
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_base_addr","title":"binary_base_addr  property","text":"
binary_base_addr: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_vmmap","title":"binary_vmmap  property","text":"
binary_vmmap: tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_elf_data_section","title":"dump_elf_data_section","text":"
dump_elf_data_section() -> tuple[int, int, bytes] | None\n
 
Dump .data section of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"
dump_relocations_by_section_name(\n    section_name: str,\n) -> tuple[Relocation, ...] | None\n
 
Dump relocations of a section by section name of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.get_section_address_by_name","title":"get_section_address_by_name","text":"
get_section_address_by_name(section_name: str) -> int\n
 
Find section address of current process by section name
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenRunning","title":"OnlyWhenRunning","text":"
OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"
OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWithArch","title":"OnlyWithArch","text":"
OnlyWithArch(\n    arch_names: list[str],\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\n
 
Decorates function to work only with the specified archictectures.
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenRunning","title":"OnlyWhenRunning","text":"
OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"
OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWithArch","title":"OnlyWithArch","text":"
OnlyWithArch(\n    arch_names: list[str],\n) -> Callable[[Callable[..., T]], Callable[..., T | None]]\n
"},{"location":"reference/pwndbg/aglib/qemu/","title":"qemu","text":""},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu","title":"qemu","text":"
Determine whether the target is being run under QEMU.
 
Functions:
 
     
  •  is_qemu             \u2013              
    •  
  •  is_usermode             \u2013              
    •  
  •  is_qemu_usermode             \u2013              
    Returns True if the target remote is being run under
     
    •  
  •  is_qemu_kernel             \u2013              
    •  
  •  is_old_qemu_user             \u2013              
    •  
  •  exec_file_supported             \u2013              
    Returns True if the remote target understands the 'qXfer:exec-file:read' packet.
     
    •  
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu","title":"is_qemu","text":"
is_qemu() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_usermode","title":"is_usermode","text":"
is_usermode() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_usermode","title":"is_qemu_usermode","text":"
is_qemu_usermode() -> bool\n
 
Returns True if the target remote is being run under QEMU usermode emulation.
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_kernel","title":"is_qemu_kernel","text":"
is_qemu_kernel() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_old_qemu_user","title":"is_old_qemu_user","text":"
is_old_qemu_user() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.exec_file_supported","title":"exec_file_supported","text":"
exec_file_supported() -> bool\n
 
Returns True if the remote target understands the 'qXfer:exec-file:read' packet. A check for this feature is done in vmmap code, to warn against running legacy Qemu versions.
"},{"location":"reference/pwndbg/aglib/regs/","title":"regs","text":""},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs","title":"regs","text":"
Reading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
 
Classes:
 
     
  •  module           \u2013            
    •  
 
Functions:
 
     
  •  regs_in_frame             \u2013              
    •  
  •  get_register             \u2013              
    •  
  •  get_qemu_register             \u2013              
    •  
  •  update_last             \u2013              
    •  
 
Attributes:
 
     
  •  PTRACE_ARCH_PRCTL           \u2013            
    •  
  •  ARCH_GET_FS           \u2013            
    •  
  •  ARCH_GET_GS           \u2013            
    •  
  •  gpr               (tuple[str, ...])           \u2013            
    •  
  •  common               (list[str])           \u2013            
    •  
  •  frame               (str | None)           \u2013            
    •  
  •  retaddr               (tuple[str, ...])           \u2013            
    •  
  •  flags               (dict[str, BitFlags])           \u2013            
    •  
  •  extra_flags               (dict[str, BitFlags])           \u2013            
    •  
  •  stack               (str)           \u2013            
    •  
  •  retval               (str | None)           \u2013            
    •  
  •  all               (list[str])           \u2013            
    •  
  •  changed               (list[str])           \u2013            
    •  
  •  fsbase               (int)           \u2013            
    •  
  •  gsbase               (int)           \u2013            
    •  
  •  current               (RegisterSet)           \u2013            
    •  
  •  fix               (Callable[[str], str])           \u2013            
    •  
  •  items               (Callable[[], Generator[tuple[str, Any], None, None]])           \u2013            
    •  
  •  previous               (dict[str, int])           \u2013            
    •  
  •  last               (dict[str, int])           \u2013            
    •  
  •  pc               (int | None)           \u2013            
    •  
  •  tether           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.PTRACE_ARCH_PRCTL","title":"PTRACE_ARCH_PRCTL  module-attribute","text":"
PTRACE_ARCH_PRCTL = 30\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_FS","title":"ARCH_GET_FS  module-attribute","text":"
ARCH_GET_FS = 4099\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_GS","title":"ARCH_GET_GS  module-attribute","text":"
ARCH_GET_GS = 4100\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gpr","title":"gpr  module-attribute","text":"
gpr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.common","title":"common  module-attribute","text":"
common: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.frame","title":"frame  module-attribute","text":"
frame: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retaddr","title":"retaddr  module-attribute","text":"
retaddr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.flags","title":"flags  module-attribute","text":"
flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.extra_flags","title":"extra_flags  module-attribute","text":"
extra_flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.stack","title":"stack  module-attribute","text":"
stack: str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retval","title":"retval  module-attribute","text":"
retval: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.all","title":"all  module-attribute","text":"
all: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.changed","title":"changed  module-attribute","text":"
changed: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fsbase","title":"fsbase  module-attribute","text":"
fsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gsbase","title":"gsbase  module-attribute","text":"
gsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.current","title":"current  module-attribute","text":"
current: RegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fix","title":"fix  module-attribute","text":"
fix: Callable[[str], str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.items","title":"items  module-attribute","text":"
items: Callable[[], Generator[tuple[str, Any], None, None]]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.previous","title":"previous  module-attribute","text":"
previous: dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.last","title":"last  module-attribute","text":"
last: dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.pc","title":"pc  module-attribute","text":"
pc: int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.tether","title":"tether  module-attribute","text":"
tether = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module","title":"module","text":"
               Bases: ModuleType
 
Methods:
 
     
  •  read_reg             \u2013              
    Query the underlying debugger for the value of a register.
     
    •  
  •  read_reg_uncached             \u2013              
    •  
  •  write_reg             \u2013              
    •  
  •  __contains__             \u2013              
    •  
  •  __iter__             \u2013              
    •  
  •  fix             \u2013              
    •  
  •  items             \u2013              
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  previous               (dict[str, int])           \u2013            
    •  
  •  last               (dict[str, int])           \u2013            
    •  
  •  pc               (int | None)           \u2013            
    Get the value of the program counter register
     
    •  
  •  sp               (int | None)           \u2013            
    Get the value of the stack pointer register
     
    •  
  •  current               (RegisterSet)           \u2013            
    •  
  •  gpr               (tuple[str, ...])           \u2013            
    •  
  •  common               (list[str])           \u2013            
    •  
  •  frame               (str | None)           \u2013            
    •  
  •  retaddr               (tuple[str, ...])           \u2013            
    •  
  •  kernel               (KernelRegisterSet)           \u2013            
    •  
  •  flags               (dict[str, BitFlags])           \u2013            
    •  
  •  extra_flags               (dict[str, BitFlags])           \u2013            
    •  
  •  stack               (str)           \u2013            
    •  
  •  retval               (str | None)           \u2013            
    •  
  •  all               (set[str])           \u2013            
    •  
  •  reg_sets           \u2013            
    •  
  •  changed               (list[str])           \u2013            
    •  
  •  idt               (int)           \u2013            
    •  
  •  idt_limit               (int)           \u2013            
    •  
  •  fsbase               (int)           \u2013            
    •  
  •  gsbase               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.previous","title":"previous  class-attribute instance-attribute","text":"
previous: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.last","title":"last  class-attribute instance-attribute","text":"
last: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.pc","title":"pc  property writable","text":"
pc: int | None\n
 
Get the value of the program counter register
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.sp","title":"sp  property writable","text":"
sp: int | None\n
 
Get the value of the stack pointer register
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.current","title":"current  property","text":"
current: RegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gpr","title":"gpr  property","text":"
gpr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.common","title":"common  property","text":"
common: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.frame","title":"frame  property","text":"
frame: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retaddr","title":"retaddr  property","text":"
retaddr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.kernel","title":"kernel  property","text":"
kernel: KernelRegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.flags","title":"flags  property","text":"
flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.extra_flags","title":"extra_flags  property","text":"
extra_flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.stack","title":"stack  property","text":"
stack: str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retval","title":"retval  property","text":"
retval: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.all","title":"all  property","text":"
all: set[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.reg_sets","title":"reg_sets  class-attribute instance-attribute","text":"
reg_sets = reg_sets\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.changed","title":"changed  property","text":"
changed: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt","title":"idt  property","text":"
idt: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt_limit","title":"idt_limit  property","text":"
idt_limit: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fsbase","title":"fsbase  property","text":"
fsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gsbase","title":"gsbase  property","text":"
gsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.read_reg","title":"read_reg","text":"
read_reg(reg: str, frame: Frame | None = None) -> int | None\n
 
Query the underlying debugger for the value of a register.
 
Note that in some rare cases, debuggers won't directly expose the values of some special model specific registers. Although we can sometimes determine these by other indirect means, this function does not run any extra logic to handle these special cases.
 
Specifically, if you need to ensure you are reading the correct value of \"gs\", \"fs\", \"idt\", or \"idt_limit\", use the specific helpers functions on the regs module as necessary to determine the values.
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.read_reg_uncached","title":"read_reg_uncached","text":"
read_reg_uncached(reg: str, frame: Frame | None = None) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.write_reg","title":"write_reg","text":"
write_reg(reg: str, value: int) -> None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__contains__","title":"__contains__","text":"
__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__iter__","title":"__iter__","text":"
__iter__() -> Iterator[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fix","title":"fix","text":"
fix(expression: str) -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.items","title":"items","text":"
items() -> Generator[tuple[str, Any], None, None]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.regs_in_frame","title":"regs_in_frame","text":"
regs_in_frame(frame: Frame) -> Registers\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_register","title":"get_register","text":"
get_register(name: str, frame: Frame | None = None) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_qemu_register","title":"get_qemu_register","text":"
get_qemu_register(name: str) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.update_last","title":"update_last","text":"
update_last() -> None\n
"},{"location":"reference/pwndbg/aglib/remote/","title":"remote","text":""},{"location":"reference/pwndbg/aglib/remote/#pwndbg.aglib.remote","title":"remote","text":"
Information about whether the debuggee is local (under GDB) or remote (under GDBSERVER or QEMU stub).
 
Functions:
 
     
  •  is_remote             \u2013              
    •  
"},{"location":"reference/pwndbg/aglib/remote/#pwndbg.aglib.remote.is_remote","title":"is_remote","text":"
is_remote() -> bool\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/","title":"saved_register_frames","text":""},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames","title":"saved_register_frames","text":"
Classes:
 
     
  •  SavedRegisterFrame           \u2013            
    A list of registers that have been saved to process memory for later restoration.
     
    •  
 
Attributes:
 
     
  •  ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS           \u2013            
    •  
  •  ARM_CORTEX_M_EXCEPTION_STACK           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS","title":"ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS  module-attribute","text":"
ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS = {\n    \"r0\": 0,\n    \"r1\": 4,\n    \"r2\": 8,\n    \"r3\": 12,\n    \"r12\": 16,\n    \"lr\": 20,\n    \"pc\": 24,\n    \"xpsr\": 28,\n}\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.ARM_CORTEX_M_EXCEPTION_STACK","title":"ARM_CORTEX_M_EXCEPTION_STACK  module-attribute","text":"
ARM_CORTEX_M_EXCEPTION_STACK = SavedRegisterFrame(\n    ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS\n)\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame","title":"SavedRegisterFrame  dataclass","text":"
SavedRegisterFrame(register_offsets: dict[str, int])\n
 
A list of registers that have been saved to process memory for later restoration.
 
For example, on syscall entry, the process registers are saved to the kernel stack.
 
Methods:
 
     
  •  read_saved_register             \u2013              
    •  
 
Attributes:
 
     
  •  offsets               (dict[str, int])           \u2013            
    •  
  •  frame_layout               (list[tuple[int, str]])           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.offsets","title":"offsets  instance-attribute","text":"
offsets: dict[str, int] = register_offsets\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.frame_layout","title":"frame_layout  instance-attribute","text":"
frame_layout: list[tuple[int, str]] = sorted((y, x) for (x, y) in (items()))\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.read_saved_register","title":"read_saved_register","text":"
read_saved_register(reg: str, sp: int = None) -> int | None\n
"},{"location":"reference/pwndbg/aglib/shellcode/","title":"shellcode","text":""},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode","title":"shellcode","text":"
Shellcode
 
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
 
Functions:
 
     
  •  exec_syscall             \u2013              
    Tries executing the given syscall in the context of the inferior.
     
    •  
  •  exec_shellcode             \u2013              
    Tries executing the given blob of machine code in the current context of the
     
    •  
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_syscall","title":"exec_syscall  async","text":"
exec_syscall(\n    ec: ExecutionController,\n    syscall,\n    arg0=None,\n    arg1=None,\n    arg2=None,\n    arg3=None,\n    arg4=None,\n    arg5=None,\n)\n
 
Tries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode","title":"exec_shellcode  async","text":"
exec_shellcode(ec: ExecutionController, blob)\n
 
Tries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
 
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode--safety","title":"Safety","text":"
Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/aglib/stack/","title":"stack","text":""},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack","title":"stack","text":"
Helpers for finding address mappings which are used as a stack.
 
Generally not needed, except under qemu-user and for when binaries do things to remap the stack (e.g. pwnies' postit).
 
Functions:
 
     
  •  find             \u2013              
    Returns a pwndbg.lib.memory.Page object which corresponds to given address stack
     
    •  
  •  find_upper_stack_boundary             \u2013              
    •  
  •  get             \u2013              
    For each running thread, return the known address range for its stack
     
    •  
  •  current             \u2013              
    Returns the bounds for the stack for the current thread.
     
    •  
  •  is_executable             \u2013              
    •  
  •  callstack             \u2013              
    Return the address of the return address for the current frame.
     
    •  
  •  get_stack_var_name             \u2013              
    Get the name of the stack variable covering the given address.
     
    •  
 
Attributes:
 
     
  •  auto_explore           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.auto_explore","title":"auto_explore  module-attribute","text":"
auto_explore = add_param(\n    \"auto-explore-stack\",\n    \"warn\",\n    \"stack exploration; it may be really slow\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find","title":"find","text":"
find(address: int) -> Page | None\n
 
Returns a pwndbg.lib.memory.Page object which corresponds to given address stack or None if it does not exist
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find_upper_stack_boundary","title":"find_upper_stack_boundary","text":"
find_upper_stack_boundary(stack_ptr: int, max_pages: int = 1024) -> int\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.get","title":"get","text":"
get() -> dict[int, Page]\n
 
For each running thread, return the known address range for its stack Returns a dict which should never be modified (since its cached)
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.current","title":"current","text":"
current() -> Page | None\n
 
Returns the bounds for the stack for the current thread.
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.is_executable","title":"is_executable","text":"
is_executable() -> bool\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.callstack","title":"callstack","text":"
callstack() -> list[int]\n
 
Return the address of the return address for the current frame.
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.get_stack_var_name","title":"get_stack_var_name","text":"
get_stack_var_name(address: int) -> str | None\n
 
Get the name of the stack variable covering the given address.
 
Returns the variable name with optional offset (e.g., \"buf+0x8\") if the address is within a variable but not at its start. Returns None if no variable is found.
"},{"location":"reference/pwndbg/aglib/strings/","title":"strings","text":""},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings","title":"strings","text":"
Functionality for resolving ASCII printable strings within the debuggee's address space.
 
Functions:
 
     
  •  update_length             \u2013              
    Unfortunately there's not a better way to get at this info.
     
    •  
  •  get             \u2013              
    Returns a printable C-string from address.
     
    •  
  •  yield_in_page             \u2013              
    Yields strings of length >= n found in a given vmmap page
     
    •  
 
Attributes:
 
     
  •  length           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.length","title":"length  module-attribute","text":"
length = 15\n
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.update_length","title":"update_length","text":"
update_length() -> None\n
 
Unfortunately there's not a better way to get at this info.
 
gdb.execute('show print elements', from_tty=False, to_string=True) 'Limit on string chars or array elements to print is 21.\\n'
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.get","title":"get","text":"
get(\n    address: int, maxlen: int | None = None, maxread: int | None = None\n) -> str | None\n
 
Returns a printable C-string from address.
 
Returns None if string contains non-printable chars or if the maxlen length data does not end up with a null byte.
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.yield_in_page","title":"yield_in_page","text":"
yield_in_page(page: Page, n=4) -> Iterator[str]\n
 
Yields strings of length >= n found in a given vmmap page
"},{"location":"reference/pwndbg/aglib/symbol/","title":"symbol","text":""},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol","title":"symbol","text":"
Looking up addresses for function names / symbols, and vice-versa.
 
Functions:
 
     
  •  lookup_symbol_addr             \u2013              
    •  
  •  lookup_symbol_value             \u2013              
    •  
  •  lookup_symbol             \u2013              
    Returns the address of the given symbol, cast-ed to the appropriate symbol type.
     
    •  
  •  lookup_frame_symbol             \u2013              
    Returns the address of the given symbol, cast-ed to the appropriate symbol type.
     
    •  
  •  resolve_addr             \u2013              
    Resolves an address to its corresponding symbol name, if available.
     
    •  
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol_addr","title":"lookup_symbol_addr","text":"
lookup_symbol_addr(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> int | None\n
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol_value","title":"lookup_symbol_value","text":"
lookup_symbol_value(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> int | None\n
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> Value | None\n
 
Returns the address of the given symbol, cast-ed to the appropriate symbol type.
 
This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only) Typedef names (if you need please use aglib.typeinfo.load) - (gdb only) Enum values (if you need please use aglib.typeinfo.enum_member)
 
The lookup order is as follows (default): 1. Global scope within the current module 2. Global static scope within the current module 3. Global scope in other modules 4. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"
lookup_frame_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
 
Returns the address of the given symbol, cast-ed to the appropriate symbol type.
 
This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only, please don't use) Typedef names - (gdb only, please don't use) Enum values
 
The lookup order is as follows: 1. Local scope 2. Global scope within the current module 3. Global static scope within the current module 4. Global scope in other modules 5. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.resolve_addr","title":"resolve_addr","text":"
resolve_addr(addr: int) -> str | None\n
 
Resolves an address to its corresponding symbol name, if available.
 
Note: - This function does not resolve TLS (Thread-Local Storage) addresses or addresses with local scope.
 
Resolution is performed in the following order: - Global scope symbols.
"},{"location":"reference/pwndbg/aglib/tls/","title":"tls","text":""},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls","title":"tls","text":"
Getting Thread Local Storage (TLS) information.
 
Functions:
 
     
  •  find_address_with_pthread_self             \u2013              
    Get the base address of the Thread Local Storage (TLS) for the current thread using
     
    •  
  •  find_address_with_register             \u2013              
    Get the base address of the Thread Local Storage (TLS) for the current thread using
     
    •  
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.__call_pthread_self","title":"__call_pthread_self","text":"
__call_pthread_self() -> int\n
 
Retrieve the address of the struct pthread_t for the current thread by calling pthread_self(). This address can be used to locate the base address of the Thread Local Storage (TLS).
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_pthread_self","title":"find_address_with_pthread_self","text":"
find_address_with_pthread_self() -> int\n
 
Get the base address of the Thread Local Storage (TLS) for the current thread using the pthread_self() function. The returned address points to the struct tcbhead_t, which serves as the header for TLS and thread-specific metadata.
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_register","title":"find_address_with_register","text":"
find_address_with_register() -> int\n
 
Get the base address of the Thread Local Storage (TLS) for the current thread using a CPU register. The returned address points to the struct tcbhead_t, which is the entry point for TLS and thread-specific metadata.
"},{"location":"reference/pwndbg/aglib/typeinfo/","title":"typeinfo","text":""},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo","title":"typeinfo","text":"
Common types.
 
Functions:
 
     
  •  lookup_types             \u2013              
    •  
  •  update             \u2013              
    •  
  •  load             \u2013              
    Load a symbol; note that new symbols can be added with add-symbol-file functionality
     
    •  
  •  get_type             \u2013              
    •  
 
Attributes:
 
     
  •  module           \u2013            
    •  
  •  char               (Type)           \u2013            
    •  
  •  ulong               (Type)           \u2013            
    •  
  •  long               (Type)           \u2013            
    •  
  •  uchar               (Type)           \u2013            
    •  
  •  ushort               (Type)           \u2013            
    •  
  •  uint               (Type)           \u2013            
    •  
  •  sint               (Type)           \u2013            
    •  
  •  void               (Type)           \u2013            
    •  
  •  uint8               (Type)           \u2013            
    •  
  •  uint16               (Type)           \u2013            
    •  
  •  uint32               (Type)           \u2013            
    •  
  •  uint64               (Type)           \u2013            
    •  
  •  unsigned               (dict[int, Type])           \u2013            
    •  
  •  int8               (Type)           \u2013            
    •  
  •  int16               (Type)           \u2013            
    •  
  •  int32               (Type)           \u2013            
    •  
  •  int64               (Type)           \u2013            
    •  
  •  signed               (dict[int, Type])           \u2013            
    •  
  •  pvoid               (Type)           \u2013            
    •  
  •  ppvoid               (Type)           \u2013            
    •  
  •  pchar               (Type)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    •  
  •  ptrdiff               (Type)           \u2013            
    •  
  •  size_t               (Type)           \u2013            
    •  
  •  ssize_t               (Type)           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.module","title":"module  module-attribute","text":"
module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.char","title":"char  module-attribute","text":"
char: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ulong","title":"ulong  module-attribute","text":"
ulong: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.long","title":"long  module-attribute","text":"
long: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uchar","title":"uchar  module-attribute","text":"
uchar: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ushort","title":"ushort  module-attribute","text":"
ushort: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint","title":"uint  module-attribute","text":"
uint: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.sint","title":"sint  module-attribute","text":"
sint: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.void","title":"void  module-attribute","text":"
void: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint8","title":"uint8  module-attribute","text":"
uint8: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint16","title":"uint16  module-attribute","text":"
uint16: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint32","title":"uint32  module-attribute","text":"
uint32: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint64","title":"uint64  module-attribute","text":"
uint64: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.unsigned","title":"unsigned  module-attribute","text":"
unsigned: dict[int, Type]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int8","title":"int8  module-attribute","text":"
int8: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int16","title":"int16  module-attribute","text":"
int16: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int32","title":"int32  module-attribute","text":"
int32: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int64","title":"int64  module-attribute","text":"
int64: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.signed","title":"signed  module-attribute","text":"
signed: dict[int, Type]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pvoid","title":"pvoid  module-attribute","text":"
pvoid: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ppvoid","title":"ppvoid  module-attribute","text":"
ppvoid: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pchar","title":"pchar  module-attribute","text":"
pchar: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrsize","title":"ptrsize  module-attribute","text":"
ptrsize: int = 4\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrdiff","title":"ptrdiff  module-attribute","text":"
ptrdiff: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.size_t","title":"size_t  module-attribute","text":"
size_t: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ssize_t","title":"ssize_t  module-attribute","text":"
ssize_t: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.lookup_types","title":"lookup_types","text":"
lookup_types(*types: str) -> Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.load","title":"load","text":"
load(name: str) -> Type | None\n
 
Load a symbol; note that new symbols can be added with add-symbol-file functionality
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.get_type","title":"get_type","text":"
get_type(size: int) -> Type\n
"},{"location":"reference/pwndbg/aglib/vmmap/","title":"vmmap","text":""},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap","title":"vmmap","text":"
Functions:
 
     
  •  get_memory_map             \u2013              
    •  
  •  get             \u2013              
    •  
  •  find             \u2013              
    •  
  •  addr_region_start             \u2013              
    Let's define a \"region\" as contiguous memory compromised of memory mappings
     
    •  
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.get_memory_map","title":"get_memory_map","text":"
get_memory_map() -> MemoryMap\n
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.get","title":"get","text":"
get() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.find","title":"find","text":"
find(address: int | Value | None) -> Page | None\n
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.addr_region_start","title":"addr_region_start","text":"
addr_region_start(address: int | Value) -> int | None\n
 
Let's define a \"region\" as contiguous memory compromised of memory mappings which all have the same object file name. Also referred to as \"File (Base)\" by xinfo.
 
Returns:
 
     
  •  int | None           \u2013            
    The start of the memory region this address belongs to, or None if the address
     
    •  
  •  int | None           \u2013            
    is not mapped.
     
    •  
"},{"location":"reference/pwndbg/aglib/vmmap_custom/","title":"vmmap_custom","text":""},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom","title":"vmmap_custom","text":"
Functions:
 
     
  •  clear_warn_cache             \u2013              
    •  
  •  get_custom_pages             \u2013              
    Returns a tuple of Page objects representing the memory mappings of the
     
    •  
  •  add_custom_page             \u2013              
    •  
  •  clear_custom_page             \u2013              
    •  
  •  explore             \u2013              
    Given a potential address, check to see what permissions it has.
     
    •  
  •  get_memory_flags             \u2013              
    •  
  •  find_boundaries             \u2013              
    Given a single address, find all contiguous pages
     
    •  
 
Attributes:
 
     
  •  explored_pages               (list[Page])           \u2013            
    •  
  •  custom_pages               (list[Page])           \u2013            
    •  
  •  auto_explore           \u2013            
    •  
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.explored_pages","title":"explored_pages  module-attribute","text":"
explored_pages: list[Page] = []\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.custom_pages","title":"custom_pages  module-attribute","text":"
custom_pages: list[Page] = []\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.auto_explore","title":"auto_explore  module-attribute","text":"
auto_explore = add_param(\n    \"auto-explore-pages\",\n    \"warn\",\n    \"whether to try to infer page permissions when memory maps are missing\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"yes\", \"warn\", \"no\"],\n    help_docstring=\"\\nThis command can cause errors.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_warn_cache","title":"clear_warn_cache","text":"
clear_warn_cache()\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_custom_pages","title":"get_custom_pages","text":"
get_custom_pages() -> tuple[Page, ...]\n
 
Returns a tuple of Page objects representing the memory mappings of the target, sorted by virtual address ascending.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.add_custom_page","title":"add_custom_page","text":"
add_custom_page(page: Page) -> None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_custom_page","title":"clear_custom_page","text":"
clear_custom_page() -> None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.explore","title":"explore","text":"
explore(address_maybe: int) -> Page | None\n
 
Given a potential address, check to see what permissions it has.
 
Returns:
 
     
  •  Page | None           \u2013            
    Page object
     
    •  
 Note 
Adds the Page object to a persistent list of pages which are only reset when the process dies. This means pages which are added this way will not be removed when unmapped.
 
Also assumes the entire contiguous section has the same permission.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_memory_flags","title":"get_memory_flags","text":"
get_memory_flags(address_maybe: int) -> int | None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.find_boundaries","title":"find_boundaries","text":"
find_boundaries(addr: int, name: str = '', min: int = 0) -> Page\n
 
Given a single address, find all contiguous pages which are mapped.
"},{"location":"reference/pwndbg/arguments/","title":"arguments","text":""},{"location":"reference/pwndbg/arguments/#pwndbg.arguments","title":"arguments","text":"
Function and syscall argument formatting.
 
Enumerates arguments which may be passed in a combination of registers and stack values.
 
Functions:
 
     
  •  get             \u2013              
    Returns an array containing the arguments to the current function,
     
    •  
  •  argname             \u2013              
    •  
  •  argument             \u2013              
    Returns the nth argument, as if $pc were a 'call' or 'bl' type
     
    •  
  •  arguments             \u2013              
    Yields (arg_name, arg_value) tuples for arguments from a given ABI.
     
    •  
  •  format_args             \u2013              
    •  
 
Attributes:
 
     
  •  FILE_DESCRIPTOR_ARG_NAMES           \u2013            
    •  
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.FILE_DESCRIPTOR_ARG_NAMES","title":"FILE_DESCRIPTOR_ARG_NAMES  module-attribute","text":"
FILE_DESCRIPTOR_ARG_NAMES = {\n    \"fd\",\n    \"in_fd\",\n    \"out_fd\",\n    \"fdin\",\n    \"fdout\",\n    \"oldfd\",\n    \"fildes\",\n    \"newfd\",\n    \"epfd\",\n    \"dfd\",\n    \"dirfd\",\n    \"mountdirfd\",\n}\n
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.get","title":"get","text":"
get(instruction: PwndbgInstruction) -> list[tuple[Argument, int]]\n
 
Returns an array containing the arguments to the current function, if $pc is a function call or syscall instruction.
 
Otherwise, returns None.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argname","title":"argname","text":"
argname(n: int, abi: ABI) -> str\n
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argument","title":"argument","text":"
argument(n: int, abi: ABI | None = None) -> int\n
 
Returns the nth argument, as if $pc were a 'call' or 'bl' type instruction. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.arguments","title":"arguments","text":"
arguments(abi: ABI | None = None)\n
 
Yields (arg_name, arg_value) tuples for arguments from a given ABI. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.format_args","title":"format_args","text":"
format_args(instruction: PwndbgInstruction) -> list[str]\n
"},{"location":"reference/pwndbg/auxv/","title":"auxv","text":""},{"location":"reference/pwndbg/auxv/#pwndbg.auxv","title":"auxv","text":"
Performs handling of the linux auxiliary vector.
 
https://www.man7.org/linux/man-pages/man3/getauxval.3.html https://lwn.net/Articles/519085/
 
Functions:
 
     
  •  get             \u2013              
    •  
  •  procfs_auxv             \u2013              
    •  
  •  use_info_auxv             \u2013              
    •  
  •  explore_stack_auxv             \u2013              
    •  
  •  walk_stack2             \u2013              
    •  
 
Attributes:
 
     
  •  auto_explore           \u2013            
    •  
  •  example_info_auxv_linux           \u2013            
    •  
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.auto_explore","title":"auto_explore  module-attribute","text":"
auto_explore = add_param(\n    \"auto-explore-auxv\",\n    \"warn\",\n    \"stack exploration for AUXV information; it may be really slow\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.example_info_auxv_linux","title":"example_info_auxv_linux  module-attribute","text":"
example_info_auxv_linux = '\\n33   AT_SYSINFO_EHDR      System-supplied DSO\\'s ELF header 0x7ffff7ffa000\\n16   AT_HWCAP             Machine-dependent CPU capability hints 0xfabfbff\\n6    AT_PAGESZ            System page size               4096\\n17   AT_CLKTCK            Frequency of times()           100\\n3    AT_PHDR              Program headers for program    0x400040\\n4    AT_PHENT             Size of program header entry   56\\n5    AT_PHNUM             Number of program headers      9\\n7    AT_BASE              Base address of interpreter    0x7ffff7dda000\\n8    AT_FLAGS             Flags                          0x0\\n9    AT_ENTRY             Entry point of program         0x42020b\\n11   AT_UID               Real user ID                   1000\\n12   AT_EUID              Effective user ID              1000\\n13   AT_GID               Real group ID                  1000\\n14   AT_EGID              Effective group ID             1000\\n23   AT_SECURE            Boolean, was exec setuid-like? 0\\n25   AT_RANDOM            Address of 16 random bytes     0x7fffffffdb39\\n31   AT_EXECFN            File name of executable        0x7fffffffefee \"/bin/bash\"\\n15   AT_PLATFORM          String identifying platform    0x7fffffffdb49 \"x86_64\"\\n0    AT_NULL              End of vector                  0x0\\n'\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.get","title":"get","text":"
get() -> AUXV\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.procfs_auxv","title":"procfs_auxv","text":"
procfs_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.use_info_auxv","title":"use_info_auxv","text":"
use_info_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.explore_stack_auxv","title":"explore_stack_auxv","text":"
explore_stack_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.walk_stack2","title":"walk_stack2","text":"
walk_stack2(offset: int = 0) -> AUXV\n
"},{"location":"reference/pwndbg/chain/","title":"chain","text":""},{"location":"reference/pwndbg/chain/#pwndbg.chain","title":"chain","text":"
Dereference and format pointer chains.
 
Functions:
 
     
  •  get             \u2013              
    Recursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
     
    •  
  •  format             \u2013              
    Recursively dereferences an address into string representation, or convert the list representation
     
    •  
 
Attributes:
 
     
  •  LIMIT           \u2013            
    •  
  •  c           \u2013            
    •  
  •  config_arrow_left           \u2013            
    •  
  •  config_arrow_right           \u2013            
    •  
  •  config_contiguous           \u2013            
    •  
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.LIMIT","title":"LIMIT  module-attribute","text":"
LIMIT = add_param(\n    \"dereference-limit\", 5, \"max number of pointers to dereference in a chain\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.c","title":"c  module-attribute","text":"
c = ColorConfig(\n    \"chain\",\n    [\n        ColorParamSpec(\"arrow\", \"normal\", \"color of chain formatting (arrow)\"),\n        ColorParamSpec(\n            \"contiguous-marker\",\n            \"normal\",\n            \"color of chain formatting (contiguous marker)\",\n        ),\n    ],\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_left","title":"config_arrow_left  module-attribute","text":"
config_arrow_left = add_param(\n    \"chain-arrow-left\", \"\u25c2\u2014\", \"left arrow of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_right","title":"config_arrow_right  module-attribute","text":"
config_arrow_right = add_param(\n    \"chain-arrow-right\", \"\u2014\u25b8\", \"right arrow of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_contiguous","title":"config_contiguous  module-attribute","text":"
config_contiguous = add_param(\n    \"chain-contiguous-marker\", \"...\", \"contiguous marker of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.get","title":"get","text":"
get(\n    address: int | None,\n    limit: int = LIMIT,\n    offset: int = 0,\n    hard_stop: int | None = None,\n    hard_end: int = 0,\n    include_start: bool = True,\n    safe_linking: bool = False,\n) -> list[int] | None\n
 
Recursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
 
Parameters:
 
     
  •  address               (int | None)           \u2013            
    the first address to begin dereferencing
     
    •  
  •  limit               (int, default:                   LIMIT )           \u2013            
    number of valid pointers
     
    •  
  •  offset               (int, default:                   0 )           \u2013            
    offset into the address to get the next pointer
     
    •  
  •  hard_stop               (int | None, default:                   None )           \u2013            
    address to stop at
     
    •  
  •  hard_end               (int, default:                   0 )           \u2013            
    value to append when hard_stop is reached
     
    •  
  •  include_start               (bool, default:                   True )           \u2013            
    whether to include starting address or not
     
    •  
  •  safe_linking               (bool, default:                   False )           \u2013            
    whether this chain use safe-linking
     
    •  
 
Returns:
 
     
  •  list[int] | None           \u2013            
    A list representing pointers of each address and reference
     
    •  
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.format","title":"format","text":"
format(\n    value: int | list[int] | None,\n    limit: int = LIMIT,\n    code: bool = True,\n    offset: int = 0,\n    hard_stop: int | None = None,\n    hard_end: int = 0,\n    safe_linking: bool = False,\n    enhance_string_len: int | None = None,\n) -> str\n
 
Recursively dereferences an address into string representation, or convert the list representation of address dereferences into string representation.
 
Parameters:
 
     
  •  value               (int | list[int] | None)           \u2013            
    Either the starting address to be sent to get, or the result of get (a list)
     
    •  
  •  limit               (int, default:                   LIMIT )           \u2013            
    Number of valid pointers
     
    •  
  •  code               (bool, default:                   True )           \u2013            
    Hint that indicates the value may be an instruction
     
    •  
  •  offset               (int, default:                   0 )           \u2013            
    Offset into the address to get the next pointer
     
    •  
  •  hard_stop               (int | None, default:                   None )           \u2013            
    Value to stop on
     
    •  
  •  hard_end               (int, default:                   0 )           \u2013            
    Value to append when hard_stop is reached: null, value of hard stop, a string.
     
    •  
  •  safe_linking               (bool, default:                   False )           \u2013            
    whether this chain use safe-linking
     
    •  
  •  enhance_string_len               (int | None, default:                   None )           \u2013            
    The length of string to display for enhancement of the last pointer
     
    •  
 
Returns:     A string representing pointers of each address and reference     Strings format: 0x0804a10 \u2014\u25b8 0x08061000 \u25c2\u2014 0x41414141
"},{"location":"reference/pwndbg/color/","title":"color","text":""},{"location":"reference/pwndbg/color/#pwndbg.color","title":"color","text":"
Text colorizing and theme configuration logic.
 
Modules:
 
     
  •  context           \u2013            
    •  
  •  disasm           \u2013            
    •  
  •  enhance           \u2013            
    •  
  •  hexdump           \u2013            
    •  
  •  memory           \u2013            
    •  
  •  message           \u2013            
    •  
  •  syntax_highlight           \u2013            
    •  
  •  telescope           \u2013            
    •  
  •  theme           \u2013            
    •  
 
Classes:
 
     
  •  ColorParamSpec           \u2013            
    •  
  •  ColorConfig           \u2013            
    •  
 
Functions:
 
     
  •  normal             \u2013              
    •  
  •  black             \u2013              
    •  
  •  red             \u2013              
    •  
  •  green             \u2013              
    •  
  •  yellow             \u2013              
    •  
  •  blue             \u2013              
    •  
  •  purple             \u2013              
    •  
  •  cyan             \u2013              
    •  
  •  light_gray             \u2013              
    •  
  •  foreground             \u2013              
    •  
  •  gray             \u2013              
    •  
  •  light_red             \u2013              
    •  
  •  light_green             \u2013              
    •  
  •  light_yellow             \u2013              
    •  
  •  light_blue             \u2013              
    •  
  •  light_purple             \u2013              
    •  
  •  light_cyan             \u2013              
    •  
  •  white             \u2013              
    •  
  •  bold             \u2013              
    •  
  •  underline             \u2013              
    •  
  •  colorize             \u2013              
    •  
  •  nocolor             \u2013              
    •  
  •  unstylize             \u2013              
    •  
  •  generateColorFunctionInner             \u2013              
    •  
  •  generateColorFunction             \u2013              
    •  
  •  strip             \u2013              
    •  
  •  terminateWith             \u2013              
    •  
  •  ljust_colored             \u2013              
    •  
  •  rjust_colored             \u2013              
    •  
 
Attributes:
 
     
  •  NORMAL           \u2013            
    •  
  •  BLACK           \u2013            
    •  
  •  RED           \u2013            
    •  
  •  GREEN           \u2013            
    •  
  •  YELLOW           \u2013            
    •  
  •  BLUE           \u2013            
    •  
  •  PURPLE           \u2013            
    •  
  •  CYAN           \u2013            
    •  
  •  LIGHT_GREY           \u2013            
    •  
  •  LIGHT_GRAY           \u2013            
    •  
  •  FOREGROUND           \u2013            
    •  
  •  GREY           \u2013            
    •  
  •  GRAY           \u2013            
    •  
  •  LIGHT_RED           \u2013            
    •  
  •  LIGHT_GREEN           \u2013            
    •  
  •  LIGHT_YELLOW           \u2013            
    •  
  •  LIGHT_BLUE           \u2013            
    •  
  •  LIGHT_PURPLE           \u2013            
    •  
  •  LIGHT_CYAN           \u2013            
    •  
  •  WHITE           \u2013            
    •  
  •  BOLD           \u2013            
    •  
  •  UNDERLINE           \u2013            
    •  
  •  none           \u2013            
    •  
  •  ansi_escape_8bit           \u2013            
    •  
  •  disable_colors           \u2013            
    •  
"},{"location":"reference/pwndbg/color/#pwndbg.color.NORMAL","title":"NORMAL  module-attribute","text":"
NORMAL = '\\x1b[0m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLACK","title":"BLACK  module-attribute","text":"
BLACK = '\\x1b[30m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.RED","title":"RED  module-attribute","text":"
RED = '\\x1b[31m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREEN","title":"GREEN  module-attribute","text":"
GREEN = '\\x1b[32m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.YELLOW","title":"YELLOW  module-attribute","text":"
YELLOW = '\\x1b[33m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLUE","title":"BLUE  module-attribute","text":"
BLUE = '\\x1b[34m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.PURPLE","title":"PURPLE  module-attribute","text":"
PURPLE = '\\x1b[35m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.CYAN","title":"CYAN  module-attribute","text":"
CYAN = '\\x1b[36m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREY","title":"LIGHT_GREY  module-attribute","text":"
LIGHT_GREY = '\\x1b[37m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GRAY","title":"LIGHT_GRAY  module-attribute","text":"
LIGHT_GRAY = '\\x1b[37m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.FOREGROUND","title":"FOREGROUND  module-attribute","text":"
FOREGROUND = '\\x1b[39m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREY","title":"GREY  module-attribute","text":"
GREY = '\\x1b[90m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GRAY","title":"GRAY  module-attribute","text":"
GRAY = '\\x1b[90m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_RED","title":"LIGHT_RED  module-attribute","text":"
LIGHT_RED = '\\x1b[91m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREEN","title":"LIGHT_GREEN  module-attribute","text":"
LIGHT_GREEN = '\\x1b[92m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_YELLOW","title":"LIGHT_YELLOW  module-attribute","text":"
LIGHT_YELLOW = '\\x1b[93m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_BLUE","title":"LIGHT_BLUE  module-attribute","text":"
LIGHT_BLUE = '\\x1b[94m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_PURPLE","title":"LIGHT_PURPLE  module-attribute","text":"
LIGHT_PURPLE = '\\x1b[95m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_CYAN","title":"LIGHT_CYAN  module-attribute","text":"
LIGHT_CYAN = '\\x1b[96m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.WHITE","title":"WHITE  module-attribute","text":"
WHITE = '\\x1b[97m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BOLD","title":"BOLD  module-attribute","text":"
BOLD = '\\x1b[1m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.UNDERLINE","title":"UNDERLINE  module-attribute","text":"
UNDERLINE = '\\x1b[4m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.none","title":"none  module-attribute","text":"
none = str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ansi_escape_8bit","title":"ansi_escape_8bit  module-attribute","text":"
ansi_escape_8bit = compile(\n    \"(?:\\\\x1B[@-Z\\\\\\\\-_]|[\\\\x80-\\\\x9A\\\\x9C-\\\\x9F]|(?:\\\\x1B\\\\[|\\\\x9B)[0-?]*[ -/]*[@-~])\"\n)\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.disable_colors","title":"disable_colors  module-attribute","text":"
disable_colors = add_param(\n    \"disable-colors\",\n    bool(get(\"NO_COLOR\")),\n    \"whether to color the output or not\",\n)\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec","title":"ColorParamSpec","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  default               (str)           \u2013            
    •  
  •  doc               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.default","title":"default  instance-attribute","text":"
default: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.doc","title":"doc  instance-attribute","text":"
doc: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorConfig","title":"ColorConfig","text":"
ColorConfig(namespace: str, params: list[ColorParamSpec])\n
 
Methods:
 
     
  •  __getattr__             \u2013              
    •  
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorConfig.__getattr__","title":"__getattr__","text":"
__getattr__(attr: str) -> Callable[[str], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.normal","title":"normal","text":"
normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.black","title":"black","text":"
black(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.red","title":"red","text":"
red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.green","title":"green","text":"
green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.yellow","title":"yellow","text":"
yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.blue","title":"blue","text":"
blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.purple","title":"purple","text":"
purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.cyan","title":"cyan","text":"
cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_gray","title":"light_gray","text":"
light_gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.foreground","title":"foreground","text":"
foreground(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.gray","title":"gray","text":"
gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_red","title":"light_red","text":"
light_red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_green","title":"light_green","text":"
light_green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_yellow","title":"light_yellow","text":"
light_yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_blue","title":"light_blue","text":"
light_blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_purple","title":"light_purple","text":"
light_purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_cyan","title":"light_cyan","text":"
light_cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.white","title":"white","text":"
white(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.bold","title":"bold","text":"
bold(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.underline","title":"underline","text":"
underline(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.colorize","title":"colorize","text":"
colorize(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.nocolor","title":"nocolor","text":"
nocolor(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.unstylize","title":"unstylize","text":"
unstylize(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunctionInner","title":"generateColorFunctionInner","text":"
generateColorFunctionInner(\n    old: Callable[[object], str], new: Callable[[str], str]\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunction","title":"generateColorFunction","text":"
generateColorFunction(\n    config: str | Parameter,\n    _globals: dict[str, Callable[[str], str]] = globals(),\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.strip","title":"strip","text":"
strip(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.terminateWith","title":"terminateWith","text":"
terminateWith(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ljust_colored","title":"ljust_colored","text":"
ljust_colored(x: str, length: int, char: str = ' ') -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.rjust_colored","title":"rjust_colored","text":"
rjust_colored(x: str, length: int, char: str = ' ')\n
"},{"location":"reference/pwndbg/color/context/","title":"context","text":""},{"location":"reference/pwndbg/color/context/#pwndbg.color.context","title":"context","text":"
Functions:
 
     
  •  prefix             \u2013              
    •  
  •  highlight             \u2013              
    •  
  •  register             \u2013              
    •  
  •  register_changed             \u2013              
    •  
  •  flag_bracket             \u2013              
    •  
  •  flag_value             \u2013              
    •  
  •  flag_set             \u2013              
    •  
  •  flag_unset             \u2013              
    •  
  •  flag_changed             \u2013              
    •  
  •  banner             \u2013              
    •  
  •  banner_title             \u2013              
    •  
  •  comment             \u2013              
    •  
  •  format_flags             \u2013              
    •  
 
Attributes:
 
     
  •  config_prefix_color           \u2013            
    •  
  •  config_highlight_color           \u2013            
    •  
  •  config_register_color           \u2013            
    •  
  •  config_flag_value_color           \u2013            
    •  
  •  config_flag_bracket_color           \u2013            
    •  
  •  config_flag_set_color           \u2013            
    •  
  •  config_flag_unset_color           \u2013            
    •  
  •  config_flag_changed_color           \u2013            
    •  
  •  config_banner_color           \u2013            
    •  
  •  config_banner_title           \u2013            
    •  
  •  config_register_changed_color           \u2013            
    •  
  •  config_register_changed_marker           \u2013            
    •  
  •  config_comment           \u2013            
    •  
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_prefix_color","title":"config_prefix_color  module-attribute","text":"
config_prefix_color = add_color_param(\n    \"code-prefix-color\",\n    \"none\",\n    \"color for 'context code' command (prefix marker)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_highlight_color","title":"config_highlight_color  module-attribute","text":"
config_highlight_color = add_color_param(\n    \"highlight-color\", \"green,bold\", \"color added to highlights like source/pc\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_color","title":"config_register_color  module-attribute","text":"
config_register_color = add_color_param(\n    \"context-register-color\", \"bold\", \"color for registers label\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_value_color","title":"config_flag_value_color  module-attribute","text":"
config_flag_value_color = add_color_param(\n    \"context-flag-value-color\",\n    \"none\",\n    \"color for flags register (register value)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_bracket_color","title":"config_flag_bracket_color  module-attribute","text":"
config_flag_bracket_color = add_color_param(\n    \"context-flag-bracket-color\", \"none\", \"color for flags register (bracket)\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_set_color","title":"config_flag_set_color  module-attribute","text":"
config_flag_set_color = add_color_param(\n    \"context-flag-set-color\",\n    \"green,bold\",\n    \"color for flags register (flag set)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_unset_color","title":"config_flag_unset_color  module-attribute","text":"
config_flag_unset_color = add_color_param(\n    \"context-flag-unset-color\", \"red\", \"color for flags register (flag unset)\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_changed_color","title":"config_flag_changed_color  module-attribute","text":"
config_flag_changed_color = add_color_param(\n    \"context-flag-changed-color\",\n    \"underline\",\n    \"color for flags register (flag changed)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_color","title":"config_banner_color  module-attribute","text":"
config_banner_color = add_color_param(\n    \"banner-color\", \"blue\", \"color for banner line\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_title","title":"config_banner_title  module-attribute","text":"
config_banner_title = add_color_param(\n    \"banner-title-color\", \"none\", \"color for banner title\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_color","title":"config_register_changed_color  module-attribute","text":"
config_register_changed_color = add_color_param(\n    \"context-register-changed-color\",\n    \"red\",\n    \"color for registers label (change marker)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_marker","title":"config_register_changed_marker  module-attribute","text":"
config_register_changed_marker = add_param(\n    \"context-register-changed-marker\", \"*\", \"change marker for registers label\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_comment","title":"config_comment  module-attribute","text":"
config_comment = add_color_param('comment-color', 'gray', 'color for comment')\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.prefix","title":"prefix","text":"
prefix(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.highlight","title":"highlight","text":"
highlight(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register","title":"register","text":"
register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register_changed","title":"register_changed","text":"
register_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_bracket","title":"flag_bracket","text":"
flag_bracket(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_value","title":"flag_value","text":"
flag_value(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_set","title":"flag_set","text":"
flag_set(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_unset","title":"flag_unset","text":"
flag_unset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_changed","title":"flag_changed","text":"
flag_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner","title":"banner","text":"
banner(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner_title","title":"banner_title","text":"
banner_title(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.comment","title":"comment","text":"
comment(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.format_flags","title":"format_flags","text":"
format_flags(value: int | None, flags: BitFlags, last: int | None = None)\n
"},{"location":"reference/pwndbg/color/disasm/","title":"disasm","text":""},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm","title":"disasm","text":"
Functions:
 
     
  •  one_instruction             \u2013              
    •  
  •  instructions_and_padding             \u2013              
    •  
 
Attributes:
 
     
  •  c           \u2013            
    •  
  •  config_branch_on           \u2013            
    •  
  •  config_branch_off           \u2013            
    •  
  •  MIN_SPACING           \u2013            
    •  
  •  WHITESPACE_LIMIT           \u2013            
    •  
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.c","title":"c  module-attribute","text":"
c = ColorConfig(\n    \"disasm\",\n    [\n        ColorParamSpec(\n            \"branch\", \"bold\", \"color for disasm (branch/call instruction)\"\n        )\n    ],\n)\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.config_branch_on","title":"config_branch_on  module-attribute","text":"
config_branch_on = add_param(\n    \"disasm-branch-on\", \"\u2714\", \"marker for branches that WILL be taken\"\n)\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.config_branch_off","title":"config_branch_off  module-attribute","text":"
config_branch_off = add_param(\n    \"disasm-branch-off\", \"\u2718\", \"marker for branches that will NOT be taken\"\n)\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.MIN_SPACING","title":"MIN_SPACING  module-attribute","text":"
MIN_SPACING = 5\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.WHITESPACE_LIMIT","title":"WHITESPACE_LIMIT  module-attribute","text":"
WHITESPACE_LIMIT = 20\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.one_instruction","title":"one_instruction","text":"
one_instruction(ins: PwndbgInstruction) -> str\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.instructions_and_padding","title":"instructions_and_padding","text":"
instructions_and_padding(instructions: list[PwndbgInstruction]) -> list[str]\n
"},{"location":"reference/pwndbg/color/enhance/","title":"enhance","text":""},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance","title":"enhance","text":"
Functions:
 
     
  •  integer             \u2013              
    •  
  •  string             \u2013              
    •  
  •  comment             \u2013              
    •  
  •  unknown             \u2013              
    •  
 
Attributes:
 
     
  •  config_integer_color           \u2013            
    •  
  •  config_string_color           \u2013            
    •  
  •  config_comment_color           \u2013            
    •  
  •  config_unknown_color           \u2013            
    •  
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_integer_color","title":"config_integer_color  module-attribute","text":"
config_integer_color = add_color_param(\n    \"enhance-integer-value-color\", \"none\", \"color of value enhance (integer)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_string_color","title":"config_string_color  module-attribute","text":"
config_string_color = add_color_param(\n    \"enhance-string-value-color\", \"none\", \"color of value enhance (string)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_comment_color","title":"config_comment_color  module-attribute","text":"
config_comment_color = add_color_param(\n    \"enhance-comment-color\", \"none\", \"color of value enhance (comment)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_unknown_color","title":"config_unknown_color  module-attribute","text":"
config_unknown_color = add_color_param(\n    \"enhance-unknown-color\", \"none\", \"color of value enhance (unknown value)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.integer","title":"integer","text":"
integer(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.string","title":"string","text":"
string(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.comment","title":"comment","text":"
comment(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.unknown","title":"unknown","text":"
unknown(x)\n
"},{"location":"reference/pwndbg/color/hexdump/","title":"hexdump","text":""},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump","title":"hexdump","text":"
Functions:
 
     
  •  normal             \u2013              
    •  
  •  printable             \u2013              
    •  
  •  zero             \u2013              
    •  
  •  special             \u2013              
    •  
  •  offset             \u2013              
    •  
  •  address             \u2013              
    •  
  •  separator             \u2013              
    •  
  •  highlight_group_lsb             \u2013              
    •  
 
Attributes:
 
     
  •  config_normal           \u2013            
    •  
  •  config_printable           \u2013            
    •  
  •  config_zero           \u2013            
    •  
  •  config_special           \u2013            
    •  
  •  config_offset           \u2013            
    •  
  •  config_address           \u2013            
    •  
  •  config_separator           \u2013            
    •  
  •  config_highlight_group_lsb           \u2013            
    •  
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_normal","title":"config_normal  module-attribute","text":"
config_normal = add_color_param(\n    \"hexdump-normal-color\", \"none\", \"color for hexdump command (normal bytes)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_printable","title":"config_printable  module-attribute","text":"
config_printable = add_color_param(\n    \"hexdump-printable-color\",\n    \"bold\",\n    \"color for hexdump command (printable characters)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_zero","title":"config_zero  module-attribute","text":"
config_zero = add_color_param(\n    \"hexdump-zero-color\", \"red\", \"color for hexdump command (zero bytes)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_special","title":"config_special  module-attribute","text":"
config_special = add_color_param(\n    \"hexdump-special-color\",\n    \"yellow\",\n    \"color for hexdump command (special bytes)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_offset","title":"config_offset  module-attribute","text":"
config_offset = add_color_param(\n    \"hexdump-offset-color\", \"none\", \"color for hexdump command (offset label)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_address","title":"config_address  module-attribute","text":"
config_address = add_color_param(\n    \"hexdump-address-color\", \"none\", \"color for hexdump command (address label)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_separator","title":"config_separator  module-attribute","text":"
config_separator = add_color_param(\n    \"hexdump-separator-color\",\n    \"none\",\n    \"color for hexdump command (group separator)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_highlight_group_lsb","title":"config_highlight_group_lsb  module-attribute","text":"
config_highlight_group_lsb = add_param(\n    \"hexdump-highlight-group-lsb\",\n    \"underline\",\n    \"highlight LSB of each group\",\n    help_docstring=\"Applies only if hexdump-use-big-endian actually changes byte order.\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.normal","title":"normal","text":"
normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.printable","title":"printable","text":"
printable(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.zero","title":"zero","text":"
zero(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.special","title":"special","text":"
special(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.offset","title":"offset","text":"
offset(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.address","title":"address","text":"
address(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.separator","title":"separator","text":"
separator(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.highlight_group_lsb","title":"highlight_group_lsb","text":"
highlight_group_lsb(x: str) -> str\n
"},{"location":"reference/pwndbg/color/memory/","title":"memory","text":""},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory","title":"memory","text":"
Functions:
 
     
  •  get_address_and_symbol             \u2013              
    Convert and colorize address 0x7ffff7fcecd0 to string 0x7ffff7fcecd0 (_dl_fini)
     
    •  
  •  get_address_or_symbol             \u2013              
    Convert and colorize address to symbol if it can be resolved, else return colorized address
     
    •  
  •  attempt_colorized_symbol             \u2013              
    Convert address to colorized symbol (if symbol is there), else None
     
    •  
  •  get             \u2013              
    Returns a colorized string representing the provided address.
     
    •  
  •  legend             \u2013              
    •  
 
Attributes:
 
     
  •  ColorFunction           \u2013            
    •  
  •  c           \u2013            
    •  
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.ColorFunction","title":"ColorFunction  module-attribute","text":"
ColorFunction = Callable[[str], str]\n
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.c","title":"c  module-attribute","text":"
c = ColorConfig(\n    \"memory\",\n    [\n        ColorParamSpec(\"stack\", \"yellow\", \"color for stack memory\"),\n        ColorParamSpec(\"heap\", \"blue\", \"color for heap memory\"),\n        ColorParamSpec(\"code\", \"red\", \"color for executable memory\"),\n        ColorParamSpec(\"data\", \"purple\", \"color for all other writable memory\"),\n        ColorParamSpec(\"rodata\", \"normal\", \"color for all read only memory\"),\n        ColorParamSpec(\"wx\", \"underline\", \"color added to all WX memory\"),\n        ColorParamSpec(\n            \"guard\", \"cyan\", \"color added to all guard pages (no perms)\"\n        ),\n    ],\n)\n
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_and_symbol","title":"get_address_and_symbol","text":"
get_address_and_symbol(address: int) -> str\n
 
Convert and colorize address 0x7ffff7fcecd0 to string 0x7ffff7fcecd0 (_dl_fini) If no symbol exists for the address, return colorized address
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_or_symbol","title":"get_address_or_symbol","text":"
get_address_or_symbol(address: int) -> str\n
 
Convert and colorize address to symbol if it can be resolved, else return colorized address
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.attempt_colorized_symbol","title":"attempt_colorized_symbol","text":"
attempt_colorized_symbol(address: int) -> str | None\n
 
Convert address to colorized symbol (if symbol is there), else None
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get","title":"get","text":"
get(\n    address: int | Value | Any,\n    text: str | None = None,\n    prefix: str | None = None,\n) -> str\n
 
Returns a colorized string representing the provided address.
 
Parameters:
 
     
  •  address               (int | Value | Any)           \u2013            
    Address to look up
     
    •  
  •  text               (str | None, default:                   None )           \u2013            
    Optional text to use in place of the address in the return value string.
     
    •  
  •  prefix               (str | None, default:                   None )           \u2013            
    Optional text to set at beginning in the return value string, followed by a space, without modifiying the original text.
     
    •  
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.legend","title":"legend","text":"
legend()\n
"},{"location":"reference/pwndbg/color/message/","title":"message","text":""},{"location":"reference/pwndbg/color/message/#pwndbg.color.message","title":"message","text":"
Functions:
 
     
  •  on             \u2013              
    •  
  •  off             \u2013              
    •  
  •  notice             \u2013              
    •  
  •  hint             \u2013              
    •  
  •  success             \u2013              
    •  
  •  debug             \u2013              
    •  
  •  info             \u2013              
    •  
  •  warn             \u2013              
    •  
  •  error             \u2013              
    •  
  •  system             \u2013              
    •  
  •  exit             \u2013              
    •  
  •  breakpoint             \u2013              
    •  
  •  signal             \u2013              
    •  
  •  prompt             \u2013              
    •  
  •  alive_prompt             \u2013              
    •  
  •  readline_escape             \u2013              
    •  
 
Attributes:
 
     
  •  config_status_on_color           \u2013            
    •  
  •  config_status_off_color           \u2013            
    •  
  •  config_notice_color           \u2013            
    •  
  •  config_hint_color           \u2013            
    •  
  •  config_success_color           \u2013            
    •  
  •  config_debug_color           \u2013            
    •  
  •  config_info_color           \u2013            
    •  
  •  config_warning_color           \u2013            
    •  
  •  config_error_color           \u2013            
    •  
  •  config_system_color           \u2013            
    •  
  •  config_exit_color           \u2013            
    •  
  •  config_breakpoint_color           \u2013            
    •  
  •  config_signal_color           \u2013            
    •  
  •  config_prompt_color           \u2013            
    •  
  •  config_prompt_alive_color           \u2013            
    •  
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_status_on_color","title":"config_status_on_color  module-attribute","text":"
config_status_on_color = add_color_param(\n    \"message-status-on-color\", \"green\", \"color of on status messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_status_off_color","title":"config_status_off_color  module-attribute","text":"
config_status_off_color = add_color_param(\n    \"message-status-off-color\", \"red\", \"color of off status messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_notice_color","title":"config_notice_color  module-attribute","text":"
config_notice_color = add_color_param(\n    \"message-notice-color\", \"purple\", \"color of notice messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_hint_color","title":"config_hint_color  module-attribute","text":"
config_hint_color = add_color_param(\n    \"message-hint-color\", \"yellow\", \"color of hint and marker messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_success_color","title":"config_success_color  module-attribute","text":"
config_success_color = add_color_param(\n    \"message-success-color\", \"green\", \"color of success messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_debug_color","title":"config_debug_color  module-attribute","text":"
config_debug_color = add_color_param(\n    \"message-debug-color\", \"blue\", \"color of debug messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_info_color","title":"config_info_color  module-attribute","text":"
config_info_color = add_color_param(\n    \"message-info-color\", \"white\", \"color of info messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_warning_color","title":"config_warning_color  module-attribute","text":"
config_warning_color = add_color_param(\n    \"message-warning-color\", \"yellow\", \"color of warning messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_error_color","title":"config_error_color  module-attribute","text":"
config_error_color = add_color_param(\n    \"message-error-color\", \"red\", \"color of error messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_system_color","title":"config_system_color  module-attribute","text":"
config_system_color = add_color_param(\n    \"message-system-color\", \"light-red\", \"color of system messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_exit_color","title":"config_exit_color  module-attribute","text":"
config_exit_color = add_color_param(\n    \"message-exit-color\", \"red\", \"color of exit messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_breakpoint_color","title":"config_breakpoint_color  module-attribute","text":"
config_breakpoint_color = add_color_param(\n    \"message-breakpoint-color\", \"yellow\", \"color of breakpoint messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_signal_color","title":"config_signal_color  module-attribute","text":"
config_signal_color = add_color_param(\n    \"message-signal-color\", \"bold,red\", \"color of signal messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_color","title":"config_prompt_color  module-attribute","text":"
config_prompt_color = add_color_param(\n    \"prompt-color\", \"bold,red\", \"prompt color\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_alive_color","title":"config_prompt_alive_color  module-attribute","text":"
config_prompt_alive_color = add_color_param(\n    \"prompt-alive-color\", \"bold,green\", \"prompt alive color\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.on","title":"on","text":"
on(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.off","title":"off","text":"
off(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.notice","title":"notice","text":"
notice(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.hint","title":"hint","text":"
hint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.success","title":"success","text":"
success(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.debug","title":"debug","text":"
debug(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.info","title":"info","text":"
info(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.warn","title":"warn","text":"
warn(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.error","title":"error","text":"
error(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.system","title":"system","text":"
system(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.exit","title":"exit","text":"
exit(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.breakpoint","title":"breakpoint","text":"
breakpoint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.signal","title":"signal","text":"
signal(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.prompt","title":"prompt","text":"
prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.alive_prompt","title":"alive_prompt","text":"
alive_prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.readline_escape","title":"readline_escape","text":"
readline_escape(func_message: Callable[[str], str], text: str) -> str\n
"},{"location":"reference/pwndbg/color/syntax_highlight/","title":"syntax_highlight","text":""},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight","title":"syntax_highlight","text":"
Functions:
 
     
  •  check_style             \u2013              
    •  
  •  syntax_highlight             \u2013              
    •  
 
Attributes:
 
     
  •  style           \u2013            
    •  
  •  formatter           \u2013            
    •  
  •  pwntools_lexer           \u2013            
    •  
  •  lexer_cache               (dict[str, Any])           \u2013            
    •  
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.style","title":"style  module-attribute","text":"
style = add_param(\n    \"syntax-highlight-style\",\n    \"monokai\",\n    \"source code / assembly syntax highlight stylename of pygments module\",\n)\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.formatter","title":"formatter  module-attribute","text":"
formatter = Terminal256Formatter(style=str(style))\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.pwntools_lexer","title":"pwntools_lexer  module-attribute","text":"
pwntools_lexer = PwntoolsLexer()\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.lexer_cache","title":"lexer_cache  module-attribute","text":"
lexer_cache: dict[str, Any] = {}\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.check_style","title":"check_style","text":"
check_style() -> None\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.syntax_highlight","title":"syntax_highlight","text":"
syntax_highlight(code: str, filename: str = '.asm') -> str\n
"},{"location":"reference/pwndbg/color/telescope/","title":"telescope","text":""},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope","title":"telescope","text":"
Functions:
 
     
  •  offset             \u2013              
    •  
  •  register             \u2013              
    •  
  •  separator             \u2013              
    •  
  •  delimiter             \u2013              
    •  
  •  repeating_marker             \u2013              
    •  
 
Attributes:
 
     
  •  offset_color           \u2013            
    •  
  •  register_color           \u2013            
    •  
  •  offset_separator_color           \u2013            
    •  
  •  offset_delimiter_color           \u2013            
    •  
  •  repeating_marker_color           \u2013            
    •  
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_color","title":"offset_color  module-attribute","text":"
offset_color = add_color_param(\n    \"telescope-offset-color\",\n    \"normal\",\n    \"color of the telescope command (offset prefix)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register_color","title":"register_color  module-attribute","text":"
register_color = add_color_param(\n    \"telescope-register-color\",\n    \"bold\",\n    \"color of the telescope command (register)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_separator_color","title":"offset_separator_color  module-attribute","text":"
offset_separator_color = add_color_param(\n    \"telescope-offset-separator-color\",\n    \"normal\",\n    \"color of the telescope command (offset separator)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_delimiter_color","title":"offset_delimiter_color  module-attribute","text":"
offset_delimiter_color = add_color_param(\n    \"telescope-offset-delimiter-color\",\n    \"normal\",\n    \"color of the telescope command (offset delimiter)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker_color","title":"repeating_marker_color  module-attribute","text":"
repeating_marker_color = add_color_param(\n    \"telescope-repeating-marker-color\",\n    \"normal\",\n    \"color of the telescope command (repeating values marker)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset","title":"offset","text":"
offset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register","title":"register","text":"
register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.separator","title":"separator","text":"
separator(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.delimiter","title":"delimiter","text":"
delimiter(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker","title":"repeating_marker","text":"
repeating_marker(x: object) -> str\n
"},{"location":"reference/pwndbg/color/theme/","title":"theme","text":""},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme","title":"theme","text":"
Classes:
 
     
  •  ColorParameter           \u2013            
    •  
 
Functions:
 
     
  •  add_param             \u2013              
    •  
  •  add_color_param             \u2013              
    •  
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter","title":"ColorParameter","text":"
ColorParameter(*args, **kwargs)\n
 
               Bases: Parameter
 
Methods:
 
     
  •  update_color_function             \u2013              
    •  
  •  add_update_listener             \u2013              
    •  
  •  revert_default             \u2013              
    •  
  •  attr_name             \u2013              
    Returns the attribute name associated with this config option,
     
    •  
  •  __getattr__             \u2013              
    •  
  •  pretty_val             \u2013              
    Convert a value this object could contain to its pretty string representation.
     
    •  
  •  pretty             \u2013              
    •  
  •  pretty_default             \u2013              
    •  
  •  __int__             \u2013              
    •  
  •  __str__             \u2013              
    •  
  •  __bool__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
  •  __lt__             \u2013              
    •  
  •  __add__             \u2013              
    •  
  •  __radd__             \u2013              
    •  
  •  __sub__             \u2013              
    •  
  •  __rsub__             \u2013              
    •  
  •  __mul__             \u2013              
    •  
  •  __rmul__             \u2013              
    •  
  •  __div__             \u2013              
    •  
  •  __floordiv__             \u2013              
    •  
  •  __pow__             \u2013              
    •  
  •  __mod__             \u2013              
    •  
  •  __len__             \u2013              
    •  
 
Attributes:
 
     
  •  color_function               (Callable[[object], str])           \u2013            
    •  
  •  name           \u2013            
    •  
  •  default           \u2013            
    •  
  •  param_class           \u2013            
    •  
  •  set_show_doc           \u2013            
    •  
  •  help_docstring           \u2013            
    •  
  •  enum_sequence           \u2013            
    •  
  •  scope           \u2013            
    •  
  •  update_listeners               (list[Callable[[Any], None]])           \u2013            
    •  
  •  value               (Any)           \u2013            
    •  
  •  is_changed               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.color_function","title":"color_function  instance-attribute","text":"
color_function: Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.name","title":"name  instance-attribute","text":"
name = name\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.default","title":"default  instance-attribute","text":"
default = default\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.param_class","title":"param_class  instance-attribute","text":"
param_class = param_class or PARAM_CLASSES[type(default)]\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.set_show_doc","title":"set_show_doc  instance-attribute","text":"
set_show_doc = set_show_doc\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.help_docstring","title":"help_docstring  instance-attribute","text":"
help_docstring = help_docstring\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.enum_sequence","title":"enum_sequence  instance-attribute","text":"
enum_sequence = enum_sequence\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.scope","title":"scope  instance-attribute","text":"
scope = scope\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.update_listeners","title":"update_listeners  instance-attribute","text":"
update_listeners: list[Callable[[Any], None]] = []\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.value","title":"value  property writable","text":"
value: Any\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.is_changed","title":"is_changed  property","text":"
is_changed: bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.update_color_function","title":"update_color_function","text":"
update_color_function()\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.add_update_listener","title":"add_update_listener","text":"
add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.revert_default","title":"revert_default","text":"
revert_default() -> None\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.attr_name","title":"attr_name","text":"
attr_name() -> str\n
 
Returns the attribute name associated with this config option, i.e. my-config has the attribute name my_config
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_val","title":"pretty_val","text":"
pretty_val(val: Any) -> str\n
 
Convert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty","title":"pretty","text":"
pretty() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_default","title":"pretty_default","text":"
pretty_default() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__int__","title":"__int__","text":"
__int__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__bool__","title":"__bool__","text":"
__bool__() -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__eq__","title":"__eq__","text":"
__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__lt__","title":"__lt__","text":"
__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__add__","title":"__add__","text":"
__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__radd__","title":"__radd__","text":"
__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__sub__","title":"__sub__","text":"
__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rsub__","title":"__rsub__","text":"
__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mul__","title":"__mul__","text":"
__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rmul__","title":"__rmul__","text":"
__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__div__","title":"__div__","text":"
__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__floordiv__","title":"__floordiv__","text":"
__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__pow__","title":"__pow__","text":"
__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mod__","title":"__mod__","text":"
__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__len__","title":"__len__","text":"
__len__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_param","title":"add_param","text":"
add_param(\n    name: str,\n    default: Any,\n    set_show_doc: str,\n    *,\n    help_docstring: str = \"\",\n    param_class: int | None = None,\n    enum_sequence: Sequence[str] | None = None,\n) -> Parameter\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_color_param","title":"add_color_param","text":"
add_color_param(\n    name: str, default: Any, set_show_doc: str, *, help_docstring: str = \"\"\n) -> ColorParameter\n
"},{"location":"reference/pwndbg/commands/","title":"commands","text":""},{"location":"reference/pwndbg/commands/#pwndbg.commands","title":"commands","text":"
Pwndbg command implementations.
 
As well as various command-handling logic.
 
Modules:
 
     
  •  ai           \u2013            
    This command sends information on the current debugging context to OpenAI's
     
    •  
  •  argv           \u2013            
    •  
  •  aslr           \u2013            
    •  
  •  asm           \u2013            
    •  
  •  attachp           \u2013            
    •  
  •  auxv           \u2013            
    •  
  •  binder           \u2013            
    •  
  •  binja           \u2013            
    •  
  •  binja_functions           \u2013            
    •  
  •  branch           \u2013            
    •  
  •  buddydump           \u2013            
    •  
  •  canary           \u2013            
    •  
  •  checksec           \u2013            
    •  
  •  comments           \u2013            
    •  
  •  commpage           \u2013            
    •  
  •  config           \u2013            
    Dumps all pwndbg-specific configuration points.
     
    •  
  •  context           \u2013            
    •  
  •  cpsr           \u2013            
    •  
  •  cyclic           \u2013            
    •  
  •  cymbol           \u2013            
    Add, load, show, edit, or delete symbols for custom structures.
     
    •  
  •  dev           \u2013            
    •  
  •  distance           \u2013            
    •  
  •  dt           \u2013            
    •  
  •  dumpargs           \u2013            
    •  
  •  elf           \u2013            
    •  
  •  flags           \u2013            
    •  
  •  gdt           \u2013            
    •  
  •  ghidra           \u2013            
    •  
  •  godbg           \u2013            
    •  
  •  got           \u2013            
    •  
  •  got_tracking           \u2013            
    •  
  •  hex2ptr           \u2013            
    •  
  •  hexdump           \u2013            
    •  
  •  hijack_fd           \u2013            
    •  
  •  ida           \u2013            
    •  
  •  ignore           \u2013            
    Ignoring a breakpoint
     
    •  
  •  integration           \u2013            
    •  
  •  ipython_interactive           \u2013            
    Command to start an interactive IPython prompt.
     
    •  
  •  jemalloc           \u2013            
    •  
  •  kbase           \u2013            
    •  
  •  kbpf           \u2013            
    •  
  •  kchecksec           \u2013            
    •  
  •  kcmdline           \u2013            
    •  
  •  kconfig           \u2013            
    •  
  •  kcurrent           \u2013            
    •  
  •  kdmabuf           \u2013            
    •  
  •  kdmesg           \u2013            
    Display the kernel ring buffer (dmesg) contents.
     
    •  
  •  killthreads           \u2013            
    •  
  •  klookup           \u2013            
    •  
  •  kmem_trace           \u2013            
    •  
  •  kmod           \u2013            
    Displays information about loaded kernel modules. This command retrieves the list of kernel modules from the modules symbol
     
    •  
  •  knft           \u2013            
    •  
  •  ksyscalls           \u2013            
    Displays the syscall table for kernel debugging.
     
    •  
  •  ktask           \u2013            
    Displays information about kernel tasks. This command iterates through the kernel's task list
     
    •  
  •  kversion           \u2013            
    •  
  •  leakfind           \u2013            
    Find a chain of leaks given some starting address.
     
    •  
  •  libcinfo           \u2013            
    •  
  •  linkmap           \u2013            
    •  
  •  mallocng           \u2013            
    Commands that help with debugging musl's allocator, mallocng.
     
    •  
  •  memoize           \u2013            
    •  
  •  misc           \u2013            
    •  
  •  mmap           \u2013            
    •  
  •  mprotect           \u2013            
    •  
  •  msr           \u2013            
    •  
  •  nearpc           \u2013            
    •  
  •  next           \u2013            
    Stepping until an event occurs
     
    •  
  •  onegadget           \u2013            
    •  
  •  p2p           \u2013            
    •  
  •  paging           \u2013            
    •  
  •  parse_seccomp           \u2013            
    •  
  •  patch           \u2013            
    •  
  •  peda           \u2013            
    •  
  •  pie           \u2013            
    •  
  •  plist           \u2013            
    •  
  •  probeleak           \u2013            
    •  
  •  procinfo           \u2013            
    •  
  •  profiler           \u2013            
    Utilities for profiling pwndbg.
     
    •  
  •  ptmalloc2           \u2013            
    •  
  •  ptmalloc2_tracking           \u2013            
    •  
  •  radare2           \u2013            
    •  
  •  reload           \u2013            
    •  
  •  retaddr           \u2013            
    •  
  •  rizin           \u2013            
    •  
  •  rop           \u2013            
    •  
  •  ropper           \u2013            
    •  
  •  saved_register_frames           \u2013            
    •  
  •  search           \u2013            
    •  
  •  segments           \u2013            
    •  
  •  sigreturn           \u2013            
    •  
  •  slab           \u2013            
    Commands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
     
    •  
  •  spray           \u2013            
    •  
  •  start           \u2013            
    Launches the target process after setting a breakpoint at a convenient
     
    •  
  •  strings           \u2013            
    •  
  •  telescope           \u2013            
    Prints out pointer chains starting at some address in memory.
     
    •  
  •  tips           \u2013            
    •  
  •  tls           \u2013            
    Command to print the information of the current Thread Local Storage (TLS).
     
    •  
  •  valist           \u2013            
    •  
  •  version           \u2013            
    Implements version and bugreport commands.
     
    •  
  •  vmlinux           \u2013            
    Loads a bzImage or vmlinux file to add kernel debug symbols. This command uses vmlinux-to-elf
     
    •  
  •  vmmap           \u2013            
    Command to print the virtual memory map a la /proc/self/maps.
     
    •  
  •  windbg           \u2013            
    Compatibility functionality for WinDbg users.
     
    •  
  •  xinfo           \u2013            
    •  
  •  xor           \u2013            
    •  
 
Classes:
 
     
  •  CommandCategory           \u2013            
    •  
  •  InvalidDebuggerError           \u2013            
    Raised when a command is called in a debugger for which
     
    •  
  •  CommandFormatter           \u2013            
    The formatter_class that is passed to argparse for all
     
    •  
  •  CommandObj           \u2013            
    Represents a command that can be invoked from the
     
    •  
  •  Command           \u2013            
    Parametrized decorator for functions that serve as pwndbg commands.
     
    •  
 
Functions:
 
     
  •  fix             \u2013              
    Fix a single command-line argument coming from the CLI.
     
    •  
  •  fix_reraise             \u2013              
    •  
  •  fix_reraise_arg             \u2013              
    fix_reraise wrapper for evaluating command arguments
     
    •  
  •  fix_int             \u2013              
    •  
  •  fix_int_reraise             \u2013              
    •  
  •  fix_int_reraise_arg             \u2013              
    fix_int_reraise wrapper for evaluating command arguments
     
    •  
  •  func_name             \u2013              
    •  
  •  OnlyWhenLocal             \u2013              
    •  
  •  OnlyWithFile             \u2013              
    •  
  •  OnlyWhenQemuKernel             \u2013              
    •  
  •  OnlyWhenUserspace             \u2013              
    •  
  •  OnlyWithKernelDebugInfo             \u2013              
    •  
  •  OnlyWithKernelSymbols             \u2013              
    •  
  •  OnlyWhenPagingEnabled             \u2013              
    •  
  •  OnlyWhenRunning             \u2013              
    •  
  •  OnlyWithTcache             \u2013              
    •  
  •  OnlyWhenHeapIsInitialized             \u2013              
    •  
  •  OnlyWithResolvedHeapSyms             \u2013              
    •  
  •  sloppy_gdb_parse             \u2013              
    This function should be used as argparse.ArgumentParser .add_argument method's type helper.
     
    •  
  •  AddressExpr             \u2013              
    Parses an address expression. Returns an int.
     
    •  
  •  HexOrAddressExpr             \u2013              
    Parses string as hexadecimal int or an address expression. Returns an int.
     
    •  
  •  load_commands             \u2013              
    •  
 
Attributes:
 
     
  •  log           \u2013            
    •  
  •  T           \u2013            
    •  
  •  P           \u2013            
    •  
  •  commands               (list[CommandObj])           \u2013            
    •  
  •  command_names               (set[str])           \u2013            
    •  
  •  GDB_BUILTIN_COMMANDS           \u2013            
    •  
  •  pwndbg_is_reloading           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.log","title":"log  module-attribute","text":"
log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.commands","title":"commands  module-attribute","text":"
commands: list[CommandObj] = []\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.command_names","title":"command_names  module-attribute","text":"
command_names: set[str] = set()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.GDB_BUILTIN_COMMANDS","title":"GDB_BUILTIN_COMMANDS  module-attribute","text":"
GDB_BUILTIN_COMMANDS = commands()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.pwndbg_is_reloading","title":"pwndbg_is_reloading  module-attribute","text":"
pwndbg_is_reloading = False\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory","title":"CommandCategory","text":"
               Bases: str, Enum
 
Attributes:
 
     
  •  START           \u2013            
    •  
  •  NEXT           \u2013            
    •  
  •  CONTEXT           \u2013            
    •  
  •  PTMALLOC2           \u2013            
    •  
  •  JEMALLOC           \u2013            
    •  
  •  BREAKPOINT           \u2013            
    •  
  •  MEMORY           \u2013            
    •  
  •  MUSL           \u2013            
    •  
  •  STACK           \u2013            
    •  
  •  REGISTER           \u2013            
    •  
  •  PROCESS           \u2013            
    •  
  •  LINUX           \u2013            
    •  
  •  DARWIN           \u2013            
    •  
  •  DISASS           \u2013            
    •  
  •  MISC           \u2013            
    •  
  •  KERNEL           \u2013            
    •  
  •  INTEGRATIONS           \u2013            
    •  
  •  WINDBG           \u2013            
    •  
  •  PWNDBG           \u2013            
    •  
  •  SHELL           \u2013            
    •  
  •  DEV           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.START","title":"START  class-attribute instance-attribute","text":"
START = 'Start'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.NEXT","title":"NEXT  class-attribute instance-attribute","text":"
NEXT = 'Step/Next/Continue'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.CONTEXT","title":"CONTEXT  class-attribute instance-attribute","text":"
CONTEXT = 'Context'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PTMALLOC2","title":"PTMALLOC2  class-attribute instance-attribute","text":"
PTMALLOC2 = 'GLibc ptmalloc2 Heap'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.JEMALLOC","title":"JEMALLOC  class-attribute instance-attribute","text":"
JEMALLOC = 'jemalloc Heap'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.BREAKPOINT","title":"BREAKPOINT  class-attribute instance-attribute","text":"
BREAKPOINT = 'Breakpoint'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MEMORY","title":"MEMORY  class-attribute instance-attribute","text":"
MEMORY = 'Memory'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MUSL","title":"MUSL  class-attribute instance-attribute","text":"
MUSL = 'musl'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.STACK","title":"STACK  class-attribute instance-attribute","text":"
STACK = 'Stack'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.REGISTER","title":"REGISTER  class-attribute instance-attribute","text":"
REGISTER = 'Register'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PROCESS","title":"PROCESS  class-attribute instance-attribute","text":"
PROCESS = 'Process'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.LINUX","title":"LINUX  class-attribute instance-attribute","text":"
LINUX = 'Linux/libc/ELF'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DARWIN","title":"DARWIN  class-attribute instance-attribute","text":"
DARWIN = 'Darwin/libsystem/Mach-O'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DISASS","title":"DISASS  class-attribute instance-attribute","text":"
DISASS = 'Disassemble'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MISC","title":"MISC  class-attribute instance-attribute","text":"
MISC = 'Misc'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.KERNEL","title":"KERNEL  class-attribute instance-attribute","text":"
KERNEL = 'Kernel'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.INTEGRATIONS","title":"INTEGRATIONS  class-attribute instance-attribute","text":"
INTEGRATIONS = 'Integrations'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.WINDBG","title":"WINDBG  class-attribute instance-attribute","text":"
WINDBG = 'WinDbg'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PWNDBG","title":"PWNDBG  class-attribute instance-attribute","text":"
PWNDBG = 'Pwndbg'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.SHELL","title":"SHELL  class-attribute instance-attribute","text":"
SHELL = 'Shell'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DEV","title":"DEV  class-attribute instance-attribute","text":"
DEV = 'Developer'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.InvalidDebuggerError","title":"InvalidDebuggerError","text":"
               Bases: Exception
 
Raised when a command is called in a debugger for which it is disallowed.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandFormatter","title":"CommandFormatter","text":"
               Bases: RawDescriptionHelpFormatter
 
The formatter_class that is passed to argparse for all commands.
 
Subclassing this isn't officially supported, but there isn't a good alternative.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj","title":"CommandObj","text":"
CommandObj(\n    function: Callable[..., str | None],\n    parser: ArgumentParser,\n    command_name: str | None,\n    category: CommandCategory,\n    aliases: list[str],\n    examples: str,\n    notes: str,\n)\n
 
Represents a command that can be invoked from the debugger.
 
Methods:
 
     
  •  register_command             \u2013              
    Register this object command with the underlying debugger
     
    •  
  •  has_notes_string             \u2013              
    •  
  •  has_examples_string             \u2013              
    •  
  •  initialize_parser             \u2013              
    •  
  •  invoke             \u2013              
    Invoke the command with an argument string
     
    •  
  •  check_repeated             \u2013              
    Keep a record of all commands which come from the TTY.
     
    •  
  •  __call__             \u2013              
    •  
 
Attributes:
 
     
  •  builtin_override_whitelist               (set[str])           \u2013            
    •  
  •  history               (dict[int, str])           \u2013            
    •  
  •  function           \u2013            
    •  
  •  command_name           \u2013            
    •  
  •  category           \u2013            
    •  
  •  aliases           \u2013            
    •  
  •  examples           \u2013            
    •  
  •  notes           \u2013            
    •  
  •  parser           \u2013            
    •  
  •  repeat           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.builtin_override_whitelist","title":"builtin_override_whitelist  class-attribute instance-attribute","text":"
builtin_override_whitelist: set[str] = {\n    \"up\",\n    \"down\",\n    \"search\",\n    \"pwd\",\n    \"start\",\n    \"starti\",\n    \"ignore\",\n}\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.history","title":"history  class-attribute instance-attribute","text":"
history: dict[int, str] = {}\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.function","title":"function  instance-attribute","text":"
function = function\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.command_name","title":"command_name  instance-attribute","text":"
command_name = command_name\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.category","title":"category  instance-attribute","text":"
category = category\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.aliases","title":"aliases  instance-attribute","text":"
aliases = aliases\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.examples","title":"examples  instance-attribute","text":"
examples = strip()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.notes","title":"notes  instance-attribute","text":"
notes = strip()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.parser","title":"parser  instance-attribute","text":"
parser = parser\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.repeat","title":"repeat  instance-attribute","text":"
repeat = False\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.register_command","title":"register_command","text":"
register_command()\n
 
Register this object command with the underlying debugger and update pwndbg global state to know about this command.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.has_notes_string","title":"has_notes_string  staticmethod","text":"
has_notes_string(text: str) -> bool\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.has_examples_string","title":"has_examples_string  staticmethod","text":"
has_examples_string(text: str) -> bool\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.initialize_parser","title":"initialize_parser","text":"
initialize_parser()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.invoke","title":"invoke","text":"
invoke(argument: str, from_tty: bool) -> None\n
 
Invoke the command with an argument string
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.check_repeated","title":"check_repeated","text":"
check_repeated(argument: str, from_tty: bool) -> bool\n
 
Keep a record of all commands which come from the TTY.
 
Returns:
 
     
  •  bool           \u2013            
    True if this command was executed by the user just hitting \"enter\".
     
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.__call__","title":"__call__","text":"
__call__(*args: Any, **kwargs: Any) -> str | None\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command","title":"Command","text":"
Command(\n    parser_or_desc: str | ArgumentParser,\n    *,\n    category: CommandCategory,\n    command_name: str | None = None,\n    aliases: list[str] = [],\n    examples: str = \"\",\n    notes: str = \"\",\n    only_debuggers: set[DebuggerType] = None,\n    exclude_debuggers: set[DebuggerType] = None,\n)\n
 
Parametrized decorator for functions that serve as pwndbg commands.
 
Always use this to decorate your commands.
 
Methods:
 
     
  •  __call__             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  category           \u2013            
    •  
  •  command_name           \u2013            
    •  
  •  aliases           \u2013            
    •  
  •  examples           \u2013            
    •  
  •  notes           \u2013            
    •  
  •  only_debuggers           \u2013            
    •  
  •  exclude_debuggers           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.parser","title":"parser  instance-attribute","text":"
parser = ArgumentParser(description=parser_or_desc)\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.category","title":"category  instance-attribute","text":"
category = category\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.command_name","title":"command_name  instance-attribute","text":"
command_name = command_name\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.aliases","title":"aliases  instance-attribute","text":"
aliases = aliases\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.examples","title":"examples  instance-attribute","text":"
examples = examples\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.notes","title":"notes  instance-attribute","text":"
notes = notes\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.only_debuggers","title":"only_debuggers  instance-attribute","text":"
only_debuggers = only_debuggers\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.exclude_debuggers","title":"exclude_debuggers  instance-attribute","text":"
exclude_debuggers = exclude_debuggers\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.__call__","title":"__call__","text":"
__call__(function: Callable[..., Any]) -> CommandObj\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix","title":"fix","text":"
fix(\n    arg: str | Value,\n    sloppy: bool = False,\n    quiet: bool = True,\n    reraise: bool = False,\n) -> str | Value | None\n
 
Fix a single command-line argument coming from the CLI.
 
Parameters:
 
     
  •  arg               (str | Value)           \u2013            
    Original string representation (e.g. '0', '$rax', '$rax+44')
     
    •  
  •  sloppy               (bool, default:                   False )           \u2013            
    If arg cannot be evaluated, return arg. (default: False)
     
    •  
  •  quiet               (bool, default:                   True )           \u2013            
    If an error occurs, suppress it. (default: True)
     
    •  
  •  reraise               (bool, default:                   False )           \u2013            
    If an error occurs, raise the exception. (default: False)
     
    •  
 
Returns:
 
     
  •  str | Value | None           \u2013            
    Ideally a Value object.  May return a str if sloppy==True.
     
    •  
  •  str | Value | None           \u2013            
    May return None if sloppy == False and reraise == False.
     
    •  
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_reraise","title":"fix_reraise","text":"
fix_reraise(*a, **kw) -> str | Value | None\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_reraise_arg","title":"fix_reraise_arg","text":"
fix_reraise_arg(arg) -> Value\n
 
fix_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int","title":"fix_int","text":"
fix_int(*a, **kw) -> int\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise","title":"fix_int_reraise","text":"
fix_int_reraise(*a, **kw) -> int\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise_arg","title":"fix_int_reraise_arg","text":"
fix_int_reraise_arg(arg) -> int\n
 
fix_int_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.func_name","title":"func_name","text":"
func_name(function: Callable[P, T]) -> str\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenLocal","title":"OnlyWhenLocal","text":"
OnlyWhenLocal(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithFile","title":"OnlyWithFile","text":"
OnlyWithFile(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"
OnlyWhenQemuKernel(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenUserspace","title":"OnlyWhenUserspace","text":"
OnlyWhenUserspace(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithKernelDebugInfo","title":"OnlyWithKernelDebugInfo","text":"
OnlyWithKernelDebugInfo(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithKernelSymbols","title":"OnlyWithKernelSymbols","text":"
OnlyWithKernelSymbols(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenPagingEnabled","title":"OnlyWhenPagingEnabled","text":"
OnlyWhenPagingEnabled(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenRunning","title":"OnlyWhenRunning","text":"
OnlyWhenRunning(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithTcache","title":"OnlyWithTcache","text":"
OnlyWithTcache(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenHeapIsInitialized","title":"OnlyWhenHeapIsInitialized","text":"
OnlyWhenHeapIsInitialized(\n    function: Callable[P, T],\n) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithResolvedHeapSyms","title":"OnlyWithResolvedHeapSyms","text":"
OnlyWithResolvedHeapSyms(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.sloppy_gdb_parse","title":"sloppy_gdb_parse","text":"
sloppy_gdb_parse(s: str) -> int | str\n
 
This function should be used as argparse.ArgumentParser .add_argument method's type helper.
 
This makes the type being parsed as gdb value and if that parsing fails, a string is returned.
 
:param s: String. :return: Whatever gdb.parse_and_eval returns or string.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.AddressExpr","title":"AddressExpr","text":"
AddressExpr(s: str) -> int\n
 
Parses an address expression. Returns an int.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.HexOrAddressExpr","title":"HexOrAddressExpr","text":"
HexOrAddressExpr(s: str) -> int\n
 
Parses string as hexadecimal int or an address expression. Returns an int. (e.g. '1234' will return 0x1234)
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.load_commands","title":"load_commands","text":"
load_commands() -> None\n
"},{"location":"reference/pwndbg/commands/ai/","title":"ai","text":""},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai","title":"ai","text":"
This command sends information on the current debugging context to OpenAI's GPT-3 large language model and asks it a question supplied by the user. It then displays GPT-3's response to that question to the user.
 
Functions:
 
     
  •  set_dummy_mode             \u2013              
    •  
  •  get_openai_api_key             \u2013              
    •  
  •  get_anthropic_api_key             \u2013              
    •  
  •  get_ollama_endpoint             \u2013              
    •  
  •  build_prompt             \u2013              
    •  
  •  flatten_prompt             \u2013              
    •  
  •  build_context_prompt_body             \u2013              
    •  
  •  build_command_prompt_body             \u2013              
    •  
  •  query_openai_chat             \u2013              
    •  
  •  query_openai_completions             \u2013              
    •  
  •  query             \u2013              
    •  
  •  query_anthropic             \u2013              
    •  
  •  query_ollama             \u2013              
    •  
  •  get_openai_models             \u2013              
    •  
  •  ai             \u2013              
    •  
 
Attributes:
 
     
  •  last_question               (list[str])           \u2013            
    •  
  •  last_answer               (list[str])           \u2013            
    •  
  •  last_pc           \u2013            
    •  
  •  last_command           \u2013            
    •  
  •  dummy           \u2013            
    •  
  •  verbosity           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_question","title":"last_question  module-attribute","text":"
last_question: list[str] = []\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_answer","title":"last_answer  module-attribute","text":"
last_answer: list[str] = []\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_pc","title":"last_pc  module-attribute","text":"
last_pc = None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_command","title":"last_command  module-attribute","text":"
last_command = None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.dummy","title":"dummy  module-attribute","text":"
dummy = False\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.verbosity","title":"verbosity  module-attribute","text":"
verbosity = 0\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Ask GPT-3 a question about the current debugging context.\"\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.set_dummy_mode","title":"set_dummy_mode","text":"
set_dummy_mode(d=True) -> None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_api_key","title":"get_openai_api_key","text":"
get_openai_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_anthropic_api_key","title":"get_anthropic_api_key","text":"
get_anthropic_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_ollama_endpoint","title":"get_ollama_endpoint","text":"
get_ollama_endpoint()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_prompt","title":"build_prompt","text":"
build_prompt(question, command=None)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.flatten_prompt","title":"flatten_prompt","text":"
flatten_prompt(conversation)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_context_prompt_body","title":"build_context_prompt_body","text":"
build_context_prompt_body()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_command_prompt_body","title":"build_command_prompt_body","text":"
build_command_prompt_body(command)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_chat","title":"query_openai_chat","text":"
query_openai_chat(\n    prompt, model=\"gpt-3.5-turbo\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_completions","title":"query_openai_completions","text":"
query_openai_completions(\n    prompt, model=\"text-davinci-003\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query","title":"query","text":"
query(prompt, model='text-davinci-003', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_anthropic","title":"query_anthropic","text":"
query_anthropic(prompt, model='claude-v1', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_ollama","title":"query_ollama","text":"
query_ollama(prompt, model='mistral', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_models","title":"get_openai_models","text":"
get_openai_models()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.ai","title":"ai","text":"
ai(\n    question,\n    model,\n    temperature,\n    max_tokens,\n    verbose,\n    list_models=False,\n    command=None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/argv/","title":"argv","text":""},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv","title":"argv","text":"
Functions:
 
     
  •  argc             \u2013              
    •  
  •  argv             \u2013              
    •  
  •  envp             \u2013              
    Prints out the contents of the environment.
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints out the contents of the environment.\"\n)\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argc","title":"argc","text":"
argc() -> None\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argv","title":"argv","text":"
argv(i: int = None) -> None\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.envp","title":"envp","text":"
envp(name: str = None)\n
 
Prints out the contents of the environment.
"},{"location":"reference/pwndbg/commands/aslr/","title":"aslr","text":""},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr","title":"aslr","text":"
Functions:
 
     
  •  check_aslr             \u2013              
    Detects the ASLR status. Returns True, False or None.
     
    •  
  •  aslr             \u2013              
    •  
 
Attributes:
 
     
  •  options           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.options","title":"options  module-attribute","text":"
options = {'on': 'off', 'off': 'on'}\n
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nCheck the current ASLR status, or turn it on/off.\\n\\nDoes not take effect until the program is restarted.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.check_aslr","title":"check_aslr","text":"
check_aslr() -> tuple[bool | None, str]\n
 
Detects the ASLR status. Returns True, False or None.
 
None is returned when we can't detect ASLR.
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.aslr","title":"aslr","text":"
aslr(state=None) -> None\n
"},{"location":"reference/pwndbg/commands/asm/","title":"asm","text":""},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm","title":"asm","text":"
Functions:
 
     
  •  asm             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  input_group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Assemble shellcode into bytes')\n
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.input_group","title":"input_group  module-attribute","text":"
input_group = add_mutually_exclusive_group(required=True)\n
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.asm","title":"asm","text":"
asm(shellcode, format, arch, avoid, infile) -> None\n
"},{"location":"reference/pwndbg/commands/attachp/","title":"attachp","text":""},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp","title":"attachp","text":"
Classes:
 
     
  •  ProcessInfo           \u2013            
    •  
 
Functions:
 
     
  •  find_pids             \u2013              
    •  
  •  resolve_target_process             \u2013              
    •  
  •  attachp             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description='Attaches to a given pid, process name, process found with partial argv match or to a device file.\\n\\nThis command wraps the original GDB `attach` command to add the ability\\nto debug a process with a given name or partial name match. In such cases,\\nthe process identifier is fetched via the `pidof <name>` command first. If no\\nmatches are found, then it uses the `ps -eo pid,args` command to search for\\npartial name matches.\\n\\nOriginal GDB attach command help:\\n    Attach to a process or file outside of GDB.\\n    This command attaches to another target, of the same type as your last\\n    \"target\" command (\"info files\" will show your target stack).\\n    The command may take as argument a process id or a device file.\\n    For a process id, you must have permission to send the process a signal,\\n    and it must have the same effective uid as the debugger.\\n    When using \"attach\" with a process id, the debugger finds the\\n    program running in the process, looking first in the current working\\n    directory, or (if not found there) using the source file search path\\n    (see the \"directory\" command).  You can also use the \"file\" command\\n    to specify the program, and to load its symbol table.'\n)\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo","title":"ProcessInfo","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  pid               (int)           \u2013            
    •  
  •  user               (str)           \u2013            
    •  
  •  elapsed               (str)           \u2013            
    •  
  •  command               (str)           \u2013            
    •  
  •  start_time               (float)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo.pid","title":"pid  instance-attribute","text":"
pid: int\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo.user","title":"user  instance-attribute","text":"
user: str\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo.elapsed","title":"elapsed  instance-attribute","text":"
elapsed: str\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo.command","title":"command  instance-attribute","text":"
command: str\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.ProcessInfo.start_time","title":"start_time  instance-attribute","text":"
start_time: float\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.find_pids","title":"find_pids","text":"
find_pids(target: str, user: str | None, exact: bool, all: bool) -> list[int]\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.resolve_target_process","title":"resolve_target_process","text":"
resolve_target_process(\n    pids: list[int], method: str, no_truncate: bool\n) -> int | None\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.attachp","title":"attachp","text":"
attachp(\n    target: str,\n    no_truncate: bool,\n    retry: bool,\n    exact: bool,\n    all: bool,\n    user: str | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/auxv/","title":"auxv","text":""},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv","title":"auxv","text":"
Functions:
 
     
  •  auxv             \u2013              
    •  
  •  auxv_explore             \u2013              
    •  
"},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv.auxv","title":"auxv","text":"
auxv() -> None\n
"},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv.auxv_explore","title":"auxv_explore","text":"
auxv_explore() -> None\n
"},{"location":"reference/pwndbg/commands/binder/","title":"binder","text":""},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder","title":"binder","text":"
Classes:
 
     
  •  IndentContextManager           \u2013            
    •  
  •  BinderVisitor           \u2013            
    •  
 
Functions:
 
     
  •  for_each_transaction             \u2013              
    •  
  •  for_each_hlist_entry             \u2013              
    •  
  •  binder             \u2013              
    •  
 
Attributes:
 
     
  •  log           \u2013            
    •  
  •  addrc           \u2013            
    •  
  •  fieldnamec           \u2013            
    •  
  •  fieldvaluec           \u2013            
    •  
  •  typenamec           \u2013            
    •  
  •  node_types           \u2013            
    •  
  •  entry_field_names           \u2013            
    •  
  •  rb_node_field_names           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.log","title":"log  module-attribute","text":"
log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.addrc","title":"addrc  module-attribute","text":"
addrc = green\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldnamec","title":"fieldnamec  module-attribute","text":"
fieldnamec = blue\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldvaluec","title":"fieldvaluec  module-attribute","text":"
fieldvaluec = yellow\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.typenamec","title":"typenamec  module-attribute","text":"
typenamec = red\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.node_types","title":"node_types  module-attribute","text":"
node_types = {\n    \"waiting_threads\": \"struct binder_thread\",\n    \"todo\": \"struct binder_work\",\n    \"refs\": \"struct binder_ref\",\n    \"threads\": \"struct binder_thread\",\n    \"nodes\": \"struct binder_node\",\n    \"refs_by_node\": \"struct binder_ref\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.entry_field_names","title":"entry_field_names  module-attribute","text":"
entry_field_names = {\n    \"waiting_threads\": \"waiting_thread_node\",\n    \"todo\": \"entry\",\n    \"refs\": \"node_entry\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.rb_node_field_names","title":"rb_node_field_names  module-attribute","text":"
rb_node_field_names = {\n    \"threads\": \"rb_node\",\n    \"nodes\": \"rb_node\",\n    \"refs_by_node\": \"rb_node_node\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Show Android Binder information')\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager","title":"IndentContextManager","text":"
IndentContextManager()\n
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
 
Attributes:
 
     
  •  indent           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.indent","title":"indent  instance-attribute","text":"
indent = 0\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__enter__","title":"__enter__","text":"
__enter__()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__exit__","title":"__exit__","text":"
__exit__(exc_type, exc_value, exc_tb)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor","title":"BinderVisitor","text":"
BinderVisitor(procs_addr)\n
 
Methods:
 
     
  •  format_rb_tree             \u2013              
    •  
  •  format_list             \u2013              
    •  
  •  visit             \u2013              
    •  
  •  format_proc             \u2013              
    •  
  •  format_thread             \u2013              
    •  
  •  format_transaction             \u2013              
    •  
  •  format_node             \u2013              
    •  
  •  format_ref             \u2013              
    •  
  •  format_work             \u2013              
    •  
  •  print_object             \u2013              
    •  
  •  format_spinlock             \u2013              
    •  
 
Attributes:
 
     
  •  indent           \u2013            
    •  
  •  addr           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.indent","title":"indent  instance-attribute","text":"
indent = IndentContextManager()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.addr","title":"addr  instance-attribute","text":"
addr = get_typed_pointer_value('struct hlist_head', procs_addr)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_rb_tree","title":"format_rb_tree","text":"
format_rb_tree(field: str, value: Value) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_list","title":"format_list","text":"
format_list(field: str, value: Value, typename: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.visit","title":"visit","text":"
visit()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_proc","title":"format_proc","text":"
format_proc(proc: Value, only_heading=False)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_thread","title":"format_thread","text":"
format_thread(thread: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_transaction","title":"format_transaction","text":"
format_transaction(transaction: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_node","title":"format_node","text":"
format_node(node: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_ref","title":"format_ref","text":"
format_ref(ref: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_work","title":"format_work","text":"
format_work(work: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.print_object","title":"print_object","text":"
print_object(obj: Value)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_spinlock","title":"format_spinlock","text":"
format_spinlock(lock: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_transaction","title":"for_each_transaction","text":"
for_each_transaction(addr: Value, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_hlist_entry","title":"for_each_hlist_entry","text":"
for_each_hlist_entry(head: Value, typename, field) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.binder","title":"binder","text":"
binder()\n
"},{"location":"reference/pwndbg/commands/binja/","title":"binja","text":""},{"location":"reference/pwndbg/commands/binja/#pwndbg.commands.binja","title":"binja","text":"
Functions:
 
     
  •  bn_sync             \u2013              
    Synchronize Binary Ninja's cursor with GDB
     
    •  
"},{"location":"reference/pwndbg/commands/binja/#pwndbg.commands.binja.bn_sync","title":"bn_sync","text":"
bn_sync(*args) -> None\n
 
Synchronize Binary Ninja's cursor with GDB
"},{"location":"reference/pwndbg/commands/binja_functions/","title":"binja_functions","text":""},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions","title":"binja_functions","text":"
Functions:
 
     
  •  bn_sym             \u2013              
    Lookup a symbol's address by name from Binary Ninja.
     
    •  
  •  bn_var             \u2013              
    Lookup a stack variable's address by name from Binary Ninja.
     
    •  
  •  bn_eval             \u2013              
    Parse and evaluate a Binary Ninja expression.
     
    •  
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_sym","title":"bn_sym","text":"
bn_sym(name_val: Value) -> int\n
 
Lookup a symbol's address by name from Binary Ninja.
 
This function sees symbols like functions and global variables, but not stack local variables, use bn_var for that.
 
Example: 
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $bn_sym(\"main\")\n$2 = 0x555555555645\npwndbg> b *($bn_sym(\"main\"))\nBreakpoint 1 at 0x555555555645\n
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_var","title":"bn_var","text":"
bn_var(name_val: Value) -> int\n
 
Lookup a stack variable's address by name from Binary Ninja.
 
This function doesn't see functions or global variables, use bn_sym for that.
 
Example: 
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p user_choice\nNo symbol \"user_choice\" in current context.\npwndbg> p/x $bn_var(\"user_choice\")\n$4 = 0x7fffffffe118\npwndbg> vmmap $4\n    0x7ffff7ffe000     0x7ffff7fff000 rw-p     1000      0 [anon_7ffff7ffe]\n\u25ba   0x7ffffffde000     0x7ffffffff000 rw-p    21000      0 [stack] +0x20118\npwndbg> p/x $bn_var(\"main\")\nTypeError: Could not convert Python object: None.\nError while executing Python code.\n
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_eval","title":"bn_eval","text":"
bn_eval(expr: Value) -> int\n
 
Parse and evaluate a Binary Ninja expression.
 
Read more about binary ninja expressions here: https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView.parse_expression
 
All registers in the current register set are available as magic variables (e.g. $rip). The $piebase magic variable is also included, with the computed executable base.
 
This function cannot see stack local variables.
 
Example: 
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:43717\nSet which provider to use for integration features to 'binja'.\npwndbg> p/x $bn_eval(\"10+20\")\n$6 = 0x30\npwndbg> p/x $bn_eval(\"main\")\n$7 = 0x1645\npwndbg> p/x $rebase($bn_eval(\"main\"))\n$8 = 0x555555555645\npwndbg> p some_global_var\nNo symbol \"some_global_var\" in current context.\npwndbg> p/x $rebase($bn_eval(\"some_global_var+$rax\"))\n$9 = 0x5555555586b8\npwndbg> p $rebase($bn_eval(\"some_global_var+$rax\")) == $bn_sym(\"some_global_var\") + $rax\n$10 = 1\npwndbg> p $bn_eval(\"$piebase+some_global_var+$rax\") == $bn_sym(\"some_global_var\") + $rax\n$11 = 1\n
"},{"location":"reference/pwndbg/commands/branch/","title":"branch","text":""},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch","title":"branch","text":"
Classes:
 
     
  •  BreakOnConditionalBranch           \u2013            
    A breakpoint that only stops the inferior if a given branch is taken or not taken.
     
    •  
 
Functions:
 
     
  •  break_if_taken             \u2013              
    •  
  •  break_if_not_taken             \u2013              
    •  
  •  install_breakpoint             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Breaks on a branch if it is not taken.')\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch","title":"BreakOnConditionalBranch","text":"
BreakOnConditionalBranch(instruction: PwndbgInstruction, taken: bool)\n
 
               Bases: Breakpoint
 
A breakpoint that only stops the inferior if a given branch is taken or not taken.
 
Methods:
 
     
  •  should_stop             \u2013              
    •  
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  instruction           \u2013            
    •  
  •  taken           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.instruction","title":"instruction  instance-attribute","text":"
instruction = instruction\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.taken","title":"taken  instance-attribute","text":"
taken = taken\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.should_stop","title":"should_stop","text":"
should_stop()\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_taken","title":"break_if_taken","text":"
break_if_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_not_taken","title":"break_if_not_taken","text":"
break_if_not_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.install_breakpoint","title":"install_breakpoint","text":"
install_breakpoint(branch, taken: bool) -> None\n
"},{"location":"reference/pwndbg/commands/buddydump/","title":"buddydump","text":""},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump","title":"buddydump","text":"
Classes:
 
     
  •  ParsedBuddyArgs           \u2013            
    •  
  •  CurrentBuddyParams           \u2013            
    •  
 
Functions:
 
     
  •  cpu_limitcheck             \u2013              
    •  
  •  static_str_arr             \u2013              
    •  
  •  check_find             \u2013              
    •  
  •  traverse_pglist             \u2013              
    •  
  •  print_section             \u2013              
    •  
  •  print_pglist             \u2013              
    •  
  •  print_mtypes             \u2013              
    •  
  •  print_pcp_set             \u2013              
    •  
  •  print_free_area             \u2013              
    •  
  •  print_zones             \u2013              
    •  
  •  buddydump             \u2013              
    •  
 
Attributes:
 
     
  •  log           \u2013            
    •  
  •  MAX_PG_FREE_LIST_STR_RESULT_CNT           \u2013            
    •  
  •  MAX_PG_FREE_LIST_CNT           \u2013            
    •  
  •  NONE_TUPLE           \u2013            
    •  
  •  MIGRATE_PCPTYPES           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.log","title":"log  module-attribute","text":"
log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MAX_PG_FREE_LIST_STR_RESULT_CNT","title":"MAX_PG_FREE_LIST_STR_RESULT_CNT  module-attribute","text":"
MAX_PG_FREE_LIST_STR_RESULT_CNT = 16\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MAX_PG_FREE_LIST_CNT","title":"MAX_PG_FREE_LIST_CNT  module-attribute","text":"
MAX_PG_FREE_LIST_CNT = 4096\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.NONE_TUPLE","title":"NONE_TUPLE  module-attribute","text":"
NONE_TUPLE = (None, None)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MIGRATE_PCPTYPES","title":"MIGRATE_PCPTYPES  module-attribute","text":"
MIGRATE_PCPTYPES = 3\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Displays metadata and freelists of the buddy allocator.\"\n)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs","title":"ParsedBuddyArgs  dataclass","text":"
ParsedBuddyArgs(\n    zone: str | None,\n    order: int | None,\n    mtype: str | None,\n    cpu: int | None,\n    find: int | None,\n)\n
 
Attributes:
 
     
  •  zone               (str | None)           \u2013            
    •  
  •  order               (int | None)           \u2013            
    •  
  •  mtype               (str | None)           \u2013            
    •  
  •  cpu               (int | None)           \u2013            
    •  
  •  find               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.zone","title":"zone  instance-attribute","text":"
zone: str | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.order","title":"order  instance-attribute","text":"
order: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.mtype","title":"mtype  instance-attribute","text":"
mtype: str | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.cpu","title":"cpu  instance-attribute","text":"
cpu: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.find","title":"find  instance-attribute","text":"
find: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams","title":"CurrentBuddyParams  dataclass","text":"
CurrentBuddyParams(\n    sections: list[tuple[str, str]],\n    indent: IndentContextManager,\n    node: int | None,\n    zone: Value | None,\n    order: int,\n    mtype: str | None,\n    freelists: Value | None,\n    freelist: Value | None,\n    nr_types: int | None,\n    found: bool,\n)\n
 
Attributes:
 
     
  •  sections               (list[tuple[str, str]])           \u2013            
    •  
  •  indent               (IndentContextManager)           \u2013            
    •  
  •  node               (int | None)           \u2013            
    •  
  •  zone               (Value | None)           \u2013            
    •  
  •  order               (int)           \u2013            
    •  
  •  mtype               (str | None)           \u2013            
    •  
  •  freelists               (Value | None)           \u2013            
    •  
  •  freelist               (Value | None)           \u2013            
    •  
  •  nr_types               (int | None)           \u2013            
    •  
  •  found               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.sections","title":"sections  instance-attribute","text":"
sections: list[tuple[str, str]]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.indent","title":"indent  instance-attribute","text":"
indent: IndentContextManager\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.node","title":"node  instance-attribute","text":"
node: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.zone","title":"zone  instance-attribute","text":"
zone: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.order","title":"order  instance-attribute","text":"
order: int\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.mtype","title":"mtype  instance-attribute","text":"
mtype: str | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.freelists","title":"freelists  instance-attribute","text":"
freelists: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.freelist","title":"freelist  instance-attribute","text":"
freelist: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.nr_types","title":"nr_types  instance-attribute","text":"
nr_types: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.found","title":"found  instance-attribute","text":"
found: bool\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.cpu_limitcheck","title":"cpu_limitcheck","text":"
cpu_limitcheck(cpu: str)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.static_str_arr","title":"static_str_arr","text":"
static_str_arr(name: str) -> list[str]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.check_find","title":"check_find","text":"
check_find(\n    counter: int,\n    physmap_addr: int,\n    pba: ParsedBuddyArgs,\n    cbp: CurrentBuddyParams,\n)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.traverse_pglist","title":"traverse_pglist","text":"
traverse_pglist(\n    pba: ParsedBuddyArgs, cbp: CurrentBuddyParams\n) -> tuple[list[tuple[int, str]], int, list[str]]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_section","title":"print_section","text":"
print_section(section: tuple[str, str], indent: IndentContextManager)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_pglist","title":"print_pglist","text":"
print_pglist(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_mtypes","title":"print_mtypes","text":"
print_mtypes(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_pcp_set","title":"print_pcp_set","text":"
print_pcp_set(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_free_area","title":"print_free_area","text":"
print_free_area(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_zones","title":"print_zones","text":"
print_zones(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams, zones, pcp_only)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.buddydump","title":"buddydump","text":"
buddydump(\n    zone: str,\n    pcp_only: bool,\n    order: int,\n    mtype: str,\n    cpu: int,\n    node: int,\n    find: int,\n) -> None\n
"},{"location":"reference/pwndbg/commands/canary/","title":"canary","text":""},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary","title":"canary","text":"
Functions:
 
     
  •  canary_value             \u2013              
    Get the global canary value from AT_RANDOM with its last byte masked (as glibc does)
     
    •  
  •  find_tls_canary_addr             \u2013              
    Find the address of the canary in the Thread Local Storage (TLS).
     
    •  
  •  canary             \u2013              
    Display information about the stack canary, including its location in TLS and any copies found on the stack.
     
    •  
 
Attributes:
 
     
  •  DEFAULT_NUM_CANARIES_TO_DISPLAY           \u2013            
    •  
  •  TLS_CANARY_OFFSETS           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.DEFAULT_NUM_CANARIES_TO_DISPLAY","title":"DEFAULT_NUM_CANARIES_TO_DISPLAY  module-attribute","text":"
DEFAULT_NUM_CANARIES_TO_DISPLAY = 1\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.TLS_CANARY_OFFSETS","title":"TLS_CANARY_OFFSETS  module-attribute","text":"
TLS_CANARY_OFFSETS = {'x86-64': 40, 'i386': 20, 'aarch64': 40}\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Print out the current stack canary.')\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary_value","title":"canary_value","text":"
canary_value() -> tuple[int | None, int | None]\n
 
Get the global canary value from AT_RANDOM with its last byte masked (as glibc does)
 
Returns:
 
     
  •  tuple (              tuple[int | None, int | None] )          \u2013            
    (canary_value, at_random_addr) or (None, None) if not found
     
    •  
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.find_tls_canary_addr","title":"find_tls_canary_addr","text":"
find_tls_canary_addr() -> int | None\n
 
Find the address of the canary in the Thread Local Storage (TLS).
 
The canary is stored at a fixed offset from the TLS base, which varies by architecture. The TLS base can be accessed through architecture-specific registers: - x86_64: fs register - i386: gs register - aarch64: tpidr_el0 register
 
Returns:
 
     
  •  int (              int | None )          \u2013            
    The virtual address of the canary in TLS, or None if not found/supported
     
    •  
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary","title":"canary","text":"
canary(all) -> None\n
 
Display information about the stack canary, including its location in TLS and any copies found on the stack.
"},{"location":"reference/pwndbg/commands/checksec/","title":"checksec","text":""},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec","title":"checksec","text":"
Functions:
 
     
  •  checksec             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints out the binary security settings using `checksec`.\"\n)\n
"},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec.checksec","title":"checksec","text":"
checksec(file: str) -> None\n
"},{"location":"reference/pwndbg/commands/comments/","title":"comments","text":""},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments","title":"comments","text":"
Functions:
 
     
  •  comm             \u2013              
    •  
  •  init             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  file_lists               (dict[str, dict[str, str]])           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Put comments in assembly code.')\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.file_lists","title":"file_lists  module-attribute","text":"
file_lists: dict[str, dict[str, str]] = {}\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.comm","title":"comm","text":"
comm(addr=None, comment=None) -> None\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.init","title":"init","text":"
init() -> None\n
"},{"location":"reference/pwndbg/commands/commpage/","title":"commpage","text":""},{"location":"reference/pwndbg/commands/commpage/#pwndbg.commands.commpage","title":"commpage","text":"
Functions:
 
     
  •  pretty_bytes             \u2013              
    •  
  •  commpage             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/commpage/#pwndbg.commands.commpage.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description=\"Dumps all values from the macOS commpage.\")\n
"},{"location":"reference/pwndbg/commands/commpage/#pwndbg.commands.commpage.pretty_bytes","title":"pretty_bytes","text":"
pretty_bytes(data: bytes) -> str\n
"},{"location":"reference/pwndbg/commands/commpage/#pwndbg.commands.commpage.commpage","title":"commpage","text":"
commpage(verbose: bool = False)\n
"},{"location":"reference/pwndbg/commands/config/","title":"config","text":""},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config","title":"config","text":"
Dumps all pwndbg-specific configuration points.
 
Functions:
 
     
  •  print_row             \u2013              
    •  
  •  extend_value_with_default             \u2013              
    •  
  •  get_config_parameters             \u2013              
    •  
  •  display_config             \u2013              
    •  
  •  config             \u2013              
    •  
  •  theme             \u2013              
    •  
  •  configfile             \u2013              
    •  
  •  themefile             \u2013              
    •  
  •  heap_config             \u2013              
    •  
  •  configfile_print_scope             \u2013              
    •  
 
Attributes:
 
     
  •  configfile_parser           \u2013            
    •  
  •  themefile_parser           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile_parser","title":"configfile_parser  module-attribute","text":"
configfile_parser = ArgumentParser(\n    description=\"Generates a configuration file for the current Pwndbg options.\"\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile_parser","title":"themefile_parser  module-attribute","text":"
themefile_parser = ArgumentParser(\n    description=\"Generates a configuration file for the current Pwndbg theme options.\"\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Shows heap related configuration.')\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.print_row","title":"print_row","text":"
print_row(\n    name: str,\n    value: str,\n    default: str,\n    set_show_doc: str,\n    ljust_optname: int,\n    ljust_doc: int,\n    empty_space: int = 2,\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.extend_value_with_default","title":"extend_value_with_default","text":"
extend_value_with_default(value, default)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.get_config_parameters","title":"get_config_parameters","text":"
get_config_parameters(scope: Scope, filter_pattern: str)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.display_config","title":"display_config","text":"
display_config(\n    filter_pattern: str,\n    scope: Scope,\n    has_file_command: bool = True,\n    show_hints: bool = True,\n) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.config","title":"config","text":"
config(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.theme","title":"theme","text":"
theme(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile","title":"configfile","text":"
configfile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile","title":"themefile","text":"
themefile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.heap_config","title":"heap_config","text":"
heap_config(filter_pattern: str) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile_print_scope","title":"configfile_print_scope","text":"
configfile_print_scope(scope: Scope, show_all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/context/","title":"context","text":""},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context","title":"context","text":"
Classes:
 
     
  •  StdOutput           \u2013            
    A context manager wrapper to give stdout
     
    •  
  •  FileOutput           \u2013            
    A context manager wrapper to reopen files on enter
     
    •  
  •  CallOutput           \u2013            
    A context manager which calls a function on write
     
    •  
  •  RegisterContext           \u2013            
    •  
 
Functions:
 
     
  •  clear_screen             \u2013              
    Clear the screen by moving the cursor to top-left corner and
     
    •  
  •  reserve_lines_maybe             \u2013              
    Scroll the terminal up a few lines to reduce shaking
     
    •  
  •  validate_context_sections             \u2013              
    •  
  •  output             \u2013              
    Creates a context manager corresponding to configured context output
     
    •  
  •  contextoutput             \u2013              
    •  
  •  resetcontextoutput             \u2013              
    •  
  •  history_size_changed             \u2013              
    •  
  •  serve_context_history             \u2013              
    •  
  •  history_handle_unchanged_contents             \u2013              
    •  
  •  contextprev             \u2013              
    •  
  •  contextnext             \u2013              
    •  
  •  contextsearch             \u2013              
    •  
  •  contextwatch             \u2013              
    •  
  •  contextunwatch             \u2013              
    •  
  •  context_expressions             \u2013              
    •  
  •  context_ghidra             \u2013              
    Print out the source of the current function decompiled by ghidra.
     
    •  
  •  context             \u2013              
    Print out the current register, instruction, and stack context.
     
    •  
  •  calculate_padding_to_align             \u2013              
    Calculates the number of spaces to append to reach the next alignment.
     
    •  
  •  compact_regs             \u2013              
    •  
  •  context_regs             \u2013              
    •  
  •  context_heap_tracker             \u2013              
    •  
  •  regs             \u2013              
    Print out all registers and enhance the information.
     
    •  
  •  get_regs             \u2013              
    •  
  •  try_emulate_if_bug_disable             \u2013              
    •  
  •  context_disasm             \u2013              
    •  
  •  get_highlight_source             \u2013              
    •  
  •  get_filename_and_formatted_source             \u2013              
    Returns formatted, lines limited and highlighted source as list
     
    •  
  •  context_code             \u2013              
    •  
  •  context_stack             \u2013              
    •  
  •  context_backtrace             \u2013              
    •  
  •  context_args             \u2013              
    •  
  •  get_thread_status             \u2013              
    •  
  •  context_threads             \u2013              
    •  
  •  save_signal             \u2013              
    •  
  •  context_last_signal             \u2013              
    •  
 
Attributes:
 
     
  •  log           \u2013            
    •  
  •  T           \u2013            
    •  
  •  P           \u2013            
    •  
  •  c           \u2013            
    •  
  •  config_reserve_lines           \u2013            
    •  
  •  config_clear_screen           \u2013            
    •  
  •  config_output           \u2013            
    •  
  •  config_context_sections           \u2013            
    •  
  •  config_max_threads_display           \u2013            
    •  
  •  outputs               (dict[str, str])           \u2013            
    •  
  •  output_settings               (DefaultDict[str, dict[str, Any]])           \u2013            
    •  
  •  banner_arg           \u2013            
    •  
  •  context_history               (DefaultDict[str, list[list[str]]])           \u2013            
    •  
  •  selected_history_index               (int | None)           \u2013            
    •  
  •  context_history_size           \u2013            
    •  
  •  expressions           \u2013            
    •  
  •  config_context_ghidra           \u2013            
    •  
  •  parser           \u2013            
    •  
  •  disasm_lines           \u2013            
    •  
  •  source_disasm_lines           \u2013            
    •  
  •  should_decompile           \u2013            
    •  
  •  stack_lines           \u2013            
    •  
  •  backtrace_lines           \u2013            
    •  
  •  backtrace_frame_label           \u2013            
    •  
  •  last_signal               (list[str])           \u2013            
    •  
  •  thread_status_messages           \u2013            
    •  
  •  context_sections           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.log","title":"log  module-attribute","text":"
log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.c","title":"c  module-attribute","text":"
c = ColorConfig(\n    \"backtrace\",\n    [\n        ColorParamSpec(\n            \"prefix\", \"none\", \"color for prefix of current backtrace label\"\n        ),\n        ColorParamSpec(\"address\", \"none\", \"color for backtrace (address)\"),\n        ColorParamSpec(\"symbol\", \"none\", \"color for backtrace (symbol)\"),\n        ColorParamSpec(\n            \"frame-label\", \"none\", \"color for backtrace (frame label)\"\n        ),\n    ],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_reserve_lines","title":"config_reserve_lines  module-attribute","text":"
config_reserve_lines = add_param(\n    \"context-reserve-lines\",\n    \"if-ctx-fits\",\n    \"when to reserve lines after the prompt to reduce context shake\",\n    help_docstring='\\nThe \"if-ctx-fits\" setting only reserves lines if the whole context would still fit vertically in the current terminal window.\\nIt doesn\\'t take into account line-wrapping due to insufficient terminal width.\\n',\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"never\", \"if-ctx-fits\", \"always\"],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_clear_screen","title":"config_clear_screen  module-attribute","text":"
config_clear_screen = add_param(\n    \"context-clear-screen\",\n    False,\n    \"whether to clear the screen before printing the context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_output","title":"config_output  module-attribute","text":"
config_output = add_param(\n    \"context-output\",\n    \"stdout\",\n    'where Pwndbg should output (\"stdout\" or file/tty)',\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_sections","title":"config_context_sections  module-attribute","text":"
config_context_sections = add_param(\n    \"context-sections\",\n    \"regs disasm code ghidra stack backtrace expressions threads heap_tracker\",\n    \"which context sections are displayed (controls order)\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_max_threads_display","title":"config_max_threads_display  module-attribute","text":"
config_max_threads_display = add_param(\n    \"context-max-threads\",\n    4,\n    \"maximum number of threads displayed by the context command\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.outputs","title":"outputs  module-attribute","text":"
outputs: dict[str, str] = {}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output_settings","title":"output_settings  module-attribute","text":"
output_settings: DefaultDict[str, dict[str, Any]] = defaultdict(dict)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.banner_arg","title":"banner_arg  module-attribute","text":"
banner_arg = add_argument(\n    \"banner\",\n    type=str,\n    nargs=\"?\",\n    default=\"both\",\n    help=\"Where a banner should be placed: both, top , bottom, none\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history","title":"context_history  module-attribute","text":"
context_history: DefaultDict[str, list[list[str]]] = defaultdict(list)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.selected_history_index","title":"selected_history_index  module-attribute","text":"
selected_history_index: int | None = None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history_size","title":"context_history_size  module-attribute","text":"
context_history_size = add_param(\n    \"context-history-size\", 50, \"number of context history entries to store\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.expressions","title":"expressions  module-attribute","text":"
expressions = []\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_ghidra","title":"config_context_ghidra  module-attribute","text":"
config_context_ghidra = add_param(\n    \"context-ghidra\",\n    \"never\",\n    \"when to try to decompile the current function with ghidra\",\n    help_docstring=\"Doing this is slow and requires radare2/r2pipe or rizin/rzpipe.\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"always\", \"never\", \"if-no-source\"],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Print out all registers and enhance the information.\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.disasm_lines","title":"disasm_lines  module-attribute","text":"
disasm_lines = add_param(\n    \"context-disasm-lines\",\n    10,\n    \"number of additional lines to print in the disasm context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.source_disasm_lines","title":"source_disasm_lines  module-attribute","text":"
source_disasm_lines = add_param(\n    \"context-code-lines\",\n    10,\n    \"number of source code lines to print by the context command\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.should_decompile","title":"should_decompile  module-attribute","text":"
should_decompile = add_param(\n    \"context-integration-decompile\",\n    True,\n    \"whether context should fall back to decompilation with no source code\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.stack_lines","title":"stack_lines  module-attribute","text":"
stack_lines = add_param(\n    \"context-stack-lines\", 8, \"number of lines to print in the stack context\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_lines","title":"backtrace_lines  module-attribute","text":"
backtrace_lines = add_param(\n    \"context-backtrace-lines\",\n    8,\n    \"number of lines to print in the backtrace context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_frame_label","title":"backtrace_frame_label  module-attribute","text":"
backtrace_frame_label = add_param(\n    \"backtrace-frame-label\", \"\", \"frame number label for backtrace\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.last_signal","title":"last_signal  module-attribute","text":"
last_signal: list[str] = []\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.thread_status_messages","title":"thread_status_messages  module-attribute","text":"
thread_status_messages = {\n    \"running\": light_green(\"running\"),\n    \"stopped\": yellow(\"stopped\"),\n    \"exited\": gray(\"exited \"),\n}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_sections","title":"context_sections  module-attribute","text":"
context_sections = {\n    \"a\": context_args,\n    \"r\": context_regs,\n    \"d\": context_disasm,\n    \"s\": context_stack,\n    \"b\": context_backtrace,\n    \"c\": context_code,\n}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput","title":"StdOutput","text":"
A context manager wrapper to give stdout
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
  •  __hash__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__enter__","title":"__enter__","text":"
__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__exit__","title":"__exit__","text":"
__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__hash__","title":"__hash__","text":"
__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__eq__","title":"__eq__","text":"
__eq__(other) -> bool\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput","title":"FileOutput","text":"
FileOutput(*args)\n
 
A context manager wrapper to reopen files on enter
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
  •  __hash__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
 
Attributes:
 
     
  •  args           \u2013            
    •  
  •  handle           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.args","title":"args  instance-attribute","text":"
args = args\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.handle","title":"handle  instance-attribute","text":"
handle = None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__enter__","title":"__enter__","text":"
__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__exit__","title":"__exit__","text":"
__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__hash__","title":"__hash__","text":"
__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__eq__","title":"__eq__","text":"
__eq__(other)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput","title":"CallOutput","text":"
CallOutput(func)\n
 
A context manager which calls a function on write
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
  •  __hash__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
  •  write             \u2013              
    •  
  •  writelines             \u2013              
    •  
  •  flush             \u2013              
    •  
  •  isatty             \u2013              
    •  
 
Attributes:
 
     
  •  func           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.func","title":"func  instance-attribute","text":"
func = func\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__enter__","title":"__enter__","text":"
__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__exit__","title":"__exit__","text":"
__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__hash__","title":"__hash__","text":"
__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__eq__","title":"__eq__","text":"
__eq__(other)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.write","title":"write","text":"
write(data) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.writelines","title":"writelines","text":"
writelines(lines_iterable) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.flush","title":"flush","text":"
flush()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.isatty","title":"isatty","text":"
isatty()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext","title":"RegisterContext","text":"
RegisterContext()\n
 
Methods:
 
     
  •  get_prefix             \u2013              
    •  
  •  get_register_value             \u2013              
    •  
  •  flag_register_context             \u2013              
    •  
  •  segment_registers_context             \u2013              
    •  
  •  addressing_register_context             \u2013              
    •  
  •  register_context_default             \u2013              
    •  
 
Attributes:
 
     
  •  changed               (list[str])           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.changed","title":"changed  instance-attribute","text":"
changed: list[str] = changed\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.get_prefix","title":"get_prefix","text":"
get_prefix(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.get_register_value","title":"get_register_value","text":"
get_register_value(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.flag_register_context","title":"flag_register_context","text":"
flag_register_context(reg, bit_flags)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.segment_registers_context","title":"segment_registers_context","text":"
segment_registers_context(regs)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.addressing_register_context","title":"addressing_register_context","text":"
addressing_register_context(reg, is_virtual)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.register_context_default","title":"register_context_default","text":"
register_context_default(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.clear_screen","title":"clear_screen","text":"
clear_screen(out=stdout) -> None\n
 
Clear the screen by moving the cursor to top-left corner and clearing the content. Different terminals may act differently
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.reserve_lines_maybe","title":"reserve_lines_maybe","text":"
reserve_lines_maybe(cmd_lines: int) -> None\n
 
Scroll the terminal up a few lines to reduce shaking when repeatedly printing the context.
 
Only do this if the context would still fit on the screen.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.validate_context_sections","title":"validate_context_sections","text":"
validate_context_sections() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output","title":"output","text":"
output(section: str)\n
 
Creates a context manager corresponding to configured context output
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextoutput","title":"contextoutput","text":"
contextoutput(section, path, clearing, banner='both', width: int = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.resetcontextoutput","title":"resetcontextoutput","text":"
resetcontextoutput(section)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_size_changed","title":"history_size_changed","text":"
history_size_changed() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.serve_context_history","title":"serve_context_history","text":"
serve_context_history(\n    function: Callable[P, list[str]],\n) -> Callable[P, list[str]]\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_handle_unchanged_contents","title":"history_handle_unchanged_contents","text":"
history_handle_unchanged_contents() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextprev","title":"contextprev","text":"
contextprev(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextnext","title":"contextnext","text":"
contextnext(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextsearch","title":"contextsearch","text":"
contextsearch(needle, section) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextwatch","title":"contextwatch","text":"
contextwatch(expression, cmd) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextunwatch","title":"contextunwatch","text":"
contextunwatch(num) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_expressions","title":"context_expressions","text":"
context_expressions(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_ghidra","title":"context_ghidra","text":"
context_ghidra(target=stdout, with_banner=True, width=None)\n
 
Print out the source of the current function decompiled by ghidra.
 
The context-ghidra config parameter is used to configure whether to always, never or only show the context if no source is available.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context","title":"context","text":"
context(subcontext=None, enabled=None) -> None\n
 
Print out the current register, instruction, and stack context.
 
Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.calculate_padding_to_align","title":"calculate_padding_to_align","text":"
calculate_padding_to_align(length, align)\n
 
Calculates the number of spaces to append to reach the next alignment. The next alignment point is given by \"x * align >= length\".
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.compact_regs","title":"compact_regs","text":"
compact_regs(regs, width=None, target=stdout)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_regs","title":"context_regs","text":"
context_regs(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_heap_tracker","title":"context_heap_tracker","text":"
context_heap_tracker(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.regs","title":"regs","text":"
regs(regs=[]) -> None\n
 
Print out all registers and enhance the information.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_regs","title":"get_regs","text":"
get_regs(regs: list[str] = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.try_emulate_if_bug_disable","title":"try_emulate_if_bug_disable","text":"
try_emulate_if_bug_disable(handler: Callable[[], T]) -> T\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_disasm","title":"context_disasm","text":"
context_disasm(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_highlight_source","title":"get_highlight_source","text":"
get_highlight_source(filename: str) -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_filename_and_formatted_source","title":"get_filename_and_formatted_source","text":"
get_filename_and_formatted_source()\n
 
Returns formatted, lines limited and highlighted source as list or if it isn't there - an empty list
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_code","title":"context_code","text":"
context_code(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_stack","title":"context_stack","text":"
context_stack(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_backtrace","title":"context_backtrace","text":"
context_backtrace(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_args","title":"context_args","text":"
context_args(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_thread_status","title":"get_thread_status","text":"
get_thread_status(thread)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_threads","title":"context_threads","text":"
context_threads(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.save_signal","title":"save_signal","text":"
save_signal(signal) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_last_signal","title":"context_last_signal","text":"
context_last_signal(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/cpsr/","title":"cpsr","text":""},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr","title":"cpsr","text":"
Functions:
 
     
  •  cpsr             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Print out ARM CPSR or xPSR register.')\n
"},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr.cpsr","title":"cpsr","text":"
cpsr(cpsr_value=None) -> None\n
"},{"location":"reference/pwndbg/commands/cyclic/","title":"cyclic","text":""},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic","title":"cyclic","text":"
Classes:
 
     
  •  TimeoutException           \u2013            
    Custom exception for signal-based timeouts.
     
    •  
 
Functions:
 
     
  •  detect_register_patterns             \u2013              
    •  
  •  cyclic_cmd             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Cyclic pattern creator/finder.')\n
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.group","title":"group  module-attribute","text":"
group = add_mutually_exclusive_group(required=False)\n
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.TimeoutException","title":"TimeoutException","text":"
               Bases: Exception
 
Custom exception for signal-based timeouts.
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.detect_register_patterns","title":"detect_register_patterns","text":"
detect_register_patterns(alphabet, length, timeout) -> None\n
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.cyclic_cmd","title":"cyclic_cmd","text":"
cyclic_cmd(\n    alphabet,\n    length: int | None,\n    lookup,\n    detect,\n    count=100,\n    filename=\"\",\n    timeout=2,\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/","title":"cymbol","text":""},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol","title":"cymbol","text":"
Add, load, show, edit, or delete symbols for custom structures.
 
For the generation of the symbols g++/gcc is being used under the hood.
 
In case of remote debugging a binary which is not native to your architecture it is advised to configure the 'gcc-config-path' config parameter to your own cross-platform gnu gcc compiled toolchain for your target architecture.
 
You are advised to configure the 'cymbol-editor' config parameter to the path of your favorite text editor. Otherwise cymbol expands $EDITOR and $VISUAL environment variables to find the path to the default text editor.
 
Functions:
 
     
  •  create_temp_header_file             \u2013              
    Create a temporary header file with the given content.
     
    •  
  •  unload_loaded_symbol             \u2013              
    •  
  •  OnlyWhenStructFileExists             \u2013              
    •  
  •  compile_with_flags             \u2013              
    •  
  •  generate_debug_symbols             \u2013              
    •  
  •  create_blank_elf             \u2013              
    •  
  •  add_custom_structure             \u2013              
    •  
  •  add_structure_from_header             \u2013              
    •  
  •  edit_custom_structure             \u2013              
    •  
  •  remove_custom_structure             \u2013              
    •  
  •  load_custom_structure             \u2013              
    •  
  •  show_custom_structure             \u2013              
    •  
  •  cymbol             \u2013              
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  gcc_compiler_path           \u2013            
    •  
  •  cymbol_editor           \u2013            
    •  
  •  loaded_symbols               (dict[str, str])           \u2013            
    •  
  •  pwndbg_cachedir           \u2013            
    •  
  •  parser           \u2013            
    •  
  •  subparsers           \u2013            
    •  
  •  add_parser           \u2013            
    •  
  •  remove_parser           \u2013            
    •  
  •  edit_parser           \u2013            
    •  
  •  load_parser           \u2013            
    •  
  •  show_parser           \u2013            
    •  
  •  file_parser           \u2013            
    •  
  •  show_all_parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.gcc_compiler_path","title":"gcc_compiler_path  module-attribute","text":"
gcc_compiler_path = add_param(\n    \"gcc-compiler-path\",\n    \"\",\n    \"path to the gcc/g++ toolchain for generating imported symbols\",\n    param_class=PARAM_OPTIONAL_FILENAME,\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol_editor","title":"cymbol_editor  module-attribute","text":"
cymbol_editor = add_param(\n    \"cymbol-editor\",\n    \"\",\n    \"path to the editor for editing custom structures\",\n    param_class=PARAM_OPTIONAL_FILENAME,\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.loaded_symbols","title":"loaded_symbols  module-attribute","text":"
loaded_symbols: dict[str, str] = {}\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.pwndbg_cachedir","title":"pwndbg_cachedir  module-attribute","text":"
pwndbg_cachedir = cachedir('custom-symbols')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Manage custom C structures in pwndbg. Supports project-specific auto-loading from .gdbinit.\"\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.subparsers","title":"subparsers  module-attribute","text":"
subparsers = add_subparsers(dest='subcommand', help='Available subcommands')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_parser","title":"add_parser  module-attribute","text":"
add_parser = add_parser('add', help='Add a custom structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.remove_parser","title":"remove_parser  module-attribute","text":"
remove_parser = add_parser('remove', help='Remove a custom structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.edit_parser","title":"edit_parser  module-attribute","text":"
edit_parser = add_parser('edit', help='Edit a custom structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.load_parser","title":"load_parser  module-attribute","text":"
load_parser = add_parser('load', help='Load a custom structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.show_parser","title":"show_parser  module-attribute","text":"
show_parser = add_parser('show', help='Show a custom structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.file_parser","title":"file_parser  module-attribute","text":"
file_parser = add_parser('file', help='Add a structure from a header file')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.show_all_parser","title":"show_all_parser  module-attribute","text":"
show_all_parser = add_parser('show-all', help='Show all stored structure')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.create_temp_header_file","title":"create_temp_header_file","text":"
create_temp_header_file(content: str) -> str\n
 
Create a temporary header file with the given content.
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.unload_loaded_symbol","title":"unload_loaded_symbol","text":"
unload_loaded_symbol(custom_structure_name: str) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.OnlyWhenStructFileExists","title":"OnlyWhenStructFileExists","text":"
OnlyWhenStructFileExists(\n    func: _OnlyWhenStructFileExists,\n) -> _OnlyWhenStructFileExists\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.compile_with_flags","title":"compile_with_flags","text":"
compile_with_flags(gcc_extra_flags)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.generate_debug_symbols","title":"generate_debug_symbols","text":"
generate_debug_symbols(\n    custom_structure_path: str,\n    pwndbg_debug_symbols_output_file: str | None = None,\n) -> str | None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.create_blank_elf","title":"create_blank_elf","text":"
create_blank_elf()\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_custom_structure","title":"add_custom_structure","text":"
add_custom_structure(custom_structure_name: str, force=False)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_structure_from_header","title":"add_structure_from_header","text":"
add_structure_from_header(\n    header_file: str, custom_structure_name: str = None, force: bool = False\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.edit_custom_structure","title":"edit_custom_structure","text":"
edit_custom_structure(\n    custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.remove_custom_structure","title":"remove_custom_structure","text":"
remove_custom_structure(\n    custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.load_custom_structure","title":"load_custom_structure","text":"
load_custom_structure(\n    custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.show_custom_structure","title":"show_custom_structure","text":"
show_custom_structure(\n    custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol","title":"cymbol","text":"
cymbol(subcommand: str = None, name: str = None, path: str = None, force=False)\n
"},{"location":"reference/pwndbg/commands/dev/","title":"dev","text":""},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev","title":"dev","text":"
Functions:
 
     
  •  dev_dump_instruction             \u2013              
    •  
  •  log_level             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Set the log level.')\n
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.dev_dump_instruction","title":"dev_dump_instruction","text":"
dev_dump_instruction(\n    address=None, force_emulate=False, no_emulate=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.log_level","title":"log_level","text":"
log_level(level: str) -> None\n
"},{"location":"reference/pwndbg/commands/distance/","title":"distance","text":""},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance","title":"distance","text":"
Functions:
 
     
  •  distance             \u2013              
    Print the distance between the two arguments
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Print the distance between the two arguments, or print the offset to the address's page base.\"\n)\n
"},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance.distance","title":"distance","text":"
distance(a, b) -> None\n
 
Print the distance between the two arguments
"},{"location":"reference/pwndbg/commands/dt/","title":"dt","text":""},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt","title":"dt","text":"
Functions:
 
     
  •  dt             \u2013              
    Dump out information on a type (e.g. ucontext_t).
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nDump out information on a type (e.g. ucontext_t).\\n\\nOptionally overlay that information at an address.\"\n)\n
"},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt.dt","title":"dt","text":"
dt(typename: str, address: int | None = None) -> None\n
 
Dump out information on a type (e.g. ucontext_t).
 
Optionally overlay that information at an address.
"},{"location":"reference/pwndbg/commands/dumpargs/","title":"dumpargs","text":""},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs","title":"dumpargs","text":"
Functions:
 
     
  •  dumpargs             \u2013              
    •  
  •  call_args             \u2013              
    Returns list of resolved call argument strings for display.
     
    •  
  •  all_args             \u2013              
    Returns list of all argument strings for display.
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints determined arguments for call/syscall instruction.\"\n)\n
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.dumpargs","title":"dumpargs","text":"
dumpargs(force: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.call_args","title":"call_args","text":"
call_args() -> list[str]\n
 
Returns list of resolved call argument strings for display. Attempts to resolve the target and determine the number of arguments.
 
Return empty list if PC is not on a call or syscall instruction.
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.all_args","title":"all_args","text":"
all_args() -> list[str]\n
 
Returns list of all argument strings for display.
"},{"location":"reference/pwndbg/commands/elf/","title":"elf","text":""},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf","title":"elf","text":"
Functions:
 
     
  •  elfsections             \u2013              
    •  
  •  gotplt             \u2013              
    •  
  •  plt             \u2013              
    •  
  •  get_section_bounds             \u2013              
    •  
  •  print_symbols_in_section             \u2013              
    •  
  •  get_symbols_in_region             \u2013              
    •  
 
Attributes:
 
     
  •  PLT_SECTION_NAMES           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.PLT_SECTION_NAMES","title":"PLT_SECTION_NAMES  module-attribute","text":"
PLT_SECTION_NAMES = ('.plt', '.plt.sec', '.plt.got', '.plt.bnd')\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints any symbols found in Procedure Linkage Table sections if any exist.\"\n)\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.elfsections","title":"elfsections","text":"
elfsections(no_rebase: bool) -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.gotplt","title":"gotplt","text":"
gotplt() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.plt","title":"plt","text":"
plt(all_symbols: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_section_bounds","title":"get_section_bounds","text":"
get_section_bounds(section_name: str)\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.print_symbols_in_section","title":"print_symbols_in_section","text":"
print_symbols_in_section(section_name, filter_text='') -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_symbols_in_region","title":"get_symbols_in_region","text":"
get_symbols_in_region(\n    start: int, end: int, filter_text=\"\"\n) -> list[tuple[str, int]]\n
"},{"location":"reference/pwndbg/commands/flags/","title":"flags","text":""},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags","title":"flags","text":"
Functions:
 
     
  •  setflag             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Modify the flags register.')\n
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.setflag","title":"setflag","text":"
setflag(flag: str, value: int) -> None\n
"},{"location":"reference/pwndbg/commands/gdt/","title":"gdt","text":""},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt","title":"gdt","text":"
Functions:
 
     
  •  gdt             \u2013              
    •  
  •  decode_gdt_entry             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Decode X86-64 GDT entries at address\\n\\nSee also:\\n\\n* https://wiki.osdev.org/Global_Descriptor_Table\\n* https://wiki.osdev.org/GDT_Tutorial\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.gdt","title":"gdt","text":"
gdt(address, count) -> None\n
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.decode_gdt_entry","title":"decode_gdt_entry","text":"
decode_gdt_entry(value)\n
"},{"location":"reference/pwndbg/commands/ghidra/","title":"ghidra","text":""},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra","title":"ghidra","text":"
Functions:
 
     
  •  ghidra             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Decompile a given function using Ghidra.')\n
"},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra.ghidra","title":"ghidra","text":"
ghidra(func) -> None\n
"},{"location":"reference/pwndbg/commands/godbg/","title":"godbg","text":""},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg","title":"godbg","text":"
Functions:
 
     
  •  go_dump             \u2013              
    •  
  •  go_type             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Dumps a Go runtime reflection type at a specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_dump","title":"go_dump","text":"
go_dump(\n    ty: str,\n    address: int,\n    hex: bool,\n    decimals: int | None,\n    debug: bool,\n    pretty: bool,\n) -> None\n
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_type","title":"go_type","text":"
go_type(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/got/","title":"got","text":""},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got","title":"got","text":"
Functions:
 
     
  •  got             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Show the state of the Global Offset Table.\"\n)\n
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.group","title":"group  module-attribute","text":"
group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.got","title":"got","text":"
got(\n    path_filter: str, all_: bool, accept_readonly: bool, symbol_filter: str\n) -> None\n
"},{"location":"reference/pwndbg/commands/got_tracking/","title":"got_tracking","text":""},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking","title":"got_tracking","text":"
Functions:
 
     
  •  columns             \u2013              
    Print data formatted into distinct columns.
     
    •  
  •  track_got             \u2013              
    •  
  •  got_report             \u2013              
    Prints out a report of the current status of the GOT tracker.
     
    •  
  •  got_tracking_status             \u2013              
    Prints out information about a single GOT tracking entry.
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  subparsers           \u2013            
    •  
  •  enable           \u2013            
    •  
  •  disable           \u2013            
    •  
  •  report           \u2013            
    •  
  •  status           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Controls GOT tracking')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.subparsers","title":"subparsers  module-attribute","text":"
subparsers = add_subparsers(\n    required=True,\n    description=\"Used to disable and query information about the tracker\",\n)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.enable","title":"enable  module-attribute","text":"
enable = add_parser('enable', help='Enable GOT parsing')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.disable","title":"disable  module-attribute","text":"
disable = add_parser('disable', help='Disable GOT tracking')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.report","title":"report  module-attribute","text":"
report = add_parser('info', help='Give an overview of the GOT tracker')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.status","title":"status  module-attribute","text":"
status = add_parser(\n    \"query\",\n    help=\"Queries detailed tracking information about a single entry in the GOT\",\n)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.columns","title":"columns","text":"
columns(rows, colors=None) -> None\n
 
Print data formatted into distinct columns.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.track_got","title":"track_got","text":"
track_got(mode=None, soname=None, writable=False, fnname=None, address=None)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_report","title":"got_report","text":"
got_report(soname='.*', writable=False, fnname='.*') -> None\n
 
Prints out a report of the current status of the GOT tracker.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_tracking_status","title":"got_tracking_status","text":"
got_tracking_status(address) -> None\n
 
Prints out information about a single GOT tracking entry.
"},{"location":"reference/pwndbg/commands/hex2ptr/","title":"hex2ptr","text":""},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr","title":"hex2ptr","text":"
Functions:
 
     
  •  hex2ptr             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Converts a space-separated hex string to a little-endian address.\"\n)\n
"},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr.hex2ptr","title":"hex2ptr","text":"
hex2ptr(hex_string) -> None\n
"},{"location":"reference/pwndbg/commands/hexdump/","title":"hexdump","text":""},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump","title":"hexdump","text":"
Functions:
 
     
  •  address_or_module_name             \u2013              
    •  
  •  format_c             \u2013              
    •  
  •  format_py             \u2013              
    •  
  •  hexdump             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Hexdumps data at the specified address or module name.\"\n)\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.address_or_module_name","title":"address_or_module_name","text":"
address_or_module_name(s) -> int\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.format_c","title":"format_c","text":"
format_c(data: bytes) -> str\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.format_py","title":"format_py","text":"
format_py(data: bytes) -> str\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.hexdump","title":"hexdump","text":"
hexdump(address, count=hexdump_bytes, code: str | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/hijack_fd/","title":"hijack_fd","text":""},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd","title":"hijack_fd","text":"
Classes:
 
     
  •  ShellcodeRegs           \u2013            
    •  
  •  ParsedSocket           \u2013            
    •  
 
Functions:
 
     
  •  get_shellcode_regs             \u2013              
    •  
  •  stack_size_alignment             \u2013              
    •  
  •  asm_replace_file             \u2013              
    •  
  •  asm_replace_socket             \u2013              
    •  
  •  exec_shellcode_with_stack             \u2013              
    •  
  •  parse_socket             \u2013              
    •  
  •  parse_file_or_socket             \u2013              
    •  
  •  hijack_fd             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  PARSED_FILE_ARG           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Replace a file descriptor of a debugged process.\\n\\nThe new file descriptor can point to:\\n\\n- a file\\n- a pipe\\n- a socket\\n- a device, etc.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.PARSED_FILE_ARG","title":"PARSED_FILE_ARG  module-attribute","text":"
PARSED_FILE_ARG = Tuple[Optional[ParsedSocket], Optional[str]]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs","title":"ShellcodeRegs","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  newfd               (str)           \u2013            
    •  
  •  syscall_ret               (str)           \u2013            
    •  
  •  stack               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.newfd","title":"newfd  instance-attribute","text":"
newfd: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.syscall_ret","title":"syscall_ret  instance-attribute","text":"
syscall_ret: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.stack","title":"stack  instance-attribute","text":"
stack: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket","title":"ParsedSocket","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  protocol               (Literal['tcp', 'udp'])           \u2013            
    •  
  •  ip_version               (Literal['ipv4', 'ipv6'])           \u2013            
    •  
  •  address               (str)           \u2013            
    •  
  •  port               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.protocol","title":"protocol  instance-attribute","text":"
protocol: Literal['tcp', 'udp']\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.ip_version","title":"ip_version  instance-attribute","text":"
ip_version: Literal['ipv4', 'ipv6']\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.address","title":"address  instance-attribute","text":"
address: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.port","title":"port  instance-attribute","text":"
port: int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.get_shellcode_regs","title":"get_shellcode_regs","text":"
get_shellcode_regs() -> ShellcodeRegs\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.stack_size_alignment","title":"stack_size_alignment","text":"
stack_size_alignment(s: int) -> int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_file","title":"asm_replace_file","text":"
asm_replace_file(replace_fd: int, filename: str) -> tuple[int, str]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_socket","title":"asm_replace_socket","text":"
asm_replace_socket(\n    replace_fd: int, socket_data: ParsedSocket\n) -> tuple[int, str]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.exec_shellcode_with_stack","title":"exec_shellcode_with_stack  async","text":"
exec_shellcode_with_stack(ec: ExecutionController, blob, stack_size: int)\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_socket","title":"parse_socket","text":"
parse_socket(url: str) -> ParsedSocket\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_file_or_socket","title":"parse_file_or_socket","text":"
parse_file_or_socket(s: str) -> PARSED_FILE_ARG\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.hijack_fd","title":"hijack_fd","text":"
hijack_fd(fdnum: int, newfile: PARSED_FILE_ARG) -> None\n
"},{"location":"reference/pwndbg/commands/ida/","title":"ida","text":""},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida","title":"ida","text":"
Functions:
 
     
  •  j             \u2013              
    Synchronize IDA's cursor with GDB
     
    •  
  •  up             \u2013              
    Select and print stack frame that called this one.
     
    •  
  •  down             \u2013              
    Select and print stack frame called by this one.
     
    •  
  •  save_ida             \u2013              
    Save the IDA database
     
    •  
  •  ida             \u2013              
    Lookup a symbol's address by name from IDA.
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Select and print stack frame called by this one.\"\n)\n
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.j","title":"j","text":"
j(*args) -> None\n
 
Synchronize IDA's cursor with GDB
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.up","title":"up","text":"
up(n=1) -> None\n
 
Select and print stack frame that called this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.down","title":"down","text":"
down(n=1) -> None\n
 
Select and print stack frame called by this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.save_ida","title":"save_ida","text":"
save_ida() -> None\n
 
Save the IDA database
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.ida","title":"ida","text":"
ida(name: Value) -> int\n
 
Lookup a symbol's address by name from IDA. Evaluate ida.LocByName() on the supplied value.
 
This functions doesn't see stack local variables.
 
Example: 
pwndbg> set integration-provider ida\nPwndbg successfully connected to Ida Pro xmlrpc: http://127.0.0.1:43718\nSet which provider to use for integration features to 'ida'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $ida(\"main\")\n$1 = 0x555555555645\npwndbg> b *$ida(\"main\")\nBreakpoint 2 at 0x555555555645\n
"},{"location":"reference/pwndbg/commands/ignore/","title":"ignore","text":""},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore","title":"ignore","text":"
Ignoring a breakpoint
 
Functions:
 
     
  •  ignore             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Set ignore-count of breakpoint number N to COUNT.\\n\\nWhile the ignore count is positive, execution will not stop on the breakpoint.\\n\\nBy default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.\"\n)\n
"},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore.ignore","title":"ignore","text":"
ignore(bpnum, count) -> None\n
"},{"location":"reference/pwndbg/commands/integration/","title":"integration","text":""},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration","title":"integration","text":"
Functions:
 
     
  •  decomp             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Use the current integration to decompile code near an address.\"\n)\n
"},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration.decomp","title":"decomp","text":"
decomp(addr: int | None, lines: int | None) -> None\n
"},{"location":"reference/pwndbg/commands/ipython_interactive/","title":"ipython_interactive","text":""},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive","title":"ipython_interactive","text":"
Command to start an interactive IPython prompt.
 
Functions:
 
     
  •  switch_to_ipython_env             \u2013              
    We need to change stdout/stderr to the default ones, otherwise we can't use tab or autocomplete
     
    •  
  •  ipi             \u2013              
    •  
"},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive.switch_to_ipython_env","title":"switch_to_ipython_env","text":"
switch_to_ipython_env()\n
 
We need to change stdout/stderr to the default ones, otherwise we can't use tab or autocomplete
"},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive.ipi","title":"ipi","text":"
ipi() -> None\n
"},{"location":"reference/pwndbg/commands/jemalloc/","title":"jemalloc","text":""},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc","title":"jemalloc","text":"
Functions:
 
     
  •  jemalloc_find_extent             \u2013              
    •  
  •  jemalloc_extent_info             \u2013              
    •  
  •  jemalloc_heap             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Prints all extents information')\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_find_extent","title":"jemalloc_find_extent","text":"
jemalloc_find_extent(addr) -> None\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_extent_info","title":"jemalloc_extent_info","text":"
jemalloc_extent_info(addr, verbose=False, header=True) -> bool\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_heap","title":"jemalloc_heap","text":"
jemalloc_heap() -> None\n
"},{"location":"reference/pwndbg/commands/kbase/","title":"kbase","text":""},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase","title":"kbase","text":"
Functions:
 
     
  •  kbase             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Finds the kernel virtual base address.')\n
"},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase.kbase","title":"kbase","text":"
kbase(rebase=False, verbose=False) -> None\n
"},{"location":"reference/pwndbg/commands/kbpf/","title":"kbpf","text":""},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf","title":"kbpf","text":"
Functions:
 
     
  •  handle_bpf_aux_reg_for_insns_bytes             \u2013              
    •  
  •  handle_bpf_aux_reg_for_opstr             \u2013              
    •  
  •  bpf_map_array_offset             \u2013              
    •  
  •  parse_xa_node             \u2013              
    •  
  •  print_bpf_progs             \u2013              
    •  
  •  print_bpf_maps             \u2013              
    •  
  •  kbpf             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  MAX_PRINTED_VALUE_SIZE           \u2013            
    •  
  •  MAX_BPF_VERBOSE_LEVEL1_OUTPUT_LEN           \u2013            
    •  
  •  BPF_AUX_REG_STRING           \u2013            
    •  
  •  BPF_MAP_ARRAY_TYPES           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints information about the linux kernel bpf progs and maps.\"\n)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.MAX_PRINTED_VALUE_SIZE","title":"MAX_PRINTED_VALUE_SIZE  module-attribute","text":"
MAX_PRINTED_VALUE_SIZE = 32\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.MAX_BPF_VERBOSE_LEVEL1_OUTPUT_LEN","title":"MAX_BPF_VERBOSE_LEVEL1_OUTPUT_LEN  module-attribute","text":"
MAX_BPF_VERBOSE_LEVEL1_OUTPUT_LEN = 16\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.BPF_AUX_REG_STRING","title":"BPF_AUX_REG_STRING  module-attribute","text":"
BPF_AUX_REG_STRING = 'ax'\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.BPF_MAP_ARRAY_TYPES","title":"BPF_MAP_ARRAY_TYPES  module-attribute","text":"
BPF_MAP_ARRAY_TYPES = ('BPF_MAP_TYPE_ARRAY', 'BPF_MAP_TYPE_PROG_ARRAY')\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.handle_bpf_aux_reg_for_insns_bytes","title":"handle_bpf_aux_reg_for_insns_bytes","text":"
handle_bpf_aux_reg_for_insns_bytes(insns_bytes)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.handle_bpf_aux_reg_for_opstr","title":"handle_bpf_aux_reg_for_opstr","text":"
handle_bpf_aux_reg_for_opstr(opstr, regflag)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.bpf_map_array_offset","title":"bpf_map_array_offset","text":"
bpf_map_array_offset(bpf_array, t, max_entries, value_size)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.parse_xa_node","title":"parse_xa_node","text":"
parse_xa_node(xa_node)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.print_bpf_progs","title":"print_bpf_progs","text":"
print_bpf_progs(verbose)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.print_bpf_maps","title":"print_bpf_maps","text":"
print_bpf_maps(verbose)\n
"},{"location":"reference/pwndbg/commands/kbpf/#pwndbg.commands.kbpf.kbpf","title":"kbpf","text":"
kbpf(verbose: int, print_progs: bool, print_maps: bool)\n
"},{"location":"reference/pwndbg/commands/kchecksec/","title":"kchecksec","text":""},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec","title":"kchecksec","text":"
Classes:
 
     
  •  Option           \u2013            
    •  
 
Functions:
 
     
  •  kchecksec             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Checks for kernel hardening configuration options.\"\n)\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option","title":"Option","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  desired               (bool)           \u2013            
    •  
  •  cmdline_option               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.desired","title":"desired  class-attribute instance-attribute","text":"
desired: bool = True\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.cmdline_option","title":"cmdline_option  class-attribute instance-attribute","text":"
cmdline_option: str = None\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.kchecksec","title":"kchecksec","text":"
kchecksec() -> None\n
"},{"location":"reference/pwndbg/commands/kcmdline/","title":"kcmdline","text":""},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline","title":"kcmdline","text":"
Functions:
 
     
  •  kcmdline             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Return the kernel commandline (/proc/cmdline).\"\n)\n
"},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline.kcmdline","title":"kcmdline","text":"
kcmdline() -> None\n
"},{"location":"reference/pwndbg/commands/kconfig/","title":"kconfig","text":""},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig","title":"kconfig","text":"
Functions:
 
     
  •  kconfig             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Outputs the kernel config.')\n
"},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig.kconfig","title":"kconfig","text":"
kconfig(config_name=None, file_path=None) -> None\n
"},{"location":"reference/pwndbg/commands/kcurrent/","title":"kcurrent","text":""},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent","title":"kcurrent","text":"
Functions:
 
     
  •  kfile             \u2013              
    •  
  •  kcurrent             \u2013              
    •  
 
Attributes:
 
     
  •  indent           \u2013            
    •  
  •  fmode_flags           \u2013            
    •  
  •  KCURRENT_PID           \u2013            
    •  
  •  KCURRENT_PGD           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.indent","title":"indent  module-attribute","text":"
indent = IndentContextManager()\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.fmode_flags","title":"fmode_flags  module-attribute","text":"
fmode_flags = BitFlags([('R', 0), ('W', 1), ('X', 5)])\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.KCURRENT_PID","title":"KCURRENT_PID  module-attribute","text":"
KCURRENT_PID = None\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.KCURRENT_PGD","title":"KCURRENT_PGD  module-attribute","text":"
KCURRENT_PGD = None\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\n    Displays the current kernel task debugged by the debugger (gdb/lldb) if pid == None\\n    Displays the task with pid if pid != None.\\n    \"\n)\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.kfile","title":"kfile","text":"
kfile(pid=None, fd=None)\n
"},{"location":"reference/pwndbg/commands/kcurrent/#pwndbg.commands.kcurrent.kcurrent","title":"kcurrent","text":"
kcurrent(pid=None, set_pid=False, verbose=True)\n
"},{"location":"reference/pwndbg/commands/kdmabuf/","title":"kdmabuf","text":""},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf","title":"kdmabuf","text":"
Functions:
 
     
  •  print_dmabuf             \u2013              
    •  
  •  print_sgl             \u2013              
    •  
  •  kdmabuf             \u2013              
    •  
 
Attributes:
 
     
  •  SG_CHAIN           \u2013            
    •  
  •  SG_END           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.SG_CHAIN","title":"SG_CHAIN  module-attribute","text":"
SG_CHAIN = 1\n
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.SG_END","title":"SG_END  module-attribute","text":"
SG_END = 2\n
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Prints DMA buf info')\n
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.print_dmabuf","title":"print_dmabuf","text":"
print_dmabuf(dmabuf, idx, indent)\n
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.print_sgl","title":"print_sgl","text":"
print_sgl(sgl, indent)\n
"},{"location":"reference/pwndbg/commands/kdmabuf/#pwndbg.commands.kdmabuf.kdmabuf","title":"kdmabuf","text":"
kdmabuf()\n
"},{"location":"reference/pwndbg/commands/kdmesg/","title":"kdmesg","text":""},{"location":"reference/pwndbg/commands/kdmesg/#pwndbg.commands.kdmesg","title":"kdmesg","text":"
Display the kernel ring buffer (dmesg) contents. This command reads the printk_ringbuffer structure, which stores printk messages. It iterates through the records in the ring buffer to print each record like a dmesg log.
 
This command supports only the \"new\" kernel ring buffer implementation that is present in kernel versions 5.10+. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d594d8f411d47bf7b583ec3474b11fec348c88bb
 
This implementation read information from the Linux kernel's printk_ringbuffer structure as defined in: https://github.com/torvalds/linux/blob/19272b37aa4f83ca52bdf9c16d5d81bdd1354494/kernel/printk/printk_ringbuffer.h
 
Functions:
 
     
  •  kdmesg             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kdmesg/#pwndbg.commands.kdmesg.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Displays the kernel ring buffer (dmesg) contents.\"\n)\n
"},{"location":"reference/pwndbg/commands/kdmesg/#pwndbg.commands.kdmesg.kdmesg","title":"kdmesg","text":"
kdmesg(ctime: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/killthreads/","title":"killthreads","text":""},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads","title":"killthreads","text":"
Functions:
 
     
  •  killthreads             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Kill all or given threads.\\n\\nSwitches to given threads and calls pthread_exit(0) on them.\\nThis is performed with scheduler-locking to prevent other threads from operating at the same time.\\n\\nKilling all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads.killthreads","title":"killthreads","text":"
killthreads(thread_ids: list[int] | None = None, all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/klookup/","title":"klookup","text":""},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup","title":"klookup","text":"
Functions:
 
     
  •  klookup             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Lookup kernel symbols')\n
"},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup.klookup","title":"klookup","text":"
klookup(symbol: str, apply: bool) -> None\n
"},{"location":"reference/pwndbg/commands/kmem_trace/","title":"kmem_trace","text":""},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace","title":"kmem_trace","text":"
Classes:
 
     
  •  KmemTracepointsData           \u2013            
    •  
  •  KmemTracepoints           \u2013            
    •  
 
Functions:
 
     
  •  get_kmem_tracepoints             \u2013              
    •  
  •  kmem_trace             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nTrace kernel memory (SLUB and buddy) allocations and frees.\\n\\nThis command will execute `next` in the debugger, and print out all (de)allocations that happen until\\nthe command finishes. As such this makes most sense to call when the PC is on a function call instruction.\\nOnly (de)allocations triggered by the current function are considered (rather than other threads etc).\\n\\nIf neither `-s` nor `-b` are passed, both allocators are traced.\\n    \"\n)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData","title":"KmemTracepointsData","text":"
KmemTracepointsData(verbose, trace_all)\n
 
Methods:
 
     
  •  add_result             \u2013              
    •  
  •  format_slab_kmem_tracepoint_output             \u2013              
    •  
  •  format_page_kmem_tracepoint_output             \u2013              
    •  
 
Attributes:
 
     
  •  results           \u2013            
    •  
  •  order           \u2013            
    •  
  •  mutex           \u2013            
    •  
  •  verbose           \u2013            
    •  
  •  curr           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.results","title":"results  instance-attribute","text":"
results = []\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.order","title":"order  instance-attribute","text":"
order = None\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.mutex","title":"mutex  instance-attribute","text":"
mutex = RLock()\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.verbose","title":"verbose  instance-attribute","text":"
verbose = verbose\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.curr","title":"curr  instance-attribute","text":"
curr = None\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.add_result","title":"add_result","text":"
add_result(result: str)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.format_slab_kmem_tracepoint_output","title":"format_slab_kmem_tracepoint_output","text":"
format_slab_kmem_tracepoint_output(is_free: bool, objaddr: int)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepointsData.format_page_kmem_tracepoint_output","title":"format_page_kmem_tracepoint_output","text":"
format_page_kmem_tracepoint_output(is_free: bool, page: int, order: int)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints","title":"KmemTracepoints","text":"
KmemTracepoints()\n
 
Methods:
 
     
  •  resolve_names             \u2013              
    •  
  •  kalloc_handler             \u2013              
    •  
  •  kfree_handler             \u2013              
    •  
  •  palloc_handler             \u2013              
    •  
  •  pfree_handler             \u2013              
    •  
  •  register_breakpoints             \u2013              
    •  
  •  remove_breakpoints             \u2013              
    •  
 
Attributes:
 
     
  •  kallocs           \u2013            
    •  
  •  kfrees           \u2013            
    •  
  •  pallocs           \u2013            
    •  
  •  pfrees           \u2013            
    •  
  •  sps           \u2013            
    •  
  •  data           \u2013            
    •  
  •  slab_tracepoints_enabled           \u2013            
    •  
  •  buddy_tracepoints_enabled           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.kallocs","title":"kallocs  instance-attribute","text":"
kallocs = resolve_names(kmalloc_names)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.kfrees","title":"kfrees  instance-attribute","text":"
kfrees = resolve_names(kfree_names)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.pallocs","title":"pallocs  instance-attribute","text":"
pallocs = resolve_names(palloc_names)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.pfrees","title":"pfrees  instance-attribute","text":"
pfrees = resolve_names(pfree_names)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.sps","title":"sps  instance-attribute","text":"
sps = []\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.data","title":"data  instance-attribute","text":"
data = None\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.slab_tracepoints_enabled","title":"slab_tracepoints_enabled  instance-attribute","text":"
slab_tracepoints_enabled = True\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.buddy_tracepoints_enabled","title":"buddy_tracepoints_enabled  instance-attribute","text":"
buddy_tracepoints_enabled = True\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.resolve_names","title":"resolve_names","text":"
resolve_names(names)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.kalloc_handler","title":"kalloc_handler  staticmethod","text":"
kalloc_handler(sp: StopPoint) -> bool\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.kfree_handler","title":"kfree_handler  staticmethod","text":"
kfree_handler(sp: StopPoint) -> bool\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.palloc_handler","title":"palloc_handler  staticmethod","text":"
palloc_handler(sp: StopPoint) -> bool\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.pfree_handler","title":"pfree_handler  staticmethod","text":"
pfree_handler(sp: StopPoint) -> bool\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.register_breakpoints","title":"register_breakpoints","text":"
register_breakpoints(verbose, trace_all)\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.KmemTracepoints.remove_breakpoints","title":"remove_breakpoints","text":"
remove_breakpoints()\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.get_kmem_tracepoints","title":"get_kmem_tracepoints","text":"
get_kmem_tracepoints()\n
"},{"location":"reference/pwndbg/commands/kmem_trace/#pwndbg.commands.kmem_trace.kmem_trace","title":"kmem_trace","text":"
kmem_trace(\n    trace_slab: bool, trace_buddy: bool, verbose: bool, command: str, all: bool\n) -> None\n
"},{"location":"reference/pwndbg/commands/kmod/","title":"kmod","text":""},{"location":"reference/pwndbg/commands/kmod/#pwndbg.commands.kmod","title":"kmod","text":"
Displays information about loaded kernel modules. This command retrieves the list of kernel modules from the modules symbol and displays information about each module. It can filter modules by a substring of their names if provided.
 
Functions:
 
     
  •  kmod             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kmod/#pwndbg.commands.kmod.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description=\"Displays the loaded Linux kernel modules.\")\n
"},{"location":"reference/pwndbg/commands/kmod/#pwndbg.commands.kmod.kmod","title":"kmod","text":"
kmod(module_name=None, path=None) -> None\n
"},{"location":"reference/pwndbg/commands/knft/","title":"knft","text":""},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft","title":"knft","text":"
Functions:
 
     
  •  parse_nft_family             \u2013              
    •  
  •  knft_dump             \u2013              
    •  
  •  knft_list_tables             \u2013              
    •  
  •  knft_list_chains             \u2013              
    •  
  •  knft_list_rules             \u2013              
    •  
  •  knft_list_exprs             \u2013              
    •  
  •  knft_list_sets             \u2013              
    •  
  •  knft_list_objects             \u2013              
    •  
  •  knft_list_flowtables             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Dump netfilter flowtables from a specific table\"\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.parse_nft_family","title":"parse_nft_family","text":"
parse_nft_family(s: str) -> int\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_dump","title":"knft_dump","text":"
knft_dump(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_tables","title":"knft_list_tables","text":"
knft_list_tables(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_chains","title":"knft_list_chains","text":"
knft_list_chains(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_rules","title":"knft_list_rules","text":"
knft_list_rules(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    chain_name: str | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_exprs","title":"knft_list_exprs","text":"
knft_list_exprs(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    chain_name: str | None = None,\n    rule_id: int | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_sets","title":"knft_list_sets","text":"
knft_list_sets(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_objects","title":"knft_list_objects","text":"
knft_list_objects(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_flowtables","title":"knft_list_flowtables","text":"
knft_list_flowtables(\n    table_family: int | None = None,\n    table_name: str | None = None,\n    nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/ksyscalls/","title":"ksyscalls","text":""},{"location":"reference/pwndbg/commands/ksyscalls/#pwndbg.commands.ksyscalls","title":"ksyscalls","text":"
Displays the syscall table for kernel debugging.
 
Functions:
 
     
  •  ksyscalls             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ksyscalls/#pwndbg.commands.ksyscalls.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Displays Linux syscall table, including names and addresses of syscalls.\"\n)\n
"},{"location":"reference/pwndbg/commands/ksyscalls/#pwndbg.commands.ksyscalls.ksyscalls","title":"ksyscalls","text":"
ksyscalls(syscall_name=None) -> None\n
"},{"location":"reference/pwndbg/commands/ktask/","title":"ktask","text":""},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask","title":"ktask","text":"
Displays information about kernel tasks. This command iterates through the kernel's task list and prints details about each task, including its address, PID, user space status, CPU, UID, GID, and name.
 
Classes:
 
     
  •  Kthread           \u2013            
    •  
  •  Ktask           \u2013            
    •  
 
Functions:
 
     
  •  get_ktasks             \u2013              
    •  
  •  ktask             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  indent           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Displays information about kernel tasks.')\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.indent","title":"indent  module-attribute","text":"
indent = IndentContextManager()\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread","title":"Kthread","text":"
Kthread(thread: Value)\n
 
Methods:
 
     
  •  files             \u2013              
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  thread           \u2013            
    •  
  •  name           \u2013            
    •  
  •  pid           \u2013            
    •  
  •  has_user_page           \u2013            
    •  
  •  cpu           \u2013            
    •  
  •  uid           \u2013            
    •  
  •  gid           \u2013            
    •  
  •  mm           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.thread","title":"thread  instance-attribute","text":"
thread = thread\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.name","title":"name  instance-attribute","text":"
name = string()\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.pid","title":"pid  instance-attribute","text":"
pid = int(thread['pid'])\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.has_user_page","title":"has_user_page  instance-attribute","text":"
has_user_page = int(thread['mm']) != 0\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.cpu","title":"cpu  instance-attribute","text":"
cpu = '-'\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.uid","title":"uid  instance-attribute","text":"
uid = int(thread['real_cred']['uid']['val'])\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.gid","title":"gid  instance-attribute","text":"
gid = int(thread['real_cred']['gid']['val'])\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.mm","title":"mm  property","text":"
mm\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.files","title":"files","text":"
files()\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Kthread.__str__","title":"__str__","text":"
__str__()\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Ktask","title":"Ktask","text":"
Ktask(task: Value)\n
 
Attributes:
 
     
  •  task           \u2013            
    •  
  •  threads           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Ktask.task","title":"task  instance-attribute","text":"
task = task\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.Ktask.threads","title":"threads  instance-attribute","text":"
threads = threads\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.get_ktasks","title":"get_ktasks","text":"
get_ktasks() -> tuple[Ktask, ...]\n
"},{"location":"reference/pwndbg/commands/ktask/#pwndbg.commands.ktask.ktask","title":"ktask","text":"
ktask(task_name=None) -> None\n
"},{"location":"reference/pwndbg/commands/kversion/","title":"kversion","text":""},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion","title":"kversion","text":"
Functions:
 
     
  •  kversion             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Outputs the kernel version (/proc/version).\"\n)\n
"},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion.kversion","title":"kversion","text":"
kversion() -> None\n
"},{"location":"reference/pwndbg/commands/leakfind/","title":"leakfind","text":""},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind","title":"leakfind","text":"
Find a chain of leaks given some starting address.
 
Functions:
 
     
  •  get_rec_addr_string             \u2013              
    •  
  •  dbg_print_map             \u2013              
    •  
  •  leakfind             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nAttempt to find a leak chain given a starting address.\\n\\nScans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.get_rec_addr_string","title":"get_rec_addr_string","text":"
get_rec_addr_string(addr, visited_map)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.dbg_print_map","title":"dbg_print_map","text":"
dbg_print_map(maps) -> None\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.leakfind","title":"leakfind","text":"
leakfind(\n    address=None,\n    page_name=None,\n    max_offset: int = 64,\n    max_depth: int = 4,\n    step: int = 1,\n    negative_offset: int = 0,\n)\n
"},{"location":"reference/pwndbg/commands/libcinfo/","title":"libcinfo","text":""},{"location":"reference/pwndbg/commands/libcinfo/#pwndbg.commands.libcinfo","title":"libcinfo","text":"
Functions:
 
     
  •  libcinfo             \u2013              
    •  
"},{"location":"reference/pwndbg/commands/libcinfo/#pwndbg.commands.libcinfo.libcinfo","title":"libcinfo","text":"
libcinfo()\n
"},{"location":"reference/pwndbg/commands/linkmap/","title":"linkmap","text":""},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap","title":"linkmap","text":"
Functions:
 
     
  •  linkmap             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Show the state of the Link Map')\n
"},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap.linkmap","title":"linkmap","text":"
linkmap() -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/","title":"mallocng","text":""},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng","title":"mallocng","text":"
Commands that help with debugging musl's allocator, mallocng.
 
Functions:
 
     
  •  get_slot_color             \u2013              
    •  
  •  get_colored_slot_state             \u2013              
    •  
  •  get_colored_slot_state_short             \u2013              
    •  
  •  dump_group             \u2013              
    •  
  •  dump_meta             \u2013              
    Arguments:
     
    •  
  •  dump_grouped_slot             \u2013              
    •  
  •  dump_slot             \u2013              
    •  
  •  smart_dump_slot             \u2013              
    •  
  •  dump_meta_area             \u2013              
    •  
  •  dump_malloc_context             \u2013              
    •  
  •  mallocng_slot_user             \u2013              
    •  
  •  mallocng_slot_start             \u2013              
    •  
  •  mallocng_meta             \u2013              
    •  
  •  mallocng_group             \u2013              
    •  
  •  mallocng_meta_area             \u2013              
    •  
  •  mallocng_malloc_context             \u2013              
    •  
  •  mallocng_find             \u2013              
    •  
  •  bin_ascii             \u2013              
    •  
  •  colorize_pointer             \u2013              
    •  
  •  colorize_start_header_line             \u2013              
    •  
  •  line_decoration             \u2013              
    Maybe append extra clarification to a line.
     
    •  
  •  mallocng_visualize_slots             \u2013              
    •  
  •  mallocng_dump             \u2013              
    •  
  •  mallocng_explain             \u2013              
    •  
 
Attributes:
 
     
  •  search_on_fail           \u2013            
    •  
  •  state_alloc_color           \u2013            
    •  
  •  state_alloc_color_alt           \u2013            
    •  
  •  state_freed_color           \u2013            
    •  
  •  state_freed_color_alt           \u2013            
    •  
  •  state_avail_color           \u2013            
    •  
  •  state_avail_color_alt           \u2013            
    •  
  •  VALID_CHARS           \u2013            
    •  
  •  vis_cyclic_offset_color           \u2013            
    •  
  •  vis_offset_color           \u2013            
    •  
  •  vis_cycled_mark_color           \u2013            
    •  
  •  vis_pn3_reserved_color           \u2013            
    •  
  •  vis_big_offset_check_color           \u2013            
    •  
  •  vis_ftr_reserved_color           \u2013            
    •  
  •  default_vis_count           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.search_on_fail","title":"search_on_fail  module-attribute","text":"
search_on_fail = add_param(\n    \"ng-search-on-fail\",\n    True,\n    \"let the ng-slot* commands search the heap if necessary\",\n    help_docstring=\"\\nFor freed, avail(able) and corrupted slots, it may be\\nimpossible to recover the start of the group and meta.\\n\\nWhen this option is set to True, the ng-slotu and ng-slots\\ncommands will search the heap to try to find the correct meta/group.\\n    \",\n    param_class=PARAM_BOOLEAN,\n    scope=heap,\n)\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_alloc_color","title":"state_alloc_color  module-attribute","text":"
state_alloc_color = BLUE\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_alloc_color_alt","title":"state_alloc_color_alt  module-attribute","text":"
state_alloc_color_alt = CYAN\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_freed_color","title":"state_freed_color  module-attribute","text":"
state_freed_color = RED\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_freed_color_alt","title":"state_freed_color_alt  module-attribute","text":"
state_freed_color_alt = LIGHT_RED\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_avail_color","title":"state_avail_color  module-attribute","text":"
state_avail_color = GRAY\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.state_avail_color_alt","title":"state_avail_color_alt  module-attribute","text":"
state_avail_color_alt = LIGHT_GRAY\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.VALID_CHARS","title":"VALID_CHARS  module-attribute","text":"
VALID_CHARS = list(map(ord, set(printable) - set('\\t\\r\\n\\x0c\\x0b')))\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_cyclic_offset_color","title":"vis_cyclic_offset_color  module-attribute","text":"
vis_cyclic_offset_color = YELLOW\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_offset_color","title":"vis_offset_color  module-attribute","text":"
vis_offset_color = LIGHT_YELLOW\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_cycled_mark_color","title":"vis_cycled_mark_color  module-attribute","text":"
vis_cycled_mark_color = PURPLE\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_pn3_reserved_color","title":"vis_pn3_reserved_color  module-attribute","text":"
vis_pn3_reserved_color = LIGHT_CYAN\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_big_offset_check_color","title":"vis_big_offset_check_color  module-attribute","text":"
vis_big_offset_check_color = BLACK\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.vis_ftr_reserved_color","title":"vis_ftr_reserved_color  module-attribute","text":"
vis_ftr_reserved_color = GREEN\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.default_vis_count","title":"default_vis_count  module-attribute","text":"
default_vis_count = add_param(\n    \"ng-vis-count\",\n    10,\n    \"default count for ng-vis\",\n    param_class=PARAM_UINTEGER,\n    scope=heap,\n)\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nDump the mallocng heap.\\n\\nMay produce lots of output.\\n    \"\n)\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.get_slot_color","title":"get_slot_color","text":"
get_slot_color(state: SlotState, last_color: str = '') -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.get_colored_slot_state","title":"get_colored_slot_state","text":"
get_colored_slot_state(ss: SlotState) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.get_colored_slot_state_short","title":"get_colored_slot_state_short","text":"
get_colored_slot_state_short(ss: SlotState) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_group","title":"dump_group","text":"
dump_group(group: Group) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_meta","title":"dump_meta","text":"
dump_meta(meta: Meta, focus_slot: int | None = None) -> str\n
 
Parameters:
 
     
  •  meta               (Meta)           \u2013            
    the meta to dump
     
    •  
  •  focus_slot               (int | None, default:                   None )           \u2013            
    the index of the slot to highlight in the slot statuses list
     
    •  
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_grouped_slot","title":"dump_grouped_slot","text":"
dump_grouped_slot(gslot: GroupedSlot, all: bool) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_slot","title":"dump_slot","text":"
dump_slot(\n    slot: Slot, all: bool, successful_preload: bool, will_dump_gslot: bool\n) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.smart_dump_slot","title":"smart_dump_slot","text":"
smart_dump_slot(slot: Slot, all: bool, gslot: GroupedSlot | None = None) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_meta_area","title":"dump_meta_area","text":"
dump_meta_area(meta_area: MetaArea, coming_from_dump: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.dump_malloc_context","title":"dump_malloc_context","text":"
dump_malloc_context(ctx: MallocContext) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_slot_user","title":"mallocng_slot_user","text":"
mallocng_slot_user(address: int, all: bool) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_slot_start","title":"mallocng_slot_start","text":"
mallocng_slot_start(address: int, all: bool) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_meta","title":"mallocng_meta","text":"
mallocng_meta(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_group","title":"mallocng_group","text":"
mallocng_group(address: int, index: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_meta_area","title":"mallocng_meta_area","text":"
mallocng_meta_area(address: int, index: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_malloc_context","title":"mallocng_malloc_context","text":"
mallocng_malloc_context(address: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_find","title":"mallocng_find","text":"
mallocng_find(\n    address: int,\n    all: bool = False,\n    metadata: bool = False,\n    shallow: bool = False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.bin_ascii","title":"bin_ascii","text":"
bin_ascii(bs: bytearray)\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.colorize_pointer","title":"colorize_pointer","text":"
colorize_pointer(\n    address: int, ptrvalue: int, state: SlotState, slot: Slot\n) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.colorize_start_header_line","title":"colorize_start_header_line","text":"
colorize_start_header_line(shline: str, state: SlotState, slot: Slot) -> str\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.line_decoration","title":"line_decoration","text":"
line_decoration(addr: int, slot_state: SlotState, slot: Slot) -> str\n
 
Maybe append extra clarification to a line.
 
Currently only appends to p headers.
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_visualize_slots","title":"mallocng_visualize_slots","text":"
mallocng_visualize_slots(address: int, count: int = default_vis_count)\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_dump","title":"mallocng_dump","text":"
mallocng_dump(meta_area: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/mallocng/#pwndbg.commands.mallocng.mallocng_explain","title":"mallocng_explain","text":"
mallocng_explain() -> None\n
"},{"location":"reference/pwndbg/commands/memoize/","title":"memoize","text":""},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize","title":"memoize","text":"
Functions:
 
     
  •  memoize             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nToggles memoization (caching).\\n\\nUseful for diagnosing caching-related bugs. Decreases performance.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize.memoize","title":"memoize","text":"
memoize() -> None\n
"},{"location":"reference/pwndbg/commands/misc/","title":"misc","text":""},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc","title":"misc","text":"
Functions:
 
     
  •  errno_             \u2013              
    •  
  •  pwndbg_             \u2013              
    •  
  •  list_and_filter_commands             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  cat_group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description=\"Prints out a list of all Pwndbg commands.\")\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.cat_group","title":"cat_group  module-attribute","text":"
cat_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.errno_","title":"errno_","text":"
errno_(err) -> None\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.pwndbg_","title":"pwndbg_","text":"
pwndbg_(filter_pattern, category_, list_categories) -> None\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.list_and_filter_commands","title":"list_and_filter_commands","text":"
list_and_filter_commands(filter_str)\n
"},{"location":"reference/pwndbg/commands/mmap/","title":"mmap","text":""},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap","title":"mmap","text":"
Functions:
 
     
  •  prot_str_to_val             \u2013              
    Heuristic to convert PROT_EXEC|PROT_WRITE to integer value.
     
    •  
  •  flag_str_to_val             \u2013              
    Heuristic to convert MAP_SHARED|MAP_FIXED to integer value.
     
    •  
  •  parse_str_or_int             \u2013              
    Try parsing a string with one of the parsers above or by converting it to
     
    •  
  •  mmap             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  prot_dict           \u2013            
    •  
  •  flag_dict           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nCalls the mmap syscall and prints its resulting address.\\n\\nNote that the mmap syscall may fail for various reasons\\n(see `man mmap`) and, in case of failure, its return value\\nwill not be a valid pointer.\\n\\nPROT values: NONE (0), READ (1), WRITE (2), EXEC (4)\\n\\nMAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10),\\n            ANONYMOUS (0x20)\\n\\nFlags and protection values can be either a string containing the names of the\\nflags or permissions or a single number corresponding to the bitwise OR of the\\nprotection and flag numbers.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_dict","title":"prot_dict  module-attribute","text":"
prot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_dict","title":"flag_dict  module-attribute","text":"
flag_dict = {\n    \"MAP_SHARED\": 1,\n    \"MAP_PRIVATE\": 2,\n    \"MAP_SHARED_VALIDATE\": 3,\n    \"MAP_FIXED\": 16,\n    \"MAP_ANONYMOUS\": 32,\n}\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_str_to_val","title":"prot_str_to_val","text":"
prot_str_to_val(protstr)\n
 
Heuristic to convert PROT_EXEC|PROT_WRITE to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_str_to_val","title":"flag_str_to_val","text":"
flag_str_to_val(flagstr)\n
 
Heuristic to convert MAP_SHARED|MAP_FIXED to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.parse_str_or_int","title":"parse_str_or_int","text":"
parse_str_or_int(val: str | int, parser)\n
 
Try parsing a string with one of the parsers above or by converting it to an int, or passes the value through if it is already an integer.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.mmap","title":"mmap","text":"
mmap(\n    addr, length, prot=7, flags=34, fd=-1, offset=0, quiet=False, force=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/mprotect/","title":"mprotect","text":""},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect","title":"mprotect","text":"
Functions:
 
     
  •  prot_str_to_val             \u2013              
    Converts a protection string to an integer. Formats include:
     
    •  
  •  prot_val_to_str             \u2013              
    •  
  •  mprotect             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  SYS_MPROTECT           \u2013            
    •  
  •  prot_dict           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nCalls the mprotect syscall and prints its result value.\\n\\nNote that the mprotect syscall may fail for various reasons\\n(see `man mprotect`) and a non-zero error return value\\ncan be decoded with the `errno <value>` command.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.SYS_MPROTECT","title":"SYS_MPROTECT  module-attribute","text":"
SYS_MPROTECT = 125\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_dict","title":"prot_dict  module-attribute","text":"
prot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_str_to_val","title":"prot_str_to_val","text":"
prot_str_to_val(protstr: str) -> int\n
 
Converts a protection string to an integer. Formats include:  - A positive integer, like 3  - A combination of r, w, and x, like rw  - A combination of PROT_READ, PROT_WRITE, and PROT_EXEC, like PROT_READ|PROT_WRITE
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_val_to_str","title":"prot_val_to_str","text":"
prot_val_to_str(protval: int) -> str\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.mprotect","title":"mprotect","text":"
mprotect(addr, length, prot) -> None\n
"},{"location":"reference/pwndbg/commands/msr/","title":"msr","text":""},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr","title":"msr","text":"
Functions:
 
     
  •  parse_msr             \u2013              
    •  
  •  parse_range             \u2013              
    •  
  •  x86_msr_read             \u2013              
    •  
  •  x86_msr_write             \u2013              
    •  
  •  msr_read             \u2013              
    •  
  •  msr_write             \u2013              
    •  
  •  msr_list             \u2013              
    •  
  •  msr             \u2013              
    •  
 
Attributes:
 
     
  •  X86_MSRS           \u2013            
    •  
  •  COMMON_MSRS           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.X86_MSRS","title":"X86_MSRS  module-attribute","text":"
X86_MSRS = {\n    \"MSR_EFER\": 3221225600,\n    \"MSR_STAR\": 3221225601,\n    \"MSR_LSTAR\": 3221225602,\n    \"MSR_CSTAR\": 3221225603,\n    \"MSR_SYSCALL_MASK\": 3221225604,\n    \"MSR_FS_BASE\": 3221225728,\n    \"MSR_GS_BASE\": 3221225729,\n    \"MSR_KERNEL_GS_BASE\": 3221225730,\n    \"MSR_TSC_AUX\": 3221225731,\n}\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.COMMON_MSRS","title":"COMMON_MSRS  module-attribute","text":"
COMMON_MSRS = {'i386': X86_MSRS, 'x86-64': X86_MSRS}\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nRead or write to Model Specific Register (MSR)\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parse_msr","title":"parse_msr","text":"
parse_msr(msr: str, arch: str) -> int | None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parse_range","title":"parse_range","text":"
parse_range(msr_range: str, arch: str) -> tuple[int, int] | None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.x86_msr_read","title":"x86_msr_read","text":"
x86_msr_read(msr: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.x86_msr_write","title":"x86_msr_write","text":"
x86_msr_write(msr: int, write_value: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_read","title":"msr_read","text":"
msr_read(msr: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_write","title":"msr_write","text":"
msr_write(msr: int, write_value: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_list","title":"msr_list","text":"
msr_list(arch: str)\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr","title":"msr","text":"
msr(\n    msr: str | None = None,\n    write: int | None = None,\n    list_msr=False,\n    msr_range: str | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/nearpc/","title":"nearpc","text":""},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc","title":"nearpc","text":"
Functions:
 
     
  •  nearpc             \u2013              
    Disassemble near a specified address.
     
    •  
  •  emulate             \u2013              
    Like nearpc, but will emulate instructions from the current $PC forward.
     
    •  
 
Attributes:
 
     
  •  nearpc_lines           \u2013            
    •  
  •  nearpc_backwards_lines           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.nearpc_lines","title":"nearpc_lines  module-attribute","text":"
nearpc_lines = add_param(\n    \"nearpc-lines\", 10, \"number of lines to print for the nearpc command\"\n)\n
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.nearpc_backwards_lines","title":"nearpc_backwards_lines  module-attribute","text":"
nearpc_backwards_lines = add_param(\n    \"nearpc-backwards-lines\",\n    5,\n    \"number of lines before the pc to print for the nearpc command\",\n)\n
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Like nearpc, but will emulate instructions from the current $PC forward.\"\n)\n
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.nearpc","title":"nearpc","text":"
nearpc(\n    pc=None,\n    lines=None,\n    reverse=None,\n    total=None,\n    emulate=False,\n    use_cache=False,\n    linear=True,\n) -> None\n
 
Disassemble near a specified address.
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.emulate","title":"emulate","text":"
emulate(pc=None, lines=None, reverse=None, total=None, emulate_=True) -> None\n
 
Like nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"reference/pwndbg/commands/next/","title":"next","text":""},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next","title":"next","text":"
Stepping until an event occurs
 
Functions:
 
     
  •  nextjmp             \u2013              
    Breaks at the next jump instruction
     
    •  
  •  nextcall             \u2013              
    Breaks at the next call instruction
     
    •  
  •  nextret             \u2013              
    Breaks at next return-like instruction
     
    •  
  •  stepret             \u2013              
    Breaks at next return-like instruction by 'stepping' to it
     
    •  
  •  nextproginstr             \u2013              
    •  
  •  stepover             \u2013              
    Sets a breakpoint on the instruction after this one
     
    •  
  •  nextsyscall             \u2013              
    Breaks at the next syscall not taking branches.
     
    •  
  •  stepsyscall             \u2013              
    Breaks at the next syscall by taking branches.
     
    •  
  •  stepuntilasm             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Breaks on the next matching instruction.')\n
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextjmp","title":"nextjmp","text":"
nextjmp() -> None\n
 
Breaks at the next jump instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextcall","title":"nextcall","text":"
nextcall(symbol_regex=None) -> None\n
 
Breaks at the next call instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextret","title":"nextret","text":"
nextret() -> None\n
 
Breaks at next return-like instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepret","title":"stepret","text":"
stepret() -> None\n
 
Breaks at next return-like instruction by 'stepping' to it
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextproginstr","title":"nextproginstr","text":"
nextproginstr() -> None\n
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepover","title":"stepover","text":"
stepover(addr=None) -> None\n
 
Sets a breakpoint on the instruction after this one
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextsyscall","title":"nextsyscall","text":"
nextsyscall() -> None\n
 
Breaks at the next syscall not taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepsyscall","title":"stepsyscall","text":"
stepsyscall() -> None\n
 
Breaks at the next syscall by taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepuntilasm","title":"stepuntilasm","text":"
stepuntilasm(mnemonic, op_str) -> None\n
"},{"location":"reference/pwndbg/commands/onegadget/","title":"onegadget","text":""},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget","title":"onegadget","text":"
Functions:
 
     
  •  onegadget             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nFind gadgets which single-handedly give code execution.\\n\\nUses the onegadget tool by david942j.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget.onegadget","title":"onegadget","text":"
onegadget(\n    show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> None\n
"},{"location":"reference/pwndbg/commands/p2p/","title":"p2p","text":""},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p","title":"p2p","text":"
Classes:
 
     
  •  AddrRange           \u2013            
    •  
 
Functions:
 
     
  •  get_addrrange_any_named             \u2013              
    •  
  •  address_range_explicit             \u2013              
    •  
  •  address_range             \u2013              
    •  
  •  maybe_points_to_ranges             \u2013              
    •  
  •  p2p_walk             \u2013              
    •  
  •  p2p             \u2013              
    •  
 
Attributes:
 
     
  •  ts           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.ts","title":"ts  module-attribute","text":"
ts = telescope\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.\\n\\nAny chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.\"\n)\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange","title":"AddrRange","text":"
AddrRange(begin: int, end: int)\n
 
Methods:
 
     
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  begin           \u2013            
    •  
  •  end           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.begin","title":"begin  instance-attribute","text":"
begin = begin\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.end","title":"end  instance-attribute","text":"
end = end\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.get_addrrange_any_named","title":"get_addrrange_any_named","text":"
get_addrrange_any_named() -> list[AddrRange]\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range_explicit","title":"address_range_explicit","text":"
address_range_explicit(section: str) -> AddrRange\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range","title":"address_range","text":"
address_range(section: str) -> list[AddrRange] | tuple[int, int] | None\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.maybe_points_to_ranges","title":"maybe_points_to_ranges","text":"
maybe_points_to_ranges(ptr: int, rs: list[AddrRange])\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p_walk","title":"p2p_walk","text":"
p2p_walk(\n    addr: int, ranges: list[list[AddrRange]], current_level: int\n) -> int | None\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p","title":"p2p","text":"
p2p(mapping_names: list[list[AddrRange]] | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/paging/","title":"paging","text":""},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging","title":"paging","text":"
Functions:
 
     
  •  print_pagetable_entry             \u2013              
    •  
  •  page_type             \u2013              
    •  
  •  page_info             \u2013              
    •  
  •  pagewalk             \u2013              
    •  
  •  paging_print_helper             \u2013              
    •  
  •  p2v             \u2013              
    •  
  •  v2p             \u2013              
    •  
  •  pageinfo             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  PAGETYPES           \u2013            
    •  
  •  p2v_parser           \u2013            
    •  
  •  v2p_parser           \u2013            
    •  
  •  page_parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Performs pagewalk.')\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.PAGETYPES","title":"PAGETYPES  module-attribute","text":"
PAGETYPES = (\n    \"buddy\",\n    \"offline\",\n    \"table\",\n    \"guard\",\n    \"hugetlb\",\n    \"slab\",\n    \"zsmalloc\",\n    \"unaccepted\",\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.p2v_parser","title":"p2v_parser  module-attribute","text":"
p2v_parser = ArgumentParser(\n    description=\"Translate physical address to its corresponding virtual address.\"\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.v2p_parser","title":"v2p_parser  module-attribute","text":"
v2p_parser = ArgumentParser(\n    description=\"Translate virtual address to its corresponding physmap address.\"\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.page_parser","title":"page_parser  module-attribute","text":"
page_parser = ArgumentParser(\n    description=\"Convert a pointer to a `struct page` to its corresponding virtual address.\"\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.print_pagetable_entry","title":"print_pagetable_entry","text":"
print_pagetable_entry(ptl: PageTableLevel, level: int, is_last: bool)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.page_type","title":"page_type","text":"
page_type(page)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.page_info","title":"page_info","text":"
page_info(page)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.pagewalk","title":"pagewalk","text":"
pagewalk(vaddr, entry=None)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.paging_print_helper","title":"paging_print_helper","text":"
paging_print_helper(name, addr)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.p2v","title":"p2v","text":"
p2v(paddr)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.v2p","title":"v2p","text":"
v2p(vaddr)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.pageinfo","title":"pageinfo","text":"
pageinfo(page)\n
"},{"location":"reference/pwndbg/commands/parse_seccomp/","title":"parse_seccomp","text":""},{"location":"reference/pwndbg/commands/parse_seccomp/#pwndbg.commands.parse_seccomp","title":"parse_seccomp","text":"
Functions:
 
     
  •  parse_seccomp             \u2013              
    Parse a struct sock_fprog at a given address and pass filter to external tool.
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/parse_seccomp/#pwndbg.commands.parse_seccomp.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Parse a struct sock_fprog from memory and dump its filter\"\n)\n
"},{"location":"reference/pwndbg/commands/parse_seccomp/#pwndbg.commands.parse_seccomp.parse_seccomp","title":"parse_seccomp","text":"
parse_seccomp(addr: int) -> None\n
 
Parse a struct sock_fprog at a given address and pass filter to external tool.
"},{"location":"reference/pwndbg/commands/patch/","title":"patch","text":""},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch","title":"patch","text":"
Functions:
 
     
  •  patch             \u2013              
    •  
  •  patch_revert             \u2013              
    •  
  •  patch_list             \u2013              
    •  
 
Attributes:
 
     
  •  patches               (dict[int, tuple[bytes, bytes]])           \u2013            
    •  
  •  parser           \u2013            
    •  
  •  parser2           \u2013            
    •  
  •  parser3           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patches","title":"patches  module-attribute","text":"
patches: dict[int, tuple[bytes, bytes]] = {}\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Patches given instruction with given code or bytes.\"\n)\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser2","title":"parser2  module-attribute","text":"
parser2 = ArgumentParser(description='Revert patch at given address.')\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser3","title":"parser3  module-attribute","text":"
parser3 = ArgumentParser(description='List all patches.')\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch","title":"patch","text":"
patch(address: int, ins: str, quiet: bool) -> None\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_revert","title":"patch_revert","text":"
patch_revert(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_list","title":"patch_list","text":"
patch_list() -> None\n
"},{"location":"reference/pwndbg/commands/peda/","title":"peda","text":""},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda","title":"peda","text":"
Functions:
 
     
  •  getfile             \u2013              
    •  
  •  xuntil             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Continue execution until an address or expression.\"\n)\n
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.getfile","title":"getfile","text":"
getfile() -> None\n
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.xuntil","title":"xuntil","text":"
xuntil(target) -> None\n
"},{"location":"reference/pwndbg/commands/pie/","title":"pie","text":""},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie","title":"pie","text":"
Functions:
 
     
  •  translate_addr             \u2013              
    •  
  •  piebase             \u2013              
    •  
  •  breakrva             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Calculate VA of RVA from PIE base.')\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.translate_addr","title":"translate_addr","text":"
translate_addr(offset, module)\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.piebase","title":"piebase","text":"
piebase(offset=None, module=None) -> None\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.breakrva","title":"breakrva","text":"
breakrva(offset=0, module=None) -> None\n
"},{"location":"reference/pwndbg/commands/plist/","title":"plist","text":""},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist","title":"plist","text":"
Functions:
 
     
  •  plist             \u2013              
    •  
  •  bit_offset_of_field             \u2013              
    •  
  •  get_byte_offset             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Dumps the elements of a linked list.\\n\\nThis command traverses the linked list beginning at a given element, dumping its\\ncontents and the contents of all the elements that come after it in the list.\\nTraversal is configurable and can handle multiple types of linked lists, but will\\nalways stop when a cycle is detected.\\n\\nThe path to the first element can be any GDB expression that evaluates to either\\nthe first element directly, or a to pointer to it. The next element is the name\\nof the field containing the next pointer, in either the structure itself or in\\nthe structure given by --inner.\\n\\nAn address value may be given with --sentinel that signals the end of the list.\\nBy default, the value used is NULL (0).\\n\\nIf only one field inside each node is desired, it can be printed exclusively by\\nspecifying its name with --field.\\n\\nThis command supports traversing three types of linked lists, classified by how\\nthe next pointer can be found in the structure and what type it is:\\n    1 - Next pointer is field of structure, type is the same as structure.\\n    2 - Next pointer is field of inner nested structure, pointed to type is the\\n        same as outer structure.\\n    3 - Next pointer is field of inner nested structure, pointed to type is the\\n        same as inner structure.\\nTypes 2 and 3 require --inner to be specified.\\n\\nExample 1:\\n\\n```\\nstruct node {\\n    int value;\\n    struct node *next;\\n};\\nstruct node node_c = { 2, NULL };\\nstruct node node_b = { 1, &node_c };\\nstruct node node_a = { 0, &node_b };\\n```\\n\\npwndbg> plist node_a next\\n0x4000011050 <node_a>: {\\n  value = 0,\\n  next = 0x4000011040 <node_b>\\n}\\n0x4000011040 <node_b>: {\\n  value = 1,\\n  next = 0x4000011010 <node_c>\\n}\\n0x4000011010 <node_c>: {\\n  value = 2,\\n  next = 0x0\\n}\\n\\nExample 2:\\n\\n```\\nstruct node_inner_a {\\n    struct node_inner_a *next;\\n};\\nstruct inner_a_node {\\n    int value;\\n    struct node_inner_a inner;\\n};\\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\\n```\\n\\npwndbg> plist inner_a_node_a -i inner next\\n0x4000011070 <inner_a_node_a>: {\\n  value = 0,\\n  inner = {\\n    next = 0x4000011068 <inner_a_node_b+8>\\n  }\\n}\\n0x4000011060 <inner_a_node_b>: {\\n  value = 1,\\n  inner = {\\n    next = 0x4000011028 <inner_a_node_c+8>\\n  }\\n}\\n0x4000011020 <inner_a_node_c>: {\\n  value = 2,\\n  inner = {\\n    next = 0x0\\n  }\\n}\\n\\nExample 3:\\n\\n```\\nstruct inner_b_node;\\nstruct node_inner_b {\\n    struct inner_b_node *next;\\n};\\nstruct inner_b_node {\\n    int value;\\n    struct node_inner_b inner;\\n};\\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\\n```\\n\\npwndbg> plist inner_b_node_a -i inner next\\n0x4000011090 <inner_b_node_a>: {\\n  value = 0,\\n  inner = {\\n    next = 0x4000011080 <inner_b_node_b>\\n  }\\n}\\n0x4000011080 <inner_b_node_b>: {\\n  value = 1,\\n  inner = {\\n    next = 0x4000011030 <inner_b_node_c>\\n  }\\n}\\n0x4000011030 <inner_b_node_c>: {\\n  value = 2,\\n  inner = {\\n    next = 0x0\\n  }\\n}\\n\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.plist","title":"plist","text":"
plist(\n    path: str,\n    next: str,\n    sentinel: int,\n    inner_name: str | None,\n    field_name: str | None,\n    offset: int,\n    count: int | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.bit_offset_of_field","title":"bit_offset_of_field","text":"
bit_offset_of_field(struct, field_name, inner_name=None)\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.get_byte_offset","title":"get_byte_offset","text":"
get_byte_offset(bit_offset)\n
"},{"location":"reference/pwndbg/commands/probeleak/","title":"probeleak","text":""},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak","title":"probeleak","text":"
Functions:
 
     
  •  find_module             \u2013              
    •  
  •  satisfied_flags             \u2013              
    •  
  •  flags_str2int             \u2013              
    •  
  •  probeleak             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Pointer scan for possible offset leaks.')\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.find_module","title":"find_module","text":"
find_module(addr, max_distance)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.satisfied_flags","title":"satisfied_flags","text":"
satisfied_flags(require_flags, flags)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.flags_str2int","title":"flags_str2int","text":"
flags_str2int(flags_s)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.probeleak","title":"probeleak","text":"
probeleak(\n    address=None,\n    count=64,\n    max_distance=0,\n    point_to=None,\n    max_ptrs=0,\n    flags=None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/procinfo/","title":"procinfo","text":""},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo","title":"procinfo","text":"
Classes:
 
     
  •  Process           \u2013            
    •  
 
Functions:
 
     
  •  tcp             \u2013              
    It will first list all listening TCP sockets, and next list all established
     
    •  
  •  tcp6             \u2013              
    •  
  •  unix             \u2013              
    •  
  •  netlink             \u2013              
    •  
  •  pid             \u2013              
    •  
  •  procinfo             \u2013              
    Display information about the running process.
     
    •  
 
Attributes:
 
     
  •  capabilities           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.capabilities","title":"capabilities  module-attribute","text":"
capabilities = {\n    0: \"CAP_CHOWN\",\n    1: \"CAP_DAC_OVERRIDE\",\n    2: \"CAP_DAC_READ_SEARCH\",\n    3: \"CAP_FOWNER\",\n    4: \"CAP_FSETID\",\n    5: \"CAP_KILL\",\n    6: \"CAP_SETGID\",\n    7: \"CAP_SETUID\",\n    8: \"CAP_SETPCAP\",\n    9: \"CAP_LINUX_IMMUTABLE\",\n    10: \"CAP_NET_BIND_SERVICE\",\n    11: \"CAP_NET_BROADCAST\",\n    12: \"CAP_NET_ADMIN\",\n    13: \"CAP_NET_RAW\",\n    14: \"CAP_IPC_LOCK\",\n    15: \"CAP_IPC_OWNER\",\n    16: \"CAP_SYS_MODULE\",\n    17: \"CAP_SYS_RAWIO\",\n    18: \"CAP_SYS_CHROOT\",\n    19: \"CAP_SYS_PTRACE\",\n    20: \"CAP_SYS_PACCT\",\n    21: \"CAP_SYS_ADMIN\",\n    22: \"CAP_SYS_BOOT\",\n    23: \"CAP_SYS_NICE\",\n    24: \"CAP_SYS_RESOURCE\",\n    25: \"CAP_SYS_TIME\",\n    26: \"CAP_SYS_TTY_CONFIG\",\n    27: \"CAP_MKNOD\",\n    28: \"CAP_LEASE\",\n    29: \"CAP_AUDIT_WRITE\",\n    30: \"CAP_AUDIT_CONTROL\",\n    31: \"CAP_SETFCAP\",\n    32: \"CAP_MAC_OVERRIDE\",\n    33: \"CAP_MAC_ADMIN\",\n    34: \"CAP_SYSLOG\",\n    35: \"CAP_WAKE_ALARM\",\n    36: \"CAP_BLOCK_SUSPEND\",\n}\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process","title":"Process","text":"
Process(pid=None, tid=None)\n
 
Attributes:
 
     
  •  pid           \u2013            
    •  
  •  tid           \u2013            
    •  
  •  selinux               (str)           \u2013            
    •  
  •  cmdline           \u2013            
    •  
  •  cwd               (str)           \u2013            
    •  
  •  status           \u2013            
    •  
  •  open_files           \u2013            
    •  
  •  connections           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.pid","title":"pid  instance-attribute","text":"
pid = pid\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.tid","title":"tid  instance-attribute","text":"
tid = tid\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.selinux","title":"selinux  property","text":"
selinux: str\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cmdline","title":"cmdline  property","text":"
cmdline\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cwd","title":"cwd  property","text":"
cwd: str\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.status","title":"status  property","text":"
status\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.open_files","title":"open_files  property","text":"
open_files\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.connections","title":"connections  property","text":"
connections\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.tcp","title":"tcp","text":"
tcp(tid: int)\n
 
It will first list all listening TCP sockets, and next list all established TCP connections. A typical entry of /proc/net/tcp would look like this (split up into 3 parts because of the length of the line):
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.tcp6","title":"tcp6","text":"
tcp6(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.unix","title":"unix","text":"
unix(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.netlink","title":"netlink","text":"
netlink(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.pid","title":"pid","text":"
pid() -> None\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.procinfo","title":"procinfo","text":"
procinfo() -> None\n
 
Display information about the running process.
"},{"location":"reference/pwndbg/commands/profiler/","title":"profiler","text":""},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler","title":"profiler","text":"
Utilities for profiling pwndbg.
 
Functions:
 
     
  •  profiler             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  subparsers           \u2013            
    •  
  •  parser_start           \u2013            
    •  
  •  parser_stop           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"\\nUtilities for profiling Pwndbg.\\n\\nCheck out the `./profiling` folder for other useful utilities.\\nUse `./profiling/print_stats.py` to generate a report from a `.pstats` file.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.subparsers","title":"subparsers  module-attribute","text":"
subparsers = add_subparsers(dest='command')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_start","title":"parser_start  module-attribute","text":"
parser_start = add_parser('start', prog='profiler start')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_stop","title":"parser_stop  module-attribute","text":"
parser_stop = add_parser('stop', prog='profiler stop')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.profiler","title":"profiler","text":"
profiler(command, file='pwndbg.pstats') -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/","title":"ptmalloc2","text":""},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2","title":"ptmalloc2","text":"
Functions:
 
     
  •  read_chunk             \u2013              
    Read a chunk's metadata.
     
    •  
  •  format_bin             \u2013              
    •  
  •  print_no_arena_found_error             \u2013              
    •  
  •  print_no_tcache_bins_found_error             \u2013              
    •  
  •  heap             \u2013              
    Iteratively print chunks on a heap, default to the current thread's
     
    •  
  •  hi             \u2013              
    •  
  •  arena             \u2013              
    Print the contents of an arena, default to the current thread's arena.
     
    •  
  •  arenas             \u2013              
    Lists this process's arenas.
     
    •  
  •  tcache             \u2013              
    Print a thread's tcache contents, default to the current thread's
     
    •  
  •  mp             \u2013              
    Print the mp_ struct's contents.
     
    •  
  •  top_chunk             \u2013              
    Print relevant information about an arena's top chunk, default to the
     
    •  
  •  malloc_chunk             \u2013              
    Print a malloc_chunk struct's contents.
     
    •  
  •  bins             \u2013              
    Print the contents of all an arena's bins and a thread's tcache,
     
    •  
  •  fastbins             \u2013              
    Print the contents of an arena's fastbins, default to the current
     
    •  
  •  unsortedbin             \u2013              
    Print the contents of an arena's unsortedbin, default to the current
     
    •  
  •  smallbins             \u2013              
    Print the contents of an arena's smallbins, default to the current
     
    •  
  •  largebins             \u2013              
    Print the contents of an arena's largebins, default to the current
     
    •  
  •  tcachebins             \u2013              
    Print the contents of a tcache, default to the current thread's tcache.
     
    •  
  •  find_fake_fast             \u2013              
    Find candidate fake fast chunks overlapping the specified address.
     
    •  
  •  vis_heap_chunks             \u2013              
    Visualize chunks on a heap, default to the current arena's active heap.
     
    •  
  •  bin_ascii             \u2013              
    •  
  •  bin_labels_mapping             \u2013              
    Returns all potential bin labels for all potential addresses
     
    •  
  •  try_free             \u2013              
    •  
  •  try_unlink             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  group           \u2013            
    •  
  •  VALID_CHARS           \u2013            
    •  
  •  try_free_parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Visualize chunks on a heap.\\n\\nDefault to the current arena's active heap.\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.group","title":"group  module-attribute","text":"
group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.VALID_CHARS","title":"VALID_CHARS  module-attribute","text":"
VALID_CHARS = list(map(ord, set(printable) - set('\\t\\r\\n\\x0c\\x0b')))\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free_parser","title":"try_free_parser  module-attribute","text":"
try_free_parser = ArgumentParser(\n    description=\"Check what would happen if free was called with given address.\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.read_chunk","title":"read_chunk","text":"
read_chunk(addr: int) -> dict[str, int]\n
 
Read a chunk's metadata.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.format_bin","title":"format_bin","text":"
format_bin(\n    bins: Bins, verbose: bool = False, offset: int | None = None\n) -> list[str]\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_arena_found_error","title":"print_no_arena_found_error","text":"
print_no_arena_found_error(tid=None) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_tcache_bins_found_error","title":"print_no_tcache_bins_found_error","text":"
print_no_tcache_bins_found_error(tid: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.heap","title":"heap","text":"
heap(\n    addr: int | None = None, verbose: bool = False, simple: bool = False\n) -> None\n
 
Iteratively print chunks on a heap, default to the current thread's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.hi","title":"hi","text":"
hi(\n    addr: int, verbose: bool = False, simple: bool = False, fake: bool = False\n) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arena","title":"arena","text":"
arena(addr: int | None = None) -> None\n
 
Print the contents of an arena, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arenas","title":"arenas","text":"
arenas() -> None\n
 
Lists this process's arenas.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcache","title":"tcache","text":"
tcache(addr: int | None = None) -> None\n
 
Print a thread's tcache contents, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.mp","title":"mp","text":"
mp() -> None\n
 
Print the mp_ struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.top_chunk","title":"top_chunk","text":"
top_chunk(addr: int | None = None) -> None\n
 
Print relevant information about an arena's top chunk, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.malloc_chunk","title":"malloc_chunk","text":"
malloc_chunk(\n    addr: int,\n    fake: bool = False,\n    verbose: bool = False,\n    simple: bool = False,\n    next: int = 0,\n    dump: bool = False,\n) -> None\n
 
Print a malloc_chunk struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bins","title":"bins","text":"
bins(addr: int | None = None, tcache_addr: int | None = None) -> None\n
 
Print the contents of all an arena's bins and a thread's tcache, default to the current thread's arena and tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.fastbins","title":"fastbins","text":"
fastbins(addr: int | None = None, verbose: bool = False) -> None\n
 
Print the contents of an arena's fastbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.unsortedbin","title":"unsortedbin","text":"
unsortedbin(addr: int | None = None, verbose: bool = False) -> None\n
 
Print the contents of an arena's unsortedbin, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.smallbins","title":"smallbins","text":"
smallbins(addr: int | None = None, verbose: bool = False) -> None\n
 
Print the contents of an arena's smallbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.largebins","title":"largebins","text":"
largebins(addr: int | None = None, verbose: bool = False) -> None\n
 
Print the contents of an arena's largebins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcachebins","title":"tcachebins","text":"
tcachebins(addr: int | None = None, verbose: bool = False) -> None\n
 
Print the contents of a tcache, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.find_fake_fast","title":"find_fake_fast","text":"
find_fake_fast(\n    target_address: int,\n    max_candidate_size: int | None = None,\n    align: bool = False,\n    glibc_fastbin_bug: bool = False,\n    partial_overwrite: bool = False,\n) -> None\n
 
Find candidate fake fast chunks overlapping the specified address.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.vis_heap_chunks","title":"vis_heap_chunks","text":"
vis_heap_chunks(\n    addr: int | None = None,\n    count: int | None = None,\n    beyond_top: bool = False,\n    no_truncate: bool = False,\n    all_chunks: bool = False,\n) -> None\n
 
Visualize chunks on a heap, default to the current arena's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_ascii","title":"bin_ascii","text":"
bin_ascii(bs)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_labels_mapping","title":"bin_labels_mapping","text":"
bin_labels_mapping(collections)\n
 
Returns all potential bin labels for all potential addresses We precompute all of them because doing this on demand was too slow and inefficient See #1675 for more details
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free","title":"try_free","text":"
try_free(addr: str | int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_unlink","title":"try_unlink","text":"
try_unlink(addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/","title":"ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"
Functions:
 
     
  •  track_heap             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  subparsers           \u2013            
    •  
  •  enable           \u2013            
    •  
  •  disable           \u2013            
    •  
  •  toggle_break           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Manages the heap tracker.\\n\\nThe heap tracker is a module that tracks usage of the GLibc heap and looks for\\nuser errors such as double frees and use after frees.\\n\\nCurrently, the following errors can be detected:\\n    - Use After Free\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.subparsers","title":"subparsers  module-attribute","text":"
subparsers = add_subparsers(\n    required=True,\n    description=\"Used to enable, disable and query information about the tracker\",\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.enable","title":"enable  module-attribute","text":"
enable = add_parser('enable', help='Enable heap tracking')\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.disable","title":"disable  module-attribute","text":"
disable = add_parser('disable', help='Disable heap tracking')\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.toggle_break","title":"toggle_break  module-attribute","text":"
toggle_break = add_parser(\n    \"toggle-break\",\n    help=\"Toggles whether possible UAF conditions will pause execution\",\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.track_heap","title":"track_heap","text":"
track_heap(mode=None, use_hardware_breakpoints=False)\n
"},{"location":"reference/pwndbg/commands/radare2/","title":"radare2","text":""},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2","title":"radare2","text":"
Functions:
 
     
  •  r2             \u2013              
    •  
  •  r2pipe             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Execute stateful radare2 commands through r2pipe.\"\n)\n
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2","title":"r2","text":"
r2(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2pipe","title":"r2pipe","text":"
r2pipe(arguments) -> None\n
"},{"location":"reference/pwndbg/commands/reload/","title":"reload","text":""},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload","title":"reload","text":"
Functions:
 
     
  •  rreload             \u2013              
    Recursively reload modules.
     
    •  
  •  reload             \u2013              
    •  
  •  reinit_pwndbg             \u2013              
    Makes pwndbg reinitialize all state.
     
    •  
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.rreload","title":"rreload","text":"
rreload(module, _exclude_mods=None) -> None\n
 
Recursively reload modules. Impl based on https://stackoverflow.com/a/66661311/1508881
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reload","title":"reload","text":"
reload(*a) -> None\n
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reinit_pwndbg","title":"reinit_pwndbg","text":"
reinit_pwndbg() -> None\n
 
Makes pwndbg reinitialize all state.
"},{"location":"reference/pwndbg/commands/retaddr/","title":"retaddr","text":""},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr","title":"retaddr","text":"
Functions:
 
     
  •  retaddr             \u2013              
    •  
  •  stack_explore             \u2013              
    •  
"},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr.retaddr","title":"retaddr","text":"
retaddr() -> None\n
"},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr.stack_explore","title":"stack_explore","text":"
stack_explore() -> None\n
"},{"location":"reference/pwndbg/commands/rizin/","title":"rizin","text":""},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin","title":"rizin","text":"
Functions:
 
     
  •  rz             \u2013              
    •  
  •  rzpipe             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Execute stateful rizin commands through rzpipe.\"\n)\n
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rz","title":"rz","text":"
rz(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rzpipe","title":"rzpipe","text":"
rzpipe(arguments) -> None\n
"},{"location":"reference/pwndbg/commands/rop/","title":"rop","text":""},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop","title":"rop","text":"
Classes:
 
     
  •  RawMemoryBinary           \u2013            
    •  
 
Functions:
 
     
  •  split_range_to_chunks             \u2013              
    •  
  •  parse_size             \u2013              
    •  
  •  iterate_over_pages             \u2013              
    •  
  •  rop             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Dump ROP gadgets with Jon Salwan's ROPgadget tool.\"\n)\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary","title":"RawMemoryBinary","text":"
RawMemoryBinary(options, start_addr: int)\n
 
               Bases: object
 
Methods:
 
     
  •  getBinary             \u2013              
    •  
  •  getFileName             \u2013              
    •  
  •  getRawBinary             \u2013              
    •  
  •  getEntryPoint             \u2013              
    •  
  •  getExecSections             \u2013              
    •  
  •  getDataSections             \u2013              
    •  
  •  getArch             \u2013              
    •  
  •  getArchMode             \u2013              
    •  
  •  getEndian             \u2013              
    •  
  •  getFormat             \u2013              
    •  
 
Attributes:
 
     
  •  start_addr           \u2013            
    •  
  •  cs           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.start_addr","title":"start_addr  instance-attribute","text":"
start_addr = start_addr\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__fileName","title":"__fileName  instance-attribute","text":"
__fileName = binary\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.cs","title":"cs  instance-attribute","text":"
cs = get_disassembler(get_capstone_constants(pc))\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__rawBinary","title":"__rawBinary  instance-attribute","text":"
__rawBinary = read()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getBinary","title":"getBinary","text":"
getBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFileName","title":"getFileName","text":"
getFileName()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getRawBinary","title":"getRawBinary","text":"
getRawBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEntryPoint","title":"getEntryPoint","text":"
getEntryPoint()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getExecSections","title":"getExecSections","text":"
getExecSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getDataSections","title":"getDataSections","text":"
getDataSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArch","title":"getArch","text":"
getArch()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArchMode","title":"getArchMode","text":"
getArchMode()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEndian","title":"getEndian","text":"
getEndian()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFormat","title":"getFormat","text":"
getFormat()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.split_range_to_chunks","title":"split_range_to_chunks","text":"
split_range_to_chunks(\n    range_start: int, range_end: int, chunk_size: int = 10 * 1024 * 1024\n) -> Iterator[tuple[int, int, int, int]]\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.parse_size","title":"parse_size","text":"
parse_size(size_str: str) -> int\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.iterate_over_pages","title":"iterate_over_pages","text":"
iterate_over_pages(mem_limit: int) -> Iterator[tuple[str, Page | None]]\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.rop","title":"rop","text":"
rop(grep: str | None, memlimit: str, argument: list[str]) -> None\n
"},{"location":"reference/pwndbg/commands/ropper/","title":"ropper","text":""},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper","title":"ropper","text":"
Functions:
 
     
  •  ropper             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='ROP gadget search with ropper.')\n
"},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper.ropper","title":"ropper","text":"
ropper(argument) -> None\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/","title":"saved_register_frames","text":""},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames","title":"saved_register_frames","text":"
Functions:
 
     
  •  print_saved_register_frame             \u2013              
    •  
  •  dump_register_frame             \u2013              
    •  
 
Attributes:
 
     
  •  VALID_FRAME_TYPES           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.VALID_FRAME_TYPES","title":"VALID_FRAME_TYPES  module-attribute","text":"
VALID_FRAME_TYPES = {\n    \"armcm-exception\": ARM_CORTEX_M_EXCEPTION_STACK,\n    \"armcm-exception2\": ARM_CORTEX_M_EXCEPTION_STACK,\n}\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Display the registers saved to memory for a certain frame type\"\n)\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.print_saved_register_frame","title":"print_saved_register_frame","text":"
print_saved_register_frame(\n    context: SavedRegisterFrame, address: int = None, print_address=False\n)\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.dump_register_frame","title":"dump_register_frame","text":"
dump_register_frame(\n    frame_type: str, address: int = None, print_address=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/search/","title":"search","text":""},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search","title":"search","text":"
Functions:
 
     
  •  print_search_hit             \u2013              
    Prints out a single search hit.
     
    •  
  •  search             \u2013              
    •  
 
Attributes:
 
     
  •  saved               (set[int])           \u2013            
    •  
  •  auto_save           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.saved","title":"saved  module-attribute","text":"
saved: set[int] = set()\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.auto_save","title":"auto_save  module-attribute","text":"
auto_save = add_param(\n    \"auto-save-search\", False, 'automatically pass --save to \"search\" command'\n)\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Search memory for byte sequences, strings, pointers, and integer values.\\n\\nBy default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.\\n\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.print_search_hit","title":"print_search_hit","text":"
print_search_hit(address: int) -> None\n
 
Prints out a single search hit.
 
Parameters:
 
     
  •  address               (int)           \u2013            
    Address to print
     
    •  
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.search","title":"search","text":"
search(\n    type,\n    asmbp,\n    hex,\n    executable,\n    writable,\n    step,\n    limit,\n    aligned,\n    value,\n    mapping_name,\n    save,\n    next,\n    trunc_out,\n) -> None\n
"},{"location":"reference/pwndbg/commands/segments/","title":"segments","text":""},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments","title":"segments","text":"
Functions:
 
     
  •  fsbase             \u2013              
    Prints out the FS base address. See also $fsbase.
     
    •  
  •  gsbase             \u2013              
    Prints out the GS base address. See also $gsbase.
     
    •  
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.fsbase","title":"fsbase","text":"
fsbase() -> None\n
 
Prints out the FS base address. See also $fsbase.
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.gsbase","title":"gsbase","text":"
gsbase() -> None\n
 
Prints out the GS base address. See also $gsbase.
"},{"location":"reference/pwndbg/commands/sigreturn/","title":"sigreturn","text":""},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn","title":"sigreturn","text":"
Functions:
 
     
  •  sigreturn             \u2013              
    •  
  •  print_value             \u2013              
    •  
 
Attributes:
 
     
  •  SIGRETURN_FRAME_LAYOUTS               (dict[str, list[tuple[int, str]]])           \u2013            
    •  
  •  SIGRETURN_CORE_REGISTER               (dict[str, set[str]])           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.SIGRETURN_FRAME_LAYOUTS","title":"SIGRETURN_FRAME_LAYOUTS  module-attribute","text":"
SIGRETURN_FRAME_LAYOUTS: dict[str, list[tuple[int, str]]] = {\n    \"x86-64\": sorted([(-8, \"&pretcode\")] + list(items())),\n    \"i386\": sorted(items()),\n    \"aarch64\": sorted(items()),\n    \"arm\": sorted(items()),\n}\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.SIGRETURN_CORE_REGISTER","title":"SIGRETURN_CORE_REGISTER  module-attribute","text":"
SIGRETURN_CORE_REGISTER: dict[str, set[str]] = {\n    \"x86-64\": {*(gpr), frame, stack, pc},\n    \"i386\": {*(gpr), frame, stack, pc},\n    \"aarch64\": {*(gpr), \"sp\", \"pc\"},\n    \"arm\": {*(gpr), \"fp\", \"ip\", \"sp\", \"lr\", \"pc\"},\n}\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Display the SigreturnFrame at the specific address\"\n)\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.sigreturn","title":"sigreturn","text":"
sigreturn(address: int = None, display_all=False, print_address=False) -> None\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.print_value","title":"print_value","text":"
print_value(string: str, address: int, print_address) -> None\n
"},{"location":"reference/pwndbg/commands/slab/","title":"slab","text":""},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab","title":"slab","text":"
Commands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
 
Some of the code here was inspired from NeatMonster/slabdbg Some of the code here was inspired from osandov/drgn
 
Functions:
 
     
  •  slab             \u2013              
    •  
  •  emphasize             \u2013              
    •  
  •  handle_next             \u2013              
    •  
  •  freelist_desc             \u2013              
    •  
  •  print_slab             \u2013              
    •  
  •  print_cpu_cache             \u2013              
    •  
  •  print_node_cache             \u2013              
    •  
  •  slab_info             \u2013              
    •  
  •  slab_list             \u2013              
    •  
  •  slab_contains             \u2013              
    prints the slab_cache associated with the provided address
     
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  subparsers           \u2013            
    •  
  •  parser_list           \u2013            
    •  
  •  parser_info           \u2013            
    •  
  •  parser_contains           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Prints information about the linux kernel's slab allocator SLUB.\"\n)\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.subparsers","title":"subparsers  module-attribute","text":"
subparsers = add_subparsers(dest='command')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_list","title":"parser_list  module-attribute","text":"
parser_list = add_parser('list', prog='slab list')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_info","title":"parser_info  module-attribute","text":"
parser_info = add_parser('info', prog='slab info')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_contains","title":"parser_contains  module-attribute","text":"
parser_contains = add_parser('contains', prog='slab contains')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab","title":"slab","text":"
slab(\n    command,\n    filter_=None,\n    names=None,\n    verbose=False,\n    addresses=None,\n    cpu=None,\n    node=None,\n    partial_only=False,\n    active_only=False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.emphasize","title":"emphasize","text":"
emphasize(s)\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.handle_next","title":"handle_next","text":"
handle_next(curr: int, freelist: Freelist, indent)\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.freelist_desc","title":"freelist_desc","text":"
freelist_desc(freelist: Freelist, indent)\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_slab","title":"print_slab","text":"
print_slab(slab: Slab, indent, verbose: bool) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_cpu_cache","title":"print_cpu_cache","text":"
print_cpu_cache(\n    cpu_cache: CpuCache, verbose: bool, active: bool, partial: bool, indent\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_node_cache","title":"print_node_cache","text":"
print_node_cache(node_cache: NodeCache, verbose: bool, indent) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_info","title":"slab_info","text":"
slab_info(\n    name: str, verbose: bool, cpu: int, node: int, active: bool, partial: bool\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_list","title":"slab_list","text":"
slab_list(filter_) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_contains","title":"slab_contains","text":"
slab_contains(address: str) -> None\n
 
prints the slab_cache associated with the provided address
"},{"location":"reference/pwndbg/commands/spray/","title":"spray","text":""},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray","title":"spray","text":"
Functions:
 
     
  •  spray             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Spray memory with cyclic() generated values\"\n)\n
"},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray.spray","title":"spray","text":"
spray(addr, length, value, only_funcptrs) -> None\n
"},{"location":"reference/pwndbg/commands/start/","title":"start","text":""},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start","title":"start","text":"
Launches the target process after setting a breakpoint at a convenient entry point.
 
Functions:
 
     
  •  breakpoint_at_entry             \u2013              
    •  
  •  start             \u2013              
    •  
  •  entry             \u2013              
    •  
  •  sstart             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description='\\nStart the debugged program stopping at its entrypoint address.\\n\\nNote that the entrypoint may not be the first instruction executed\\nby the program. If you want to stop on the first executed instruction,\\nuse the GDB\\'s `starti` command or LLDB\\'s `process launch -s`.\\n\\nArgs may include \"*\", or \"[...]\"; they are expanded using the\\nshell that will start the program (specified by the \"$SHELL\" environment\\nvariable).  Input and output redirection with \">\", \"<\", or \">>\"\\nare also allowed.\\n\\nWith no arguments, uses arguments last specified (with \"run\" or\\n\"set args\").  To cancel previous arguments and run with no arguments,\\nuse \"set args\" without arguments.\\n\\nTo start the inferior without using a shell, use \"set startup-with-shell off\".\\n'\n)\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.breakpoint_at_entry","title":"breakpoint_at_entry","text":"
breakpoint_at_entry()\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.start","title":"start","text":"
start(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.entry","title":"entry","text":"
entry(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.sstart","title":"sstart","text":"
sstart() -> None\n
"},{"location":"reference/pwndbg/commands/strings/","title":"strings","text":""},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings","title":"strings","text":"
Functions:
 
     
  •  strings             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Extracts and displays ASCII strings from readable memory pages of the debugged process.\"\n)\n
"},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings.strings","title":"strings","text":"
strings(n: int = 4, page_names: list[str] = [], save_as: str = None)\n
"},{"location":"reference/pwndbg/commands/telescope/","title":"telescope","text":""},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope","title":"telescope","text":"
Prints out pointer chains starting at some address in memory.
 
Generally used to print out the stack or register values.
 
Functions:
 
     
  •  telescope             \u2013              
    Recursively dereferences pointers starting at the specified address
     
    •  
  •  regs_or_frame_offset             \u2013              
    •  
  •  stack             \u2013              
    •  
  •  stackf             \u2013              
    •  
 
Attributes:
 
     
  •  telescope_lines           \u2013            
    •  
  •  skip_repeating_values           \u2013            
    •  
  •  skip_repeating_values_minimum           \u2013            
    •  
  •  print_framepointer_offset           \u2013            
    •  
  •  print_retaddr_in_frame           \u2013            
    •  
  •  dont_skip_registers           \u2013            
    •  
  •  offset_separator           \u2013            
    •  
  •  offset_delimiter           \u2013            
    •  
  •  repeating_marker           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.telescope_lines","title":"telescope_lines  module-attribute","text":"
telescope_lines = add_param(\n    \"telescope-lines\", 8, \"number of lines to printed by the telescope command\"\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values","title":"skip_repeating_values  module-attribute","text":"
skip_repeating_values = add_param(\n    \"telescope-skip-repeating-val\",\n    True,\n    \"whether to skip repeating values of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values_minimum","title":"skip_repeating_values_minimum  module-attribute","text":"
skip_repeating_values_minimum = add_param(\n    \"telescope-skip-repeating-val-min\",\n    3,\n    \"minimum amount of repeated values before skipping lines\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_framepointer_offset","title":"print_framepointer_offset  module-attribute","text":"
print_framepointer_offset = add_param(\n    \"telescope-framepointer-offset\",\n    True,\n    \"print offset to framepointer for each address, if sufficiently small\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_retaddr_in_frame","title":"print_retaddr_in_frame  module-attribute","text":"
print_retaddr_in_frame = add_param(\n    \"telescope-frame-print-retaddr\",\n    True,\n    \"print one pointer past the stack frame\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.dont_skip_registers","title":"dont_skip_registers  module-attribute","text":"
dont_skip_registers = add_param(\n    \"telescope-dont-skip-registers\",\n    True,\n    \"don't skip a repeated line if a registers points to it\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_separator","title":"offset_separator  module-attribute","text":"
offset_separator = add_param(\n    \"telescope-offset-separator\",\n    \"\u2502\",\n    \"offset separator of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_delimiter","title":"offset_delimiter  module-attribute","text":"
offset_delimiter = add_param(\n    \"telescope-offset-delimiter\",\n    \":\",\n    \"offset delimiter of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.repeating_marker","title":"repeating_marker  module-attribute","text":"
repeating_marker = add_param(\n    \"telescope-repeating-marker\",\n    \"... \u2193\",\n    \"repeating values marker of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Dereferences on stack data, printing the entire stack frame with specified count and offset .\"\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.telescope","title":"telescope","text":"
telescope(\n    address=None,\n    count=telescope_lines,\n    to_string=False,\n    reverse=False,\n    frame=False,\n    inverse=False,\n)\n
 
Recursively dereferences pointers starting at the specified address ($sp by default)
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.regs_or_frame_offset","title":"regs_or_frame_offset","text":"
regs_or_frame_offset(\n    addr: int, bp: int | None, regs: dict[int, str], longest_regs: int\n) -> str\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stack","title":"stack","text":"
stack(count, offset, frame, inverse) -> None\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stackf","title":"stackf","text":"
stackf(count, offset) -> None\n
"},{"location":"reference/pwndbg/commands/tips/","title":"tips","text":""},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips","title":"tips","text":"
Functions:
 
     
  •  tips             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Shows tips.')\n
"},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips.tips","title":"tips","text":"
tips(all: bool) -> None\n
"},{"location":"reference/pwndbg/commands/tls/","title":"tls","text":""},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls","title":"tls","text":"
Command to print the information of the current Thread Local Storage (TLS).
 
Functions:
 
     
  •  tls             \u2013              
    •  
  •  threads             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
  •  group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"List all threads belonging to the selected inferior.\"\n)\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.group","title":"group  module-attribute","text":"
group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.tls","title":"tls","text":"
tls(pthread_self=False, all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.threads","title":"threads","text":"
threads(num_threads, respect_config) -> None\n
"},{"location":"reference/pwndbg/commands/valist/","title":"valist","text":""},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist","title":"valist","text":"
Functions:
 
     
  •  valist             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(description='Dumps the arguments of a va_list.')\n
"},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist.valist","title":"valist","text":"
valist(addr: int, count: int) -> None\n
"},{"location":"reference/pwndbg/commands/version/","title":"version","text":""},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version","title":"version","text":"
Implements version and bugreport commands.
 
Functions:
 
     
  •  os_info             \u2013              
    •  
  •  module_version             \u2013              
    •  
  •  debugger_version             \u2013              
    •  
  •  all_versions             \u2013              
    •  
  •  get_target_arch             \u2013              
    •  
  •  get_terminal_size             \u2013              
    •  
  •  version_impl             \u2013              
    Implementation of the version command.
     
    •  
  •  version             \u2013              
    •  
  •  bugreport             \u2013              
    •  
  •  get_debugger_configuration             \u2013              
    •  
  •  get_debugger_session_history             \u2013              
    •  
 
Attributes:
 
     
  •  bugreport_parser           \u2013            
    •  
  •  bugreport_group           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport_parser","title":"bugreport_parser  module-attribute","text":"
bugreport_parser = ArgumentParser(description='Generate a bug report.')\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport_group","title":"bugreport_group  module-attribute","text":"
bugreport_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.os_info","title":"os_info","text":"
os_info()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.module_version","title":"module_version","text":"
module_version(module)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.debugger_version","title":"debugger_version","text":"
debugger_version()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.all_versions","title":"all_versions","text":"
all_versions()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_target_arch","title":"get_target_arch","text":"
get_target_arch()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_terminal_size","title":"get_terminal_size","text":"
get_terminal_size()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version_impl","title":"version_impl","text":"
version_impl() -> None\n
 
Implementation of the version command.
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version","title":"version","text":"
version() -> None\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport","title":"bugreport","text":"
bugreport(run_browser=False, use_gh=False)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_configuration","title":"get_debugger_configuration","text":"
get_debugger_configuration()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_session_history","title":"get_debugger_session_history","text":"
get_debugger_session_history()\n
"},{"location":"reference/pwndbg/commands/vmlinux/","title":"vmlinux","text":""},{"location":"reference/pwndbg/commands/vmlinux/#pwndbg.commands.vmlinux","title":"vmlinux","text":"
Loads a bzImage or vmlinux file to add kernel debug symbols. This command uses vmlinux-to-elf to extract the ELF file from a bzImage and then loads it with the kernel base address.
 
Functions:
 
     
  •  vmlinux             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/vmlinux/#pwndbg.commands.vmlinux.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Load bzImage or vmlinux file to add kernel debug symbols.\"\n)\n
"},{"location":"reference/pwndbg/commands/vmlinux/#pwndbg.commands.vmlinux.vmlinux","title":"vmlinux","text":"
vmlinux(filepath: str, tool: str = None) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/","title":"vmmap","text":""},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap","title":"vmmap","text":"
Command to print the virtual memory map a la /proc/self/maps.
 
Functions:
 
     
  •  pages_filter             \u2013              
    •  
  •  print_vmmap_table_header             \u2013              
    Prints the table header for the vmmap command.
     
    •  
  •  print_vmmap_gaps_table_header             \u2013              
    Prints the table header for the vmmap --gaps command.
     
    •  
  •  calculate_total_memory             \u2013              
    •  
  •  gap_text             \u2013              
    •  
  •  print_map             \u2013              
    •  
  •  print_adjacent_map             \u2013              
    •  
  •  print_guard             \u2013              
    •  
  •  print_gap             \u2013              
    •  
  •  print_vmmap_gaps             \u2013              
    Indicates the size of adjacent memory regions and unmapped gaps between them in process memory
     
    •  
  •  vmmap             \u2013              
    •  
  •  vmmap_add             \u2013              
    •  
  •  vmmap_explore             \u2013              
    •  
  •  vmmap_clear             \u2013              
    •  
  •  vmmap_load             \u2013              
    •  
 
Attributes:
 
     
  •  integer_types           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.integer_types","title":"integer_types  module-attribute","text":"
integer_types = (int, Value)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Load virtual memory map pages from ELF file.\"\n)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.pages_filter","title":"pages_filter","text":"
pages_filter(gdbval_or_str)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_table_header","title":"print_vmmap_table_header","text":"
print_vmmap_table_header(prefix: str = '') -> None\n
 
Prints the table header for the vmmap command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps_table_header","title":"print_vmmap_gaps_table_header","text":"
print_vmmap_gaps_table_header() -> None\n
 
Prints the table header for the vmmap --gaps command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.calculate_total_memory","title":"calculate_total_memory","text":"
calculate_total_memory(pages: tuple[Page, ...]) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.gap_text","title":"gap_text","text":"
gap_text(page: Page) -> str\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_map","title":"print_map","text":"
print_map(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_adjacent_map","title":"print_adjacent_map","text":"
print_adjacent_map(map_start: Page, map_end: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_guard","title":"print_guard","text":"
print_guard(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_gap","title":"print_gap","text":"
print_gap(current: Page, last_map: Page)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps","title":"print_vmmap_gaps","text":"
print_vmmap_gaps(pages: tuple[Page, ...]) -> None\n
 
Indicates the size of adjacent memory regions and unmapped gaps between them in process memory
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap","title":"vmmap","text":"
vmmap(\n    gdbval_or_str=None,\n    writable=False,\n    executable=False,\n    lines_after=1,\n    lines_before=1,\n    context=None,\n    gaps=False,\n    expand_shared_cache=False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_add","title":"vmmap_add","text":"
vmmap_add(start: int, size: int, flags: str, offset: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_explore","title":"vmmap_explore","text":"
vmmap_explore(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_clear","title":"vmmap_clear","text":"
vmmap_clear() -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_load","title":"vmmap_load","text":"
vmmap_load(filename) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/","title":"windbg","text":""},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg","title":"windbg","text":"
Compatibility functionality for WinDbg users.
 
Functions:
 
     
  •  enhex             \u2013              
    •  
  •  db             \u2013              
    Starting at the specified address, dump N bytes
     
    •  
  •  dw             \u2013              
    Starting at the specified address, dump N words
     
    •  
  •  dd             \u2013              
    Starting at the specified address, dump N dwords
     
    •  
  •  dq             \u2013              
    Starting at the specified address, dump N qwords
     
    •  
  •  dc             \u2013              
    •  
  •  dX             \u2013              
    Traditionally, windbg will display 16 bytes of data per line.
     
    •  
  •  eb             \u2013              
    Write hex bytes at the specified address.
     
    •  
  •  ew             \u2013              
    Write hex words at the specified address.
     
    •  
  •  ed             \u2013              
    Write hex dwords at the specified address.
     
    •  
  •  eq             \u2013              
    Write hex qwords at the specified address.
     
    •  
  •  ez             \u2013              
    Write a character at the specified address.
     
    •  
  •  eza             \u2013              
    Write a string at the specified address.
     
    •  
  •  eX             \u2013              
    This relies on windbg's default hex encoding being enforced
     
    •  
  •  dds             \u2013              
    Dump pointers and symbols at the specified address.
     
    •  
  •  da             \u2013              
    •  
  •  ds             \u2013              
    •  
  •  bl             \u2013              
    List breakpoints
     
    •  
  •  bd             \u2013              
    Disable the breakpoint with the specified index.
     
    •  
  •  be             \u2013              
    Enable the breakpoint with the specified index.
     
    •  
  •  bc             \u2013              
    Clear the breakpoint with the specified index.
     
    •  
  •  bp             \u2013              
    •  
  •  k             \u2013              
    Print a backtrace (alias 'bt')
     
    •  
  •  go             \u2013              
    WinDbg compatibility alias for 'continue' command.
     
    •  
  •  ln             \u2013              
    List the symbols nearest to the provided value.
     
    •  
  •  peb             \u2013              
    •  
  •  pc             \u2013              
    WinDbg compatibility alias for 'nextcall' command.
     
    •  
 
Attributes:
 
     
  •  da_parser           \u2013            
    •  
  •  ds_parser           \u2013            
    •  
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.da_parser","title":"da_parser  module-attribute","text":"
da_parser = ArgumentParser(\n    description=\"Dump a string at the specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds_parser","title":"ds_parser  module-attribute","text":"
ds_parser = ArgumentParser(\n    description=\"Dump a string at the specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"List the symbols nearest to the provided value.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.enhex","title":"enhex","text":"
enhex(size, value)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.db","title":"db","text":"
db(address, count=64)\n
 
Starting at the specified address, dump N bytes (default 64).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dw","title":"dw","text":"
dw(address, count=32)\n
 
Starting at the specified address, dump N words (default 32).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dd","title":"dd","text":"
dd(address, count=16)\n
 
Starting at the specified address, dump N dwords (default 16).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dq","title":"dq","text":"
dq(address, count=8)\n
 
Starting at the specified address, dump N qwords (default 8).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dc","title":"dc","text":"
dc(address, count=8)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dX","title":"dX","text":"
dX(size, address, count, to_string=False, repeat=False)\n
 
Traditionally, windbg will display 16 bytes of data per line.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eb","title":"eb","text":"
eb(address, data)\n
 
Write hex bytes at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ew","title":"ew","text":"
ew(address, data)\n
 
Write hex words at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ed","title":"ed","text":"
ed(address, data)\n
 
Write hex dwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eq","title":"eq","text":"
eq(address, data)\n
 
Write hex qwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ez","title":"ez","text":"
ez(address, data)\n
 
Write a character at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eza","title":"eza","text":"
eza(address, data)\n
 
Write a string at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eX","title":"eX","text":"
eX(size, address, data, hex=True) -> None\n
 
This relies on windbg's default hex encoding being enforced
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dds","title":"dds","text":"
dds(addr)\n
 
Dump pointers and symbols at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.da","title":"da","text":"
da(address, max) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds","title":"ds","text":"
ds(address, max) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bl","title":"bl","text":"
bl() -> None\n
 
List breakpoints
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bd","title":"bd","text":"
bd(which='*') -> None\n
 
Disable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.be","title":"be","text":"
be(which='*') -> None\n
 
Enable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bc","title":"bc","text":"
bc(which='*') -> None\n
 
Clear the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bp","title":"bp","text":"
bp(where) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.k","title":"k","text":"
k() -> None\n
 
Print a backtrace (alias 'bt')
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.go","title":"go","text":"
go() -> None\n
 
WinDbg compatibility alias for 'continue' command.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ln","title":"ln","text":"
ln(value: int = None) -> None\n
 
List the symbols nearest to the provided value.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.peb","title":"peb","text":"
peb() -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.pc","title":"pc","text":"
pc()\n
 
WinDbg compatibility alias for 'nextcall' command.
"},{"location":"reference/pwndbg/commands/xinfo/","title":"xinfo","text":""},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo","title":"xinfo","text":"
Functions:
 
     
  •  print_line             \u2013              
    •  
  •  xinfo_stack             \u2013              
    •  
  •  xinfo_mmap_file             \u2013              
    •  
  •  xinfo_default             \u2013              
    •  
  •  xinfo             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Shows offsets of the specified address from various useful locations.\"\n)\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.print_line","title":"print_line","text":"
print_line(name, addr, first, second, op, width=20) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_stack","title":"xinfo_stack","text":"
xinfo_stack(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_mmap_file","title":"xinfo_mmap_file","text":"
xinfo_mmap_file(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_default","title":"xinfo_default","text":"
xinfo_default(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo","title":"xinfo","text":"
xinfo(address=None) -> None\n
"},{"location":"reference/pwndbg/commands/xor/","title":"xor","text":""},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor","title":"xor","text":"
Functions:
 
     
  •  xor_memory             \u2013              
    Helper function for xorring memory in gdb
     
    •  
  •  xor             \u2013              
    •  
  •  memfrob             \u2013              
    •  
 
Attributes:
 
     
  •  parser           \u2013            
    •  
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.parser","title":"parser  module-attribute","text":"
parser = ArgumentParser(\n    description=\"Memfrobs a region of memory (xor with '*').\"\n)\n
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor_memory","title":"xor_memory","text":"
xor_memory(address, key, count)\n
 
Helper function for xorring memory in gdb
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor","title":"xor","text":"
xor(address, key, count) -> None\n
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.memfrob","title":"memfrob","text":"
memfrob(address, count)\n
"},{"location":"reference/pwndbg/dbg/","title":"dbg","text":""},{"location":"reference/pwndbg/dbg/#pwndbg.dbg","title":"dbg","text":"
The abstracted debugger interface.
 
Modules:
 
     
  •  gdb           \u2013            
    •  
  •  lldb           \u2013            
    •  
 
Classes:
 
     
  •  Error           \u2013            
    •  
  •  DisassembledInstruction           \u2013            
    •  
  •  DebuggerType           \u2013            
    •  
  •  StopPoint           \u2013            
    The handle to either an insalled breakpoint or watchpoint.
     
    •  
  •  BreakpointLocation           \u2013            
    This is the location specification for a breakpoint.
     
    •  
  •  WatchpointLocation           \u2013            
    This is the location specification for a watchpoint.
     
    •  
  •  Registers           \u2013            
    A handle to the register values in a frame.
     
    •  
  •  SymbolLookupType           \u2013            
    Enum representing types of symbol lookups for filtering symbol searches.
     
    •  
  •  Frame           \u2013            
    •  
  •  Thread           \u2013            
    •  
  •  MemoryMap           \u2013            
    A wrapper around a sequence of memory ranges
     
    •  
  •  ExecutionController           \u2013            
    •  
  •  Process           \u2013            
    •  
  •  TypeCode           \u2013            
    Broad categories of types.
     
    •  
  •  TypeField           \u2013            
    The fields in a structured type.
     
    •  
  •  Type           \u2013            
    Class representing a type in the context of an inferior process.
     
    •  
  •  Value           \u2013            
    Class representing a value in the context of an inferior process.
     
    •  
  •  CommandHandle           \u2013            
    An opaque handle to an installed command.
     
    •  
  •  EventType           \u2013            
    Events that can be listened for and reacted to in a debugger.
     
    •  
  •  Debugger           \u2013            
    The base class representing a debugger.
     
    •  
 
Functions:
 
     
  •  selection             \u2013              
    Debuggers have global state. Many of our queries require that we select a
     
    •  
 
Attributes:
 
     
  •  dbg               (Debugger)           \u2013            
    •  
  •  T           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.dbg","title":"dbg  module-attribute","text":"
dbg: Debugger = None\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Error","title":"Error","text":"
               Bases: Exception
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction","title":"DisassembledInstruction","text":"
               Bases: TypedDict
 
Attributes:
 
     
  •  addr               (int)           \u2013            
    •  
  •  asm               (str)           \u2013            
    •  
  •  length               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.addr","title":"addr  instance-attribute","text":"
addr: int\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.asm","title":"asm  instance-attribute","text":"
asm: str\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.length","title":"length  instance-attribute","text":"
length: int\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType","title":"DebuggerType","text":"
               Bases: Enum
 
Attributes:
 
     
  •  GDB           \u2013            
    •  
  •  LLDB           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType.GDB","title":"GDB  class-attribute instance-attribute","text":"
GDB = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType.LLDB","title":"LLDB  class-attribute instance-attribute","text":"
LLDB = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint","title":"StopPoint","text":"
The handle to either an insalled breakpoint or watchpoint.
 
May be used in a with statement, in which case the stop point is automatically removed at the end of the statement. This allows for easy implementation of temporary breakpoints.
 
Methods:
 
     
  •  remove             \u2013              
    Removes the breakpoint associated with this handle.
     
    •  
  •  set_enabled             \u2013              
    Enables or disables this breakpoint.
     
    •  
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    Automatic breakpoint removal.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.remove","title":"remove","text":"
remove() -> None\n
 
Removes the breakpoint associated with this handle.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.set_enabled","title":"set_enabled","text":"
set_enabled(enabled: bool) -> None\n
 
Enables or disables this breakpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__enter__","title":"__enter__","text":"
__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__exit__","title":"__exit__","text":"
__exit__(exc_type, exc_value, traceback) -> None\n
 
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation","title":"BreakpointLocation","text":"
BreakpointLocation(address: int)\n
 
This is the location specification for a breakpoint.
 
Methods:
 
     
  •  __eq__             \u2013              
    •  
 
Attributes:
 
     
  •  address               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation.address","title":"address  instance-attribute","text":"
address: int = address\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation.__eq__","title":"__eq__","text":"
__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation","title":"WatchpointLocation","text":"
WatchpointLocation(\n    address: int, size: int, watch_read: bool, watch_write: bool\n)\n
 
This is the location specification for a watchpoint.
 
Attributes:
 
     
  •  address               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    •  
  •  watch_read               (bool)           \u2013            
    •  
  •  watch_write               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.address","title":"address  instance-attribute","text":"
address: int = address\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.size","title":"size  instance-attribute","text":"
size: int = size\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_read","title":"watch_read  instance-attribute","text":"
watch_read: bool = watch_read\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_write","title":"watch_write  instance-attribute","text":"
watch_write: bool = watch_write\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Registers","title":"Registers","text":"
A handle to the register values in a frame.
 
Methods:
 
     
  •  by_name             \u2013              
    Gets the value of a register if it exists, None otherwise.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Registers.by_name","title":"by_name","text":"
by_name(name: str) -> Value | None\n
 
Gets the value of a register if it exists, None otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType","title":"SymbolLookupType","text":"
               Bases: Enum
 
Enum representing types of symbol lookups for filtering symbol searches.
 
Attributes: - ANY: Represents searching for any symbol type (default). - FUNCTION: Represents searching specifically for function symbols. - VARIABLE: Represents searching specifically for variable symbols.
 
Attributes:
 
     
  •  ANY           \u2013            
    •  
  •  FUNCTION           \u2013            
    •  
  •  VARIABLE           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.ANY","title":"ANY  class-attribute instance-attribute","text":"
ANY = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.FUNCTION","title":"FUNCTION  class-attribute instance-attribute","text":"
FUNCTION = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.VARIABLE","title":"VARIABLE  class-attribute instance-attribute","text":"
VARIABLE = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame","title":"Frame","text":"
Methods:
 
     
  •  lookup_symbol             \u2013              
    Looks up and returns the address of a symbol in current frame by its name.
     
    •  
  •  evaluate_expression             \u2013              
    Evaluate the given expression in the context of this frame, and
     
    •  
  •  regs             \u2013              
    Access the values of the registers in this frame.
     
    •  
  •  reg_write             \u2013              
    Sets the value of the register with the given name to the given value.
     
    •  
  •  pc             \u2013              
    The value of the program counter for this frame.
     
    •  
  •  sp             \u2013              
    The value of the stack pointer for this frame.
     
    •  
  •  parent             \u2013              
    The parent frame of this frame, if it exists.
     
    •  
  •  child             \u2013              
    The child frame of this frame, if it exists.
     
    •  
  •  sal             \u2013              
    The filename of the source code file associated with this frame, and the
     
    •  
  •  stack_variables             \u2013              
    Get all stack variables (local variables and arguments) in current frame.
     
    •  
  •  __eq__             \u2013              
    Whether this frame is the same as the given frame. Two frames are the
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
 
Looks up and returns the address of a symbol in current frame by its name.
 
Parameters: - name (str): The name of the symbol to look up. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults   to SymbolLookupType.ANY.
 
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
 
Raises: - pwndbg.dbg_mod.Error: If symbol name contains invalid characters
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
 
Evaluate the given expression in the context of this frame, and return a Value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression--lock_scheduler","title":"lock_scheduler","text":"
Additionally, callers of this function might specify that they want to enable scheduler locking during the evaluation of this expression. This is a GDB-only option, and is intended for cases in which the result would be incorrect without it enabled, when running in GDB. Other debuggers should ignore this parameter.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.regs","title":"regs","text":"
regs() -> Registers\n
 
Access the values of the registers in this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.reg_write","title":"reg_write","text":"
reg_write(name: str, val: int) -> bool\n
 
Sets the value of the register with the given name to the given value. Returns true if the register exists, false othewise. Throws an exception if the register exists but cannot be written to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.pc","title":"pc","text":"
pc() -> int\n
 
The value of the program counter for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sp","title":"sp","text":"
sp() -> int\n
 
The value of the stack pointer for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.parent","title":"parent","text":"
parent() -> Frame | None\n
 
The parent frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.child","title":"child","text":"
child() -> Frame | None\n
 
The child frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sal","title":"sal","text":"
sal() -> tuple[str, int] | None\n
 
The filename of the source code file associated with this frame, and the line number associated with it, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.stack_variables","title":"stack_variables","text":"
stack_variables() -> tuple[tuple[int, int, str], ...]\n
 
Get all stack variables (local variables and arguments) in current frame.
 
Returns a tuple of (start_address, end_address, name) for each variable. Returns an empty tuple if no debug information is available or on error.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
 
Whether this frame is the same as the given frame. Two frames are the same if they point to the same stack frame and have the same execution context.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread","title":"Thread","text":"
Methods:
 
     
  •  bottom_frame             \u2013              
    Frame at the bottom of the call stack for this thread.
     
    •  
  •  ptid             \u2013              
    The PTID of this thread, if available.
     
    •  
  •  index             \u2013              
    The unique index of this thread from the perspective of the debugger.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.bottom_frame","title":"bottom_frame","text":"
bottom_frame() -> Iterator[Frame]\n
 
Frame at the bottom of the call stack for this thread.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.ptid","title":"ptid","text":"
ptid() -> int | None\n
 
The PTID of this thread, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.index","title":"index","text":"
index() -> int\n
 
The unique index of this thread from the perspective of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap","title":"MemoryMap","text":"
MemoryMap(pages: Sequence[Page])\n
 
A wrapper around a sequence of memory ranges
 
Methods:
 
     
  •  is_qemu             \u2013              
    Returns whether this memory map was generated from a QEMU target.
     
    •  
  •  ranges             \u2013              
    Returns all ranges in this memory map.
     
    •  
  •  lookup_page             \u2013              
    •  
 
Attributes:
 
     
  •  pages               (tuple[Page, ...])           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.pages","title":"pages  instance-attribute","text":"
pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.is_qemu","title":"is_qemu","text":"
is_qemu() -> bool\n
 
Returns whether this memory map was generated from a QEMU target.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.ranges","title":"ranges","text":"
ranges() -> Sequence[Page]\n
 
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.lookup_page","title":"lookup_page","text":"
lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController","title":"ExecutionController","text":"
Methods:
 
     
  •  single_step             \u2013              
    Steps to the next instruction.
     
    •  
  •  cont             \u2013              
    Continues execution until the given breakpoint or whatchpoint is hit.
     
    •  
  •  cont_selected_thread             \u2013              
    Continues execution on single thread until the given breakpoint or whatchpoint is hit.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.single_step","title":"single_step","text":"
single_step() -> Awaitable[None]\n
 
Steps to the next instruction.
 
Throws CancelledError if a breakpoint or watchpoint is hit, the program exits, or if any other unexpected event that diverts execution happens while fulfulling the step.
 
FIXME GDB: On GDB stepi will execute other threads. On LLDB not. Please use set scheduler-locking step
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.cont","title":"cont","text":"
cont(until: StopPoint) -> Awaitable[None]\n
 
Continues execution until the given breakpoint or whatchpoint is hit. Continues execution on all threads.
 
Throws CancelledError if a breakpoint or watchpoint is hit that is not the one given in until, the program exits, or if any other unexpected event happens.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.cont_selected_thread","title":"cont_selected_thread","text":"
cont_selected_thread(until: StopPoint) -> Awaitable[None]\n
 
Continues execution on single thread until the given breakpoint or whatchpoint is hit. Continues execution on selected thread.
 
Throws CancelledError if a breakpoint or watchpoint is hit that is not the one given in until, the program exits, or if any other unexpected event happens.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process","title":"Process","text":"
Methods:
 
     
  •  threads             \u2013              
    Returns a list containing the threads in this process.
     
    •  
  •  pid             \u2013              
    Returns the process ID of this process if it is alive.
     
    •  
  •  alive             \u2013              
    Returns whether this process is alive.
     
    •  
  •  stopped_with_signal             \u2013              
    Returns whether this process was stopped by a signal.
     
    •  
  •  evaluate_expression             \u2013              
    Evaluate the given expression in the context of the current process, and
     
    •  
  •  vmmap             \u2013              
    Returns the virtual memory map of this process, as seen by the debugger.
     
    •  
  •  read_memory             \u2013              
    Reads the requested number of bytes from the address given in the memory
     
    •  
  •  write_memory             \u2013              
    Writes as many bytes from the given data buffer as possible into the
     
    •  
  •  find_in_memory             \u2013              
    Searches for a bit pattern in the memory space of the process. The bit
     
    •  
  •  is_remote             \u2013              
    Returns whether this process is a remote process connected to using the
     
    •  
  •  send_remote             \u2013              
    Sends the given packet to the GDB remote debugging protocol server.
     
    •  
  •  send_monitor             \u2013              
    Sends the given monitor command to the GDB remote debugging protocol
     
    •  
  •  download_remote_file             \u2013              
    Downloads the given file from the remote host and saves it to the local
     
    •  
  •  create_value             \u2013              
    Create a new value in the context of this process, with the given value
     
    •  
  •  symbol_name_at_address             \u2013              
    Returns the name of the symbol at the given address in the program, if
     
    •  
  •  lookup_symbol             \u2013              
    Looks up and returns the address of a symbol by its name.
     
    •  
  •  types_with_name             \u2013              
    Returns a list of all types in this process that match the given name.
     
    •  
  •  arch             \u2013              
    The default architecture of this process.
     
    •  
  •  break_at             \u2013              
    Install a breakpoint or watchpoint at the given location.
     
    •  
  •  trace_ret             \u2013              
    Traces/break_at the current frame's return address.
     
    •  
  •  is_linux             \u2013              
    Returns whether the current ABI is GNU/Linux.
     
    •  
  •  disasm             \u2013              
    Returns the disassembled instruction at the given address in the address
     
    •  
  •  module_section_locations             \u2013              
    Return a list of (address, size, section_name, module_name) tuples for
     
    •  
  •  main_module_name             \u2013              
    Returns the name of the main module.
     
    •  
  •  main_module_entry             \u2013              
    Returns the entry point of the main module.
     
    •  
  •  is_dynamically_linked             \u2013              
    Returns whether this process makes use of dynamically linked libraries.
     
    •  
  •  dispatch_execution_controller             \u2013              
    Queues up the given execution controller-based coroutine for execution,
     
    •  
  •  add_symbol_file             \u2013              
    Adds a symbol file at base
     
    •  
  •  runcmd             \u2013              
    Runs a debugger command
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.threads","title":"threads","text":"
threads() -> list[Thread]\n
 
Returns a list containing the threads in this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.pid","title":"pid","text":"
pid() -> int | None\n
 
Returns the process ID of this process if it is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.alive","title":"alive","text":"
alive() -> bool\n
 
Returns whether this process is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.stopped_with_signal","title":"stopped_with_signal","text":"
stopped_with_signal() -> bool\n
 
Returns whether this process was stopped by a signal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str) -> Value\n
 
Evaluate the given expression in the context of the current process, and return a Value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.vmmap","title":"vmmap","text":"
vmmap() -> MemoryMap\n
 
Returns the virtual memory map of this process, as seen by the debugger.
 
Generally, one should prefer pwndbg.aglib.vmmap.get() over this function, as this passes the raw information from the debugger more or less straight through, without applying more general Pwndbg enhancements to the memory map. This is the lower-level functionality on top of which the function in aglib is implemented.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.read_memory","title":"read_memory","text":"
read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
 
Reads the requested number of bytes from the address given in the memory space of this process. Will read as many bytes as possible starting at that location, and returns how many were read.
 
Throws an exception if reading fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.write_memory","title":"write_memory","text":"
write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
 
Writes as many bytes from the given data buffer as possible into the given address in the memory space of this process.
 
Throws an exception if writing fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.find_in_memory","title":"find_in_memory","text":"
find_in_memory(\n    pattern: bytearray,\n    start: int,\n    size: int,\n    align: int,\n    max_matches: int = -1,\n    step: int = -1,\n) -> Generator[int, None, None]\n
 
Searches for a bit pattern in the memory space of the process. The bit pattern can be searched for in a given memory range, and with a given alignment. The maximum number of matches that will be generated is given by max_matches. A value of max_matches of -1 will generate all matches.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_remote","title":"is_remote","text":"
is_remote() -> bool\n
 
Returns whether this process is a remote process connected to using the GDB remote debugging protocol.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_remote","title":"send_remote","text":"
send_remote(packet: str) -> bytes\n
 
Sends the given packet to the GDB remote debugging protocol server. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_monitor","title":"send_monitor","text":"
send_monitor(cmd: str) -> str\n
 
Sends the given monitor command to the GDB remote debugging protocol server. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.download_remote_file","title":"download_remote_file","text":"
download_remote_file(remote_path: str, local_path: str) -> None\n
 
Downloads the given file from the remote host and saves it to the local given path. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.create_value","title":"create_value","text":"
create_value(value: int, type: Type | None = None) -> Value\n
 
Create a new value in the context of this process, with the given value and, optionally, type. If no type is provided, one will be chosen automatically.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.symbol_name_at_address","title":"symbol_name_at_address","text":"
symbol_name_at_address(address: int) -> str | None\n
 
Returns the name of the symbol at the given address in the program, if one exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> Value | None\n
 
Looks up and returns the address of a symbol by its name.
 
Parameters: - name (str): The name of the symbol to look up. - prefer_static (bool, optional): If True, prioritize symbols in the static block,   if supported by the debugger. Defaults to False. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults   to SymbolLookupType.ANY. - objfile_endswith (str | None, optional): If specified, limits the search to the   first object file whose name ends with the provided string.
 
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
 
Raises: - pwndbg.dbg_mod.Error: If no object file matching the objfile_endswith pattern is found.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.types_with_name","title":"types_with_name","text":"
types_with_name(name: str) -> Sequence[Type]\n
 
Returns a list of all types in this process that match the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.arch","title":"arch","text":"
arch() -> ArchDefinition\n
 
The default architecture of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.break_at","title":"break_at","text":"
break_at(\n    location: BreakpointLocation | WatchpointLocation,\n    stop_handler: Callable[[StopPoint], bool] | None = None,\n    internal: bool = False,\n) -> StopPoint\n
 
Install a breakpoint or watchpoint at the given location.
 
The type of the location determines whether the newly created object is a watchpoint or a breakpoint. BreakpointLocation locations yield breakpoints, while WatchpointLocation locations yield watchpoints.
 
Aditionally, one may specify a stop handler function, to be run when the breakpoint or whatchpoint is hit, and that determines whether execution should stop. With a return value of True being interpreted as a signal to stop, and a return value of False being interpreted as a signal to continue execution. The extent of the actions that may be taken during the stop handler is determined by the debugger.
 
Marking a breakpoint or watchpoint as internal hints to the implementation that the created breakpoint or watchpoint should not be directly nameable by the user, and that it should not print any messages upon being triggered. Implementations should try to honor this hint, but they are not required to in case honoring it is either not possible or comes at a significant impact to performance.
 
This function returns a handle to the newly created breakpoint or watchpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.trace_ret","title":"trace_ret","text":"
trace_ret(\n    stop_handler: Callable[[], bool] | None = None, internal: bool = False\n)\n
 
Traces/break_at the current frame's return address. stop_handler and internal have the same semantic meaning as they are in break_at
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_linux","title":"is_linux","text":"
is_linux() -> bool\n
 
Returns whether the current ABI is GNU/Linux.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.disasm","title":"disasm","text":"
disasm(address: int) -> DisassembledInstruction | None\n
 
Returns the disassembled instruction at the given address in the address space of the running process, or None if there's no valid instruction at that address.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.module_section_locations","title":"module_section_locations","text":"
module_section_locations() -> list[tuple[int, int, str, str]]\n
 
Return a list of (address, size, section_name, module_name) tuples for the loaded sections in every module of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_name","title":"main_module_name","text":"
main_module_name() -> str | None\n
 
Returns the name of the main module.
 
On remote targets, this may be prefixed with \"target:\" string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_entry","title":"main_module_entry","text":"
main_module_entry() -> int | None\n
 
Returns the entry point of the main module.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked","title":"is_dynamically_linked","text":"
is_dynamically_linked() -> bool\n
 
Returns whether this process makes use of dynamically linked libraries.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked--dynamically-linked","title":"\"dynamically linked\"","text":"
What exactly it means to be \"dynamically linked\" here is a little ill-defined. Ideally, this function should return true if the process uses the default dynamic linker for the system, as that would better reflect whether the process uses dynamic linking.
 
Currently, though, Pwndbg expects it to behave the same as a check for the string \"No shared libraries loaded at this time.\" in the output of the info dll GDB command, which checks for the presence of other modules in the address space of the process, rather than whether or not the dynamic linker is used.
 
We should probably sort this out in the future.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.dispatch_execution_controller","title":"dispatch_execution_controller","text":"
dispatch_execution_controller(\n    procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
 
Queues up the given execution controller-based coroutine for execution, sometime between the calling of this function and the
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.add_symbol_file","title":"add_symbol_file","text":"
add_symbol_file(path, base=None)\n
 
Adds a symbol file at base
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.runcmd","title":"runcmd","text":"
runcmd(cmd)\n
 
Runs a debugger command
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode","title":"TypeCode","text":"
               Bases: Enum
 
Broad categories of types.
 
Attributes:
 
     
  •  INVALID           \u2013            
    •  
  •  POINTER           \u2013            
    •  
  •  ARRAY           \u2013            
    •  
  •  STRUCT           \u2013            
    •  
  •  TYPEDEF           \u2013            
    •  
  •  UNION           \u2013            
    •  
  •  INT           \u2013            
    •  
  •  ENUM           \u2013            
    •  
  •  FUNC           \u2013            
    •  
  •  BOOL           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.INVALID","title":"INVALID  class-attribute instance-attribute","text":"
INVALID = -1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.POINTER","title":"POINTER  class-attribute instance-attribute","text":"
POINTER = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ARRAY","title":"ARRAY  class-attribute instance-attribute","text":"
ARRAY = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.STRUCT","title":"STRUCT  class-attribute instance-attribute","text":"
STRUCT = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.TYPEDEF","title":"TYPEDEF  class-attribute instance-attribute","text":"
TYPEDEF = 4\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.UNION","title":"UNION  class-attribute instance-attribute","text":"
UNION = 5\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.INT","title":"INT  class-attribute instance-attribute","text":"
INT = 6\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ENUM","title":"ENUM  class-attribute instance-attribute","text":"
ENUM = 7\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.FUNC","title":"FUNC  class-attribute instance-attribute","text":"
FUNC = 8\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.BOOL","title":"BOOL  class-attribute instance-attribute","text":"
BOOL = 9\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField","title":"TypeField","text":"
TypeField(\n    bitpos: int,\n    name: str | None,\n    type: Type,\n    parent_type,\n    enumval: int | None = None,\n    artificial: bool = False,\n    is_base_class: bool = False,\n    bitsize: int = 0,\n)\n
 
The fields in a structured type.
 
Currently this is just a mirror of gdb.Field.
 
Attributes:
 
     
  •  bitpos           \u2013            
    •  
  •  name           \u2013            
    •  
  •  type           \u2013            
    •  
  •  parent_type           \u2013            
    •  
  •  enumval           \u2013            
    •  
  •  artificial           \u2013            
    •  
  •  is_base_class           \u2013            
    •  
  •  bitsize           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.bitpos","title":"bitpos  instance-attribute","text":"
bitpos = bitpos\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.name","title":"name  instance-attribute","text":"
name = name\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.type","title":"type  instance-attribute","text":"
type = type\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.parent_type","title":"parent_type  instance-attribute","text":"
parent_type = parent_type\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.enumval","title":"enumval  instance-attribute","text":"
enumval = enumval\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.artificial","title":"artificial  instance-attribute","text":"
artificial = artificial\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.is_base_class","title":"is_base_class  instance-attribute","text":"
is_base_class = is_base_class\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.bitsize","title":"bitsize  instance-attribute","text":"
bitsize = bitsize\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type","title":"Type","text":"
Class representing a type in the context of an inferior process.
 
Methods:
 
     
  •  func_arguments             \u2013              
    Returns a list of function arguments type.
     
    •  
  •  fields             \u2013              
    List of all fields in this type, if it is a structured type.
     
    •  
  •  has_field             \u2013              
    Whether this type has a field with the given name.
     
    •  
  •  array             \u2013              
    Return a type that corresponds to an array whose elements have this type.
     
    •  
  •  pointer             \u2013              
    Return a pointer type that has this type as its pointee.
     
    •  
  •  strip_typedefs             \u2013              
    Return a type that corresponds to the base type after a typedef chain,
     
    •  
  •  target             \u2013              
    Return the target of this reference type, if this is a reference type.
     
    •  
  •  keys             \u2013              
    Returns a list containing all the field names of this type.
     
    •  
  •  enum_member             \u2013              
    Retrieve the integer value of an enum member.
     
    •  
  •  offsetof             \u2013              
    Calculate the byte offset of a field within a struct or union.
     
    •  
  •  __eq__             \u2013              
    Returns True if types are the same
     
    •  
 
Attributes:
 
     
  •  name_identifier               (str | None)           \u2013            
    Returns the identifier of this type, eg:
     
    •  
  •  name_to_human_readable               (str)           \u2013            
    Returns the human friendly name of this type, eg:
     
    •  
  •  array_len               (int)           \u2013            
    Get array length of this type.
     
    •  
  •  sizeof               (int)           \u2013            
    The size of this type, in bytes.
     
    •  
  •  alignof               (int)           \u2013            
    The alignment of this type, in bytes.
     
    •  
  •  code               (TypeCode)           \u2013            
    What category of type this object belongs to.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.name_identifier","title":"name_identifier  property","text":"
name_identifier: str | None\n
 
Returns the identifier of this type, eg: - someStructName - someEnumName - someTypedefName
 
Returns None if the type is anonymous or does not have a name, such as: - Anonymous structs - Anonymous Typedefs - Basic types like char[], void, etc.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.name_to_human_readable","title":"name_to_human_readable  property","text":"
name_to_human_readable: str\n
 
Returns the human friendly name of this type, eg: - char [16] - int - char * - void * - fooStructName - barEnumName - barTypedefName
 
This function is not standardized, may return different names in gdb/lldb, eg: gdb: char [16] or char [50] or struct {...} lldb: char[16] or char[]    or (anonymous struct)
 
You should not use this function. Only for human eyes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.array_len","title":"array_len  property","text":"
array_len: int\n
 
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.sizeof","title":"sizeof  property","text":"
sizeof: int\n
 
The size of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.alignof","title":"alignof  property","text":"
alignof: int\n
 
The alignment of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.code","title":"code  property","text":"
code: TypeCode\n
 
What category of type this object belongs to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.func_arguments","title":"func_arguments","text":"
func_arguments() -> list[Type] | None\n
 
Returns a list of function arguments type.
 
Returns:
 
     
  •  list[Type] | None           \u2013            
    List[Type] | None: The function arguments type, or None if debug information is missing.
     
    •  
 
Raises:
 
     
  •  TypeError             \u2013            
    If called on an unsupported type.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.fields","title":"fields","text":"
fields() -> list[TypeField]\n
 
List of all fields in this type, if it is a structured type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.has_field","title":"has_field","text":"
has_field(name: str) -> bool\n
 
Whether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.array","title":"array","text":"
array(count: int) -> Type\n
 
Return a type that corresponds to an array whose elements have this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.pointer","title":"pointer","text":"
pointer() -> Type\n
 
Return a pointer type that has this type as its pointee.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.strip_typedefs","title":"strip_typedefs","text":"
strip_typedefs() -> Type\n
 
Return a type that corresponds to the base type after a typedef chain, if this is a typedef. Returns the type itself otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.target","title":"target","text":"
target() -> Type\n
 
Return the target of this reference type, if this is a reference type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.keys","title":"keys","text":"
keys() -> list[str]\n
 
Returns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.enum_member","title":"enum_member","text":"
enum_member(field_name: str) -> int | None\n
 
Retrieve the integer value of an enum member.
 
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.offsetof","title":"offsetof","text":"
offsetof(field_name: str) -> int | None\n
 
Calculate the byte offset of a field within a struct or union.
 
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
 
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
 
Returns True if types are the same
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value","title":"Value","text":"
Class representing a value in the context of an inferior process.
 
Methods:
 
     
  •  dereference             \u2013              
    If this is a pointer value, dereferences the pointer and returns a new
     
    •  
  •  string             \u2013              
    If this value is a string, then this method converts it to a Python string.
     
    •  
  •  value_to_human_readable             \u2013              
        Converts a Value to a human-readable string representation.\n
     
    •  
  •  fetch_lazy             \u2013              
    Fetches the value if it is lazy, does nothing otherwise.
     
    •  
  •  __int__             \u2013              
    Converts this value to an integer, if possible.
     
    •  
  •  cast             \u2013              
    Returns a new value with the same value as this object, but of the
     
    •  
  •  __add__             \u2013              
    Adds an integer to this value, if that makes sense. Throws an exception
     
    •  
  •  __sub__             \u2013              
    Subtract an integer from this value, if that makes sense. Throws an
     
    •  
  •  __getitem__             \u2013              
    Gets the value with the given name that belongs to this value. For
     
    •  
 
Attributes:
 
     
  •  address               (Value | None)           \u2013            
    The address of this value, in memory, if addressable, otherwise None.
     
    •  
  •  is_optimized_out               (bool)           \u2013            
    Whether this value is present in debugging information, but has been
     
    •  
  •  type               (Type)           \u2013            
    The type associated with this value.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.address","title":"address  property","text":"
address: Value | None\n
 
The address of this value, in memory, if addressable, otherwise None.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.is_optimized_out","title":"is_optimized_out  property","text":"
is_optimized_out: bool\n
 
Whether this value is present in debugging information, but has been optimized out of the actual program.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.type","title":"type  property","text":"
type: Type\n
 
The type associated with this value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.dereference","title":"dereference","text":"
dereference() -> Value\n
 
If this is a pointer value, dereferences the pointer and returns a new instance of Value, containing the value pointed to by this pointer.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.string","title":"string","text":"
string() -> str\n
 
If this value is a string, then this method converts it to a Python string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
 
    Converts a Value to a human-readable string representation.\n\n    The format is similar to what is produced by the `str()` function for gdb.Value,\n    displaying nested fields and pointers in a user-friendly way.\n\n    **Usage Notes:**\n    - This function is intended solely for displaying results to the user.\n    - The output format may differ between debugger implementations (e.g., GDB vs LLDB),\n      as each debugger may format values differently. For instance:\n        - GDB might produce: '{\n
 
value = 0,   inner = {     next = 0x555555558098    } }'             - LLDB might produce: '(inner_a_node) *$PWNDBG_CREATED_VALUE_0 = {   value = 0   inner = {     next = 0x0000555555558098   } }'         - As such, this function should not be relied upon for parsing or programmatic use."},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.fetch_lazy","title":"fetch_lazy","text":"
fetch_lazy() -> None\n
 
Fetches the value if it is lazy, does nothing otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__int__","title":"__int__","text":"
__int__() -> int\n
 
Converts this value to an integer, if possible.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.cast","title":"cast","text":"
cast(type: Type | Any) -> Value\n
 
Returns a new value with the same value as this object, but of the given type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__add__","title":"__add__","text":"
__add__(rhs: int) -> Value\n
 
Adds an integer to this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__sub__","title":"__sub__","text":"
__sub__(rhs: int) -> Value\n
 
Subtract an integer from this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__getitem__","title":"__getitem__","text":"
__getitem__(idx: int | str) -> Value\n
 
Gets the value with the given name that belongs to this value. For structure types, this is the field with the given name. For array types, this is the field at the given index. For pointer types, this is the value of *(ptr+idx).
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.CommandHandle","title":"CommandHandle","text":"
An opaque handle to an installed command.
 
Methods:
 
     
  •  remove             \u2013              
    Removes this command from the command palette of the debugger.
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.CommandHandle.remove","title":"remove","text":"
remove() -> None\n
 
Removes this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType","title":"EventType","text":"
               Bases: Enum
 
Events that can be listened for and reacted to in a debugger.
 The events types listed here are defined as follows 
     
  • START: This event is fired some time between the creation of or   attachment to the process to be debugged, and the start of its   execution.
    •  
  • STOP: This event is fired after execution of the process has been   suspended, but before control is returned to the user for interactive   debugging.
    •  
  • EXIT: This event is fired after the process being debugged has been   detached from or has finished executing.
    •  
  • MEMORY_CHANGED: This event is fired when the user interactively makes   changes to the memory of the process being debugged.
    •  
  • REGISTER_CHANGED: Like MEMORY_CHANGED, but for registers.
    •  
  • CONTINUE: This event is fired after the user has requested for   process execution to continue after it had been previously suspended.
    •  
  • NEW_MODULE: This event is fired when a new application module has   been encountered by the debugger. This usually happens when a new   application module is loaded into the memory space of the process being   debugged. In GDB terminology, these are called objfiles.
    •  
 
Attributes:
 
     
  •  SUSPEND_ALL           \u2013            
    •  
  •  START           \u2013            
    •  
  •  STOP           \u2013            
    •  
  •  EXIT           \u2013            
    •  
  •  MEMORY_CHANGED           \u2013            
    •  
  •  REGISTER_CHANGED           \u2013            
    •  
  •  CONTINUE           \u2013            
    •  
  •  NEW_MODULE           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.SUSPEND_ALL","title":"SUSPEND_ALL  class-attribute instance-attribute","text":"
SUSPEND_ALL = -1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.START","title":"START  class-attribute instance-attribute","text":"
START = 0\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.STOP","title":"STOP  class-attribute instance-attribute","text":"
STOP = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.EXIT","title":"EXIT  class-attribute instance-attribute","text":"
EXIT = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.MEMORY_CHANGED","title":"MEMORY_CHANGED  class-attribute instance-attribute","text":"
MEMORY_CHANGED = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.REGISTER_CHANGED","title":"REGISTER_CHANGED  class-attribute instance-attribute","text":"
REGISTER_CHANGED = 4\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.CONTINUE","title":"CONTINUE  class-attribute instance-attribute","text":"
CONTINUE = 5\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.NEW_MODULE","title":"NEW_MODULE  class-attribute instance-attribute","text":"
NEW_MODULE = 6\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger","title":"Debugger","text":"
The base class representing a debugger.
 
Methods:
 
     
  •  setup             \u2013              
    Perform debugger-specific initialization.
     
    •  
  •  history             \u2013              
    The command history of the interactive session in this debugger.
     
    •  
  •  lex_args             \u2013              
    Lexes the given command line into a list of arguments, according to the
     
    •  
  •  selected_inferior             \u2013              
    The inferior process currently being focused on in this interactive session.
     
    •  
  •  selected_thread             \u2013              
    The thread currently being focused on in this interactive session.
     
    •  
  •  selected_frame             \u2013              
    The stack frame currently being focused on in this interactive session.
     
    •  
  •  commands             \u2013              
    List the commands available in this session.
     
    •  
  •  add_command             \u2013              
    Adds a command with the given name to the debugger, that invokes the
     
    •  
  •  has_event_type             \u2013              
    Whether the given event type is supported by this debugger. Indicates
     
    •  
  •  event_handler             \u2013              
    Sets up the given function to be called when an event of the given type
     
    •  
  •  ctx_suspend_events             \u2013              
    Context manager for temporarily suspending and resuming the delivery of events
     
    •  
  •  ctx_suspend_once             \u2013              
    Avoid printing ctx once
     
    •  
  •  suspend_events             \u2013              
    Suspend delivery of all events of the given type until it is resumed
     
    •  
  •  resume_events             \u2013              
    Resume the delivery of all events of the given type, if previously
     
    •  
  •  set_sysroot             \u2013              
    Sets the system root for this debugger.
     
    •  
  •  x86_disassembly_flavor             \u2013              
    The flavor of disassembly to use for x86 targets.
     
    •  
  •  supports_breakpoint_creation_during_stop_handler             \u2013              
    Whether breakpoint or watchpoint creation through break_at is
     
    •  
  •  breakpoint_locations             \u2013              
    Returns a list of all breakpoint locations that are currently
     
    •  
  •  name             \u2013              
    The type of the current debugger.
     
    •  
  •  is_gdblib_available             \u2013              
    Whether gdblib is available under this debugger.
     
    •  
  •  string_limit             \u2013              
    The maximum size of a string.
     
    •  
  •  addrsz             \u2013              
    Format the given address value.
     
    •  
  •  get_cmd_window_size             \u2013              
    The size of the command window, in characters, if available.
     
    •  
  •  set_python_diagnostics             \u2013              
    Enables or disables Python diagnostic messages for this debugger.
     
    •  
 
Attributes:
 
     
  •  pre_ctx_lines               (int)           \u2013            
    Our prediction on how many lines of text will be printed as
     
    •  
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.pre_ctx_lines","title":"pre_ctx_lines  property","text":"
pre_ctx_lines: int\n
 
Our prediction on how many lines of text will be printed as a preamble (right after the prompt, and before the context) the next time the context is printed.
 
This includes any lines the underlying debugger generates.
 
The user never sees these lines when context-clear-screen is enabled.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.setup","title":"setup","text":"
setup(*args: Any) -> None\n
 
Perform debugger-specific initialization.
 
This method should be run immediately after pwndbg.dbg is set to an instance of this class, and, as such, is allowed to run code that depends on it being set.
 
Because we can't really know what a given debugger object will need as part of its setup process, we allow for as many arguments as desired to be passed in, and leave it up to the implementations to decide what they need. This shouldn't be a problem, seeing as, unlike other methods in this class, this should only be called as part of the debugger-specific bringup code.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.history","title":"history","text":"
history(last: int = 10) -> list[tuple[int, str]]\n
 
The command history of the interactive session in this debugger.
 
This function returns the last last items in the command history, as an oldest-to-youngest-sorted list of tuples, where the first element in each tuple is the index of the command in the history, and the second element is a string giving the command itself.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.lex_args","title":"lex_args","text":"
lex_args(command_line: str) -> list[str]\n
 
Lexes the given command line into a list of arguments, according to the conventions of the debugger being used and of the interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_inferior","title":"selected_inferior","text":"
selected_inferior() -> Process | None\n
 
The inferior process currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_thread","title":"selected_thread","text":"
selected_thread() -> Thread | None\n
 
The thread currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_frame","title":"selected_frame","text":"
selected_frame() -> Frame | None\n
 
The stack frame currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.commands","title":"commands","text":"
commands() -> list[str]\n
 
List the commands available in this session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.add_command","title":"add_command","text":"
add_command(\n    name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\n
 
Adds a command with the given name to the debugger, that invokes the given function every time it is called.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.has_event_type","title":"has_event_type","text":"
has_event_type(ty: EventType) -> bool\n
 
Whether the given event type is supported by this debugger. Indicates that a user either can or cannot register an event handler of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.event_handler","title":"event_handler","text":"
event_handler(\n    ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
 
Sets up the given function to be called when an event of the given type gets fired. Returns a callable that corresponds to the wrapped function. This function my be used as a decorator.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.ctx_suspend_events","title":"ctx_suspend_events","text":"
ctx_suspend_events(ty: EventType) -> Iterator[None]\n
 
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.ctx_suspend_once","title":"ctx_suspend_once","text":"
ctx_suspend_once()\n
 
Avoid printing ctx once
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.suspend_events","title":"suspend_events","text":"
suspend_events(ty: EventType) -> None\n
 
Suspend delivery of all events of the given type until it is resumed through a call to resume_events.
 
Events triggered during a suspension will be ignored, and will not be delived, even after delivery is resumed.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.resume_events","title":"resume_events","text":"
resume_events(ty: EventType) -> None\n
 
Resume the delivery of all events of the given type, if previously suspeded through a call to suspend_events. Does nothing if the delivery has not been previously suspeded.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_sysroot","title":"set_sysroot","text":"
set_sysroot(sysroot: str) -> bool\n
 
Sets the system root for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"
x86_disassembly_flavor() -> Literal['att', 'intel']\n
 
The flavor of disassembly to use for x86 targets.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"
supports_breakpoint_creation_during_stop_handler() -> bool\n
 
Whether breakpoint or watchpoint creation through break_at is supported during breakpoint stop handlers.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.breakpoint_locations","title":"breakpoint_locations","text":"
breakpoint_locations() -> list[BreakpointLocation]\n
 
Returns a list of all breakpoint locations that are currently installed and enabled in the focused process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.name","title":"name","text":"
name() -> DebuggerType\n
 
The type of the current debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.is_gdblib_available","title":"is_gdblib_available","text":"
is_gdblib_available() -> bool\n
 
Whether gdblib is available under this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.string_limit","title":"string_limit","text":"
string_limit() -> int\n
 
The maximum size of a string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.addrsz","title":"addrsz","text":"
addrsz(address: Any) -> str\n
 
Format the given address value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.get_cmd_window_size","title":"get_cmd_window_size","text":"
get_cmd_window_size() -> tuple[int, int]\n
 
The size of the command window, in characters, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_python_diagnostics","title":"set_python_diagnostics","text":"
set_python_diagnostics(enabled: bool) -> None\n
 
Enables or disables Python diagnostic messages for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.selection","title":"selection","text":"
selection(\n    target: T, get_current: Callable[[], T], select: Callable[[T], None]\n)\n
 
Debuggers have global state. Many of our queries require that we select a given object globally before we make them. When doing that, we must always be careful to return selection to its previous state before exiting. This class automatically manages the selection of a single object type.
 
Upon entrace to the with block, the element given by target will be compared to the object returned by calling get_current. If they compare different, the value previously returned by get_current is saved, and the element given by target will be selected by passing it as an argument to select, and, after execution leaves the with block, the previously saved element will be selected in the same fashion as the first element.
 
If the elements don't compare different, this is a no-op.
"},{"location":"reference/pwndbg/dbg/gdb/","title":"gdb","text":""},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb","title":"gdb","text":"
Modules:
 
     
  •  debug_sym           \u2013            
    •  
  •  symbol           \u2013            
    Looking up addresses for function names / symbols, and
     
    •  
 
Classes:
 
     
  •  GDBRegisters           \u2013            
    •  
  •  GDBFrame           \u2013            
    •  
  •  GDBThread           \u2013            
    •  
  •  GDBMemoryMap           \u2013            
    •  
  •  BreakpointAdapter           \u2013            
    •  
  •  FinishpointAdapter           \u2013            
    •  
  •  GDBStopPoint           \u2013            
    •  
  •  GDBProcess           \u2013            
    •  
  •  GDBExecutionController           \u2013            
    •  
  •  GDBCommand           \u2013            
    •  
  •  GDBCommandHandle           \u2013            
    •  
  •  GDBType           \u2013            
    •  
  •  GDBValue           \u2013            
    •  
  •  GDB           \u2013            
    •  
 
Functions:
 
     
  •  parse_and_eval             \u2013              
    Same as gdb.parse_and_eval, but only uses global_context if it is
     
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
  •  gdb_architecture_name_fixup_list           \u2013            
    •  
  •  gdb_mips_to_arch_attribute_map           \u2013            
    •  
  •  BPWP_DEFERRED_DELETE               (Set[GDBStopPoint])           \u2013            
    •  
  •  BPWP_DEFERRED_ENABLE               (Set[GDBStopPoint])           \u2013            
    •  
  •  BPWP_DEFERRED_DISABLE               (Set[GDBStopPoint])           \u2013            
    •  
  •  EXECUTION_CONTROLLER           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.gdb_architecture_name_fixup_list","title":"gdb_architecture_name_fixup_list  module-attribute","text":"
gdb_architecture_name_fixup_list = (\n    \"x86-64\",\n    \"i386\",\n    \"i8086\",\n    \"aarch64\",\n    \"mips\",\n    \"rs6000\",\n    \"powerpc\",\n    \"sparc\",\n    \"arm\",\n    \"iwmmxt\",\n    \"iwmmxt2\",\n    \"xscale\",\n    \"riscv:rv32\",\n    \"riscv:rv64\",\n    \"riscv\",\n    \"loongarch64\",\n    \"s390:64-bit\",\n)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.gdb_mips_to_arch_attribute_map","title":"gdb_mips_to_arch_attribute_map  module-attribute","text":"
gdb_mips_to_arch_attribute_map = {\n    \"mips5\": MIPS_ISA_5,\n    \"micromips\": MIPS_ISA_MICRO,\n    \"isa32\": MIPS_ISA_32,\n    \"isa32r2\": MIPS_ISA_32R2,\n    \"isa32r3\": MIPS_ISA_32R3,\n    \"isa32r5\": MIPS_ISA_32R5,\n    \"isa32r6\": MIPS_ISA_32R6,\n    \"isa64\": MIPS_ISA_64,\n    \"isa64r2\": MIPS_ISA_64R2,\n    \"isa64r3\": MIPS_ISA_64R3,\n    \"isa64r5\": MIPS_ISA_64R5,\n    \"isa64r6\": MIPS_ISA_64R6,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DELETE","title":"BPWP_DEFERRED_DELETE  module-attribute","text":"
BPWP_DEFERRED_DELETE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_ENABLE","title":"BPWP_DEFERRED_ENABLE  module-attribute","text":"
BPWP_DEFERRED_ENABLE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DISABLE","title":"BPWP_DEFERRED_DISABLE  module-attribute","text":"
BPWP_DEFERRED_DISABLE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLER  module-attribute","text":"
EXECUTION_CONTROLLER = GDBExecutionController()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters","title":"GDBRegisters","text":"
GDBRegisters(frame: GDBFrame)\n
 
               Bases: Registers
 
Methods:
 
     
  •  by_name             \u2013              
    •  
 
Attributes:
 
     
  •  frame           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters.frame","title":"frame  instance-attribute","text":"
frame = frame\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters.by_name","title":"by_name","text":"
by_name(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame","title":"GDBFrame","text":"
GDBFrame(inner: Frame)\n
 
               Bases: Frame
 
Methods:
 
     
  •  lookup_symbol             \u2013              
    •  
  •  evaluate_expression             \u2013              
    •  
  •  regs             \u2013              
    •  
  •  reg_write             \u2013              
    •  
  •  pc             \u2013              
    •  
  •  sp             \u2013              
    •  
  •  parent             \u2013              
    •  
  •  child             \u2013              
    •  
  •  sal             \u2013              
    •  
  •  stack_variables             \u2013              
    •  
  •  __eq__             \u2013              
    •  
 
Attributes:
 
     
  •  inner           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.regs","title":"regs","text":"
regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.reg_write","title":"reg_write","text":"
reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.pc","title":"pc","text":"
pc() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sp","title":"sp","text":"
sp() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.parent","title":"parent","text":"
parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.child","title":"child","text":"
child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sal","title":"sal","text":"
sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.stack_variables","title":"stack_variables","text":"
stack_variables() -> tuple[tuple[int, int, str], ...]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread","title":"GDBThread","text":"
GDBThread(inner: InferiorThread)\n
 
               Bases: Thread
 
Methods:
 
     
  •  bottom_frame             \u2013              
    •  
  •  ptid             \u2013              
    •  
  •  index             \u2013              
    •  
 
Attributes:
 
     
  •  inner           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.bottom_frame","title":"bottom_frame","text":"
bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.ptid","title":"ptid","text":"
ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.index","title":"index","text":"
index() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap","title":"GDBMemoryMap","text":"
GDBMemoryMap(qemu: bool, pages: Sequence[Page])\n
 
               Bases: MemoryMap
 
Methods:
 
     
  •  is_qemu             \u2013              
    •  
  •  ranges             \u2013              
    Returns all ranges in this memory map.
     
    •  
  •  lookup_page             \u2013              
    •  
 
Attributes:
 
     
  •  qemu           \u2013            
    •  
  •  pages               (tuple[Page, ...])           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.qemu","title":"qemu  instance-attribute","text":"
qemu = qemu\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.pages","title":"pages  instance-attribute","text":"
pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.is_qemu","title":"is_qemu","text":"
is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.ranges","title":"ranges","text":"
ranges() -> Sequence[Page]\n
 
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.lookup_page","title":"lookup_page","text":"
lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter","title":"BreakpointAdapter","text":"
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  stop_handler               (Callable[[], bool])           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter.stop_handler","title":"stop_handler  instance-attribute","text":"
stop_handler: Callable[[], bool]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.FinishpointAdapter","title":"FinishpointAdapter","text":"
FinishpointAdapter(stop_handler, internal)\n
 
               Bases: FinishBreakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  stop_handler               (Callable[[], bool])           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.FinishpointAdapter.stop_handler","title":"stop_handler  instance-attribute","text":"
stop_handler: Callable[[], bool] = stop_handler\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.FinishpointAdapter.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint","title":"GDBStopPoint","text":"
GDBStopPoint(inner: Breakpoint, proc: GDBProcess)\n
 
               Bases: StopPoint
 
Methods:
 
     
  •  set_enabled             \u2013              
    •  
  •  remove             \u2013              
    •  
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    Automatic breakpoint removal.
     
    •  
 
Attributes:
 
     
  •  inner               (Breakpoint)           \u2013            
    •  
  •  proc               (GDBProcess)           \u2013            
    •  
  •  inner_stop               (Callable[[], bool] | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.inner","title":"inner  instance-attribute","text":"
inner: Breakpoint = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.proc","title":"proc  instance-attribute","text":"
proc: GDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.inner_stop","title":"inner_stop  instance-attribute","text":"
inner_stop: Callable[[], bool] | None = None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.set_enabled","title":"set_enabled","text":"
set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.remove","title":"remove","text":"
remove() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__enter__","title":"__enter__","text":"
__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__exit__","title":"__exit__","text":"
__exit__(exc_type, exc_value, traceback) -> None\n
 
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess","title":"GDBProcess","text":"
GDBProcess(inner: Inferior)\n
 
               Bases: Process
 
Methods:
 
     
  •  threads             \u2013              
    •  
  •  pid             \u2013              
    •  
  •  alive             \u2013              
    •  
  •  stopped_with_signal             \u2013              
    •  
  •  evaluate_expression             \u2013              
    •  
  •  vmmap             \u2013              
    •  
  •  read_memory             \u2013              
    •  
  •  write_memory             \u2013              
    •  
  •  find_in_memory             \u2013              
    •  
  •  is_remote             \u2013              
    •  
  •  send_remote             \u2013              
    •  
  •  send_monitor             \u2013              
    •  
  •  download_remote_file             \u2013              
    •  
  •  create_value             \u2013              
    •  
  •  symbol_name_at_address             \u2013              
    •  
  •  lookup_symbol             \u2013              
    •  
  •  types_with_name             \u2013              
    •  
  •  arch             \u2013              
    •  
  •  break_at             \u2013              
    •  
  •  trace_ret             \u2013              
    •  
  •  is_linux             \u2013              
    •  
  •  disasm             \u2013              
    •  
  •  module_section_locations             \u2013              
    •  
  •  main_module_name             \u2013              
    •  
  •  main_module_entry             \u2013              
    •  
  •  is_dynamically_linked             \u2013              
    •  
  •  dispatch_execution_controller             \u2013              
    •  
  •  add_symbol_file             \u2013              
    •  
  •  runcmd             \u2013              
    •  
 
Attributes:
 
     
  •  inner           \u2013            
    •  
  •  in_bpwp_stop_handler               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.in_bpwp_stop_handler","title":"in_bpwp_stop_handler  instance-attribute","text":"
in_bpwp_stop_handler: bool = False\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.threads","title":"threads","text":"
threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.pid","title":"pid","text":"
pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.alive","title":"alive","text":"
alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"
stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.vmmap","title":"vmmap","text":"
vmmap() -> MemoryMap\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.read_memory","title":"read_memory","text":"
read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.write_memory","title":"write_memory","text":"
write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.find_in_memory","title":"find_in_memory","text":"
find_in_memory(\n    pattern: bytearray,\n    start: int,\n    size: int,\n    align: int,\n    max_matches: int = -1,\n    step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_remote","title":"is_remote","text":"
is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_remote","title":"send_remote","text":"
send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_monitor","title":"send_monitor","text":"
send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.download_remote_file","title":"download_remote_file","text":"
download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.create_value","title":"create_value","text":"
create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"
symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.types_with_name","title":"types_with_name","text":"
types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.arch","title":"arch","text":"
arch() -> ArchDefinition\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.break_at","title":"break_at","text":"
break_at(\n    location: BreakpointLocation | WatchpointLocation,\n    stop_handler: Callable[[StopPoint], bool] | None = None,\n    internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.trace_ret","title":"trace_ret","text":"
trace_ret(\n    stop_handler: Callable[[], bool] | None = None, internal: bool = False\n)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_linux","title":"is_linux","text":"
is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.disasm","title":"disasm","text":"
disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.module_section_locations","title":"module_section_locations","text":"
module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_name","title":"main_module_name","text":"
main_module_name() -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_entry","title":"main_module_entry","text":"
main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"
is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"
dispatch_execution_controller(\n    procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.add_symbol_file","title":"add_symbol_file","text":"
add_symbol_file(path, base=None)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.runcmd","title":"runcmd","text":"
runcmd(cmd) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController","title":"GDBExecutionController","text":"
               Bases: ExecutionController
 
Methods:
 
     
  •  single_step             \u2013              
    •  
  •  cont             \u2013              
    •  
  •  cont_selected_thread             \u2013              
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.single_step","title":"single_step  async","text":"
single_step()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.cont","title":"cont  async","text":"
cont(until: StopPoint)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.cont_selected_thread","title":"cont_selected_thread  async","text":"
cont_selected_thread(until: StopPoint)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand","title":"GDBCommand","text":"
GDBCommand(\n    debugger: GDB,\n    name: str,\n    handler: Callable[[Debugger, str, bool], None],\n    doc: str | None,\n)\n
 
               Bases: Command
 
Methods:
 
     
  •  invoke             \u2013              
    •  
 
Attributes:
 
     
  •  debugger           \u2013            
    •  
  •  handler           \u2013            
    •  
  •  __doc__           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.debugger","title":"debugger  instance-attribute","text":"
debugger = debugger\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.handler","title":"handler  instance-attribute","text":"
handler = handler\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.__doc__","title":"__doc__  instance-attribute","text":"
__doc__ = doc\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.invoke","title":"invoke","text":"
invoke(args: str, from_tty: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle","title":"GDBCommandHandle","text":"
GDBCommandHandle(command: Command)\n
 
               Bases: CommandHandle
 
Methods:
 
     
  •  remove             \u2013              
    •  
 
Attributes:
 
     
  •  command           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle.command","title":"command  instance-attribute","text":"
command = command\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle.remove","title":"remove","text":"
remove() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType","title":"GDBType","text":"
GDBType(inner: Type)\n
 
               Bases: Type
 
Methods:
 
     
  •  __eq__             \u2013              
    •  
  •  func_arguments             \u2013              
    •  
  •  fields             \u2013              
    •  
  •  has_field             \u2013              
    •  
  •  array             \u2013              
    •  
  •  pointer             \u2013              
    •  
  •  strip_typedefs             \u2013              
    •  
  •  target             \u2013              
    •  
  •  keys             \u2013              
    •  
  •  offsetof             \u2013              
    •  
  •  enum_member             \u2013              
    Retrieve the integer value of an enum member.
     
    •  
 
Attributes:
 
     
  •  CODE_MAPPING           \u2013            
    •  
  •  inner           \u2013            
    •  
  •  name_identifier               (str | None)           \u2013            
    •  
  •  name_to_human_readable               (str)           \u2013            
    •  
  •  sizeof               (int)           \u2013            
    •  
  •  alignof               (int)           \u2013            
    •  
  •  code               (TypeCode)           \u2013            
    •  
  •  array_len               (int)           \u2013            
    Get array length of this type.
     
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.CODE_MAPPING","title":"CODE_MAPPING  class-attribute instance-attribute","text":"
CODE_MAPPING = {\n    TYPE_CODE_BOOL: BOOL,\n    TYPE_CODE_INT: INT,\n    TYPE_CODE_UNION: UNION,\n    TYPE_CODE_STRUCT: STRUCT,\n    TYPE_CODE_ENUM: ENUM,\n    TYPE_CODE_TYPEDEF: TYPEDEF,\n    TYPE_CODE_PTR: POINTER,\n    TYPE_CODE_ARRAY: ARRAY,\n    TYPE_CODE_FUNC: FUNC,\n    TYPE_CODE_METHOD: FUNC,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_identifier","title":"name_identifier  property","text":"
name_identifier: str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_to_human_readable","title":"name_to_human_readable  property","text":"
name_to_human_readable: str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.sizeof","title":"sizeof  property","text":"
sizeof: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.alignof","title":"alignof  property","text":"
alignof: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.code","title":"code  property","text":"
code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.array_len","title":"array_len  property","text":"
array_len: int\n
 
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.func_arguments","title":"func_arguments","text":"
func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.fields","title":"fields","text":"
fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.has_field","title":"has_field","text":"
has_field(name: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.array","title":"array","text":"
array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.pointer","title":"pointer","text":"
pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.strip_typedefs","title":"strip_typedefs","text":"
strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.target","title":"target","text":"
target() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.keys","title":"keys","text":"
keys() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.offsetof","title":"offsetof","text":"
offsetof(field_name: str) -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.enum_member","title":"enum_member","text":"
enum_member(field_name: str) -> int | None\n
 
Retrieve the integer value of an enum member.
 
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue","title":"GDBValue","text":"
GDBValue(inner: Value)\n
 
               Bases: Value
 
Methods:
 
     
  •  dereference             \u2013              
    •  
  •  string             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    •  
  •  fetch_lazy             \u2013              
    •  
  •  __int__             \u2013              
    •  
  •  cast             \u2013              
    •  
  •  __add__             \u2013              
    •  
  •  __sub__             \u2013              
    •  
  •  __getitem__             \u2013              
    •  
 
Attributes:
 
     
  •  inner           \u2013            
    •  
  •  address               (Value | None)           \u2013            
    •  
  •  is_optimized_out               (bool)           \u2013            
    •  
  •  type               (Type)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.address","title":"address  property","text":"
address: Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.is_optimized_out","title":"is_optimized_out  property","text":"
is_optimized_out: bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.type","title":"type  property","text":"
type: Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.dereference","title":"dereference","text":"
dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.string","title":"string","text":"
string() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.fetch_lazy","title":"fetch_lazy","text":"
fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__int__","title":"__int__","text":"
__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.cast","title":"cast","text":"
cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__add__","title":"__add__","text":"
__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__sub__","title":"__sub__","text":"
__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__getitem__","title":"__getitem__","text":"
__getitem__(key: str | int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB","title":"GDB","text":"
               Bases: Debugger
 
Methods:
 
     
  •  setup             \u2013              
    •  
  •  add_command             \u2013              
    •  
  •  history             \u2013              
    •  
  •  lex_args             \u2013              
    •  
  •  selected_thread             \u2013              
    •  
  •  selected_frame             \u2013              
    •  
  •  commands             \u2013              
    •  
  •  selected_inferior             \u2013              
    •  
  •  is_gdblib_available             \u2013              
    •  
  •  has_event_type             \u2013              
    •  
  •  event_handler             \u2013              
    •  
  •  ctx_suspend_once             \u2013              
    •  
  •  suspend_events             \u2013              
    •  
  •  resume_events             \u2013              
    •  
  •  set_sysroot             \u2013              
    •  
  •  supports_breakpoint_creation_during_stop_handler             \u2013              
    •  
  •  breakpoint_locations             \u2013              
    •  
  •  name             \u2013              
    •  
  •  x86_disassembly_flavor             \u2013              
    •  
  •  string_limit             \u2013              
    •  
  •  addrsz             \u2013              
    •  
  •  get_cmd_window_size             \u2013              
    Get the size of the command window.
     
    •  
  •  set_python_diagnostics             \u2013              
    •  
  •  ctx_suspend_events             \u2013              
    Context manager for temporarily suspending and resuming the delivery of events
     
    •  
 
Attributes:
 
     
  •  pre_ctx_lines               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.pre_ctx_lines","title":"pre_ctx_lines  property","text":"
pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.setup","title":"setup","text":"
setup()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.add_command","title":"add_command","text":"
add_command(\n    name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.history","title":"history","text":"
history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.lex_args","title":"lex_args","text":"
lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_thread","title":"selected_thread","text":"
selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_frame","title":"selected_frame","text":"
selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.commands","title":"commands","text":"
commands()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_inferior","title":"selected_inferior","text":"
selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.is_gdblib_available","title":"is_gdblib_available","text":"
is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.has_event_type","title":"has_event_type","text":"
has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.event_handler","title":"event_handler","text":"
event_handler(\n    ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.ctx_suspend_once","title":"ctx_suspend_once","text":"
ctx_suspend_once()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.suspend_events","title":"suspend_events","text":"
suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.resume_events","title":"resume_events","text":"
resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_sysroot","title":"set_sysroot","text":"
set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"
supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.breakpoint_locations","title":"breakpoint_locations","text":"
breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.name","title":"name","text":"
name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"
x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.string_limit","title":"string_limit","text":"
string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.addrsz","title":"addrsz","text":"
addrsz(address: Any) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.get_cmd_window_size","title":"get_cmd_window_size","text":"
get_cmd_window_size() -> tuple[int | None, int | None]\n
 
Get the size of the command window.
 
GDB keeps these parameters up to date with the actual window size of the command output. This is the full terminal size in CLI mode or the size of the cmd window in TUI mode.
 
When the window size is set to be unlimited (0), the parameter is None.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_python_diagnostics","title":"set_python_diagnostics","text":"
set_python_diagnostics(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.ctx_suspend_events","title":"ctx_suspend_events","text":"
ctx_suspend_events(ty: EventType) -> Iterator[None]\n
 
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.parse_and_eval","title":"parse_and_eval","text":"
parse_and_eval(expression: str, global_context: bool) -> Value\n
 
Same as gdb.parse_and_eval, but only uses global_context if it is supported by the current version of GDB.
 
global_context was introduced in GDB 14.
"},{"location":"reference/pwndbg/dbg/gdb/debug_sym/","title":"debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/debug_sym/#pwndbg.dbg.gdb.debug_sym","title":"debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/","title":"symbol","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol","title":"symbol","text":"
Looking up addresses for function names / symbols, and vice-versa.
 
Classes:
 
     
  •  Domain           \u2013            
    •  
 
Functions:
 
     
  •  resolve_addr             \u2013              
    Retrieve the name for the symbol located at address
     
    •  
  •  lookup_symbol             \u2013              
    Get the address for symbol
     
    •  
  •  lookup_frame_symbol             \u2013              
    Get the address for local symbol from frame, in most time you don't need it
     
    •  
 
Attributes:
 
     
  •  skipped_exceptions           \u2013            
    •  
  •  DOMAIN_MAPPING           \u2013            
    •  
  •  order_prefs           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.skipped_exceptions","title":"skipped_exceptions  module-attribute","text":"
skipped_exceptions = ('No frame selected', 'Cannot find thread-local')\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.DOMAIN_MAPPING","title":"DOMAIN_MAPPING  module-attribute","text":"
DOMAIN_MAPPING = {\n    ANY: SYMBOL_VAR_DOMAIN,\n    VARIABLE: SYMBOL_VAR_DOMAIN,\n    FUNCTION: SYMBOL_FUNCTION_DOMAIN,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.order_prefs","title":"order_prefs  module-attribute","text":"
order_prefs = {\n    True: (\n        _global_static_symbol_to_address,\n        _global_exported_symbol_to_address,\n    ),\n    False: (\n        _global_exported_symbol_to_address,\n        _global_static_symbol_to_address,\n    ),\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain","title":"Domain","text":"
               Bases: Enum
 
Methods:
 
     
  •  validate             \u2013              
    •  
 
Attributes:
 
     
  •  ANY           \u2013            
    •  
  •  VARIABLE           \u2013            
    •  
  •  FUNCTION           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.ANY","title":"ANY  class-attribute instance-attribute","text":"
ANY = 1\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.VARIABLE","title":"VARIABLE  class-attribute instance-attribute","text":"
VARIABLE = 2\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.FUNCTION","title":"FUNCTION  class-attribute instance-attribute","text":"
FUNCTION = 3\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.validate","title":"validate","text":"
validate(sym: Symbol) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.resolve_addr","title":"resolve_addr","text":"
resolve_addr(address: int) -> str\n
 
Retrieve the name for the symbol located at address Empty string if no symbol
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    domain: Domain = ANY,\n    objfile_endswith: str | None = None,\n) -> Value | None\n
 
Get the address for symbol
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"
lookup_frame_symbol(name: str, *, domain: Domain = ANY) -> Value | None\n
 
Get the address for local symbol from frame, in most time you don't need it
"},{"location":"reference/pwndbg/dbg/lldb/","title":"lldb","text":""},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb","title":"lldb","text":"
Modules:
 
     
  •  hooks           \u2013            
    Code that sets up hooks for LLDB events.
     
    •  
  •  pset           \u2013            
    •  
  •  repl           \u2013            
    The Pwndbg REPL that is the interface to all debugging on LLDB.
     
    •  
  •  util           \u2013            
    •  
 
Classes:
 
     
  •  LLDBRegisters           \u2013            
    •  
  •  LLDBFrame           \u2013            
    •  
  •  LLDBThread           \u2013            
    •  
  •  LLDBType           \u2013            
    •  
  •  LLDBValue           \u2013            
    •  
  •  LLDBMemoryMap           \u2013            
    •  
  •  LLDBStopPoint           \u2013            
    •  
  •  OneShotAwaitable           \u2013            
    Used as part of the logic for the execution controller. This is an Awaitable
     
    •  
  •  YieldContinue           \u2013            
    Continues execution of the process until the breakpoint or watchpoint given
     
    •  
  •  YieldSingleStep           \u2013            
    Moves execution of the process being debugged forward by one instruction.
     
    •  
  •  LLDBExecutionController           \u2013            
    •  
  •  LLDBProcess           \u2013            
    •  
  •  LLDBCommand           \u2013            
    •  
  •  LLDBPythonState           \u2013            
    State of LLDB Python execution.
     
    •  
  •  LLDB           \u2013            
    •  
 
Functions:
 
     
  •  rename_register             \u2013              
    Some register names differ between Pwndbg/GDB and LLDB. This function takes
     
    •  
  •  map_type_code             \u2013              
    Determines the type code of a given LLDB SBType.
     
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
  •  LLDB_VERSION               (tuple[int, int])           \u2013            
    •  
  •  EXECUTION_CONTROLLER           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB_VERSION","title":"LLDB_VERSION  module-attribute","text":"
LLDB_VERSION: tuple[int, int] = None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLER  module-attribute","text":"
EXECUTION_CONTROLLER = LLDBExecutionController()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters","title":"LLDBRegisters","text":"
LLDBRegisters(groups: SBValueList, proc: LLDBProcess)\n
 
               Bases: Registers
 
Methods:
 
     
  •  by_name             \u2013              
    •  
 
Attributes:
 
     
  •  groups               (SBValueList)           \u2013            
    •  
  •  proc               (LLDBProcess)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.groups","title":"groups  instance-attribute","text":"
groups: SBValueList = groups\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.proc","title":"proc  instance-attribute","text":"
proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.by_name","title":"by_name","text":"
by_name(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame","title":"LLDBFrame","text":"
LLDBFrame(inner: SBFrame, proc: LLDBProcess)\n
 
               Bases: Frame
 
Methods:
 
     
  •  lookup_symbol             \u2013              
    •  
  •  evaluate_expression             \u2013              
    •  
  •  regs             \u2013              
    •  
  •  reg_write             \u2013              
    •  
  •  pc             \u2013              
    •  
  •  sp             \u2013              
    •  
  •  parent             \u2013              
    •  
  •  child             \u2013              
    •  
  •  sal             \u2013              
    •  
  •  stack_variables             \u2013              
    •  
  •  __eq__             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (SBFrame)           \u2013            
    •  
  •  proc               (LLDBProcess)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.inner","title":"inner  instance-attribute","text":"
inner: SBFrame = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.proc","title":"proc  instance-attribute","text":"
proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.regs","title":"regs","text":"
regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.reg_write","title":"reg_write","text":"
reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.pc","title":"pc","text":"
pc() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sp","title":"sp","text":"
sp() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.parent","title":"parent","text":"
parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.child","title":"child","text":"
child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sal","title":"sal","text":"
sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.stack_variables","title":"stack_variables","text":"
stack_variables() -> tuple[tuple[int, int, str], ...]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread","title":"LLDBThread","text":"
LLDBThread(inner: SBThread, proc: LLDBProcess)\n
 
               Bases: Thread
 
Methods:
 
     
  •  bottom_frame             \u2013              
    •  
  •  ptid             \u2013              
    •  
  •  index             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (SBThread)           \u2013            
    •  
  •  proc               (LLDBProcess)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.inner","title":"inner  instance-attribute","text":"
inner: SBThread = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.proc","title":"proc  instance-attribute","text":"
proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.bottom_frame","title":"bottom_frame","text":"
bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.ptid","title":"ptid","text":"
ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.index","title":"index","text":"
index() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType","title":"LLDBType","text":"
LLDBType(inner: SBType)\n
 
               Bases: Type
 
Methods:
 
     
  •  __eq__             \u2013              
    •  
  •  func_arguments             \u2013              
    •  
  •  fields             \u2013              
    •  
  •  array             \u2013              
    •  
  •  pointer             \u2013              
    •  
  •  strip_typedefs             \u2013              
    •  
  •  target             \u2013              
    •  
  •  has_field             \u2013              
    Whether this type has a field with the given name.
     
    •  
  •  keys             \u2013              
    Returns a list containing all the field names of this type.
     
    •  
  •  enum_member             \u2013              
    Retrieve the integer value of an enum member.
     
    •  
  •  offsetof             \u2013              
    Calculate the byte offset of a field within a struct or union.
     
    •  
 
Attributes:
 
     
  •  inner               (SBType)           \u2013            
    •  
  •  name_identifier               (str | None)           \u2013            
    •  
  •  name_to_human_readable               (str)           \u2013            
    •  
  •  sizeof               (int)           \u2013            
    •  
  •  alignof               (int)           \u2013            
    •  
  •  code               (TypeCode)           \u2013            
    •  
  •  array_len               (int)           \u2013            
    Get array length of this type.
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.inner","title":"inner  instance-attribute","text":"
inner: SBType = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_identifier","title":"name_identifier  property","text":"
name_identifier: str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_to_human_readable","title":"name_to_human_readable  property","text":"
name_to_human_readable: str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.sizeof","title":"sizeof  property","text":"
sizeof: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.alignof","title":"alignof  property","text":"
alignof: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.code","title":"code  property","text":"
code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.array_len","title":"array_len  property","text":"
array_len: int\n
 
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.__eq__","title":"__eq__","text":"
__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.func_arguments","title":"func_arguments","text":"
func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.fields","title":"fields","text":"
fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.array","title":"array","text":"
array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.pointer","title":"pointer","text":"
pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.strip_typedefs","title":"strip_typedefs","text":"
strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.target","title":"target","text":"
target() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.has_field","title":"has_field","text":"
has_field(name: str) -> bool\n
 
Whether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.keys","title":"keys","text":"
keys() -> list[str]\n
 
Returns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.enum_member","title":"enum_member","text":"
enum_member(field_name: str) -> int | None\n
 
Retrieve the integer value of an enum member.
 
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.offsetof","title":"offsetof","text":"
offsetof(field_name: str) -> int | None\n
 
Calculate the byte offset of a field within a struct or union.
 
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
 
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue","title":"LLDBValue","text":"
LLDBValue(inner: SBValue, proc: LLDBProcess)\n
 
               Bases: Value
 
Methods:
 
     
  •  dereference             \u2013              
    •  
  •  string             \u2013              
    •  
  •  value_to_human_readable             \u2013              
    •  
  •  fetch_lazy             \u2013              
    •  
  •  __int__             \u2013              
    •  
  •  cast             \u2013              
    •  
  •  __add__             \u2013              
    •  
  •  __sub__             \u2013              
    •  
  •  __getitem__             \u2013              
    •  
 
Attributes:
 
     
  •  proc           \u2013            
    •  
  •  inner           \u2013            
    •  
  •  address               (Value | None)           \u2013            
    •  
  •  is_optimized_out               (bool)           \u2013            
    •  
  •  type               (Type)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.proc","title":"proc  instance-attribute","text":"
proc = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.inner","title":"inner  instance-attribute","text":"
inner = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.address","title":"address  property","text":"
address: Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.is_optimized_out","title":"is_optimized_out  property","text":"
is_optimized_out: bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.type","title":"type  property","text":"
type: Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.dereference","title":"dereference","text":"
dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.string","title":"string","text":"
string() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.value_to_human_readable","title":"value_to_human_readable","text":"
value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.fetch_lazy","title":"fetch_lazy","text":"
fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__int__","title":"__int__","text":"
__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.cast","title":"cast","text":"
cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__add__","title":"__add__","text":"
__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__sub__","title":"__sub__","text":"
__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__getitem__","title":"__getitem__","text":"
__getitem__(key: str | int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap","title":"LLDBMemoryMap","text":"
LLDBMemoryMap(pages: list[Page])\n
 
               Bases: MemoryMap
 
Methods:
 
     
  •  is_qemu             \u2013              
    •  
  •  ranges             \u2013              
    Returns all ranges in this memory map.
     
    •  
  •  lookup_page             \u2013              
    •  
 
Attributes:
 
     
  •  pages               (tuple[Page, ...])           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.pages","title":"pages  instance-attribute","text":"
pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.is_qemu","title":"is_qemu","text":"
is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.ranges","title":"ranges","text":"
ranges() -> Sequence[Page]\n
 
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.lookup_page","title":"lookup_page","text":"
lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint","title":"LLDBStopPoint","text":"
LLDBStopPoint(\n    inner: SBBreakpoint | SBWatchpoint,\n    proc: LLDBProcess,\n    stop_handler_name: str | None,\n)\n
 
               Bases: StopPoint
 
Methods:
 
     
  •  remove             \u2013              
    •  
  •  set_enabled             \u2013              
    •  
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    Automatic breakpoint removal.
     
    •  
 
Attributes:
 
     
  •  inner               (SBBreakpoint | SBWatchpoint)           \u2013            
    •  
  •  proc               (LLDBProcess)           \u2013            
    •  
  •  stop_handler_name               (str | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.inner","title":"inner  instance-attribute","text":"
inner: SBBreakpoint | SBWatchpoint = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.proc","title":"proc  instance-attribute","text":"
proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.stop_handler_name","title":"stop_handler_name  instance-attribute","text":"
stop_handler_name: str | None = stop_handler_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.remove","title":"remove","text":"
remove() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.set_enabled","title":"set_enabled","text":"
set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__enter__","title":"__enter__","text":"
__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__exit__","title":"__exit__","text":"
__exit__(exc_type, exc_value, traceback) -> None\n
 
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable","title":"OneShotAwaitable","text":"
OneShotAwaitable(value: Any)\n
 
Used as part of the logic for the execution controller. This is an Awaitable object that yields the value passed to its constructor exactly once.
 
Methods:
 
     
  •  __await__             \u2013              
    •  
 
Attributes:
 
     
  •  value           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable.value","title":"value  instance-attribute","text":"
value = value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable.__await__","title":"__await__","text":"
__await__() -> Generator[Any, Any, Any]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue","title":"YieldContinue","text":"
YieldContinue(target: LLDBStopPoint, selected_thread: bool = False)\n
 
Continues execution of the process until the breakpoint or watchpoint given in the constructor is hit or the operation is cancelled.
 
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
 
Attributes:
 
     
  •  target               (LLDBStopPoint)           \u2013            
    •  
  •  selected_thread               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue.target","title":"target  instance-attribute","text":"
target: LLDBStopPoint = target\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue.selected_thread","title":"selected_thread  instance-attribute","text":"
selected_thread: bool = selected_thread\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldSingleStep","title":"YieldSingleStep","text":"
Moves execution of the process being debugged forward by one instruction.
 
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController","title":"LLDBExecutionController","text":"
               Bases: ExecutionController
 
Methods:
 
     
  •  single_step             \u2013              
    •  
  •  cont             \u2013              
    •  
  •  cont_selected_thread             \u2013              
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.single_step","title":"single_step","text":"
single_step() -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.cont","title":"cont","text":"
cont(target: StopPoint) -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.cont_selected_thread","title":"cont_selected_thread","text":"
cont_selected_thread(target: StopPoint) -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess","title":"LLDBProcess","text":"
LLDBProcess(\n    dbg: LLDB, process: SBProcess, target: SBTarget, is_gdb_remote: bool\n)\n
 
               Bases: Process
 
Methods:
 
     
  •  threads             \u2013              
    •  
  •  pid             \u2013              
    •  
  •  alive             \u2013              
    •  
  •  stopped_with_signal             \u2013              
    •  
  •  evaluate_expression             \u2013              
    •  
  •  get_known_pages             \u2013              
    •  
  •  vmmap             \u2013              
    •  
  •  find_largest_range_len             \u2013              
    Finds the largest memory range given a minimum and a maximum value
     
    •  
  •  read_memory             \u2013              
    •  
  •  write_memory             \u2013              
    •  
  •  find_in_memory             \u2013              
    •  
  •  is_remote             \u2013              
    •  
  •  send_remote             \u2013              
    •  
  •  send_monitor             \u2013              
    •  
  •  download_remote_file             \u2013              
    •  
  •  create_value             \u2013              
    •  
  •  symbol_name_at_address             \u2013              
    •  
  •  lookup_symbol             \u2013              
    •  
  •  types_with_name             \u2013              
    •  
  •  arch             \u2013              
    •  
  •  break_at             \u2013              
    •  
  •  trace_ret             \u2013              
    •  
  •  disasm             \u2013              
    •  
  •  is_linux             \u2013              
    •  
  •  module_section_locations             \u2013              
    •  
  •  main_module_name             \u2013              
    •  
  •  main_module_entry             \u2013              
    •  
  •  is_dynamically_linked             \u2013              
    •  
  •  dispatch_execution_controller             \u2013              
    •  
  •  runcmd             \u2013              
    •  
  •  add_symbol_file             \u2013              
    Adds a symbol file at base
     
    •  
 
Attributes:
 
     
  •  dbg           \u2013            
    •  
  •  process           \u2013            
    •  
  •  target           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.dbg","title":"dbg  instance-attribute","text":"
dbg = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.process","title":"process  instance-attribute","text":"
process = process\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.target","title":"target  instance-attribute","text":"
target = target\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.threads","title":"threads","text":"
threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.pid","title":"pid","text":"
pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.alive","title":"alive","text":"
alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"
stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.evaluate_expression","title":"evaluate_expression","text":"
evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.get_known_pages","title":"get_known_pages","text":"
get_known_pages() -> list[Page]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.vmmap","title":"vmmap","text":"
vmmap() -> MemoryMap\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_largest_range_len","title":"find_largest_range_len","text":"
find_largest_range_len(\n    min_search: int, max_search: int, test: Callable[[int], bool]\n) -> int\n
 
Finds the largest memory range given a minimum and a maximum value for the size of the rage. This is a binary search, so it should do on the order of log2(max_search - min_search) attempts before it arrives at an answer.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.read_memory","title":"read_memory","text":"
read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.write_memory","title":"write_memory","text":"
write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_in_memory","title":"find_in_memory","text":"
find_in_memory(\n    pattern: bytearray,\n    start: int,\n    size: int,\n    align: int,\n    max_matches: int = -1,\n    step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_remote","title":"is_remote","text":"
is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_remote","title":"send_remote","text":"
send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_monitor","title":"send_monitor","text":"
send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.download_remote_file","title":"download_remote_file","text":"
download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.create_value","title":"create_value","text":"
create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"
symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.lookup_symbol","title":"lookup_symbol","text":"
lookup_symbol(\n    name: str,\n    *,\n    prefer_static: bool = False,\n    type: SymbolLookupType = ANY,\n    objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.types_with_name","title":"types_with_name","text":"
types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.arch","title":"arch","text":"
arch() -> ArchDefinition\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.break_at","title":"break_at","text":"
break_at(\n    location: BreakpointLocation | WatchpointLocation,\n    stop_handler: Callable[[StopPoint], bool] | None = None,\n    internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.trace_ret","title":"trace_ret","text":"
trace_ret(\n    stop_handler: Callable[[], bool] | None = None, internal: bool = False\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.disasm","title":"disasm","text":"
disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_linux","title":"is_linux","text":"
is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.module_section_locations","title":"module_section_locations","text":"
module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_name","title":"main_module_name","text":"
main_module_name() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_entry","title":"main_module_entry","text":"
main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"
is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"
dispatch_execution_controller(\n    procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.runcmd","title":"runcmd","text":"
runcmd(cmd) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.add_symbol_file","title":"add_symbol_file","text":"
add_symbol_file(path, base=None)\n
 
Adds a symbol file at base
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand","title":"LLDBCommand","text":"
LLDBCommand(handler_name: str, command_name: str)\n
 
               Bases: CommandHandle
 
Methods:
 
     
  •  remove             \u2013              
    Removes this command from the command palette of the debugger.
     
    •  
 
Attributes:
 
     
  •  handler_name           \u2013            
    •  
  •  command_name           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.handler_name","title":"handler_name  instance-attribute","text":"
handler_name = handler_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.command_name","title":"command_name  instance-attribute","text":"
command_name = command_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.remove","title":"remove","text":"
remove() -> None\n
 
Removes this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBPythonState","title":"LLDBPythonState","text":"
               Bases: Enum
 
State of LLDB Python execution.
 
Unlike in pwndbg-gdb, in pwndbg-lldb the responsibility of driving execution of Python code forward is shared between Pwndbg and LLDB. Knowing which one is in charge is crucial to the correct functioning of the Pwndbg REPL.
 
This class defines the different kinds of states we can be in.
 
Attributes:
 
     
  •  PWNDBG           \u2013            
    Pwndbg is driving execution of Python code
     
    •  
  •  LLDB_COMMAND_HANDLER           \u2013            
    Python code is executing from inside an LLDB command handler
     
    •  
  •  LLDB_STOP_HANDLER           \u2013            
    Python code is executing from an LLDB breakpoint/watchpoint hook handler
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBPythonState.PWNDBG","title":"PWNDBG  class-attribute instance-attribute","text":"
PWNDBG = 1\n
 
Pwndbg is driving execution of Python code
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBPythonState.LLDB_COMMAND_HANDLER","title":"LLDB_COMMAND_HANDLER  class-attribute instance-attribute","text":"
LLDB_COMMAND_HANDLER = 0\n
 
Python code is executing from inside an LLDB command handler
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBPythonState.LLDB_STOP_HANDLER","title":"LLDB_STOP_HANDLER  class-attribute instance-attribute","text":"
LLDB_STOP_HANDLER = 2\n
 
Python code is executing from an LLDB breakpoint/watchpoint hook handler
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB","title":"LLDB","text":"
               Bases: Debugger
 
Methods:
 
     
  •  setup             \u2013              
    •  
  •  relay_exceptions             \u2013              
    Relay an exception raised during an LLDB command handler.
     
    •  
  •  add_command             \u2013              
    •  
  •  history             \u2013              
    •  
  •  commands             \u2013              
    •  
  •  lex_args             \u2013              
    •  
  •  selected_inferior             \u2013              
    •  
  •  selected_thread             \u2013              
    •  
  •  selected_frame             \u2013              
    •  
  •  has_event_type             \u2013              
    •  
  •  event_handler             \u2013              
    •  
  •  ctx_suspend_once             \u2013              
    •  
  •  suspend_events             \u2013              
    •  
  •  resume_events             \u2013              
    •  
  •  set_sysroot             \u2013              
    •  
  •  supports_breakpoint_creation_during_stop_handler             \u2013              
    •  
  •  breakpoint_locations             \u2013              
    •  
  •  name             \u2013              
    •  
  •  x86_disassembly_flavor             \u2013              
    •  
  •  string_limit             \u2013              
    •  
  •  get_cmd_window_size             \u2013              
    •  
  •  is_gdblib_available             \u2013              
    •  
  •  addrsz             \u2013              
    •  
  •  set_python_diagnostics             \u2013              
    •  
  •  ctx_suspend_events             \u2013              
    Context manager for temporarily suspending and resuming the delivery of events
     
    •  
 
Attributes:
 
     
  •  exec_states               (list[SBExecutionState])           \u2013            
    •  
  •  event_handlers               (dict[EventType, list[Callable[..., T]]])           \u2013            
    •  
  •  suspended_events               (dict[EventType, bool])           \u2013            
    •  
  •  prompt_hook               (Callable[[], None])           \u2013            
    •  
  •  controllers               (list[tuple[LLDBProcess, Coroutine[Any, Any, None]]])           \u2013            
    •  
  •  lldb_python_state_callback               (Callable[[LLDBPythonState], None])           \u2013            
    Callback to the REPL, used to notify it of LLDB driving Python code
     
    •  
  •  should_suspend_ctx               (bool)           \u2013            
    •  
  •  pre_ctx_lines               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.exec_states","title":"exec_states  instance-attribute","text":"
exec_states: list[SBExecutionState]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handlers","title":"event_handlers  instance-attribute","text":"
event_handlers: dict[EventType, list[Callable[..., T]]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspended_events","title":"suspended_events  instance-attribute","text":"
suspended_events: dict[EventType, bool]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.prompt_hook","title":"prompt_hook  instance-attribute","text":"
prompt_hook: Callable[[], None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.controllers","title":"controllers  instance-attribute","text":"
controllers: list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.lldb_python_state_callback","title":"lldb_python_state_callback  instance-attribute","text":"
lldb_python_state_callback: Callable[[LLDBPythonState], None]\n
 
Callback to the REPL, used to notify it of LLDB driving Python code
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.should_suspend_ctx","title":"should_suspend_ctx  instance-attribute","text":"
should_suspend_ctx: bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.pre_ctx_lines","title":"pre_ctx_lines  property","text":"
pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.setup","title":"setup","text":"
setup(*args, **kwargs)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.relay_exceptions","title":"relay_exceptions","text":"
relay_exceptions() -> None\n
 
Relay an exception raised during an LLDB command handler.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.add_command","title":"add_command","text":"
add_command(\n    command_name: str,\n    handler: Callable[[Debugger, str, bool], None],\n    doc: str | None,\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.history","title":"history","text":"
history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.commands","title":"commands","text":"
commands() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.lex_args","title":"lex_args","text":"
lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_inferior","title":"selected_inferior","text":"
selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_thread","title":"selected_thread","text":"
selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_frame","title":"selected_frame","text":"
selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.has_event_type","title":"has_event_type","text":"
has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handler","title":"event_handler","text":"
event_handler(\n    ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.ctx_suspend_once","title":"ctx_suspend_once","text":"
ctx_suspend_once()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspend_events","title":"suspend_events","text":"
suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.resume_events","title":"resume_events","text":"
resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_sysroot","title":"set_sysroot","text":"
set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"
supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.breakpoint_locations","title":"breakpoint_locations","text":"
breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.name","title":"name","text":"
name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"
x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.string_limit","title":"string_limit","text":"
string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.get_cmd_window_size","title":"get_cmd_window_size","text":"
get_cmd_window_size() -> tuple[int, int]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.is_gdblib_available","title":"is_gdblib_available","text":"
is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.addrsz","title":"addrsz","text":"
addrsz(address: Any) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_python_diagnostics","title":"set_python_diagnostics","text":"
set_python_diagnostics(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.ctx_suspend_events","title":"ctx_suspend_events","text":"
ctx_suspend_events(ty: EventType) -> Iterator[None]\n
 
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.rename_register","title":"rename_register","text":"
rename_register(name: str, proc: LLDBProcess) -> str\n
 
Some register names differ between Pwndbg/GDB and LLDB. This function takes in a register name in the Pwndbg/GDB convention and returns the equivalent LLDB name for the register.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.map_type_code","title":"map_type_code","text":"
map_type_code(type: SBType) -> TypeCode\n
 
Determines the type code of a given LLDB SBType.
"},{"location":"reference/pwndbg/dbg/lldb/hooks/","title":"hooks","text":""},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks","title":"hooks","text":"
Code that sets up hooks for LLDB events.
 
Functions:
 
     
  •  update_typeinfo             \u2013              
    •  
  •  reset_config             \u2013              
    •  
  •  on_start             \u2013              
    •  
  •  on_stop             \u2013              
    •  
  •  on_exit             \u2013              
    •  
  •  renew_show_context             \u2013              
    •  
  •  prompt_hook             \u2013              
    •  
 
Attributes:
 
     
  •  should_show_context           \u2013            
    •  
  •  dbg               (LLDB)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.should_show_context","title":"should_show_context  module-attribute","text":"
should_show_context = False\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.dbg","title":"dbg  module-attribute","text":"
dbg: LLDB = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.update_typeinfo","title":"update_typeinfo","text":"
update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.reset_config","title":"reset_config","text":"
reset_config() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_start","title":"on_start","text":"
on_start() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_stop","title":"on_stop","text":"
on_stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_exit","title":"on_exit","text":"
on_exit() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.renew_show_context","title":"renew_show_context","text":"
renew_show_context()\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.prompt_hook","title":"prompt_hook","text":"
prompt_hook()\n
"},{"location":"reference/pwndbg/dbg/lldb/pset/","title":"pset","text":""},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset","title":"pset","text":"
Classes:
 
     
  •  InvalidParse           \u2013            
    •  
 
Functions:
 
     
  •  pget             \u2013              
    Retrieves a parameter with a given name.
     
    •  
  •  pset             \u2013              
    Parses and sets a Pwndbg configuration value.
     
    •  
  •  parse_value             \u2013              
    •  
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.InvalidParse","title":"InvalidParse","text":"
               Bases: Exception
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.pget","title":"pget","text":"
pget(name: str) -> Parameter | None\n
 
Retrieves a parameter with a given name.
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.pset","title":"pset","text":"
pset(param: Parameter, value: str)\n
 
Parses and sets a Pwndbg configuration value.
 
Raises InvalidParse if the value is not valid.
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.parse_value","title":"parse_value","text":"
parse_value(param: Parameter, expression: str) -> Any\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/","title":"repl","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl","title":"repl","text":"
The Pwndbg REPL that is the interface to all debugging on LLDB.
 
Pwndbg has an event system that allows it to react to events in the process being debugged, such as when new executable modules get added to the its address space, when the value of memory and registers change, and pretty much all possible changes to its execution state. We'd like to have the event system work the same way under LLDB as it does under GDB.
 
Fortunately for us, the events types that are native to LLDB map really well to the event types in GDB and Pwndbg. Very, very unfortunately for us, however, that's basically where our luck ends.
 
LLDB, as of version 18, only provides two ways to capture events: registering directly with the broadcaster, or registering globally. The former is not available to us in the standard LLDB REPL, as we don't get access to the process object until after it's been launched1. Likewise for the latter, as the interactive debugger will register to receive the global process state change events before everyone else, and LLDB doesn't allow for multiple listeners for the same event bits in the same event class2.
 
This leaves us with handling process management ourselves as the only option we really have to implement event dispatch in Pwndbg. Easy, right? We can just hijack the commands that deal with target and process creation, and leave everything else untouched. Unfortunately for us, again, shadowing builtin commands is simply not allowed3.
 
So, really, all that's left for us is either implement our own REPL, or get rid of the event system.
 
Modules:
 
     
  •  fuzzy           \u2013            
    •  
  •  io           \u2013            
    For our REPL, we need to drive our own I/O with the process being debugged. This
     
    •  
  •  proc           \u2013            
    •  
  •  readline           \u2013            
    Readline interface for the Pwndbg LLDB REPL.
     
    •  
 
Classes:
 
     
  •  UserCancelledError           \u2013            
    Internal cancellation exception used by the LLDB CLI.
     
    •  
  •  EventRelay           \u2013            
    The event system that is sensible for the REPL process driver to use isn't
     
    •  
  •  YieldExecDirect           \u2013            
    Execute the given command directly, on behalf of the user.
     
    •  
  •  YieldInteractive           \u2013            
    Prompt the user for the next command.
     
    •  
  •  PwndbgController           \u2013            
    Class providing interfaces for a client to control the behavior of Pwndbg
     
    •  
  •  AutoTarget           \u2013            
    During the execution of some commands, the LLDB CLI automatically creates an
     
    •  
 
Functions:
 
     
  •  print_error             \u2013              
    Print an error message in the style of the LLDB CLI.
     
    •  
  •  print_warn             \u2013              
    Print a warning message in the style of the LLDB CLI.
     
    •  
  •  print_hint             \u2013              
    Print a hint message in the style of the LLDB CLI.
     
    •  
  •  print_info             \u2013              
    Print an information message in the style of the LLDB CLI.
     
    •  
  •  lex_args             \u2013              
    Splits the arguments, respecting quotation marks.
     
    •  
  •  show_greeting             \u2013              
    Show the Pwndbg greeting, the same way the GDB version of Pwndbg would. This
     
    •  
  •  run             \u2013              
    Runs the Pwndbg CLI through the given asynchronous controller.
     
    •  
  •  exec_repl_command             \u2013              
    Parses and runs the given command, returning whether the event loop should continue.
     
    •  
  •  parse             \u2013              
    Parses a list of string arguments into an object containing the parsed
     
    •  
  •  run_ipython_shell             \u2013              
    •  
  •  target_create             \u2013              
    Creates a new target, registers it with the Pwndbg LLDB implementation, and
     
    •  
  •  process_launch             \u2013              
    Launches a process with the given arguments.
     
    •  
  •  process_attach             \u2013              
    Attaches to a process with the given arguments.
     
    •  
  •  attach             \u2013              
    Attaches to a process with the given name or pid based on regex match.
     
    •  
  •  process_connect             \u2013              
    Connects to the given remote process.
     
    •  
  •  gdb_remote             \u2013              
    Like process_connect, but more lenient with the remote URL format.
     
    •  
  •  continue_process             \u2013              
    Continues the execution of a process.
     
    •  
 
Attributes:
 
     
  •  HAS_FZF           \u2013            
    •  
  •  show_tip           \u2013            
    •  
  •  LLDB_EXCLUSIVE           \u2013            
    •  
  •  target_create_ap           \u2013            
    •  
  •  target_create_unsupported           \u2013            
    •  
  •  process_launch_ap           \u2013            
    •  
  •  process_launch_unsupported           \u2013            
    •  
  •  process_attach_ap           \u2013            
    •  
  •  process_attach_unsupported           \u2013            
    •  
  •  process_connect_ap           \u2013            
    •  
  •  gdb_remote_ap           \u2013            
    •  
  •  continue_ap           \u2013            
    •  
  •  continue_unsupported           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.HAS_FZF","title":"HAS_FZF  module-attribute","text":"
HAS_FZF = which('fzf') is not None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.show_tip","title":"show_tip  module-attribute","text":"
show_tip = add_param(\n    \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.LLDB_EXCLUSIVE","title":"LLDB_EXCLUSIVE  module-attribute","text":"
LLDB_EXCLUSIVE = [\n    (\"script\", lambda cmd: startswith(\"sc\") and startswith(cmd)),\n    (\"expression\", lambda cmd: startswith(\"e\") and startswith(cmd)),\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_ap","title":"target_create_ap  module-attribute","text":"
target_create_ap = ArgumentParser(add_help=False, prog='target create')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_unsupported","title":"target_create_unsupported  module-attribute","text":"
target_create_unsupported = [\n    \"build\",\n    \"core\",\n    \"no-dependents\",\n    \"remote-file\",\n    \"symfile\",\n    \"version\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_ap","title":"process_launch_ap  module-attribute","text":"
process_launch_ap = ArgumentParser(add_help=False, prog='process launch')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_unsupported","title":"process_launch_unsupported  module-attribute","text":"
process_launch_unsupported = [\n    \"script-class\",\n    \"plugin\",\n    \"arch\",\n    \"shell\",\n    \"stderr\",\n    \"stdin\",\n    \"structured-data-key\",\n    \"no-stdio\",\n    \"stdout\",\n    \"tty\",\n    \"structured-data-value\",\n    \"working-dir\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_ap","title":"process_attach_ap  module-attribute","text":"
process_attach_ap = ArgumentParser(add_help=False, prog='process attach')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_unsupported","title":"process_attach_unsupported  module-attribute","text":"
process_attach_unsupported = [\n    \"python-class\",\n    \"plugin\",\n    \"structured-data-key\",\n    \"structured-data-value\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect_ap","title":"process_connect_ap  module-attribute","text":"
process_connect_ap = ArgumentParser(add_help=False, prog='process connect')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote_ap","title":"gdb_remote_ap  module-attribute","text":"
gdb_remote_ap = ArgumentParser(add_help=False, prog='gdb-remote')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_ap","title":"continue_ap  module-attribute","text":"
continue_ap = ArgumentParser(add_help=False, prog='continue')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_unsupported","title":"continue_unsupported  module-attribute","text":"
continue_unsupported = ['ignore-count']\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.UserCancelledError","title":"UserCancelledError","text":"
               Bases: CancelledError
 
Internal cancellation exception used by the LLDB CLI.
 
Sometimes, it's necessary to cancel both commands and subroutines mid-execution. This is an internal exception type that is used in these conditions.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay","title":"EventRelay","text":"
EventRelay(dbg: LLDB)\n
 
               Bases: EventHandler
 
The event system that is sensible for the REPL process driver to use isn't an exact match with the one used by the rest of Pwndbg. They're close, but there's a bit of work we have to do to properly convey certain events.
 
Methods:
 
     
  •  created             \u2013              
    •  
  •  suspended             \u2013              
    •  
  •  resumed             \u2013              
    •  
  •  exited             \u2013              
    •  
  •  modules_loaded             \u2013              
    •  
 
Attributes:
 
     
  •  dbg           \u2013            
    •  
  •  ignore_resumed           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.dbg","title":"dbg  instance-attribute","text":"
dbg = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.ignore_resumed","title":"ignore_resumed  instance-attribute","text":"
ignore_resumed = 0\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.created","title":"created","text":"
created()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.suspended","title":"suspended","text":"
suspended(event: SBEvent)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.resumed","title":"resumed","text":"
resumed()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.exited","title":"exited","text":"
exited()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.modules_loaded","title":"modules_loaded","text":"
modules_loaded()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldExecDirect","title":"YieldExecDirect","text":"
YieldExecDirect(command: str, capture: bool, prompt_silent: bool)\n
 
Execute the given command directly, on behalf of the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldInteractive","title":"YieldInteractive","text":"
Prompt the user for the next command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController","title":"PwndbgController","text":"
Class providing interfaces for a client to control the behavior of Pwndbg asynchronously.
 
Methods:
 
     
  •  interactive             \u2013              
    Runs a single interactive round, in which the user is prompted for a
     
    •  
  •  execute             \u2013              
    Runs the given command, and displays its output to the user.
     
    •  
  •  execute_and_capture             \u2013              
    Runs the given command, and captures its output as a byte string.
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.interactive","title":"interactive","text":"
interactive() -> Awaitable[None]\n
 
Runs a single interactive round, in which the user is prompted for a command from standard input and readline, and whatever command they type in is executed.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute","title":"execute","text":"
execute(command: str) -> Awaitable[None]\n
 
Runs the given command, and displays its output to the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute--interactivity","title":"Interactivity","text":"
Some commands - such as lldb and ipi - start interactive prompts when they are run, and issuing them through this command will not change that behavior.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture","title":"execute_and_capture","text":"
execute_and_capture(command: str) -> Awaitable[bytes]\n
 
Runs the given command, and captures its output as a byte string.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--interactivity","title":"Interactivity","text":"
Same caveats apply as in execute.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--reliabily-of-capture","title":"Reliabily of Capture","text":"
Some Pwndbg commands currently do not have their outputs captured, even when run through this command. It is expected that this will be improved in the future, but, as as general rule, clients should not rely on the output of the command being available.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget","title":"AutoTarget","text":"
AutoTarget(dbg: LLDB)\n
 
During the execution of some commands, the LLDB CLI automatically creates an empty target and selects it before the command is executed.
 
Methods:
 
     
  •  __bool__             \u2013              
    •  
  •  close             \u2013              
    •  
 
Attributes:
 
     
  •  error           \u2013            
    •  
  •  target           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.error","title":"error  instance-attribute","text":"
error = SBError()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.target","title":"target  instance-attribute","text":"
target = CreateTarget(None, None, None, True, error)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.__bool__","title":"__bool__","text":"
__bool__()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.close","title":"close","text":"
close()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_error","title":"print_error","text":"
print_error(msg: str, *args)\n
 
Print an error message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_warn","title":"print_warn","text":"
print_warn(msg: str, *args)\n
 
Print a warning message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_hint","title":"print_hint","text":"
print_hint(msg: str, *args)\n
 
Print a hint message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_info","title":"print_info","text":"
print_info(msg: str, *args)\n
 
Print an information message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.lex_args","title":"lex_args","text":"
lex_args(args: str) -> list[str]\n
 
Splits the arguments, respecting quotation marks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.show_greeting","title":"show_greeting","text":"
show_greeting() -> None\n
 
Show the Pwndbg greeting, the same way the GDB version of Pwndbg would. This one is considerably simpler than the GDB version, however, as we control the lifetime of the program, we know exactly when the greeting needs to be shown, so we don't bother with any of the lifetime checks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run","title":"run","text":"
run(\n    controller: Callable[..., Coroutine[Any, Any, None]],\n    *args,\n    debug: bool = False,\n) -> None\n
 
Runs the Pwndbg CLI through the given asynchronous controller.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.exec_repl_command","title":"exec_repl_command","text":"
exec_repl_command(\n    line: str, output_to, dbg: LLDB, driver: ProcessDriver, relay: EventRelay\n) -> bool\n
 
Parses and runs the given command, returning whether the event loop should continue.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.parse","title":"parse","text":"
parse(\n    args: list[str],\n    parser: ArgumentParser,\n    unsupported: list[str],\n    raw_marker: str | None = None,\n) -> Any | None\n
 
Parses a list of string arguments into an object containing the parsed data.
 
If raw_marker is not None, the argument list will be split in two, with all arguments before the split being fed to the argument parser, and all arguments after the split being returned as-is. In this case the return value is a tuple.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run_ipython_shell","title":"run_ipython_shell","text":"
run_ipython_shell()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create","title":"target_create","text":"
target_create(args: list[str], dbg: LLDB) -> None\n
 
Creates a new target, registers it with the Pwndbg LLDB implementation, and sets up listeners for it.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch","title":"process_launch","text":"
process_launch(\n    driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
 
Launches a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach","title":"process_attach","text":"
process_attach(\n    driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
 
Attaches to a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.attach","title":"attach","text":"
attach(\n    driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
 
Attaches to a process with the given name or pid based on regex match. Used for _regexp-attach <pid|name> (alias for attach <pid|name>) Note: for some reason, attach does not really take a regex for process name.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect","title":"process_connect","text":"
process_connect(\n    driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
 
Connects to the given remote process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote","title":"gdb_remote","text":"
gdb_remote(\n    driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
 
Like process_connect, but more lenient with the remote URL format.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_process","title":"continue_process","text":"
continue_process(driver: ProcessDriver, args: list[str], dbg: LLDB) -> None\n
 
Continues the execution of a process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/","title":"fuzzy","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy","title":"fuzzy","text":"
Classes:
 
     
  •  FzfTabCompletePreviewThread           \u2013            
    A thread for previewing help docs of selected completion with fzf.
     
    •  
  •  LLDBHistory           \u2013            
    Manage your LLDB History
     
    •  
  •  LLDBCompleter           \u2013            
    Completer of LLDB
     
    •  
 
Functions:
 
     
  •  get_lldb_completes             \u2013              
    •  
  •  safe_get_help_docs             \u2013              
    •  
  •  should_get_help_docs             \u2013              
    Check if we need to get help docs for another completion that generated by same command.
     
    •  
  •  get_lldb_completion_and_status             \u2013              
    Return all possible completions and whether we need to get help docs for all completions.
     
    •  
  •  create_fzf_process             \u2013              
    Create a fzf process with given query and preview command.
     
    •  
  •  create_preview_fifos             \u2013              
    Create a temporary directory and two FIFOs in it, return the paths of these FIFOs.
     
    •  
  •  fzf_reverse_search             \u2013              
    Reverse search history with fzf.
     
    •  
  •  fzf_tab_autocomplete             \u2013              
    Tab autocomplete with fzf.
     
    •  
  •  wrap_with_history             \u2013              
    •  
  •  get_prompt_session             \u2013              
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  PROMPT           \u2013            
    •  
  •  HISTORY_FILE           \u2013            
    •  
  •  FZF_RUN_CMD           \u2013            
    •  
  •  FZF_PRVIEW_WINDOW_ARGS           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.PROMPT","title":"PROMPT  module-attribute","text":"
PROMPT = ANSI('\\x1b[34mpwndbg-lldb>\\x1b[0m ')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.HISTORY_FILE","title":"HISTORY_FILE  module-attribute","text":"
HISTORY_FILE = expanduser('~/.pwndbg_history')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FZF_RUN_CMD","title":"FZF_RUN_CMD  module-attribute","text":"
FZF_RUN_CMD = (\n    \"fzf\",\n    \"--select-1\",\n    \"--exit-0\",\n    \"--tiebreak=index\",\n    \"--no-multi\",\n    \"--height=40%\",\n    \"--layout=reverse\",\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FZF_PRVIEW_WINDOW_ARGS","title":"FZF_PRVIEW_WINDOW_ARGS  module-attribute","text":"
FZF_PRVIEW_WINDOW_ARGS = ('--preview-window', 'right:55%:wrap')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread","title":"FzfTabCompletePreviewThread","text":"
FzfTabCompletePreviewThread(\n    fifo_input_path: str,\n    fifo_output_path: str,\n    completion_help_docs: dict[int, str],\n    **kwargs,\n)\n
 
               Bases: Thread
 
A thread for previewing help docs of selected completion with fzf.
 
This is modified from: https://github.com/infokiller/config-public/blob/master/.config/ipython/profile_default/startup/ext/fzf_history.py#L72
 
Methods:
 
     
  •  run             \u2013              
    •  
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  fifo_input_path           \u2013            
    •  
  •  fifo_output_path           \u2013            
    •  
  •  completion_help_docs           \u2013            
    •  
  •  is_done           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.fifo_input_path","title":"fifo_input_path  instance-attribute","text":"
fifo_input_path = fifo_input_path\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.fifo_output_path","title":"fifo_output_path  instance-attribute","text":"
fifo_output_path = fifo_output_path\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.completion_help_docs","title":"completion_help_docs  instance-attribute","text":"
completion_help_docs = completion_help_docs\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.is_done","title":"is_done  instance-attribute","text":"
is_done = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.run","title":"run","text":"
run() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.FzfTabCompletePreviewThread.stop","title":"stop","text":"
stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBHistory","title":"LLDBHistory","text":"
LLDBHistory(filename: str, ignore_duplicates: bool = False)\n
 
               Bases: FileHistory
 
Manage your LLDB History
 
Methods:
 
     
  •  load_history_strings             \u2013              
    •  
  •  store_string             \u2013              
    •  
 
Attributes:
 
     
  •  ignore_duplicates           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBHistory.ignore_duplicates","title":"ignore_duplicates  instance-attribute","text":"
ignore_duplicates = ignore_duplicates\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBHistory.load_history_strings","title":"load_history_strings","text":"
load_history_strings() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBHistory.store_string","title":"store_string","text":"
store_string(string: str) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBCompleter","title":"LLDBCompleter","text":"
LLDBCompleter(dbg)\n
 
               Bases: Completer
 
Completer of LLDB
 
Methods:
 
     
  •  get_completions             \u2013              
    •  
 
Attributes:
 
     
  •  dbg           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBCompleter.dbg","title":"dbg  instance-attribute","text":"
dbg = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.LLDBCompleter.get_completions","title":"get_completions","text":"
get_completions(\n    document: Document, complete_event: CompleteEvent\n) -> Iterator[Completion]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.get_lldb_completes","title":"get_lldb_completes","text":"
get_lldb_completes(dbg: LLDB, query: str = '') -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.safe_get_help_docs","title":"safe_get_help_docs","text":"
safe_get_help_docs(dbg: LLDB, command: str) -> str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.should_get_help_docs","title":"should_get_help_docs","text":"
should_get_help_docs(dbg: LLDB, completion: str) -> bool\n
 
Check if we need to get help docs for another completion that generated by same command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.get_lldb_completion_and_status","title":"get_lldb_completion_and_status","text":"
get_lldb_completion_and_status(dbg: LLDB, query: str) -> tuple[list[str], bool]\n
 
Return all possible completions and whether we need to get help docs for all completions.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.create_fzf_process","title":"create_fzf_process","text":"
create_fzf_process(\n    query: str, preview: str = \"\", pre_cmd: str = \"\"\n) -> Popen[str]\n
 
Create a fzf process with given query and preview command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.create_preview_fifos","title":"create_preview_fifos","text":"
create_preview_fifos() -> tuple[str, str]\n
 
Create a temporary directory and two FIFOs in it, return the paths of these FIFOs.
 
This is modified from: https://github.com/infokiller/config-public/blob/652b4638a0a0ffed9743fa9e0ad2a8d4e4e90572/.config/ipython/profile_default/startup/ext/fzf_history.py#L128
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.fzf_reverse_search","title":"fzf_reverse_search","text":"
fzf_reverse_search(event: KeyPressEvent) -> None\n
 
Reverse search history with fzf.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.fzf_tab_autocomplete","title":"fzf_tab_autocomplete","text":"
fzf_tab_autocomplete(\n    event: KeyPressEvent, dbg: LLDB, preview: str, fifo_in: str, fifo_out: str\n) -> None\n
 
Tab autocomplete with fzf.
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.wrap_with_history","title":"wrap_with_history","text":"
wrap_with_history(function: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/fuzzy/#pwndbg.dbg.lldb.repl.fuzzy.get_prompt_session","title":"get_prompt_session","text":"
get_prompt_session(dbg)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/","title":"io","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io","title":"io","text":"
For our REPL, we need to drive our own I/O with the process being debugged. This module contains all the strategies we have for doing that.
 
Classes:
 
     
  •  OpportunisticTerminalControl           \u2013            
    Handles optional terminal control for a given file descriptor. Crucially,
     
    •  
  •  IODriver           \u2013            
    •  
  •  IODriverPlainText           \u2013            
    Plaintext-based I/O driver. It simply copies input from our standard input
     
    •  
  •  IODriverPseudoTerminal           \u2013            
    pty-based I/O driver. Forwards input from standard input and has support for
     
    •  
 
Functions:
 
     
  •  get_io_driver             \u2013              
    Instances a new IODriver using the best strategy available in the current
     
    •  
  •  make_pty             \u2013              
    We need to make a pseudo-terminal ourselves if we want the process to handle
     
    •  
 
Attributes:
 
     
  •  TERM_CONTROL_AVAILABLE           \u2013            
    •  
  •  SELECT_AVAILABLE           \u2013            
    •  
  •  PTY_AVAILABLE           \u2013            
    •  
  •  TC_LFLAG           \u2013            
    •  
  •  LIVE_PSEUDO_TERMINAL_OBJECTS           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.TERM_CONTROL_AVAILABLE","title":"TERM_CONTROL_AVAILABLE  module-attribute","text":"
TERM_CONTROL_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.SELECT_AVAILABLE","title":"SELECT_AVAILABLE  module-attribute","text":"
SELECT_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.PTY_AVAILABLE","title":"PTY_AVAILABLE  module-attribute","text":"
PTY_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.TC_LFLAG","title":"TC_LFLAG  module-attribute","text":"
TC_LFLAG = 3\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.LIVE_PSEUDO_TERMINAL_OBJECTS","title":"LIVE_PSEUDO_TERMINAL_OBJECTS  module-attribute","text":"
LIVE_PSEUDO_TERMINAL_OBJECTS = False\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl","title":"OpportunisticTerminalControl","text":"
OpportunisticTerminalControl(fd: int = -1)\n
 
Handles optional terminal control for a given file descriptor. Crucially, all the functions in this class should work regardless of whether terminal control is actually supported on not, but should do nothing in case it is not supported.
 
'/dev/tty', and use that.
 
Methods:
 
     
  •  get_line_buffering             \u2013              
    Gets the current state of line buffering for this terminal.
     
    •  
  •  set_line_buffering             \u2013              
    Enables or disables line buffering for this terminal.
     
    •  
  •  get_echo             \u2013              
    Gets the current state of echoing for this terminal.
     
    •  
  •  set_echo             \u2013              
    Enables or disables echoing for this terminal.
     
    •  
 
Attributes:
 
     
  •  fd               (int)           \u2013            
    •  
  •  supported               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.fd","title":"fd  instance-attribute","text":"
fd: int = fd\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.supported","title":"supported  instance-attribute","text":"
supported: bool = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_line_buffering","title":"get_line_buffering","text":"
get_line_buffering() -> bool\n
 
Gets the current state of line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_line_buffering","title":"set_line_buffering","text":"
set_line_buffering(enabled: bool) -> None\n
 
Enables or disables line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_echo","title":"get_echo","text":"
get_echo() -> bool\n
 
Gets the current state of echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_echo","title":"set_echo","text":"
set_echo(enabled: bool) -> None\n
 
Enables or disables echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver","title":"IODriver","text":"
Methods:
 
     
  •  stdio             \u2013              
    The names for the stdin, stdout and stderr files, respectively. These
     
    •  
  •  start             \u2013              
    Starts the handling of I/O by this driver on the given process.
     
    •  
  •  stop             \u2013              
    Stops the handling of I/O by this driver.
     
    •  
  •  on_output_event             \u2013              
    Hints that there might be data in either the standard output or the
     
    •  
  •  on_process_start             \u2013              
    Allow the I/O driver an opportunity to change aspects of the process
     
    •  
  •  close             \u2013              
    Terminate this driver and release all resources associated with it.
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.stdio","title":"stdio","text":"
stdio() -> tuple[str | None, str | None, str | None]\n
 
The names for the stdin, stdout and stderr files, respectively. These will get passed as arguments to SBTarget.Launch
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.start","title":"start","text":"
start(process: Process) -> None\n
 
Starts the handling of I/O by this driver on the given process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.stop","title":"stop","text":"
stop() -> None\n
 
Stops the handling of I/O by this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_output_event","title":"on_output_event","text":"
on_output_event() -> None\n
 
Hints that there might be data in either the standard output or the standard error streams. This should be called when an eBroadcastBitSTDOUT or eBroadcastBitSTDERR is encountered by the event loop.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_process_start","title":"on_process_start","text":"
on_process_start(proc: SBProcess) -> None\n
 
Allow the I/O driver an opportunity to change aspects of the process after it has been launched, but before it has started executing, if it so wishes.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.close","title":"close","text":"
close() -> None\n
 
Terminate this driver and release all resources associated with it.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText","title":"IODriverPlainText","text":"
IODriverPlainText()\n
 
               Bases: IODriver
 
Plaintext-based I/O driver. It simply copies input from our standard input to the standard input of a given process, and copies output from the standard output of a given process to out standard output.
 
Methods:
 
     
  •  stdio             \u2013              
    •  
  •  on_output_event             \u2013              
    •  
  •  on_process_start             \u2013              
    •  
  •  start             \u2013              
    •  
  •  stop             \u2013              
    •  
  •  close             \u2013              
    •  
 
Attributes:
 
     
  •  likely_output               (BoundedSemaphore)           \u2013            
    •  
  •  process               (SBProcess)           \u2013            
    •  
  •  stop_requested               (Event)           \u2013            
    •  
  •  start_requested               (Semaphore)           \u2013            
    •  
  •  stop_fulfilled               (Semaphore)           \u2013            
    •  
  •  in_thr               (Thread)           \u2013            
    •  
  •  out_thr               (Thread)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.likely_output","title":"likely_output  instance-attribute","text":"
likely_output: BoundedSemaphore = BoundedSemaphore(1)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.process","title":"process  instance-attribute","text":"
process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop_requested","title":"stop_requested  instance-attribute","text":"
stop_requested: Event = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.start_requested","title":"start_requested  instance-attribute","text":"
start_requested: Semaphore = BoundedSemaphore(2)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop_fulfilled","title":"stop_fulfilled  instance-attribute","text":"
stop_fulfilled: Semaphore = BoundedSemaphore(2)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.in_thr","title":"in_thr  instance-attribute","text":"
in_thr: Thread = Thread(target=_handle_input)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.out_thr","title":"out_thr  instance-attribute","text":"
out_thr: Thread = Thread(target=_handle_output)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stdio","title":"stdio","text":"
stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_output_event","title":"on_output_event","text":"
on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_process_start","title":"on_process_start","text":"
on_process_start(proc: SBProcess) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.start","title":"start","text":"
start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop","title":"stop","text":"
stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.close","title":"close","text":"
close() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal","title":"IODriverPseudoTerminal","text":"
IODriverPseudoTerminal(manager: int, worker: str)\n
 
               Bases: IODriver
 
pty-based I/O driver. Forwards input from standard input and has support for terminal width and height, and for terminal-based file operations on the program being debugged.
 
Methods:
 
     
  •  stdio             \u2013              
    •  
  •  start             \u2013              
    •  
  •  stop             \u2013              
    •  
  •  on_output_event             \u2013              
    •  
  •  on_process_start             \u2013              
    •  
  •  close             \u2013              
    •  
 
Attributes:
 
     
  •  io_thread               (Thread)           \u2013            
    •  
  •  has_terminal_control               (bool)           \u2013            
    •  
  •  manager               (int)           \u2013            
    •  
  •  worker               (str)           \u2013            
    •  
  •  termcontrol               (OpportunisticTerminalControl)           \u2013            
    •  
  •  stop_requested               (Event)           \u2013            
    •  
  •  input_buffer               (bytes)           \u2013            
    •  
  •  process               (SBProcess)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.io_thread","title":"io_thread  instance-attribute","text":"
io_thread: Thread\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.has_terminal_control","title":"has_terminal_control  instance-attribute","text":"
has_terminal_control: bool\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.manager","title":"manager  instance-attribute","text":"
manager: int = manager\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.worker","title":"worker  instance-attribute","text":"
worker: str = worker\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.termcontrol","title":"termcontrol  instance-attribute","text":"
termcontrol: OpportunisticTerminalControl = OpportunisticTerminalControl()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop_requested","title":"stop_requested  instance-attribute","text":"
stop_requested: Event = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.input_buffer","title":"input_buffer  instance-attribute","text":"
input_buffer: bytes = b''\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.process","title":"process  instance-attribute","text":"
process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stdio","title":"stdio","text":"
stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.start","title":"start","text":"
start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop","title":"stop","text":"
stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_output_event","title":"on_output_event","text":"
on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_process_start","title":"on_process_start","text":"
on_process_start(proc: SBProcess) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.close","title":"close","text":"
close() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.get_io_driver","title":"get_io_driver","text":"
get_io_driver() -> IODriver\n
 
Instances a new IODriver using the best strategy available in the current system. Meaning a PTY on Unix and plain text on Windows.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.make_pty","title":"make_pty","text":"
make_pty() -> tuple[str, int] | None\n
 
We need to make a pseudo-terminal ourselves if we want the process to handle naturally for the user. Returns a tuple with the path of the worker device and the file descriptor of the manager device if successful.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/","title":"proc","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc","title":"proc","text":"
Classes:
 
     
  •  EventHandler           \u2013            
    The event types that make sense for us to track in the process driver aren't
     
    •  
  •  LaunchResult           \u2013            
    Base class for results of launch operations.
     
    •  
  •  LaunchResultSuccess           \u2013            
    Indicates that the process was fully launched or attached to.
     
    •  
  •  LaunchResultEarlyExit           \u2013            
    Indicates that the process was fully launched or attached to, but that it
     
    •  
  •  LaunchResultConnected           \u2013            
    Indicates that there has been a successful connection to a remote
     
    •  
  •  LaunchResultError           \u2013            
    Indicates that there was an error launching the process.
     
    •  
  •  ProcessDriver           \u2013            
    Drives the execution of a process, responding to its events and handling its
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler","title":"EventHandler","text":"
The event types that make sense for us to track in the process driver aren't the same as the ones in the rest of Pwndbg, so we just expose the native events in process driver, and let the rest of the REPL deal with any complexities that might arise from the translation.
 
This is mostly intended to keep the complexity of generating the START and NEW_THREAD events correctly out of the process driver.
 
Methods:
 
     
  •  created             \u2013              
    This function is called when a process is created or attached to.
     
    •  
  •  suspended             \u2013              
    This function is called when the execution of a process is suspended.
     
    •  
  •  resumed             \u2013              
    This function is called when the execution of a process is resumed.
     
    •  
  •  exited             \u2013              
    This function is called when a process terminates or is detached from.
     
    •  
  •  modules_loaded             \u2013              
    This function is called when a new modules have been loaded.
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.created","title":"created","text":"
created()\n
 
This function is called when a process is created or attached to.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.suspended","title":"suspended","text":"
suspended(cause: SBEvent)\n
 
This function is called when the execution of a process is suspended.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.resumed","title":"resumed","text":"
resumed()\n
 
This function is called when the execution of a process is resumed.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.exited","title":"exited","text":"
exited()\n
 
This function is called when a process terminates or is detached from.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.modules_loaded","title":"modules_loaded","text":"
modules_loaded()\n
 
This function is called when a new modules have been loaded.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResult","title":"LaunchResult","text":"
Base class for results of launch operations.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultSuccess","title":"LaunchResultSuccess","text":"
               Bases: LaunchResult
 
Indicates that the process was fully launched or attached to.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultEarlyExit","title":"LaunchResultEarlyExit","text":"
               Bases: LaunchResult
 
Indicates that the process was fully launched or attached to, but that it exited immediately, with no stop events.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultConnected","title":"LaunchResultConnected","text":"
               Bases: LaunchResult
 
Indicates that there has been a successful connection to a remote debugserver, but that no process is being debugged yet.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultError","title":"LaunchResultError","text":"
LaunchResultError(what: SBError, disconnected: bool)\n
 
               Bases: LaunchResult
 
Indicates that there was an error launching the process.
 
Attributes:
 
     
  •  __match_args__           \u2013            
    •  
  •  what           \u2013            
    •  
  •  disconnected           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultError.__match_args__","title":"__match_args__  class-attribute instance-attribute","text":"
__match_args__ = ('what', 'disconnected')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultError.what","title":"what  instance-attribute","text":"
what = what\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.LaunchResultError.disconnected","title":"disconnected  instance-attribute","text":"
disconnected = disconnected\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver","title":"ProcessDriver","text":"
ProcessDriver(event_handler: EventHandler, debug=False)\n
 
Drives the execution of a process, responding to its events and handling its I/O, and exposes a simple synchronous interface to the REPL interface.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver--iodriver-state-machine","title":"IODriver State Machine","text":"
Because LLDB can make Python code from Pwndbg execute while an I/O driver is active, and having the I/O driver active while Pwndbg is running leads to all sorts of fun failure modes, we want to be able to pause it temporarily.
 
We, thus, use the states described in _IODriverState to keep track of what operations may be performed on the current IODriver.
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
  •  debug_print             \u2013              
    •  
  •  has_process             \u2013              
    Whether there's an active process in this driver.
     
    •  
  •  has_connection             \u2013              
    Whether this driver's connected to a target. All drivers that have an
     
    •  
  •  interrupt             \u2013              
    Interrupts the currently running process or command.
     
    •  
  •  suspend_interrupts             \u2013              
    Sometimes it's necessary to guard against interruption by
     
    •  
  •  pause_io_if_running             \u2013              
    Pauses the handling of process I/O if it is currently running.
     
    •  
  •  resume_io_if_running             \u2013              
    Resumes the handling of process I/O if it is currently running.
     
    •  
  •  cont             \u2013              
    Continues execution of the process this object is driving, and returns
     
    •  
  •  run_lldb_command             \u2013              
    Runs the given LLDB command and ataches I/O if necessary.
     
    •  
  •  run_coroutine             \u2013              
    Runs the given coroutine and allows it to control the execution of the
     
    •  
  •  launch             \u2013              
    Launches the process and handles startup events. Always stops on first
     
    •  
  •  attach             \u2013              
    Attach to a process and handles startup events. Always stops on first
     
    •  
  •  connect             \u2013              
    Connects to a remote proces with the given URL using the plugin with the
     
    •  
 
Attributes:
 
     
  •  io               (IODriver)           \u2013            
    •  
  •  process               (SBProcess)           \u2013            
    •  
  •  listener               (SBListener)           \u2013            
    •  
  •  debug               (bool)           \u2013            
    •  
  •  eh               (EventHandler)           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.io","title":"io  instance-attribute","text":"
io: IODriver = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.process","title":"process  instance-attribute","text":"
process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.listener","title":"listener  instance-attribute","text":"
listener: SBListener = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.debug","title":"debug  instance-attribute","text":"
debug: bool = debug\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.eh","title":"eh  instance-attribute","text":"
eh: EventHandler = event_handler\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.__enter__","title":"__enter__","text":"
__enter__() -> ProcessDriver\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.__exit__","title":"__exit__","text":"
__exit__(_exc_type, _exc_val, _exc_tb) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.debug_print","title":"debug_print","text":"
debug_print(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_process","title":"has_process","text":"
has_process() -> bool\n
 
Whether there's an active process in this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_connection","title":"has_connection","text":"
has_connection() -> bool\n
 
Whether this driver's connected to a target. All drivers that have an active process also must necessarily be connected.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.interrupt","title":"interrupt","text":"
interrupt(in_lldb_command_handler: bool = False) -> None\n
 
Interrupts the currently running process or command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.suspend_interrupts","title":"suspend_interrupts","text":"
suspend_interrupts(interrupt: Callable[[], None] | None = None)\n
 
Sometimes it's necessary to guard against interruption by self.interrupt, especially when being interrupted would lead to bad process state.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.pause_io_if_running","title":"pause_io_if_running","text":"
pause_io_if_running() -> None\n
 
Pauses the handling of process I/O if it is currently running.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.resume_io_if_running","title":"resume_io_if_running","text":"
resume_io_if_running() -> None\n
 
Resumes the handling of process I/O if it is currently running.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cont","title":"cont","text":"
cont() -> None\n
 
Continues execution of the process this object is driving, and returns whenever the process stops.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_lldb_command","title":"run_lldb_command","text":"
run_lldb_command(command: str, target: BinaryIO) -> None\n
 
Runs the given LLDB command and ataches I/O if necessary.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_coroutine","title":"run_coroutine","text":"
run_coroutine(coroutine: Coroutine[Any, Any, None]) -> bool\n
 
Runs the given coroutine and allows it to control the execution of the process in this driver. Returns True if the coroutine ran to completion, and False if it was cancelled.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.launch","title":"launch","text":"
launch(\n    target: SBTarget,\n    io: IODriver,\n    env: list[str],\n    args: list[str],\n    working_dir: str | None,\n    disable_aslr: bool,\n) -> LaunchResult\n
 
Launches the process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
 
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.attach","title":"attach","text":"
attach(target: SBTarget, info: SBAttachInfo) -> LaunchResult\n
 
Attach to a process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
 
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.connect","title":"connect","text":"
connect(target: SBTarget, io: IODriver, url: str, plugin: str) -> LaunchResult\n
 
Connects to a remote proces with the given URL using the plugin with the given name. This might cause the process to launch in some implementations, or it might require a call to launch(), in implementations that require a further call to SBProcess::RemoteLaunch().
 
Fires the created() event if a process is automatically attached to or launched when a connection succeeds.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/","title":"readline","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline","title":"readline","text":"
Readline interface for the Pwndbg LLDB REPL.
 
Mostly concerns itself with argument completion.
 
Functions:
 
     
  •  complete             \u2013              
    Runs the tab autocompletion function for readline based on the values
     
    •  
  •  display_completions             \u2013              
    Display the completions found by complete in the style of LLDB.
     
    •  
  •  wrap_with_history             \u2013              
    •  
  •  ctx_with_history             \u2013              
    •  
  •  enable_readline             \u2013              
    Enables the readline functionality.
     
    •  
  •  disable_readline             \u2013              
    Disables the readline functionality.
     
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  PROMPT           \u2013            
    •  
  •  HISTORY_FILE           \u2013            
    •  
  •  complete_values           \u2013            
    •  
  •  complete_descrs           \u2013            
    •  
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.PROMPT","title":"PROMPT  module-attribute","text":"
PROMPT = readline_escape(prompt, 'pwndbg-lldb> ')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.HISTORY_FILE","title":"HISTORY_FILE  module-attribute","text":"
HISTORY_FILE = expanduser('~/.pwndbg_history')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_values","title":"complete_values  module-attribute","text":"
complete_values = SBStringList()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_descrs","title":"complete_descrs  module-attribute","text":"
complete_descrs = SBStringList()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete","title":"complete","text":"
complete(dbg: LLDB, text: str, state: int) -> str | None\n
 
Runs the tab autocompletion function for readline based on the values returned by SBCommandInterpreter.HandleCompletion.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.display_completions","title":"display_completions","text":"
display_completions(substitutions, matches, longest_match_len)\n
 
Display the completions found by complete in the style of LLDB.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.wrap_with_history","title":"wrap_with_history","text":"
wrap_with_history(function: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.ctx_with_history","title":"ctx_with_history","text":"
ctx_with_history()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.enable_readline","title":"enable_readline","text":"
enable_readline(dbg: LLDB)\n
 
Enables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.disable_readline","title":"disable_readline","text":"
disable_readline()\n
 
Disables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/util/","title":"util","text":""},{"location":"reference/pwndbg/dbg/lldb/util/#pwndbg.dbg.lldb.util","title":"util","text":"
Functions:
 
     
  •  system_decode             \u2013              
    LLDB requires Python strings in many places where it makes sense to accept
     
    •  
"},{"location":"reference/pwndbg/dbg/lldb/util/#pwndbg.dbg.lldb.util.system_decode","title":"system_decode","text":"
system_decode(b: bytes) -> str\n
 
LLDB requires Python strings in many places where it makes sense to accept bytes values. This is mostly an artifact of how Swig maps C char* to str in Python, but since Swig will refuse bytes objects, we have to figure out a way to pass this data as a regular string object, even if that's nonsensical in Python terms.
 
This function tries its best to resolve that by decoding it with the same decoder the filesystem uses, and, failing that, ASCII.
"},{"location":"reference/pwndbg/decorators/","title":"decorators","text":""},{"location":"reference/pwndbg/decorators/#pwndbg.decorators","title":"decorators","text":"
Project-wide function decorators.
 
Functions:
 
     
  •  only_after_first_prompt             \u2013              
    Decorator to prevent a function from running before the first prompt was displayed.
     
    •  
  •  suppress_errors             \u2013              
    Decorator to make a function return a fallback value when it would otherwise error.
     
    •  
 
Attributes:
 
     
  •  first_prompt           \u2013            
    •  
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  K           \u2013            
    •  
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.first_prompt","title":"first_prompt  module-attribute","text":"
first_prompt = False\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.K","title":"K  module-attribute","text":"
K = TypeVar('K')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.only_after_first_prompt","title":"only_after_first_prompt","text":"
only_after_first_prompt(\n    value_before: T | None = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\n
 
Decorator to prevent a function from running before the first prompt was displayed. The 'value_before' parameter can be used to specify the value that is returned if the function is called before the first prompt was displayed.
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.suppress_errors","title":"suppress_errors","text":"
suppress_errors(\n    fallback: K = None, should_warn: bool = True\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\n
 
Decorator to make a function return a fallback value when it would otherwise error. The 'fallback' parameter can be used to specify the fallback value. If the 'should_warn' parameter is set, a warning will be printed whenever an error is suppressed.
"},{"location":"reference/pwndbg/emu/","title":"emu","text":""},{"location":"reference/pwndbg/emu/#pwndbg.emu","title":"emu","text":"
Emulation assistance from Unicorn.
 
Modules:
 
     
  •  emulator           \u2013            
    Emulation assistance from Unicorn.
     
    •  
"},{"location":"reference/pwndbg/emu/emulator/","title":"emulator","text":""},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator","title":"emulator","text":"
Emulation assistance from Unicorn.
 
Classes:
 
     
  •  InstructionExecutedResult           \u2013            
    •  
  •  Emulator           \u2013            
    •  
 
Functions:
 
     
  •  parse_consts             \u2013              
    Unicorn \"consts\" is a python module consisting of a variable definition
     
    •  
  •  create_reg_to_const_map             \u2013              
    •  
  •  debug             \u2013              
    •  
 
Attributes:
 
     
  •  arch_to_UC               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, int])           \u2013            
    •  
  •  arch_to_UC_consts               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, dict[str, int]])           \u2013            
    •  
  •  arch_to_reg_const_map               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, dict[str, int]])           \u2013            
    •  
  •  enable_virtual_tlb           \u2013            
    •  
  •  DEBUG           \u2013            
    •  
  •  arch_to_SYSCALL           \u2013            
    •  
  •  ARM_BANNED_INSTRUCTIONS           \u2013            
    •  
  •  BANNED_INSTRUCTIONS           \u2013            
    •  
  •  blacklisted_regs           \u2013            
    e = pwndbg.emu.emulator.Emulator()
     
    •  
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_UC","title":"arch_to_UC  module-attribute","text":"
arch_to_UC: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, int] = {\n    \"i386\": UC_ARCH_X86,\n    \"x86-64\": UC_ARCH_X86,\n    \"mips\": UC_ARCH_MIPS,\n    \"sparc\": UC_ARCH_SPARC,\n    \"arm\": UC_ARCH_ARM,\n    \"armcm\": UC_ARCH_ARM,\n    \"aarch64\": UC_ARCH_ARM64,\n    \"powerpc\": UC_ARCH_PPC,\n    \"rv32\": UC_ARCH_RISCV,\n    \"rv64\": UC_ARCH_RISCV,\n    \"s390x\": UC_ARCH_S390X,\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_UC_consts","title":"arch_to_UC_consts  module-attribute","text":"
arch_to_UC_consts: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, dict[str, int]] = {\n    \"i386\": parse_consts(x86_const),\n    \"x86-64\": parse_consts(x86_const),\n    \"mips\": parse_consts(mips_const),\n    \"sparc\": parse_consts(sparc_const),\n    \"arm\": parse_consts(arm_const),\n    \"armcm\": parse_consts(arm_const),\n    \"aarch64\": parse_consts(arm64_const),\n    \"powerpc\": parse_consts(ppc_const),\n    \"rv32\": parse_consts(riscv_const),\n    \"rv64\": parse_consts(riscv_const),\n    \"s390x\": parse_consts(s390x_const),\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_reg_const_map","title":"arch_to_reg_const_map  module-attribute","text":"
arch_to_reg_const_map: dict[\n    PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, dict[str, int]\n] = {\n    \"i386\": create_reg_to_const_map(arch_to_UC_consts[\"i386\"]),\n    \"x86-64\": create_reg_to_const_map(\n        arch_to_UC_consts[\"x86-64\"],\n        {\"FSBASE\": UC_X86_REG_FS_BASE, \"GSBASE\": UC_X86_REG_GS_BASE},\n    ),\n    \"mips\": create_reg_to_const_map(arch_to_UC_consts[\"mips\"]),\n    \"sparc\": create_reg_to_const_map(arch_to_UC_consts[\"sparc\"]),\n    \"arm\": create_reg_to_const_map(arch_to_UC_consts[\"arm\"]),\n    \"armcm\": create_reg_to_const_map(arch_to_UC_consts[\"armcm\"]),\n    \"aarch64\": create_reg_to_const_map(\n        arch_to_UC_consts[\"aarch64\"], {\"CPSR\": UC_ARM64_REG_NZCV}\n    ),\n    \"powerpc\": create_reg_to_const_map(\n        arch_to_UC_consts[\"powerpc\"],\n        {\n            \"R0\": UC_PPC_REG_0,\n            \"SP\": UC_PPC_REG_1,\n            \"R2\": UC_PPC_REG_2,\n            \"R3\": UC_PPC_REG_3,\n            \"R4\": UC_PPC_REG_4,\n            \"R5\": UC_PPC_REG_5,\n            \"R6\": UC_PPC_REG_6,\n            \"R7\": UC_PPC_REG_7,\n            \"R8\": UC_PPC_REG_8,\n            \"R9\": UC_PPC_REG_9,\n            \"R10\": UC_PPC_REG_10,\n            \"R11\": UC_PPC_REG_11,\n            \"R12\": UC_PPC_REG_12,\n            \"R13\": UC_PPC_REG_13,\n            \"R14\": UC_PPC_REG_14,\n            \"R15\": UC_PPC_REG_15,\n            \"R16\": UC_PPC_REG_16,\n            \"R17\": UC_PPC_REG_17,\n            \"R18\": UC_PPC_REG_18,\n            \"R19\": UC_PPC_REG_19,\n            \"R20\": UC_PPC_REG_20,\n            \"R21\": UC_PPC_REG_21,\n            \"R22\": UC_PPC_REG_22,\n            \"R23\": UC_PPC_REG_23,\n            \"R24\": UC_PPC_REG_24,\n            \"R25\": UC_PPC_REG_25,\n            \"R26\": UC_PPC_REG_26,\n            \"R27\": UC_PPC_REG_27,\n            \"R28\": UC_PPC_REG_28,\n            \"R29\": UC_PPC_REG_29,\n            \"R30\": UC_PPC_REG_30,\n            \"R31\": UC_PPC_REG_31,\n        },\n    ),\n    \"rv32\": create_reg_to_const_map(arch_to_UC_consts[\"rv32\"]),\n    \"rv64\": create_reg_to_const_map(arch_to_UC_consts[\"rv64\"]),\n    \"s390x\": create_reg_to_const_map(arch_to_UC_consts[\"s390x\"]),\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.enable_virtual_tlb","title":"enable_virtual_tlb  module-attribute","text":"
enable_virtual_tlb = {'s390x': True, 'powerpc': True}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.DEBUG","title":"DEBUG  module-attribute","text":"
DEBUG = NO_DEBUG\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_SYSCALL","title":"arch_to_SYSCALL  module-attribute","text":"
arch_to_SYSCALL = {\n    UC_ARCH_X86: [\n        X86_INS_SYSCALL,\n        X86_INS_SYSENTER,\n        X86_INS_SYSEXIT,\n        X86_INS_SYSRET,\n        X86_INS_IRET,\n        X86_INS_IRETD,\n        X86_INS_IRETQ,\n        X86_INS_INT,\n        X86_INS_INT1,\n        X86_INS_INT3,\n    ],\n    UC_ARCH_MIPS: [MIPS_INS_SYSCALL],\n    UC_ARCH_SPARC: [SPARC_INS_T],\n    UC_ARCH_ARM: [ARM_INS_SVC],\n    UC_ARCH_ARM64: [AARCH64_INS_SVC],\n    UC_ARCH_PPC: [PPC_INS_SC],\n    UC_ARCH_RISCV: [RISCV_INS_ECALL],\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.ARM_BANNED_INSTRUCTIONS","title":"ARM_BANNED_INSTRUCTIONS  module-attribute","text":"
ARM_BANNED_INSTRUCTIONS = {\n    ARM_INS_MRC,\n    ARM_INS_MRRC,\n    ARM_INS_MRC2,\n    ARM_INS_MRRC2,\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.BANNED_INSTRUCTIONS","title":"BANNED_INSTRUCTIONS  module-attribute","text":"
BANNED_INSTRUCTIONS = {\n    \"mips\": {MIPS_INS_RDHWR, MIPS_INS_ALIAS_RDHWR},\n    \"arm\": ARM_BANNED_INSTRUCTIONS,\n    \"armcm\": ARM_BANNED_INSTRUCTIONS,\n    \"aarch64\": {AARCH64_INS_MRS},\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.blacklisted_regs","title":"blacklisted_regs  module-attribute","text":"
blacklisted_regs = ['ip', 'cs', 'ds', 'es', 'fs', 'gs', 'ss']\n
 
e = pwndbg.emu.emulator.Emulator() e.until_jump()
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult","title":"InstructionExecutedResult","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  address               (int)           \u2013            
    •  
  •  size               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult.address","title":"address  instance-attribute","text":"
address: int\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult.size","title":"size  instance-attribute","text":"
size: int\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator","title":"Emulator","text":"
Emulator()\n
 
Methods:
 
     
  •  read_register             \u2013              
    •  
  •  read_memory             \u2013              
    •  
  •  telescope             \u2013              
    •  
  •  format_telescope             \u2013              
    •  
  •  format_telescope_list             \u2013              
    •  
  •  telescope_enhance             \u2013              
    •  
  •  memory_read_string             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  update_pc             \u2013              
    •  
  •  read_thumb_bit             \u2013              
    Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
     
    •  
  •  get_uc_mode             \u2013              
    Retrieve the mode used by Unicorn for the current architecture.
     
    •  
  •  map_page             \u2013              
    •  
  •  hook_mem_invalid             \u2013              
    •  
  •  hook_intr             \u2013              
    We never want to emulate through an interrupt.  Just stop.
     
    •  
  •  get_reg_enum             \u2013              
    Returns the Unicorn Emulator enum code for the named register.
     
    •  
  •  hook_add             \u2013              
    •  
  •  hook_del             \u2013              
    •  
  •  emu_start             \u2013              
    •  
  •  emu_stop             \u2013              
    •  
  •  emulate_with_hook             \u2013              
    •  
  •  mem_read             \u2013              
    •  
  •  until_jump             \u2013              
    Emulates instructions starting at the specified address until the
     
    •  
  •  until_jump_hook_code             \u2013              
    •  
  •  until_call             \u2013              
    •  
  •  until_syscall             \u2013              
    Emulates instructions starting at the specified address until the program
     
    •  
  •  until_syscall_hook_code             \u2013              
    •  
  •  single_step             \u2013              
    Steps one instruction.
     
    •  
  •  single_step_iter             \u2013              
    •  
  •  single_step_hook_code             \u2013              
    •  
  •  dumpregs             \u2013              
    •  
  •  trace_hook             \u2013              
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  arch           \u2013            
    •  
  •  const_regs           \u2013            
    •  
  •  uc_mode           \u2013            
    •  
  •  uc           \u2013            
    •  
  •  regs               (RegisterSet)           \u2013            
    •  
  •  valid           \u2013            
    •  
  •  last_pc           \u2013            
    •  
  •  last_single_step_result           \u2013            
    •  
  •  last_step_succeeded               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.arch","title":"arch  instance-attribute","text":"
arch = name\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.const_regs","title":"const_regs  instance-attribute","text":"
const_regs = arch_to_reg_const_map[arch]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc_mode","title":"uc_mode  instance-attribute","text":"
uc_mode = get_uc_mode()\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc","title":"uc  instance-attribute","text":"
uc = Uc(arch_to_UC[arch], uc_mode)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.regs","title":"regs  instance-attribute","text":"
regs: RegisterSet = current\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.valid","title":"valid  instance-attribute","text":"
valid = True\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_pc","title":"last_pc  instance-attribute","text":"
last_pc = None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_single_step_result","title":"last_single_step_result  instance-attribute","text":"
last_single_step_result = InstructionExecutedResult(None, None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_step_succeeded","title":"last_step_succeeded  property","text":"
last_step_succeeded: bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_register","title":"read_register","text":"
read_register(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_memory","title":"read_memory","text":"
read_memory(address: int, size: int) -> bytes | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope","title":"telescope","text":"
telescope(address: int, limit: int, read_size: int = None) -> list[int]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope","title":"format_telescope","text":"
format_telescope(address: int, limit: int) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope_list","title":"format_telescope_list","text":"
format_telescope_list(\n    chain: list[int], limit: int, enhance_string_len: int = None\n) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope_enhance","title":"telescope_enhance","text":"
telescope_enhance(\n    value: int, code: bool = True, enhance_string_len: int = None\n)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.memory_read_string","title":"memory_read_string","text":"
memory_read_string(\n    address: int, max_string_len=None, max_read=None\n) -> str | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.update_pc","title":"update_pc","text":"
update_pc(pc=None) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_thumb_bit","title":"read_thumb_bit","text":"
read_thumb_bit() -> int\n
 
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
 
This reads from the emulator itself, meaning this can be read to determine a state transitions between non-Thumb and Thumb mode
 
Return None if the Thumb bit is not relevent to the current architecture
 
Mimics the read_thumb_bit function defined in aglib/arch.py
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_uc_mode","title":"get_uc_mode","text":"
get_uc_mode()\n
 
Retrieve the mode used by Unicorn for the current architecture.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.map_page","title":"map_page","text":"
map_page(page) -> bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_mem_invalid","title":"hook_mem_invalid","text":"
hook_mem_invalid(uc, access, address, size: int, value, user_data) -> bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_intr","title":"hook_intr","text":"
hook_intr(uc, intno, user_data) -> None\n
 
We never want to emulate through an interrupt.  Just stop.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_reg_enum","title":"get_reg_enum","text":"
get_reg_enum(reg: str) -> int | None\n
 
Returns the Unicorn Emulator enum code for the named register.
 
Also supports general registers like 'sp' and 'pc'.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_add","title":"hook_add","text":"
hook_add(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_del","title":"hook_del","text":"
hook_del(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_start","title":"emu_start","text":"
emu_start(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_stop","title":"emu_stop","text":"
emu_stop(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emulate_with_hook","title":"emulate_with_hook","text":"
emulate_with_hook(hook, count=512) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.mem_read","title":"mem_read","text":"
mem_read(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump","title":"until_jump","text":"
until_jump(pc: int = None)\n
 
Emulates instructions starting at the specified address until the program counter is set to an address which does not linearly follow the previously-emulated instruction.
 
Parameters:
 
     
  •  pc               (int, default:                   None )           \u2013            
    Address to start at.  If None, uses the current instruction.
     
    •  
 Return 
Returns a tuple containing the address of the jump instruction, and its target in the format (address, target).
 
If emulation is forced to stop (e.g., because of a syscall or invalid memory access) then address is the instruction which could not be emulated through, and target will be None.
 Notes 
This routine does not consider 'call $+5'
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump_hook_code","title":"until_jump_hook_code","text":"
until_jump_hook_code(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_call","title":"until_call","text":"
until_call(pc=None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall","title":"until_syscall","text":"
until_syscall(pc=None)\n
 
Emulates instructions starting at the specified address until the program counter points at a syscall instruction (int 0x80, svc, etc.).
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall_hook_code","title":"until_syscall_hook_code","text":"
until_syscall_hook_code(uc, address, size: int, user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step","title":"single_step","text":"
single_step(\n    pc=None, instruction: PwndbgInstruction | None = None\n) -> tuple[int, int]\n
 
Steps one instruction.
 
Yields:
 
     
  •  int           \u2013            
    Each iteration, yields a tuple of (address_just_executed, instruction_size).
     
    •  
  •  int           \u2013            
    Returns (None, None) upon failure to execute the instruction
     
    •  
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step_iter","title":"single_step_iter","text":"
single_step_iter(pc=None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step_hook_code","title":"single_step_hook_code","text":"
single_step_hook_code(\n    _uc, address: int, instruction_size: int, _user_data\n) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.dumpregs","title":"dumpregs","text":"
dumpregs() -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.trace_hook","title":"trace_hook","text":"
trace_hook(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.parse_consts","title":"parse_consts","text":"
parse_consts(u_consts) -> dict[str, int]\n
 
Unicorn \"consts\" is a python module consisting of a variable definition for each known entity. We repack it here as a dict for performance.
 
Maps \"UC_*\" -> integer value of the constant
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.create_reg_to_const_map","title":"create_reg_to_const_map","text":"
create_reg_to_const_map(\n    base_consts: dict[str, int], additional_mapping: dict[str, int] = None\n) -> dict[str, int]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.debug","title":"debug","text":"
debug(debug_type, fmt, args=()) -> None\n
"},{"location":"reference/pwndbg/enhance/","title":"enhance","text":""},{"location":"reference/pwndbg/enhance/#pwndbg.enhance","title":"enhance","text":"
Attempt to describe the data at a memory address as best as possible.
 
Only when the data is not a pointer.
 
Currently prints out code, integers, or strings, in a best-effort manner dependent on page permissions, the contents of the data, and any supplemental information sources (e.g. active IDA Pro connection).
 
Functions:
 
     
  •  int_str             \u2013              
    •  
  •  enhance             \u2013              
    Given the last pointer in a chain, attempt to characterize
     
    •  
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.int_str","title":"int_str","text":"
int_str(value: int) -> str\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.enhance","title":"enhance","text":"
enhance(\n    value: int,\n    code: bool = True,\n    safe_linking: bool = False,\n    attempt_dereference=True,\n    enhance_string_len: int = None,\n) -> str\n
 
Given the last pointer in a chain, attempt to characterize
 
Note that 'the last pointer in a chain' may not at all actually be a pointer.
 
Additionally, optimizations are made based on various sources of data for 'value'. For example, if it is set to RWX, we try to get information on whether it resides on the stack, or in a RW section that happens to be RWX, to determine which order to print the fields.
 
Parameters:
 
     
  •  value               (int)           \u2013            
    Value to enhance
     
    •  
  •  code               (bool, default:                   True )           \u2013            
    Hint that indicates the value may be an instruction
     
    •  
  •  safe_linking               (bool, default:                   False )           \u2013            
    Whether this chain use safe-linking
     
    •  
  •  enhance_string_len               (int, default:                   None )           \u2013            
    The length of string to display for enhancement of the last pointer
     
    •  
"},{"location":"reference/pwndbg/exception/","title":"exception","text":""},{"location":"reference/pwndbg/exception/#pwndbg.exception","title":"exception","text":"
Common exception handling.
 
Functions:
 
     
  •  print_exception             \u2013              
    •  
  •  inform_report_issue             \u2013              
    Informs user that he can report an issue.
     
    •  
  •  inform_verbose_and_debug             \u2013              
    •  
  •  handle             \u2013              
    Displays an exception to the user, optionally displaying a full traceback
     
    •  
  •  set_trace             \u2013              
    Enable sane debugging in Pwndbg by switching to the \"real\" stdio.
     
    •  
  •  update             \u2013              
    •  
 
Attributes:
 
     
  •  verbose           \u2013            
    •  
  •  debug           \u2013            
    •  
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.verbose","title":"verbose  module-attribute","text":"
verbose = add_param(\n    \"exception-verbose\",\n    False,\n    \"print a full stacktrace for exceptions raised in Pwndbg commands\",\n)\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.debug","title":"debug  module-attribute","text":"
debug = add_param(\n    \"exception-debugger\",\n    False,\n    \"whether to debug exceptions raised in Pwndbg commands\",\n)\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.print_exception","title":"print_exception","text":"
print_exception(exception_msg) -> None\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_report_issue","title":"inform_report_issue","text":"
inform_report_issue(exception_msg) -> None\n
 
Informs user that he can report an issue. The use of caching makes it reporting only once for a given exception message.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_verbose_and_debug","title":"inform_verbose_and_debug","text":"
inform_verbose_and_debug() -> None\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.handle","title":"handle","text":"
handle(name='Error')\n
 
Displays an exception to the user, optionally displaying a full traceback and spawning an interactive post-moretem debugger.
 Notes 
     
  • set exception-verbose on enables stack traces.
    •  
  • set exception-debugger on enables the post-mortem debugger.
    •  
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.set_trace","title":"set_trace","text":"
set_trace() -> None\n
 
Enable sane debugging in Pwndbg by switching to the \"real\" stdio.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.update","title":"update","text":"
update() -> None\n
"},{"location":"reference/pwndbg/gdblib/","title":"gdblib","text":""},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib","title":"gdblib","text":"
Library for handling GDB logic. Being removed in favour of aglib.
 
Modules:
 
     
  •  bpoint           \u2013            
    •  
  •  config           \u2013            
    Dynamic configuration system for pwndbg, using GDB's built-in Parameter
     
    •  
  •  events           \u2013            
    Enables callbacks into functions to be automatically invoked
     
    •  
  •  functions           \u2013            
    Put all functions defined for gdb in here.
     
    •  
  •  got           \u2013            
    Global Offset Table Tracker
     
    •  
  •  hooks           \u2013            
    •  
  •  info           \u2013            
    Runs a few useful commands which are available under \"info\".
     
    •  
  •  prompt           \u2013            
    •  
  •  ptmalloc2_tracking           \u2013            
    Heap Tracking
     
    •  
  •  scheduler           \u2013            
    •  
  •  shellcode           \u2013            
    Shellcode
     
    •  
  •  symbol           \u2013            
    Looking up addresses for function names / symbols, and
     
    •  
  •  tui           \u2013            
    •  
  •  vmmap           \u2013            
    Routines to enumerate mapped memory, and attempt to associate
     
    •  
 
Functions:
 
     
  •  load_gdblib             \u2013              
    Import all gdblib modules that need to run code on import
     
    •  
 
Attributes:
 
     
  •  regs           \u2013            
    •  
  •  __all__           \u2013            
    •  
  •  gdb_version           \u2013            
    •  
  •  msg           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.regs","title":"regs  module-attribute","text":"
regs = None\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.__all__","title":"__all__  module-attribute","text":"
__all__ = ()\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.gdb_version","title":"gdb_version  module-attribute","text":"
gdb_version = tuple(map(int, groups()))\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.msg","title":"msg  module-attribute","text":"
msg = 'Unsupported GDB version, pwndbg only support GDB12+'\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.load_gdblib","title":"load_gdblib","text":"
load_gdblib() -> None\n
 
Import all gdblib modules that need to run code on import
"},{"location":"reference/pwndbg/gdblib/bpoint/","title":"bpoint","text":""},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint","title":"bpoint","text":"
Classes:
 
     
  •  Breakpoint           \u2013            
    Breakpoint class, similar to gdb.Breakpoint, but clears the caches
     
    •  
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint","title":"Breakpoint","text":"
               Bases: Breakpoint
 
Breakpoint class, similar to gdb.Breakpoint, but clears the caches associated with the stop event before determining whether it should stop the inferior or not.
 
Unlike gdb.Breakpoint, users of this class should override should_stop(), instead of stop(), as the latter is used to do cache invalidation.
 
Methods:
 
     
  •  stop             \u2013              
    •  
  •  should_stop             \u2013              
    This function is called whenever this breakpoint is hit in the code and
     
    •  
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint.should_stop","title":"should_stop","text":"
should_stop() -> bool\n
 
This function is called whenever this breakpoint is hit in the code and its return value determines whether the inferior will be stopped.
"},{"location":"reference/pwndbg/gdblib/config/","title":"config","text":""},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config","title":"config","text":"
Dynamic configuration system for pwndbg, using GDB's built-in Parameter mechanism.
 
To create a new pwndbg configuration point, call pwndbg.config.add_param.
 
Parameters should be declared in the module in which they are primarily used, or in this module for general-purpose parameters.
 
All pwndbg Parameter types are accessible via property access on this module, for example:
 
>>> pwndbg.config.add_param('example-value', 7, 'an example')\n>>> int(pwndbg.config.example_value)\n7\n
 
Classes:
 
     
  •  Parameter           \u2013            
    •  
 
Functions:
 
     
  •  init_params             \u2013              
    •  
 
Attributes:
 
     
  •  CLASS_MAPPING           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.CLASS_MAPPING","title":"CLASS_MAPPING  module-attribute","text":"
CLASS_MAPPING = {\n    PARAM_BOOLEAN: PARAM_BOOLEAN,\n    PARAM_AUTO_BOOLEAN: PARAM_AUTO_BOOLEAN,\n    PARAM_INTEGER: PARAM_INTEGER,\n    PARAM_ZINTEGER: PARAM_ZINTEGER,\n    PARAM_UINTEGER: PARAM_UINTEGER,\n    PARAM_ZUINTEGER: PARAM_ZUINTEGER,\n    PARAM_ZUINTEGER_UNLIMITED: PARAM_ZUINTEGER_UNLIMITED,\n    PARAM_STRING: PARAM_STRING,\n    PARAM_ENUM: PARAM_ENUM,\n    PARAM_OPTIONAL_FILENAME: PARAM_OPTIONAL_FILENAME,\n}\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter","title":"Parameter","text":"
Parameter(param: Parameter)\n
 
               Bases: Parameter
 
Methods:
 
     
  •  init_super             \u2013              
    Initializes the super class for GDB >= 9
     
    •  
  •  on_change             \u2013              
    Called when the value of the pwndbg.lib.config.Parameter changes
     
    •  
  •  get_set_string             \u2013              
    Handles the GDB set <param>
     
    •  
  •  get_show_string             \u2013              
    Handles the GDB show <param>
     
    •  
 
Attributes:
 
     
  •  set_doc           \u2013            
    •  
  •  show_doc           \u2013            
    •  
  •  __doc__           \u2013            
    •  
  •  param           \u2013            
    •  
  •  value           \u2013            
    •  
  •  native_value           \u2013            
    •  
  •  native_default           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.set_doc","title":"set_doc  instance-attribute","text":"
set_doc = 'Set ' + set_show_doc + '.'\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.show_doc","title":"show_doc  instance-attribute","text":"
show_doc = 'Show ' + set_show_doc + '.'\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.__doc__","title":"__doc__  instance-attribute","text":"
__doc__ = help_docstring or None\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.param","title":"param  instance-attribute","text":"
param = param\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.value","title":"value  instance-attribute","text":"
value = value\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_value","title":"native_value  property","text":"
native_value\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_default","title":"native_default  property","text":"
native_default\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.init_super","title":"init_super","text":"
init_super(param: Parameter) -> None\n
 
Initializes the super class for GDB >= 9
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.on_change","title":"on_change","text":"
on_change(value: Any) -> None\n
 
Called when the value of the pwndbg.lib.config.Parameter changes Transfer the value to the GDB parameter to keep them in sync.
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_set_string","title":"get_set_string","text":"
get_set_string() -> str\n
 
Handles the GDB set <param>
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_show_string","title":"get_show_string","text":"
get_show_string(svalue: str) -> str\n
 
Handles the GDB show <param>
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.init_params","title":"init_params","text":"
init_params() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/","title":"events","text":""},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events","title":"events","text":"
Enables callbacks into functions to be automatically invoked when various events occur to the debuggee (e.g. STOP on SIGINT) by using a decorator.
 
Classes:
 
     
  •  StartEvent           \u2013            
    •  
  •  HandlerPriority           \u2013            
    A priority level for an event handler, ordered from highest to lowest priority.
     
    •  
 
Functions:
 
     
  •  wrap_safe_event_handler             \u2013              
    Wraps an event handler to ensure it is only executed when the event is safe.
     
    •  
  •  pause             \u2013              
    •  
  •  unpause             \u2013              
    •  
  •  connect             \u2013              
    •  
  •  exit             \u2013              
    •  
  •  cont             \u2013              
    •  
  •  new_objfile             \u2013              
    •  
  •  stop             \u2013              
    •  
  •  start             \u2013              
    •  
  •  thread             \u2013              
    •  
  •  before_prompt             \u2013              
    •  
  •  reg_changed             \u2013              
    •  
  •  mem_changed             \u2013              
    •  
  •  log_objfiles             \u2013              
    •  
  •  invoke_event             \u2013              
    •  
  •  after_reload             \u2013              
    •  
  •  on_reload             \u2013              
    •  
 
Attributes:
 
     
  •  DISABLED           \u2013            
    •  
  •  DISABLED_DEADLOCK           \u2013            
    •  
  •  ENABLED           \u2013            
    •  
  •  debug           \u2013            
    •  
  •  gdb_workaround_stop_event           \u2013            
    •  
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  queued_events               (Deque[Callable[..., Any]])           \u2013            
    •  
  •  executing_event           \u2013            
    •  
  •  workaround_thread_conn           \u2013            
    •  
  •  registered               (dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]])           \u2013            
    •  
  •  connected           \u2013            
    •  
  •  paused           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.DISABLED","title":"DISABLED  module-attribute","text":"
DISABLED = 'disabled'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.DISABLED_DEADLOCK","title":"DISABLED_DEADLOCK  module-attribute","text":"
DISABLED_DEADLOCK = 'disabled-deadlock'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.ENABLED","title":"ENABLED  module-attribute","text":"
ENABLED = 'enabled'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.debug","title":"debug  module-attribute","text":"
debug = add_param(\n    \"debug-events\", False, \"display internal event debugging info\"\n)\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.gdb_workaround_stop_event","title":"gdb_workaround_stop_event  module-attribute","text":"
gdb_workaround_stop_event = add_param('gdb-workaround-stop-event', DISABLED, \"asynchronous stop events to improve 'commands' functionality\", help_docstring=f'\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `{DISABLED}` - Disable the workaround (default).\n+ `{DISABLED_DEADLOCK}` - Disable only deadlock detection; deadlocks may still occur.\n+ `{ENABLED}` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n    ', param_class=PARAM_ENUM, enum_sequence=[DISABLED, DISABLED_DEADLOCK, ENABLED])\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.queued_events","title":"queued_events  module-attribute","text":"
queued_events: Deque[Callable[..., Any]] = deque()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.executing_event","title":"executing_event  module-attribute","text":"
executing_event = False\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.workaround_thread_conn","title":"workaround_thread_conn  module-attribute","text":"
workaround_thread_conn = None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.registered","title":"registered  module-attribute","text":"
registered: dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]] = {\n    exited: {},\n    cont: {},\n    new_objfile: {},\n    stop: {},\n    start: {},\n    new_thread: {},\n    before_prompt: {},\n    memory_changed: {},\n    register_changed: {},\n}\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connected","title":"connected  module-attribute","text":"
connected = {}\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.paused","title":"paused  module-attribute","text":"
paused = defaultdict(bool)\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent","title":"StartEvent","text":"
StartEvent()\n
 
Methods:
 
     
  •  connect             \u2013              
    •  
  •  disconnect             \u2013              
    •  
  •  on_new_objfile             \u2013              
    •  
  •  on_exited             \u2013              
    •  
  •  on_stop             \u2013              
    •  
 
Attributes:
 
     
  •  registered               (list[Callable[..., Any]])           \u2013            
    •  
  •  running           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.registered","title":"registered  instance-attribute","text":"
registered: list[Callable[..., Any]] = []\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.running","title":"running  instance-attribute","text":"
running = False\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.connect","title":"connect","text":"
connect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.disconnect","title":"disconnect","text":"
disconnect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_new_objfile","title":"on_new_objfile","text":"
on_new_objfile() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_exited","title":"on_exited","text":"
on_exited() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_stop","title":"on_stop","text":"
on_stop() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority","title":"HandlerPriority","text":"
               Bases: Enum
 
A priority level for an event handler, ordered from highest to lowest priority.
 
Attributes:
 
     
  •  CACHE_CLEAR           \u2013            
    •  
  •  LOW           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority.CACHE_CLEAR","title":"CACHE_CLEAR  class-attribute instance-attribute","text":"
CACHE_CLEAR = auto()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority.LOW","title":"LOW  class-attribute instance-attribute","text":"
LOW = auto()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.wrap_safe_event_handler","title":"wrap_safe_event_handler","text":"
wrap_safe_event_handler(\n    event_handler: Callable[P, T], event_type: Any\n) -> Callable[P, T]\n
 
Wraps an event handler to ensure it is only executed when the event is safe. Invalid events are queued and executed later when safe.
 
Note: Avoid using gdb.post_event because of another bug in gdbserver where the gdb.newest_frame function may not work properly.
 
Workaround to fix bug in gdbserver (gdb.events.new_objfile): #2576 Workaround to fix bug in gdb (gdb.events.stop): #425
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.pause","title":"pause","text":"
pause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.unpause","title":"unpause","text":"
unpause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connect","title":"connect","text":"
connect(\n    func: Callable[[], T],\n    event_handler: Any,\n    name: str = \"\",\n    priority: HandlerPriority = LOW,\n) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.exit","title":"exit","text":"
exit(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.cont","title":"cont","text":"
cont(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.new_objfile","title":"new_objfile","text":"
new_objfile(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.stop","title":"stop","text":"
stop(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.start","title":"start","text":"
start(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.thread","title":"thread","text":"
thread(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.before_prompt","title":"before_prompt","text":"
before_prompt(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.reg_changed","title":"reg_changed","text":"
reg_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.mem_changed","title":"mem_changed","text":"
mem_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.log_objfiles","title":"log_objfiles","text":"
log_objfiles(ofile: NewObjFileEvent | None = None) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.invoke_event","title":"invoke_event","text":"
invoke_event(event: Any, *args: Any, **kwargs: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.after_reload","title":"after_reload","text":"
after_reload(fire_start: bool = True) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.on_reload","title":"on_reload","text":"
on_reload() -> None\n
"},{"location":"reference/pwndbg/gdblib/functions/","title":"functions","text":""},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions","title":"functions","text":"
Put all functions defined for gdb in here.
 
This file might be changed into a module in the future.
 
Functions:
 
     
  •  GdbFunction             \u2013              
    •  
  •  rebase             \u2013              
    Return address rebased onto the executable's mappings.
     
    •  
  •  base             \u2013              
    Return the base address of the first memory mapping containing the given name.
     
    •  
  •  hex2ptr             \u2013              
    Converts a hex string to a little-endian address and returns the address.
     
    •  
  •  argc             \u2013              
    Get the number of program arguments.
     
    •  
  •  argv             \u2013              
    Get the n-th program argument.
     
    •  
  •  environ             \u2013              
    Get an environment variable by name.
     
    •  
  •  envp             \u2013              
    Get the n-th environment variable.
     
    •  
  •  dbg_value_to_gdb             \u2013              
    •  
  •  fsbase             \u2013              
    Get the value of the FS segment register.
     
    •  
  •  gsbase             \u2013              
    Get the value of the GS segment register.
     
    •  
 
Attributes:
 
     
  •  functions               (list[_GdbFunction])           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.functions","title":"functions  module-attribute","text":"
functions: list[_GdbFunction] = []\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.GdbFunction","title":"GdbFunction","text":"
GdbFunction(only_when_running: bool = False) -> Callable[..., Any]\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.rebase","title":"rebase","text":"
rebase(addr: int | Value) -> int\n
 
Return address rebased onto the executable's mappings.
 
Example: 
pwndbg> p/x $rebase(0xd9020)\n$1 = 0x55555562d020\npwndbg> vmmap\n0x555555554000     0x55555556f000 r--p    1b000      0 /usr/bin/bash\n0x55555556f000     0x55555562d000 r-xp    be000  1b000 /usr/bin/bash\n0x55555562d000     0x55555565e000 r--p    31000  d9000 /usr/bin/bash\n[...]\npwndbg> p $rebase(0xd9020) == 0x555555554000 + 0xd9020\n$2 = 1\npwndbg> tele $rebase(0xd9020)\n00:0000\u2502  0x55555562d020 \u25c2\u2014 0x204900636f6c6c61 /* 'alloc' */\n01:0008\u2502  0x55555562d028 \u25c2\u2014 'have no name!'\n02:0010\u2502  0x55555562d030 \u25c2\u2014 0x65720021656d616e /* 'name!' */\n03:0018\u2502  0x55555562d038 \u25c2\u2014 'adline stdin'\n[...]\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.base","title":"base","text":"
base(name_pattern: str | Value)\n
 
Return the base address of the first memory mapping containing the given name.
 
Example: 
pwndbg> p/x $base(\"libc\")\n$4 = 0x7ffff7d4b000\npwndbg> vmmap libc\n    0x7ffff7d4a000     0x7ffff7d4b000 rw-p     1000  6e000 /usr/lib/libncursesw.so.6.5\n\u25ba   0x7ffff7d4b000     0x7ffff7d6f000 r--p    24000      0 /usr/lib/libc.so.6\n\u25ba   0x7ffff7d6f000     0x7ffff7ed6000 r-xp   167000  24000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7ed6000     0x7ffff7f2b000 r--p    55000 18b000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7f2b000     0x7ffff7f2f000 r--p     4000 1e0000 /usr/lib/libc.so.6\n\u25ba   0x7ffff7f2f000     0x7ffff7f31000 rw-p     2000 1e4000 /usr/lib/libc.so.6\n    0x7ffff7f31000     0x7ffff7f39000 rw-p     8000      0 [anon_7ffff7f31]\npwndbg> tele $base(\\\"libc\\\")+0x1337\n00:0000\u2502  0x7ffff7d4c337 \u25c2\u2014 0x80480a04214000f0\n01:0008\u2502  0x7ffff7d4c33f \u25c2\u2014 0x8040c02204452040\n02:0010\u2502  0x7ffff7d4c347 \u25c2\u2014 0x20042400000200\n03:0018\u2502  0x7ffff7d4c34f \u25c2\u2014 0x20 /* ' ' */\n[...]\n
 
Beware of accidentally matching the wrong mapping. For instance, if the loaded executable contained the string \"libc\" anywhere in it's path, it would've been returned.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.hex2ptr","title":"hex2ptr","text":"
hex2ptr(hex_string: str | Value) -> int\n
 
Converts a hex string to a little-endian address and returns the address.
 
Example: 
pwndbg> p/x $hex2ptr(\"20 74 ed f7 ff 7f\")\n$1 = 0x7ffff7ed7420\npwndbg> p/x $hex2ptr(\"2074edf7ff7f\")\n$2 = 0x7ffff7ed7420\npwndbg> distance '$base(\"libc\")' '$hex2ptr(\"20 74 ed f7 ff 7f\")'\n0x7ffff7d4b000->0x7ffff7ed7420 is 0x18c420 bytes (0x31884 words)\n
 
Especially useful for quickly converting pwntools output.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argc","title":"argc","text":"
argc() -> int\n
 
Get the number of program arguments. Evaluates to argc.
 
Example: 
pwndbg> p $argc()\n$1 = 2\npwndbg> argv\n00:0000\u2502  0x7fffffffe288 \u2014\u25b8 0x7fffffffe659 \u25c2\u2014 '/usr/bin/cat'\n01:0008\u2502  0x7fffffffe290 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 'gdbinit.py'\n02:0010\u2502  0x7fffffffe298 \u25c2\u2014 0\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argv","title":"argv","text":"
argv(index: Value) -> Value\n
 
Get the n-th program argument. Evaluate argv on the supplied value.
 
Example: 
pwndbg> p $argv(0)\n$11 = (signed char *) 0x7fffffffe666 \"/usr/bin/sh\"\npwndbg> argv\n00:0000\u2502  0x7fffffffe2a8 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 '/usr/bin/sh'\n01:0008\u2502  0x7fffffffe2b0 \u25c2\u2014 0\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.environ","title":"environ","text":"
environ(env_name: Value) -> Value\n
 
Get an environment variable by name. Evaluate getenv() on the supplied value.
 
Example: 
pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffebfb \"LANG=en_US.UTF-8\"\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.envp","title":"envp","text":"
envp(index: Value) -> Value\n
 
Get the n-th environment variable. Evaluate envp on the supplied value.
 
Example: 
pwndbg> p $envp(0x3F)\n$13 = (signed char *) 0x7fffffffef7d \"LANG=en_US.UTF-8\"\npwndbg> p $envp(0x3F) == $environ(\"LANG\")\n$14 = 1\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.dbg_value_to_gdb","title":"dbg_value_to_gdb","text":"
dbg_value_to_gdb(d: Value) -> Value\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.fsbase","title":"fsbase","text":"
fsbase(offset: Value = Value(0)) -> int\n
 
Get the value of the FS segment register. Only valid on x86(-64).
 
Example: 
pwndbg> p/x $fsbase()\n$3 = 0x7ffff7cdab80\npwndbg> p $fs_base == $fsbase()\n$4 = 1\npwndbg> x/gx $fsbase(0x28)\n0x7ffff7cdaba8:     0x4da926e1668e5a00\npwndbg> x/gx $fsbase(0x30)\n0x7ffff7cdabb0:     0x190a86d93bccf0ad\npwndbg> tls\nThread Local Storage (TLS) base: 0x7ffff7cdab80\nTLS is located at:\n    0x7ffff7cda000     0x7ffff7cdc000 rw-p     2000      0 [anon_7ffff7cda]\nDumping the address:\ntcbhead_t @ 0x7ffff7cdab80\n    0x00007ffff7cdab80 +0x0000 tcb                  : 0x7ffff7cdab80\n    0x00007ffff7cdab88 +0x0008 dtv                  : 0x7ffff7cdb4f0\n    0x00007ffff7cdab90 +0x0010 self                 : 0x7ffff7cdab80\n    0x00007ffff7cdab98 +0x0018 multiple_threads     : 0x0\n    0x00007ffff7cdab9c +0x001c gscope_flag          : 0x0\n    0x00007ffff7cdaba0 +0x0020 sysinfo              : 0x0\n    0x00007ffff7cdaba8 +0x0028 stack_guard          : 0x4da926e1668e5a00\n    0x00007ffff7cdabb0 +0x0030 pointer_guard        : 0x190a86d93bccf0ad\n    [...]\npwndbg> canary\n[...]\nCanary    = 0x4da926e1668e5a00 (may be incorrect on != glibc)\n[...]\n
 FS will usually point to the start of the TLS. If you're not providing an offset, it is usually easier to use GDB's builtin $fs_base variable.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.gsbase","title":"gsbase","text":"
gsbase(offset: Value = Value(0)) -> int\n
 
Get the value of the GS segment register. Only valid on x86(-64).
 
Example: 
pwndbg> p/x $gsbase()\n$1 = 0x0\n
 The value of the GS register is more interesting when doing kernel debugging: 
pwndbg> p/x $gsbase()\n$1 = 0xffff999287a00000\npwndbg> tele $gsbase()\n00:0000\u2502  0xffff999287a00000 \u25c2\u2014 0\n... \u2193     4 skipped\n05:0028\u2502  0xffff999287a00028 \u25c2\u2014 0xd6aa9b336d52a400\n06:0030\u2502  0xffff999287a00030 \u25c2\u2014 0\n07:0038\u2502  0xffff999287a00038 \u25c2\u2014 0\npwndbg> p $gsbase() == $gs_base\n$2 = 1\n
 If you're not providing an offset, it is usually easier to use GDB's builtin $gs_base variable.
"},{"location":"reference/pwndbg/gdblib/got/","title":"got","text":""},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got","title":"got","text":"
Global Offset Table Tracker
 
Subsystem for tracking accesses to external function calls made through pointers in an inferior's Global Offset Table, such as those made by the stubs in the Procedure Linkage Table.
 
Currently, it does this by attatching watchpoints to the entries in the GOT and taking note of where the call came from, but it could be done much faster by injecting our own code into the program space to track this.
 
Classes:
 
     
  •  RelocTypes           \u2013            
    This class contains all the relocation type constants so that one may
     
    •  
  •  TrapAllocator           \u2013            
    Utility that allocates and manages executable addresses in the space of the
     
    •  
  •  Patcher           \u2013            
    Watches for changes made by program code to the GOT and fixes them up.
     
    •  
  •  Tracker           \u2013            
    Class that tracks the accesses made to the entries in the GOT.
     
    •  
 
Functions:
 
     
  •  is_mmap_error             \u2013              
    Checks whether the return value of an mmap of indicates an error.
     
    •  
  •  display_name             \u2013              
    Return the display name for a symbol or objfile.
     
    •  
  •  all_tracked_entries             \u2013              
    Return an iterator over all of the GOT whose accesses are being tracked.
     
    •  
  •  tracked_entry_by_address             \u2013              
    Return the tracker associated with the entry at the given address, if any.
     
    •  
  •  enable_got_call_tracking             \u2013              
    Enable the analysis of calls made through the GOT.
     
    •  
  •  disable_got_call_tracking             \u2013              
    Disable the analysis of calls made through the GOT.
     
    •  
  •  jump_slots_for             \u2013              
    Returns the jump slot addresses described by the given dynamic section.
     
    •  
 
Attributes:
 
     
  •  JUMP_SLOTS           \u2013            
    •  
  •  IRELATIVE_SLOTS           \u2013            
    •  
  •  TRAP_ALLOCATOR           \u2013            
    •  
  •  GOT_TRACKING           \u2013            
    •  
  •  INSTALLED_WATCHPOINTS               (dict[int, tuple[Tracker, Patcher]])           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.JUMP_SLOTS","title":"JUMP_SLOTS  module-attribute","text":"
JUMP_SLOTS = {\n    \"x86-64\": {R_X86_64_JUMP_SLOT},\n    \"i386\": {R_386_JMP_SLOT},\n    \"aarch64\": {R_AARCH64_JUMP_SLOT},\n    \"mips\": {R_MIPS_JUMP_SLOT},\n    \"powerpc\": {R_PPC_JMP_SLOT},\n    \"sparc\": {R_SPARC_JMP_SLOT},\n    \"arm\": {R_ARM_JUMP_SLOT},\n    \"armcm\": {R_ARM_JUMP_SLOT},\n    \"rv32\": {R_RISCV_JUMP_SLOT},\n    \"rv64\": {R_RISCV_JUMP_SLOT},\n}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.IRELATIVE_SLOTS","title":"IRELATIVE_SLOTS  module-attribute","text":"
IRELATIVE_SLOTS = {\n    \"x86-64\": {R_X86_64_IRELATIVE},\n    \"i386\": {R_386_IRELATIVE},\n    \"aarch64\": {R_AARCH64_P32_IRELATIVE, R_AARCH64_IRELATIVE},\n    \"mips\": set(),\n    \"powerpc\": {R_PPC_IRELATIVE},\n    \"sparc\": {R_SPARC_IRELATIVE},\n    \"arm\": {R_ARM_IRELATIVE},\n    \"armcm\": {R_ARM_IRELATIVE},\n    \"rv32\": {R_RISCV_IRELATIVE},\n    \"rv64\": {R_RISCV_IRELATIVE},\n}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TRAP_ALLOCATOR","title":"TRAP_ALLOCATOR  module-attribute","text":"
TRAP_ALLOCATOR = TrapAllocator()\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.GOT_TRACKING","title":"GOT_TRACKING  module-attribute","text":"
GOT_TRACKING = False\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.INSTALLED_WATCHPOINTS","title":"INSTALLED_WATCHPOINTS  module-attribute","text":"
INSTALLED_WATCHPOINTS: dict[int, tuple[Tracker, Patcher]] = {}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes","title":"RelocTypes","text":"
This class contains all the relocation type constants so that one may interpret the relocations types present in the DYNAMIC segment. These constants are defined in each of the processors' SystemV R4 psABI document, or equivalent, and should stay the same across all implementations of libc on systems that adhere to that ABI, such as Linux.
 
Most of these were sourced from GLibc, which conveniently lists all of the relocations types in a single file1.
 
Attributes:
 
     
  •  R_RISCV_JUMP_SLOT           \u2013            
    •  
  •  R_X86_64_JUMP_SLOT           \u2013            
    •  
  •  R_386_JMP_SLOT           \u2013            
    •  
  •  R_CRIS_JUMP_SLOT           \u2013            
    •  
  •  R_390_JMP_SLOT           \u2013            
    •  
  •  R_CKCORE_JUMP_SLOT           \u2013            
    •  
  •  R_TILEPRO_JMP_SLOT           \u2013            
    •  
  •  R_MICROBLAZE_JUMP_SLOT           \u2013            
    •  
  •  R_TILEGX_JMP_SLOT           \u2013            
    •  
  •  R_OR1K_JMP_SLOT           \u2013            
    •  
  •  R_68K_JMP_SLOT           \u2013            
    •  
  •  R_SPARC_JMP_SLOT           \u2013            
    •  
  •  R_PPC_JMP_SLOT           \u2013            
    •  
  •  R_PPC64_JMP_SLOT           \u2013            
    •  
  •  R_ARM_JUMP_SLOT           \u2013            
    •  
  •  R_MN10300_JMP_SLOT           \u2013            
    •  
  •  R_ALPHA_JMP_SLOT           \u2013            
    •  
  •  R_NIOS2_JUMP_SLOT           \u2013            
    •  
  •  R_NDS32_JMP_SLOT           \u2013            
    •  
  •  R_METAG_JMP_SLOT           \u2013            
    •  
  •  R_M32R_JMP_SLOT           \u2013            
    •  
  •  R_ARC_JMP_SLOT           \u2013            
    •  
  •  R_MIPS_JUMP_SLOT           \u2013            
    •  
  •  R_SH_JMP_SLOT           \u2013            
    •  
  •  R_AARCH64_JUMP_SLOT           \u2013            
    •  
  •  R_X86_64_IRELATIVE           \u2013            
    •  
  •  R_386_IRELATIVE           \u2013            
    •  
  •  R_RISCV_IRELATIVE           \u2013            
    •  
  •  R_390_IRELATIVE           \u2013            
    •  
  •  R_ARM_IRELATIVE           \u2013            
    •  
  •  R_AARCH64_P32_IRELATIVE           \u2013            
    •  
  •  R_PPC_IRELATIVE           \u2013            
    •  
  •  R_PPC64_IRELATIVE           \u2013            
    •  
  •  R_SPARC_IRELATIVE           \u2013            
    •  
  •  R_AARCH64_IRELATIVE           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_RISCV_JUMP_SLOT","title":"R_RISCV_JUMP_SLOT  class-attribute instance-attribute","text":"
R_RISCV_JUMP_SLOT = 5\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_JUMP_SLOT","title":"R_X86_64_JUMP_SLOT  class-attribute instance-attribute","text":"
R_X86_64_JUMP_SLOT = 7\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_JMP_SLOT","title":"R_386_JMP_SLOT  class-attribute instance-attribute","text":"
R_386_JMP_SLOT = 7\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CRIS_JUMP_SLOT","title":"R_CRIS_JUMP_SLOT  class-attribute instance-attribute","text":"
R_CRIS_JUMP_SLOT = 11\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_JMP_SLOT","title":"R_390_JMP_SLOT  class-attribute instance-attribute","text":"
R_390_JMP_SLOT = 11\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CKCORE_JUMP_SLOT","title":"R_CKCORE_JUMP_SLOT  class-attribute instance-attribute","text":"
R_CKCORE_JUMP_SLOT = 12\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEPRO_JMP_SLOT","title":"R_TILEPRO_JMP_SLOT  class-attribute instance-attribute","text":"
R_TILEPRO_JMP_SLOT = 12\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MICROBLAZE_JUMP_SLOT","title":"R_MICROBLAZE_JUMP_SLOT  class-attribute instance-attribute","text":"
R_MICROBLAZE_JUMP_SLOT = 17\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEGX_JMP_SLOT","title":"R_TILEGX_JMP_SLOT  class-attribute instance-attribute","text":"
R_TILEGX_JMP_SLOT = 18\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_OR1K_JMP_SLOT","title":"R_OR1K_JMP_SLOT  class-attribute instance-attribute","text":"
R_OR1K_JMP_SLOT = 20\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_68K_JMP_SLOT","title":"R_68K_JMP_SLOT  class-attribute instance-attribute","text":"
R_68K_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_JMP_SLOT","title":"R_SPARC_JMP_SLOT  class-attribute instance-attribute","text":"
R_SPARC_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_JMP_SLOT","title":"R_PPC_JMP_SLOT  class-attribute instance-attribute","text":"
R_PPC_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_JMP_SLOT","title":"R_PPC64_JMP_SLOT  class-attribute instance-attribute","text":"
R_PPC64_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_JUMP_SLOT","title":"R_ARM_JUMP_SLOT  class-attribute instance-attribute","text":"
R_ARM_JUMP_SLOT = 22\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MN10300_JMP_SLOT","title":"R_MN10300_JMP_SLOT  class-attribute instance-attribute","text":"
R_MN10300_JMP_SLOT = 22\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ALPHA_JMP_SLOT","title":"R_ALPHA_JMP_SLOT  class-attribute instance-attribute","text":"
R_ALPHA_JMP_SLOT = 26\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NIOS2_JUMP_SLOT","title":"R_NIOS2_JUMP_SLOT  class-attribute instance-attribute","text":"
R_NIOS2_JUMP_SLOT = 38\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NDS32_JMP_SLOT","title":"R_NDS32_JMP_SLOT  class-attribute instance-attribute","text":"
R_NDS32_JMP_SLOT = 41\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_METAG_JMP_SLOT","title":"R_METAG_JMP_SLOT  class-attribute instance-attribute","text":"
R_METAG_JMP_SLOT = 44\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_M32R_JMP_SLOT","title":"R_M32R_JMP_SLOT  class-attribute instance-attribute","text":"
R_M32R_JMP_SLOT = 52\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARC_JMP_SLOT","title":"R_ARC_JMP_SLOT  class-attribute instance-attribute","text":"
R_ARC_JMP_SLOT = 55\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MIPS_JUMP_SLOT","title":"R_MIPS_JUMP_SLOT  class-attribute instance-attribute","text":"
R_MIPS_JUMP_SLOT = 127\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SH_JMP_SLOT","title":"R_SH_JMP_SLOT  class-attribute instance-attribute","text":"
R_SH_JMP_SLOT = 164\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_JUMP_SLOT","title":"R_AARCH64_JUMP_SLOT  class-attribute instance-attribute","text":"
R_AARCH64_JUMP_SLOT = 1026\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_IRELATIVE","title":"R_X86_64_IRELATIVE  class-attribute instance-attribute","text":"
R_X86_64_IRELATIVE = 37\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_IRELATIVE","title":"R_386_IRELATIVE  class-attribute instance-attribute","text":"
R_386_IRELATIVE = 42\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_RISCV_IRELATIVE","title":"R_RISCV_IRELATIVE  class-attribute instance-attribute","text":"
R_RISCV_IRELATIVE = 58\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_IRELATIVE","title":"R_390_IRELATIVE  class-attribute instance-attribute","text":"
R_390_IRELATIVE = 61\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_IRELATIVE","title":"R_ARM_IRELATIVE  class-attribute instance-attribute","text":"
R_ARM_IRELATIVE = 160\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_P32_IRELATIVE","title":"R_AARCH64_P32_IRELATIVE  class-attribute instance-attribute","text":"
R_AARCH64_P32_IRELATIVE = 188\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_IRELATIVE","title":"R_PPC_IRELATIVE  class-attribute instance-attribute","text":"
R_PPC_IRELATIVE = 248\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_IRELATIVE","title":"R_PPC64_IRELATIVE  class-attribute instance-attribute","text":"
R_PPC64_IRELATIVE = 248\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_IRELATIVE","title":"R_SPARC_IRELATIVE  class-attribute instance-attribute","text":"
R_SPARC_IRELATIVE = 249\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_IRELATIVE","title":"R_AARCH64_IRELATIVE  class-attribute instance-attribute","text":"
R_AARCH64_IRELATIVE = 1032\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator","title":"TrapAllocator","text":"
TrapAllocator()\n
 
Utility that allocates and manages executable addresses in the space of the executing program that we can trap.
 
Methods:
 
     
  •  alloc             \u2013              
    Allocates a new address to where program execution can be diverted.
     
    •  
  •  free             \u2013              
    Indicates that an address obtained from alloc() can be recycled.
     
    •  
  •  clear             \u2013              
    Deletes all memory mappings and frees all addresses.
     
    •  
 
Attributes:
 
     
  •  block_capacity           \u2013            
    •  
  •  slot_size           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.block_capacity","title":"block_capacity  class-attribute instance-attribute","text":"
block_capacity = 4096\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.slot_size","title":"slot_size  class-attribute instance-attribute","text":"
slot_size = 8\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.alloc","title":"alloc","text":"
alloc()\n
 
Allocates a new address to where program execution can be diverted.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.free","title":"free","text":"
free(address) -> None\n
 
Indicates that an address obtained from alloc() can be recycled.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.clear","title":"clear","text":"
clear()\n
 
Deletes all memory mappings and frees all addresses.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher","title":"Patcher","text":"
Patcher(entry, tracker)\n
 
               Bases: Breakpoint
 
Watches for changes made by program code to the GOT and fixes them up.
 
This class is paired with Tracker, and instances of both classes always function together.
 
Methods:
 
     
  •  should_stop             \u2013              
    •  
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  silent           \u2013            
    •  
  •  entry           \u2013            
    •  
  •  tracker           \u2013            
    •  
  •  init           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.silent","title":"silent  instance-attribute","text":"
silent = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.entry","title":"entry  class-attribute instance-attribute","text":"
entry = entry\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.tracker","title":"tracker  class-attribute instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.init","title":"init  instance-attribute","text":"
init = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.should_stop","title":"should_stop","text":"
should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker","title":"Tracker","text":"
Tracker()\n
 
               Bases: Breakpoint
 
Class that tracks the accesses made to the entries in the GOT.
 
This class is paired with Patcher, and instances of both classes always function together.
 
Methods:
 
     
  •  delete             \u2013              
    •  
  •  should_stop             \u2013              
    •  
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  total_hits           \u2013            
    •  
  •  target           \u2013            
    •  
  •  dynamic_section           \u2013            
    •  
  •  relocation_fn           \u2013            
    •  
  •  relocation_index           \u2013            
    •  
  •  link_map_entry           \u2013            
    •  
  •  trapped_address           \u2013            
    •  
  •  hits               (dict[tuple[int, ...], int])           \u2013            
    •  
  •  silent           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.total_hits","title":"total_hits  class-attribute instance-attribute","text":"
total_hits = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.target","title":"target  class-attribute instance-attribute","text":"
target = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.dynamic_section","title":"dynamic_section  class-attribute instance-attribute","text":"
dynamic_section = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_fn","title":"relocation_fn  class-attribute instance-attribute","text":"
relocation_fn = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_index","title":"relocation_index  class-attribute instance-attribute","text":"
relocation_index = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.link_map_entry","title":"link_map_entry  class-attribute instance-attribute","text":"
link_map_entry = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.trapped_address","title":"trapped_address  class-attribute instance-attribute","text":"
trapped_address = alloc()\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.hits","title":"hits  class-attribute instance-attribute","text":"
hits: dict[tuple[int, ...], int] = {}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.silent","title":"silent  instance-attribute","text":"
silent = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.delete","title":"delete","text":"
delete() -> None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.should_stop","title":"should_stop","text":"
should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.is_mmap_error","title":"is_mmap_error","text":"
is_mmap_error(ptr: int)\n
 
Checks whether the return value of an mmap of indicates an error.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.display_name","title":"display_name","text":"
display_name(name, basename=False)\n
 
Return the display name for a symbol or objfile.
 
Ideally, we'd like to display all of the names of the symbols as text, but there is really nothing stopping symbol names from being stored in some fairly wacky encoding or really from having names that aren't text at all.
 
We should try our best to turn whatever the symbol name is into text, but not so much that non-text entries or entries in unknown encodings become unrecognizable.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.all_tracked_entries","title":"all_tracked_entries","text":"
all_tracked_entries()\n
 
Return an iterator over all of the GOT whose accesses are being tracked.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.tracked_entry_by_address","title":"tracked_entry_by_address","text":"
tracked_entry_by_address(address)\n
 
Return the tracker associated with the entry at the given address, if any.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.enable_got_call_tracking","title":"enable_got_call_tracking","text":"
enable_got_call_tracking(disable_hardware_whatchpoints=True) -> None\n
 
Enable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.disable_got_call_tracking","title":"disable_got_call_tracking","text":"
disable_got_call_tracking() -> None\n
 
Disable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.jump_slots_for","title":"jump_slots_for","text":"
jump_slots_for(dynamic)\n
 
Returns the jump slot addresses described by the given dynamic section.
"},{"location":"reference/pwndbg/gdblib/hooks/","title":"hooks","text":""},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks","title":"hooks","text":"
Functions:
 
     
  •  update_typeinfo             \u2013              
    •  
  •  update_arch             \u2013              
    •  
  •  reset_config             \u2013              
    •  
  •  on_start             \u2013              
    •  
  •  on_stop             \u2013              
    •  
  •  on_exit             \u2013              
    •  
  •  init             \u2013              
    Calls all GDB hook functions that need to be called when GDB/pwndbg
     
    •  
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.update_typeinfo","title":"update_typeinfo","text":"
update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.update_arch","title":"update_arch","text":"
update_arch() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.reset_config","title":"reset_config","text":"
reset_config() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_start","title":"on_start","text":"
on_start() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_stop","title":"on_stop","text":"
on_stop() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_exit","title":"on_exit","text":"
on_exit() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.init","title":"init","text":"
init() -> None\n
 
Calls all GDB hook functions that need to be called when GDB/pwndbg itself is loaded, as opposed to when an actual hook event occurs
"},{"location":"reference/pwndbg/gdblib/info/","title":"info","text":""},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info","title":"info","text":"
Runs a few useful commands which are available under \"info\".
 
Functions:
 
     
  •  proc_mappings             \u2013              
    •  
  •  auxv             \u2013              
    •  
  •  files             \u2013              
    •  
  •  target             \u2013              
    •  
  •  sharedlibrary             \u2013              
    •  
  •  parsed_sharedlibrary             \u2013              
    Returns a dictionary of shared libraries with their .text section from and to addresses.
     
    •  
  •  sharedlibrary_paths             \u2013              
    Get the paths of all shared libraries loaded in the process by parsing the output of \"info sharedlibrary\".
     
    •  
  •  address             \u2013              
    •  
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.proc_mappings","title":"proc_mappings","text":"
proc_mappings() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.auxv","title":"auxv","text":"
auxv() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.files","title":"files","text":"
files() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.target","title":"target","text":"
target() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary","title":"sharedlibrary","text":"
sharedlibrary() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.parsed_sharedlibrary","title":"parsed_sharedlibrary","text":"
parsed_sharedlibrary() -> dict[str, tuple[int, int]]\n
 
Returns a dictionary of shared libraries with their .text section from and to addresses.
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary_paths","title":"sharedlibrary_paths","text":"
sharedlibrary_paths() -> list[str]\n
 
Get the paths of all shared libraries loaded in the process by parsing the output of \"info sharedlibrary\".
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.address","title":"address","text":"
address(symbol: str) -> int | None\n
"},{"location":"reference/pwndbg/gdblib/prompt/","title":"prompt","text":""},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt","title":"prompt","text":"
Functions:
 
     
  •  initial_hook             \u2013              
    •  
  •  show_hint             \u2013              
    •  
  •  thread_is_stopped             \u2013              
    This detects whether selected thread is stopped.
     
    •  
  •  prompt_hook             \u2013              
    •  
  •  reset_context_shown             \u2013              
    •  
  •  set_prompt             \u2013              
    •  
 
Attributes:
 
     
  •  show_tip           \u2013            
    •  
  •  cur               (tuple[Inferior, InferiorThread] | None)           \u2013            
    •  
  •  context_shown           \u2013            
    •  
  •  last_alive_state           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.show_tip","title":"show_tip  module-attribute","text":"
show_tip = add_param(\n    \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.cur","title":"cur  module-attribute","text":"
cur: tuple[Inferior, InferiorThread] | None = None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.context_shown","title":"context_shown  module-attribute","text":"
context_shown = False\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.last_alive_state","title":"last_alive_state  module-attribute","text":"
last_alive_state = False\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.initial_hook","title":"initial_hook","text":"
initial_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.show_hint","title":"show_hint","text":"
show_hint() -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.thread_is_stopped","title":"thread_is_stopped","text":"
thread_is_stopped() -> bool\n
 
This detects whether selected thread is stopped. It is not stopped in situations when gdb is executing commands that are attached to a breakpoint by command command.
 
For more info see issue #229 ( #299 ) :return: Whether gdb executes commands attached to bp with command command.
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.prompt_hook","title":"prompt_hook","text":"
prompt_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.reset_context_shown","title":"reset_context_shown","text":"
reset_context_shown(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.set_prompt","title":"set_prompt","text":"
set_prompt() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/","title":"ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"
Heap Tracking
 
This module implements runtime tracking of the heap, allowing pwndbg to detect heap related misbehavior coming from an inferior in real time, which lets us catch UAF bugs, double frees (and more), and report them to the user.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--approach","title":"Approach","text":"
The approach used starting with using breakpoints to hook into the following libc symbols: malloc, free, calloc, and realloc. Each hook has a reference to a shared instance of the Tracker class, which is responsible for handling the tracking of the chunks of memory from the heap.
 
The tracker keeps two sorted maps of chunks, for freed and in use chunks, keyed by their base address. Newly allocated chunks are added to the map of in use chunks right before an allocating call returns, and newly freed chunks are moved from the map of in use chunks to the map of free ones right before a freeing call returns. The tracker is also responsible for installing watchpoints for free chunks when they're added to the free chunk map and deleting them when their corresponding chunks are removed from the map.
 
Additionally, because going through the data structures inside of libc to determine whether a chunk is free or not is, more often than not, a fairly slow operation, this module will only do so when it determines its view of the chunks has diverged from the one in libc in a way that would affect behavior. When such a diffence is detected, this module will rebuild the chunk maps in the range it determines to have been affected.
 
Currently, the way it does this is by deleting and querying from libc the new status of all chunks that overlap the region of a new allocation when it detects that allocation overlaps chunks it previously considered free.
 
This approach lets us avoid a lot of the following linked lists that comes with trying to answer the allocation status of a chunk, by keeping at hand as much known-good information as possible about them. Keep in mind that, although it is much faster than going to libc every time we need to know the allocation status of a chunk, this approach does have drawbacks when it comes to memory usage.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--compatibility","title":"Compatibility","text":"
Currently module assumes the inferior is using GLibc.
 
There are points along the code in this module where the assumptions it makes are explicitly documented and checked to be valid for the current inferior, so that it may be immediately clear to the user that something has gone wrong if they happen to not be valid. However, be aware that there may be assumptions that were not made explicit.
 
Classes:
 
     
  •  FreeChunkWatchpoint           \u2013            
    •  
  •  AllocChunkWatchpoint           \u2013            
    •  
  •  Chunk           \u2013            
    •  
  •  Tracker           \u2013            
    •  
  •  MallocEnterBreakpoint           \u2013            
    •  
  •  CallocEnterBreakpoint           \u2013            
    •  
  •  AllocExitBreakpoint           \u2013            
    •  
  •  ReallocEnterBreakpoint           \u2013            
    •  
  •  ReallocExitBreakpoint           \u2013            
    •  
  •  FreeEnterBreakpoint           \u2013            
    •  
  •  FreeExitBreakpoint           \u2013            
    •  
 
Functions:
 
     
  •  is_enabled             \u2013              
    Whether the heap tracker in enabled.
     
    •  
  •  resolve_address             \u2013              
    Checks whether a given symbol is available and part of libc, and returns its
     
    •  
  •  get_chunk             \u2013              
    Reads a chunk from a given address.
     
    •  
  •  in_program_code_stack             \u2013              
    •  
  •  install             \u2013              
    •  
  •  uninstall             \u2013              
    •  
 
Attributes:
 
     
  •  LIBC_NAME           \u2013            
    •  
  •  MALLOC_NAME           \u2013            
    •  
  •  CALLOC_NAME           \u2013            
    •  
  •  REALLOC_NAME           \u2013            
    •  
  •  FREE_NAME           \u2013            
    •  
  •  last_issue               (str | None)           \u2013            
    •  
  •  PRINT_DEBUG           \u2013            
    •  
  •  PTRS_COLORS           \u2013            
    •  
  •  DEFERED_DELETE               (list[Breakpoint])           \u2013            
    •  
  •  malloc_enter           \u2013            
    •  
  •  calloc_enter           \u2013            
    •  
  •  realloc_enter           \u2013            
    •  
  •  free_enter           \u2013            
    •  
  •  stop_on_error           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.LIBC_NAME","title":"LIBC_NAME  module-attribute","text":"
LIBC_NAME = 'libc.so.6'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MALLOC_NAME","title":"MALLOC_NAME  module-attribute","text":"
MALLOC_NAME = 'malloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CALLOC_NAME","title":"CALLOC_NAME  module-attribute","text":"
CALLOC_NAME = 'calloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.REALLOC_NAME","title":"REALLOC_NAME  module-attribute","text":"
REALLOC_NAME = 'realloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FREE_NAME","title":"FREE_NAME  module-attribute","text":"
FREE_NAME = 'free'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.last_issue","title":"last_issue  module-attribute","text":"
last_issue: str | None = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.PRINT_DEBUG","title":"PRINT_DEBUG  module-attribute","text":"
PRINT_DEBUG = False\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.PTRS_COLORS","title":"PTRS_COLORS  module-attribute","text":"
PTRS_COLORS = (\n    red,\n    green,\n    yellow,\n    blue,\n    purple,\n    cyan,\n    light_gray,\n    gray,\n    light_red,\n    light_green,\n    light_yellow,\n    light_blue,\n    light_purple,\n    light_cyan,\n)\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.DEFERED_DELETE","title":"DEFERED_DELETE  module-attribute","text":"
DEFERED_DELETE: list[Breakpoint] = []\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.malloc_enter","title":"malloc_enter  module-attribute","text":"
malloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.calloc_enter","title":"calloc_enter  module-attribute","text":"
calloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.realloc_enter","title":"realloc_enter  module-attribute","text":"
realloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.free_enter","title":"free_enter  module-attribute","text":"
free_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.stop_on_error","title":"stop_on_error  module-attribute","text":"
stop_on_error = True\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint","title":"FreeChunkWatchpoint","text":"
FreeChunkWatchpoint(chunk: Chunk, tracker: Tracker)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  chunk           \u2013            
    •  
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.chunk","title":"chunk  instance-attribute","text":"
chunk = chunk\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.stop","title":"stop","text":"
stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint","title":"AllocChunkWatchpoint","text":"
AllocChunkWatchpoint(chunk: Chunk)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  chunk           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint.chunk","title":"chunk  instance-attribute","text":"
chunk = chunk\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk","title":"Chunk","text":"
Chunk(address: int, size: int, requested_size: int, flags: int)\n
 
Attributes:
 
     
  •  address           \u2013            
    •  
  •  size           \u2013            
    •  
  •  requested_size           \u2013            
    •  
  •  flags           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.address","title":"address  instance-attribute","text":"
address = address\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.size","title":"size  instance-attribute","text":"
size = size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.requested_size","title":"requested_size  instance-attribute","text":"
requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.flags","title":"flags  instance-attribute","text":"
flags = flags\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker","title":"Tracker","text":"
Tracker()\n
 
Methods:
 
     
  •  is_performing_memory_management             \u2013              
    •  
  •  enter_memory_management             \u2013              
    •  
  •  exit_memory_management             \u2013              
    •  
  •  colorize_ptr             \u2013              
    Returns colored string of the provided pointer/address
     
    •  
  •  malloc             \u2013              
    •  
  •  free             \u2013              
    •  
 
Attributes:
 
     
  •  free_chunks               (SortedDict[int, Chunk])           \u2013            
    •  
  •  alloc_chunks               (SortedDict[int, Chunk])           \u2013            
    •  
  •  free_watchpoints               (dict[int, FreeChunkWatchpoint])           \u2013            
    •  
  •  memory_management_calls               (dict[int, bool])           \u2013            
    •  
  •  colorized_heap_ptrs               (dict[int, str])           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free_chunks","title":"free_chunks  instance-attribute","text":"
free_chunks: SortedDict[int, Chunk] = SortedDict()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.alloc_chunks","title":"alloc_chunks  instance-attribute","text":"
alloc_chunks: SortedDict[int, Chunk] = SortedDict()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free_watchpoints","title":"free_watchpoints  instance-attribute","text":"
free_watchpoints: dict[int, FreeChunkWatchpoint] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.memory_management_calls","title":"memory_management_calls  instance-attribute","text":"
memory_management_calls: dict[int, bool] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.colorized_heap_ptrs","title":"colorized_heap_ptrs  instance-attribute","text":"
colorized_heap_ptrs: dict[int, str] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.is_performing_memory_management","title":"is_performing_memory_management","text":"
is_performing_memory_management()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.enter_memory_management","title":"enter_memory_management","text":"
enter_memory_management(name: str) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.exit_memory_management","title":"exit_memory_management","text":"
exit_memory_management() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.colorize_ptr","title":"colorize_ptr","text":"
colorize_ptr(ptr: int) -> str\n
 
Returns colored string of the provided pointer/address
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.malloc","title":"malloc","text":"
malloc(chunk: Chunk) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free","title":"free","text":"
free(address: int) -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint","title":"MallocEnterBreakpoint","text":"
MallocEnterBreakpoint(address, tracker)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint","title":"CallocEnterBreakpoint","text":"
CallocEnterBreakpoint(address, tracker)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint","title":"AllocExitBreakpoint","text":"
AllocExitBreakpoint(tracker, requested_size, name)\n
 
               Bases: FinishBreakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
  •  out_of_scope             \u2013              
    •  
 
Attributes:
 
     
  •  requested_size           \u2013            
    •  
  •  tracker           \u2013            
    •  
  •  name           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.requested_size","title":"requested_size  instance-attribute","text":"
requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.name","title":"name  instance-attribute","text":"
name = name\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"
out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint","title":"ReallocEnterBreakpoint","text":"
ReallocEnterBreakpoint(address, tracker)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint","title":"ReallocExitBreakpoint","text":"
ReallocExitBreakpoint(tracker, freed_ptr, requested_size)\n
 
               Bases: FinishBreakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
  •  out_of_scope             \u2013              
    •  
 
Attributes:
 
     
  •  freed_ptr           \u2013            
    •  
  •  freed_str           \u2013            
    •  
  •  requested_size           \u2013            
    •  
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.freed_ptr","title":"freed_ptr  instance-attribute","text":"
freed_ptr = freed_ptr\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.freed_str","title":"freed_str  instance-attribute","text":"
freed_str = colorize_ptr(freed_ptr)\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.requested_size","title":"requested_size  instance-attribute","text":"
requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.stop","title":"stop","text":"
stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"
out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint","title":"FreeEnterBreakpoint","text":"
FreeEnterBreakpoint(address, tracker)\n
 
               Bases: Breakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
 
Attributes:
 
     
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint.stop","title":"stop","text":"
stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint","title":"FreeExitBreakpoint","text":"
FreeExitBreakpoint(tracker, ptr)\n
 
               Bases: FinishBreakpoint
 
Methods:
 
     
  •  stop             \u2013              
    •  
  •  out_of_scope             \u2013              
    •  
 
Attributes:
 
     
  •  ptr           \u2013            
    •  
  •  ptr_str           \u2013            
    •  
  •  tracker           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.ptr","title":"ptr  instance-attribute","text":"
ptr = ptr\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.ptr_str","title":"ptr_str  instance-attribute","text":"
ptr_str = colorize_ptr(ptr)\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.tracker","title":"tracker  instance-attribute","text":"
tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.stop","title":"stop","text":"
stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.out_of_scope","title":"out_of_scope","text":"
out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.is_enabled","title":"is_enabled","text":"
is_enabled() -> bool\n
 
Whether the heap tracker in enabled.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.resolve_address","title":"resolve_address","text":"
resolve_address(name: str) -> int | None\n
 
Checks whether a given symbol is available and part of libc, and returns its address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.get_chunk","title":"get_chunk","text":"
get_chunk(address, requested_size)\n
 
Reads a chunk from a given address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.in_program_code_stack","title":"in_program_code_stack","text":"
in_program_code_stack() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.install","title":"install","text":"
install(disable_hardware_watchpoints=True) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.uninstall","title":"uninstall","text":"
uninstall() -> None\n
"},{"location":"reference/pwndbg/gdblib/scheduler/","title":"scheduler","text":""},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler","title":"scheduler","text":"
Functions:
 
     
  •  lock_scheduler             \u2013              
    This context manager can be used to run GDB commands with threads scheduling
     
    •  
  •  parse_and_eval_with_scheduler_lock             \u2013              
    •  
"},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler.lock_scheduler","title":"lock_scheduler","text":"
lock_scheduler() -> Iterator[None]\n
 
This context manager can be used to run GDB commands with threads scheduling being locked which means that other threads will be stopped during execution.
 
This is useful to prevent bugs where e.g.: gdb.parse_and_eval(\"(int)foo()\") would execute foo() on the current debugee thread but would also unlock other threads for being executed and those other threads may for example hit a breakpoint we set previously which would be confusing for the user.
 
See also: https://sourceware.org/gdb/onlinedocs/gdb/All_002dStop-Mode.html
"},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler.parse_and_eval_with_scheduler_lock","title":"parse_and_eval_with_scheduler_lock","text":"
parse_and_eval_with_scheduler_lock(expr: str) -> Value\n
"},{"location":"reference/pwndbg/gdblib/shellcode/","title":"shellcode","text":""},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode","title":"shellcode","text":"
Shellcode
 
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
 
Functions:
 
     
  •  exec_syscall             \u2013              
    Tries executing the given syscall in the context of the inferior.
     
    •  
  •  exec_shellcode             \u2013              
    Tries executing the given blob of machine code in the current context of the
     
    •  
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_syscall","title":"exec_syscall","text":"
exec_syscall(\n    syscall,\n    arg0=None,\n    arg1=None,\n    arg2=None,\n    arg3=None,\n    arg4=None,\n    arg5=None,\n    arg6=None,\n    disable_breakpoints=False,\n)\n
 
Tries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode","title":"exec_shellcode","text":"
exec_shellcode(\n    blob, restore_context=True, capture=None, disable_breakpoints=False\n)\n
 
Tries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
 
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode--safety","title":"Safety","text":"
Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/gdblib/symbol/","title":"symbol","text":""},{"location":"reference/pwndbg/gdblib/symbol/#pwndbg.gdblib.symbol","title":"symbol","text":"
Looking up addresses for function names / symbols, and vice-versa.
 
Uses IDA when available if there isn't sufficient symbol information available.
 
Functions:
 
     
  •  selected_frame_source_absolute_filename             \u2013              
    Retrieve the symbol table\u2019s source absolute file name from the selected frame.
     
    •  
"},{"location":"reference/pwndbg/gdblib/symbol/#pwndbg.gdblib.symbol.selected_frame_source_absolute_filename","title":"selected_frame_source_absolute_filename","text":"
selected_frame_source_absolute_filename()\n
 
Retrieve the symbol table\u2019s source absolute file name from the selected frame.
 
In case of missing symbol table or frame information, None is returned.
"},{"location":"reference/pwndbg/gdblib/tui/","title":"tui","text":""},{"location":"reference/pwndbg/gdblib/tui/#pwndbg.gdblib.tui","title":"tui","text":"
Modules:
 
     
  •  context           \u2013            
    •  
  •  control           \u2013            
    •  
 
Functions:
 
     
  •  setup             \u2013              
    •  
"},{"location":"reference/pwndbg/gdblib/tui/#pwndbg.gdblib.tui.setup","title":"setup","text":"
setup() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/","title":"context","text":""},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context","title":"context","text":"
Classes:
 
     
  •  ContextTUIWindow           \u2013            
    •  
 
Attributes:
 
     
  •  sections           \u2013            
    •  
  •  target_func               (Callable[..., _Window])           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.sections","title":"sections  module-attribute","text":"
sections = ['legend'] + [(replace('context_', '')) for section in (values())]\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.target_func","title":"target_func  module-attribute","text":"
target_func: Callable[..., _Window] = (\n    lambda window, section_name=section_name: ContextTUIWindow(\n        window, section_name\n    )\n)\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow","title":"ContextTUIWindow","text":"
ContextTUIWindow(tui_window: 'gdb.TuiWindow', section: str)\n
 
Methods:
 
     
  •  close             \u2013              
    •  
  •  render             \u2013              
    •  
  •  hscroll             \u2013              
    •  
  •  vscroll             \u2013              
    •  
  •  click             \u2013              
    •  
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.___ansi_substr","title":"___ansi_substr  class-attribute instance-attribute","text":"
___ansi_substr = _ansi_substr\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.close","title":"close","text":"
close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.render","title":"render","text":"
render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.hscroll","title":"hscroll","text":"
hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.vscroll","title":"vscroll","text":"
vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.click","title":"click","text":"
click(x: int, y: int, button: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/","title":"control","text":""},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control","title":"control","text":"
Classes:
 
     
  •  ControlTUIWindow           \u2013            
    •  
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow","title":"ControlTUIWindow","text":"
ControlTUIWindow(tui_window: 'gdb.TuiWindow')\n
 
Methods:
 
     
  •  close             \u2013              
    •  
  •  render             \u2013              
    •  
  •  hscroll             \u2013              
    •  
  •  vscroll             \u2013              
    •  
  •  click             \u2013              
    •  
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.close","title":"close","text":"
close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.render","title":"render","text":"
render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.hscroll","title":"hscroll","text":"
hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.vscroll","title":"vscroll","text":"
vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.click","title":"click","text":"
click(x: int, y: int, button: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/vmmap/","title":"vmmap","text":""},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap","title":"vmmap","text":"
Routines to enumerate mapped memory, and attempt to associate address ranges with various ELF files and permissions.
 
The reason that we need robustness is that not every operating system has /proc/$$/maps, which backs 'info proc mapping'.
 
Functions:
 
     
  •  is_corefile             \u2013              
    For example output use:
     
    •  
  •  get_known_maps             \u2013              
    Similar to vmmap.get(), except only returns maps in cases where
     
    •  
  •  coredump_maps             \u2013              
    Parses info proc mappings and maintenance info sections
     
    •  
  •  parse_info_proc_mappings_line             \u2013              
    Parse a line from info proc mappings and return a pwndbg.lib.memory.Page
     
    •  
  •  info_proc_maps             \u2013              
    Parse the result of info proc mappings.
     
    •  
  •  proc_tid_maps             \u2013              
    Parse the contents of /proc/$TID/maps on the server.
     
    •  
  •  info_sharedlibrary             \u2013              
    Parses the output of info sharedlibrary.
     
    •  
  •  info_files             \u2013              
    •  
  •  info_auxv             \u2013              
    Extracts the name of the executable from the output of the command
     
    •  
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.is_corefile","title":"is_corefile","text":"
is_corefile() -> bool\n
 For example output use 
gdb ./tests/binaries/crash_simple.out -ex run -ex 'generate-core-file ./core' -ex 'quit'
 And then use 
gdb ./tests/binaries/crash_simple.out -core ./core -ex 'info target'
 
And:     gdb -core ./core
 
As the two differ in output slighty.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.get_known_maps","title":"get_known_maps","text":"
get_known_maps() -> tuple[Page, ...] | None\n
 
Similar to vmmap.get(), except only returns maps in cases where the mappings are known, like if it's a coredump, or if process mappings are available.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.coredump_maps","title":"coredump_maps","text":"
coredump_maps() -> tuple[Page, ...]\n
 
Parses info proc mappings and maintenance info sections and tries to make sense out of the result :)
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.parse_info_proc_mappings_line","title":"parse_info_proc_mappings_line","text":"
parse_info_proc_mappings_line(\n    line: str, perms_available: bool, parse_flags: bool\n) -> Page | None\n
 
Parse a line from info proc mappings and return a pwndbg.lib.memory.Page object if the line is valid.
 Example lines 
0x4c3000           0x4c5000     0x2000    0xc2000  rw-p   /root/hello_world/main 0x4c5000           0x4cb000     0x6000        0x0  rw-p
 
The objfile column might be empty, and the permissions column is only present in GDB versions >= 12.1 bminor/binutils-gdb@29ef4c0
 
Parameters:
 
     
  •  line               (str)           \u2013            
    A line from info proc mappings.
     
    •  
 
Returns:
 
     
  •  Page | None           \u2013            
    A pwndbg.lib.memory.Page object or None.
     
    •  
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_proc_maps","title":"info_proc_maps","text":"
info_proc_maps(parse_flags=True) -> tuple[Page, ...]\n
 
Parse the result of info proc mappings.
 
Example output:
 
    Start Addr           End Addr       Size     Offset  Perms  objfile\n      0x400000           0x401000     0x1000        0x0  r--p   /root/hello_world/main\n      0x401000           0x497000    0x96000     0x1000  r-xp   /root/hello_world/main\n      0x497000           0x4be000    0x27000    0x97000  r--p   /root/hello_world/main\n      0x4be000           0x4c3000     0x5000    0xbd000  r--p   /root/hello_world/main\n      0x4c3000           0x4c5000     0x2000    0xc2000  rw-p   /root/hello_world/main\n      0x4c5000           0x4cb000     0x6000        0x0  rw-p\n      0x4cb000           0x4ed000    0x22000        0x0  rw-p   [heap]\n0x7ffff7ff9000     0x7ffff7ffd000     0x4000        0x0  r--p   [vvar]\n0x7ffff7ffd000     0x7ffff7fff000     0x2000        0x0  r-xp   [vdso]\n0x7ffffffde000     0x7ffffffff000    0x21000        0x0  rw-p   [stack]\n
 
0xffffffffff600000 0xffffffffff601000     0x1000        0x0  --xp   [vsyscall]
 
Note: this may return no pages due to a bug/behavior of GDB. See https://sourceware.org/bugzilla/show_bug.cgi?id=31207 for more information.
 
Returns:
 
     
  •  Page           \u2013            
    A tuple of pwndbg.lib.memory.Page objects or an empty tuple if
     
    •  
  •  ...           \u2013            
    info proc mapping is not supported on the target.
     
    •  
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.proc_tid_maps","title":"proc_tid_maps","text":"
proc_tid_maps() -> tuple[Page, ...] | None\n
 
Parse the contents of /proc/$TID/maps on the server. (TID == Thread Identifier. We do not use PID since it may not be correct)
 
Returns:
 
     
  •  tuple[Page, ...] | None           \u2013            
    A tuple of pwndbg.lib.memory.Page objects or None if
     
    •  
  •  tuple[Page, ...] | None           \u2013            
    /proc/$tid/maps doesn't exist or when we debug a qemu-user target
     
    •  
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_sharedlibrary","title":"info_sharedlibrary","text":"
info_sharedlibrary() -> tuple[Page, ...]\n
 
Parses the output of info sharedlibrary.
 
Specifically, all we really want is any valid pointer into each library, and the path to the library on disk.
 
With this information, we can use the ELF parser to get all of the page permissions for every mapped page in the ELF.
 
Returns:
 
     
  •  tuple[Page, ...]           \u2013            
    A list of pwndbg.lib.memory.Page objects.
     
    •  
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_files","title":"info_files","text":"
info_files() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_auxv","title":"info_auxv","text":"
info_auxv(skip_exe: bool = False) -> tuple[Page, ...]\n
 
Extracts the name of the executable from the output of the command \"info auxv\". Note that if the executable path is a symlink, it is not dereferenced by info auxv and we also don't dereference it.
 
Parameters:
 
     
  •  skip_exe               (bool, default:                   False )           \u2013            
    Do not return any mappings that belong to the exe.
     
    •  
 
Returns:
 
     
  •  tuple[Page, ...]           \u2013            
    A list of pwndbg.lib.memory.Page objects.
     
    •  
"},{"location":"reference/pwndbg/ghidra/","title":"ghidra","text":""},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra","title":"ghidra","text":"
Ghidra integration.
 
Functions:
 
     
  •  decompile             \u2013              
    Return the source of the given function decompiled by ghidra.
     
    •  
 
Attributes:
 
     
  •  decompiler           \u2013            
    •  
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.decompiler","title":"decompiler  module-attribute","text":"
decompiler = add_param(\n    \"decompiler\",\n    \"radare2\",\n    \"framework that your ghidra plugin installed\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"radare2\", \"rizin\"],\n)\n
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.decompile","title":"decompile","text":"
decompile(func=None)\n
 
Return the source of the given function decompiled by ghidra.
 
If no function is given, decompile the function within the current pc. This function requires radare2, r2pipe and r2ghidra, or their related rizin counterparts.
 
Raises Exception if any fatal error occurs.
"},{"location":"reference/pwndbg/glibc/","title":"glibc","text":""},{"location":"reference/pwndbg/glibc/#pwndbg.glibc","title":"glibc","text":"
Get information about the GLibc
 
Functions:
 
     
  •  set_glibc_version             \u2013              
    •  
  •  get_version             \u2013              
    •  
  •  get_libc_filename_from_info_sharedlibrary             \u2013              
    Get the filename of the libc by parsing the output of info sharedlibrary.
     
    •  
  •  dump_elf_data_section             \u2013              
    Dump .data section of libc ELF file
     
    •  
  •  dump_relocations_by_section_name             \u2013              
    Dump relocations of a section by section name of libc ELF file
     
    •  
  •  get_section_address_by_name             \u2013              
    Find section address of libc by section name
     
    •  
  •  OnlyWhenGlibcLoaded             \u2013              
    •  
  •  check_safe_linking             \u2013              
    Safe-linking is a glibc 2.32 mitigation; see:
     
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  safe_lnk           \u2013            
    •  
  •  glibc_version           \u2013            
    •  
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.safe_lnk","title":"safe_lnk  module-attribute","text":"
safe_lnk = add_param(\n    \"safe-linking\",\n    None,\n    \"whether glibc uses safe-linking\",\n    param_class=PARAM_AUTO_BOOLEAN,\n)\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.glibc_version","title":"glibc_version  module-attribute","text":"
glibc_version = add_param(\n    \"glibc\",\n    \"\",\n    \"glibc version for heap heuristics resolution (e.g. 2.31)\",\n    scope=heap,\n)\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.set_glibc_version","title":"set_glibc_version","text":"
set_glibc_version() -> None\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_version","title":"get_version","text":"
get_version() -> tuple[int, ...] | None\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_libc_filename_from_info_sharedlibrary","title":"get_libc_filename_from_info_sharedlibrary","text":"
get_libc_filename_from_info_sharedlibrary() -> str | None\n
 
Get the filename of the libc by parsing the output of info sharedlibrary.
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_elf_data_section","title":"dump_elf_data_section","text":"
dump_elf_data_section() -> tuple[int, int, bytes] | None\n
 
Dump .data section of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"
dump_relocations_by_section_name(\n    section_name: str,\n) -> tuple[Relocation, ...] | None\n
 
Dump relocations of a section by section name of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_section_address_by_name","title":"get_section_address_by_name","text":"
get_section_address_by_name(section_name: str) -> int\n
 
Find section address of libc by section name
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.OnlyWhenGlibcLoaded","title":"OnlyWhenGlibcLoaded","text":"
OnlyWhenGlibcLoaded(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.check_safe_linking","title":"check_safe_linking","text":"
check_safe_linking() -> bool\n
 
Safe-linking is a glibc 2.32 mitigation; see: - https://lanph3re.blogspot.com/2020/08/blog-post.html - https://research.checkpoint.com/2020/safe-linking-eliminating-a-20-year-old-malloc-exploit-primitive/
"},{"location":"reference/pwndbg/hexdump/","title":"hexdump","text":""},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump","title":"hexdump","text":"
Hexdump implementation, ~= stolen from pwntools.
 
Functions:
 
     
  •  groupby             \u2013              
    •  
  •  load_color_scheme             \u2013              
    •  
  •  hexdump             \u2013              
    •  
 
Attributes:
 
     
  •  color_scheme           \u2013            
    •  
  •  printable           \u2013            
    •  
  •  config_colorize_ascii           \u2013            
    •  
  •  config_separator           \u2013            
    •  
  •  config_byte_separator           \u2013            
    •  
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.color_scheme","title":"color_scheme  module-attribute","text":"
color_scheme = None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.printable","title":"printable  module-attribute","text":"
printable = None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_colorize_ascii","title":"config_colorize_ascii  module-attribute","text":"
config_colorize_ascii = add_param(\n    \"hexdump-colorize-ascii\",\n    True,\n    \"whether to colorize the hexdump command ascii section\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_separator","title":"config_separator  module-attribute","text":"
config_separator = add_param(\n    \"hexdump-ascii-block-separator\",\n    \"\u2502\",\n    \"block separator char of the hexdump command\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_byte_separator","title":"config_byte_separator  module-attribute","text":"
config_byte_separator = add_param(\n    \"hexdump-byte-separator\",\n    \" \",\n    \"separator of single bytes in hexdump (does NOT affect group separator)\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.groupby","title":"groupby","text":"
groupby(width: int, array, fill=None)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.load_color_scheme","title":"load_color_scheme","text":"
load_color_scheme() -> None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.hexdump","title":"hexdump","text":"
hexdump(\n    data: bytes,\n    address: int = 0,\n    width: int = 16,\n    group_width: int = 4,\n    flip_group_endianness: bool = False,\n    skip: bool = True,\n    offset: int = 0,\n    size: int = 0,\n    count: int = 0,\n    repeat: bool = False,\n    dX_call: bool = False,\n)\n
"},{"location":"reference/pwndbg/integration/","title":"integration","text":""},{"location":"reference/pwndbg/integration/#pwndbg.integration","title":"integration","text":"
Decompiler integration.
 
Modules:
 
     
  •  binja           \u2013            
    Talks to an XMLRPC server running inside of an active Binary Ninja instance,
     
    •  
  •  ida           \u2013            
    Talks to an XMLRPC server running inside of an active IDA Pro instance,
     
    •  
 
Classes:
 
     
  •  IntegrationProvider           \u2013            
    A class representing an integration that provides intelligence external to GDB.
     
    •  
  •  ConfigurableProvider           \u2013            
    A wrapper around an IntegrationProvider that skips calling functions if disabled in config.
     
    •  
 
Functions:
 
     
  •  set_provider             \u2013              
    Call this from provider-specific code whenever you establish a connection.
     
    •  
  •  unset_provider             \u2013              
    Call this from provider-specific code whenever a connection stops.
     
    •  
 
Attributes:
 
     
  •  provider_name           \u2013            
    •  
  •  symbol_lookup           \u2013            
    •  
  •  smart_enhance           \u2013            
    •  
  •  function_lookup           \u2013            
    •  
  •  provider               (IntegrationProvider)           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.provider_name","title":"provider_name  module-attribute","text":"
provider_name = add_param(\n    \"integration-provider\",\n    \"none\",\n    \"which provider to use for integration features\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"none\", \"binja\", \"ida\"],\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.symbol_lookup","title":"symbol_lookup  module-attribute","text":"
symbol_lookup = add_param(\n    \"integration-symbol-lookup\",\n    True,\n    \"whether to use integration to look up unknown symbols\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.smart_enhance","title":"smart_enhance  module-attribute","text":"
smart_enhance = add_param(\n    \"integration-smart-enhance\",\n    True,\n    \"use integration to determine when to disassemble during enhancing\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.function_lookup","title":"function_lookup  module-attribute","text":"
function_lookup = add_param(\n    \"integration-function-lookup\",\n    True,\n    \"use integration to look up function type signatures\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.provider","title":"provider  module-attribute","text":"
provider: IntegrationProvider = IntegrationProvider()\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider","title":"IntegrationProvider","text":"
A class representing an integration that provides intelligence external to GDB.
 
Methods:
 
     
  •  get_symbol             \u2013              
    Get a symbol at an address, or an offset from a symbol.
     
    •  
  •  get_versions             \u2013              
    Gets any version strings relevant to the integration,
     
    •  
  •  is_in_function             \u2013              
    Checks if integration thinks that an address is in a function,
     
    •  
  •  get_comment_lines             \u2013              
    Gets any comments attached to an instruction.
     
    •  
  •  decompile             \u2013              
    Decompiles the code near an address given a line count.
     
    •  
  •  get_func_type             \u2013              
    Gets the type signature of a function, used for argument labeling.
     
    •  
  •  get_stack_var_name             \u2013              
    Gets the name of a stack variable based on only the address of the variable.
     
    •  
  •  disable             \u2013              
    Notify the provider that it should disable itself.
     
    •  
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_symbol","title":"get_symbol","text":"
get_symbol(addr: int) -> str | None\n
 
Get a symbol at an address, or an offset from a symbol.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_versions","title":"get_versions","text":"
get_versions() -> tuple[str, ...]\n
 
Gets any version strings relevant to the integration, which are used when displaying the version command.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.is_in_function","title":"is_in_function","text":"
is_in_function(addr: int) -> bool\n
 
Checks if integration thinks that an address is in a function, which is used to determine if tel should try to disassemble something.
 
If uncertain, it's better to default to True than to False.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_comment_lines","title":"get_comment_lines","text":"
get_comment_lines(addr: int) -> list[str]\n
 
Gets any comments attached to an instruction.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.decompile","title":"decompile","text":"
decompile(addr: int, lines: int) -> list[str] | None\n
 
Decompiles the code near an address given a line count.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_func_type","title":"get_func_type","text":"
get_func_type(addr: int) -> Function | None\n
 
Gets the type signature of a function, used for argument labeling.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_stack_var_name","title":"get_stack_var_name","text":"
get_stack_var_name(addr: int) -> str | None\n
 
Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.disable","title":"disable","text":"
disable() -> None\n
 
Notify the provider that it should disable itself.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider","title":"ConfigurableProvider  dataclass","text":"
ConfigurableProvider(inner: IntegrationProvider)\n
 
               Bases: IntegrationProvider
 
A wrapper around an IntegrationProvider that skips calling functions if disabled in config.
 
Methods:
 
     
  •  get_symbol             \u2013              
    •  
  •  get_versions             \u2013              
    •  
  •  is_in_function             \u2013              
    •  
  •  get_comment_lines             \u2013              
    •  
  •  decompile             \u2013              
    •  
  •  get_func_type             \u2013              
    •  
  •  get_stack_var_name             \u2013              
    •  
  •  disable             \u2013              
    •  
 
Attributes:
 
     
  •  inner               (IntegrationProvider)           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.inner","title":"inner  instance-attribute","text":"
inner: IntegrationProvider\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_symbol","title":"get_symbol","text":"
get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_versions","title":"get_versions","text":"
get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.is_in_function","title":"is_in_function","text":"
is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_comment_lines","title":"get_comment_lines","text":"
get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.decompile","title":"decompile","text":"
decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_func_type","title":"get_func_type","text":"
get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_stack_var_name","title":"get_stack_var_name","text":"
get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.disable","title":"disable","text":"
disable() -> None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.set_provider","title":"set_provider","text":"
set_provider(prov: IntegrationProvider) -> None\n
 
Call this from provider-specific code whenever you establish a connection.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.unset_provider","title":"unset_provider","text":"
unset_provider() -> None\n
 
Call this from provider-specific code whenever a connection stops.
"},{"location":"reference/pwndbg/integration/binja/","title":"binja","text":""},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja","title":"binja","text":"
Talks to an XMLRPC server running inside of an active Binary Ninja instance, in order to query it about the database. Allows symbol resolution and interactive debugging.
 
Classes:
 
     
  •  DarkTheme           \u2013            
    •  
  •  LightTheme           \u2013            
    •  
  •  BinjaProvider           \u2013            
    •  
 
Functions:
 
     
  •  binja_config_changed             \u2013              
    •  
  •  ensure_disabled             \u2013              
    •  
  •  try_init_bn_rpc_client             \u2013              
    Try to connect to the Binary Ninja RPC client.
     
    •  
  •  enabledBinja             \u2013              
    If we have a connection to binary ninja, call the function.
     
    •  
  •  establish_connection             \u2013              
    If we already had a connection, or succeed in creating a new one, return True.
     
    •  
  •  withBinja             \u2013              
    Try to connect to Binary Ninja before running the decorated function.
     
    •  
  •  l2r             \u2013              
    •  
  •  r2l             \u2013              
    •  
  •  base             \u2013              
    •  
  •  auto_update_pc             \u2013              
    •  
  •  auto_update_bp             \u2013              
    •  
  •  auto_clear_pc             \u2013              
    •  
  •  navigate_to             \u2013              
    •  
  •  bn_to_pygment_tok             \u2013              
    •  
  •  bn_to_pygment_theme             \u2013              
    •  
 
Attributes:
 
     
  •  bn_rpc_host           \u2013            
    •  
  •  bn_rpc_port           \u2013            
    •  
  •  bn_timeout           \u2013            
    •  
  •  bn_autosync           \u2013            
    •  
  •  bn_il_level           \u2013            
    •  
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  K           \u2013            
    •  
  •  themes           \u2013            
    •  
  •  style           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_rpc_host","title":"bn_rpc_host  module-attribute","text":"
bn_rpc_host = add_param(\n    \"bn-rpc-host\", \"127.0.0.1\", \"Binary Ninja XML-RPC server host\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_rpc_port","title":"bn_rpc_port  module-attribute","text":"
bn_rpc_port = add_param(\n    \"bn-rpc-port\", 43717, \"Binary Ninja XML-RPC server port\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_timeout","title":"bn_timeout  module-attribute","text":"
bn_timeout = add_param(\n    \"bn-timeout\", 2, \"time to wait for Binary Ninja XML-RPC, in seconds\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_autosync","title":"bn_autosync  module-attribute","text":"
bn_autosync = add_param(\n    \"bn-autosync\", False, \"whether to automatically run bn-sync every step\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_il_level","title":"bn_il_level  module-attribute","text":"
bn_il_level = add_param(\n    \"bn-il-level\",\n    \"hlil\",\n    \"the IL level to use when displaying Binary Ninja decompilation\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"disasm\", \"llil\", \"mlil\", \"hlil\"],\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.K","title":"K  module-attribute","text":"
K = TypeVar('K')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.themes","title":"themes  module-attribute","text":"
themes = {}\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.style","title":"style  module-attribute","text":"
style = add_param(\n    \"bn-decomp-style\",\n    \"dark\",\n    \"decompilation highlight theme for Binary Ninja\",\n    param_class=PARAM_ENUM,\n    enum_sequence=list(keys()),\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.DarkTheme","title":"DarkTheme","text":"
               Bases: Style
 
Attributes:
 
     
  •  styles           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.DarkTheme.styles","title":"styles  class-attribute instance-attribute","text":"
styles = bn_to_pygment_theme(\n    {\n        \"TextToken\": \"#e0e0e0\",\n        \"InstructionToken\": \"#eddfb3\",\n        \"OperandSeparatorToken\": \"#e0e0e0\",\n        \"RegisterToken\": \"#e0e0e0\",\n        \"IntegerToken\": \"#a2d9af\",\n        \"PossibleAddressToken\": \"#a2d9af\",\n        \"BeginMemoryOperandToken\": \"#e0e0e0\",\n        \"EndMemoryOperandToken\": \"#e0e0e0\",\n        \"FloatingPointToken\": \"#a2d9af\",\n        \"AnnotationToken\": \"#dac4d1\",\n        \"CodeRelativeAddressToken\": \"#a2d9af\",\n        \"ArgumentNameToken\": \"#e0e0e0\",\n        \"HexDumpByteValueToken\": \"#e0e0e0\",\n        \"HexDumpSkippedByteToken\": \"#e0e0e0\",\n        \"HexDumpInvalidByteToken\": \"#909090\",\n        \"HexDumpTextToken\": \"#e0e0e0\",\n        \"OpcodeToken\": \"#909090\",\n        \"StringToken\": \"#dac4d1\",\n        \"CharacterConstantToken\": \"#dac4d1\",\n        \"KeywordToken\": \"#eddfb3\",\n        \"TypeNameToken\": \"#edbd81\",\n        \"FieldNameToken\": \"#b0dde4\",\n        \"NameSpaceToken\": \"#80c6e9\",\n        \"NameSpaceSeparatorToken\": \"#80c6e9\",\n        \"TagToken\": \"#e0e0e0\",\n        \"StructOffsetToken\": \"#b0dde4\",\n        \"StructOffsetByteValueToken\": \"#e0e0e0\",\n        \"StructureHexDumpTextToken\": \"#e0e0e0\",\n        \"GotoLabelToken\": \"#80c6e9\",\n        \"CommentToken\": \"#dac4d1\",\n        \"PossibleValueToken\": \"#e0e0e0\",\n        \"PossibleValueTypeToken\": \"#e0e0e0\",\n        \"ArrayIndexToken\": \"#a2d9af\",\n        \"IndentationToken\": \"#5d5d5d\",\n        \"UnknownMemoryToken\": \"#909090\",\n        \"EnumerationMemberToken\": \"#eddfb3\",\n        \"OperationToken\": \"#89a4b1\",\n        \"BaseStructureNameToken\": \"#dac4d1\",\n        \"BaseStructureSeparatorToken\": \"#dac4d1\",\n        \"BraceToken\": \"#e0e0e0\",\n        \"CodeSymbolToken\": \"#80c6e9\",\n        \"DataSymbolToken\": \"#8ee6ed\",\n        \"LocalVariableToken\": \"#e0e0e0\",\n        \"ImportToken\": \"#edbd81\",\n        \"AddressDisplayToken\": \"#a2d9af\",\n        \"IndirectImportToken\": \"#edbd81\",\n        \"ExternalSymbolToken\": \"#edbd81\",\n        \"StackVariableToken\": \"#c1dcc7\",\n        \"AddressSeparatorToken\": \"#e0e0e0\",\n    }\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.LightTheme","title":"LightTheme","text":"
               Bases: Style
 
Attributes:
 
     
  •  styles           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.LightTheme.styles","title":"styles  class-attribute instance-attribute","text":"
styles = bn_to_pygment_theme(\n    {\n        \"TextToken\": \"#1f1f1f\",\n        \"InstructionToken\": \"#8d8d2d\",\n        \"OperandSeparatorToken\": \"#1f1f1f\",\n        \"RegisterToken\": \"#1f1f1f\",\n        \"IntegerToken\": \"#30820d\",\n        \"PossibleAddressToken\": \"#30820d\",\n        \"BeginMemoryOperandToken\": \"#1f1f1f\",\n        \"EndMemoryOperandToken\": \"#1f1f1f\",\n        \"FloatingPointToken\": \"#30820d\",\n        \"AnnotationToken\": \"#bf2624\",\n        \"CodeRelativeAddressToken\": \"#30820d\",\n        \"ArgumentNameToken\": \"#1f1f1f\",\n        \"HexDumpByteValueToken\": \"#1f1f1f\",\n        \"HexDumpSkippedByteToken\": \"#1f1f1f\",\n        \"HexDumpInvalidByteToken\": \"#7a7a7a\",\n        \"HexDumpTextToken\": \"#1f1f1f\",\n        \"OpcodeToken\": \"#7a7a7a\",\n        \"StringToken\": \"#203635\",\n        \"CharacterConstantToken\": \"#203635\",\n        \"KeywordToken\": \"#8d8d2d\",\n        \"TypeNameToken\": \"#e07c35\",\n        \"FieldNameToken\": \"#35dae0\",\n        \"NameSpaceToken\": \"#00a4c7\",\n        \"NameSpaceSeparatorToken\": \"#00a4c7\",\n        \"TagToken\": \"#1f1f1f\",\n        \"StructOffsetToken\": \"#35dae0\",\n        \"StructOffsetByteValueToken\": \"#1f1f1f\",\n        \"StructureHexDumpTextToken\": \"#1f1f1f\",\n        \"GotoLabelToken\": \"#00a4c7\",\n        \"CommentToken\": \"#bf2624\",\n        \"PossibleValueToken\": \"#1f1f1f\",\n        \"PossibleValueTypeToken\": \"#1f1f1f\",\n        \"ArrayIndexToken\": \"#30820d\",\n        \"IndentationToken\": \"#bcbcbc\",\n        \"UnknownMemoryToken\": \"#7a7a7a\",\n        \"EnumerationMemberToken\": \"#8d8d2d\",\n        \"OperationToken\": \"#5b848d\",\n        \"BaseStructureNameToken\": \"#bf2624\",\n        \"BaseStructureSeparatorToken\": \"#bf2624\",\n        \"BraceToken\": \"#1f1f1f\",\n        \"CodeSymbolToken\": \"#00a4c7\",\n        \"DataSymbolToken\": \"#278cad\",\n        \"LocalVariableToken\": \"#1f1f1f\",\n        \"ImportToken\": \"#e07c35\",\n        \"AddressDisplayToken\": \"#30820d\",\n        \"IndirectImportToken\": \"#e07c35\",\n        \"ExternalSymbolToken\": \"#e07c35\",\n        \"StackVariableToken\": \"#275016\",\n        \"AddressSeparatorToken\": \"#1f1f1f\",\n    }\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider","title":"BinjaProvider","text":"
               Bases: IntegrationProvider
 
Methods:
 
     
  •  get_symbol             \u2013              
    •  
  •  get_versions             \u2013              
    •  
  •  is_in_function             \u2013              
    •  
  •  get_comment_lines             \u2013              
    •  
  •  decompile             \u2013              
    •  
  •  get_func_type             \u2013              
    •  
  •  get_stack_var_name             \u2013              
    •  
  •  disable             \u2013              
    •  
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_symbol","title":"get_symbol","text":"
get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_versions","title":"get_versions","text":"
get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.is_in_function","title":"is_in_function","text":"
is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_comment_lines","title":"get_comment_lines","text":"
get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.decompile","title":"decompile","text":"
decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_func_type","title":"get_func_type","text":"
get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_stack_var_name","title":"get_stack_var_name","text":"
get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.disable","title":"disable","text":"
disable() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.binja_config_changed","title":"binja_config_changed","text":"
binja_config_changed()\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.ensure_disabled","title":"ensure_disabled","text":"
ensure_disabled() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.try_init_bn_rpc_client","title":"try_init_bn_rpc_client","text":"
try_init_bn_rpc_client() -> bool\n
 
Try to connect to the Binary Ninja RPC client.
 
If the connection succeeds, or we were already connected, return True. Otherwise, False.
 
An appropriate message will be also printed to the user.
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.enabledBinja","title":"enabledBinja","text":"
enabledBinja(\n    fallback: K = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\n
 
If we have a connection to binary ninja, call the function.
 
Otherwise, return fallback. Thus, all functions decorated with this, that do not specify a fallback, must have \"| None\" in their return signature.
 
This will not try to open a connection if it doesn't already exist. No messages will be printed.
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.establish_connection","title":"establish_connection","text":"
establish_connection() -> bool\n
 
If we already had a connection, or succeed in creating a new one, return True. Otherwise False.
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.withBinja","title":"withBinja","text":"
withBinja(func: Callable[P, T]) -> Callable[P, T | None]\n
 
Try to connect to Binary Ninja before running the decorated function.
 
If we fail connecting, return None. Thus, all functions decorated with this must have \"| None\" in their return signature.
 
Use this for user-initiated stuff like pwndbg.commands.binja.bn_sync().
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.l2r","title":"l2r","text":"
l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.r2l","title":"r2l","text":"
r2l(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.base","title":"base","text":"
base()\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_pc","title":"auto_update_pc","text":"
auto_update_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_bp","title":"auto_update_bp","text":"
auto_update_bp() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_clear_pc","title":"auto_clear_pc","text":"
auto_clear_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.navigate_to","title":"navigate_to","text":"
navigate_to(addr: int) -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_tok","title":"bn_to_pygment_tok","text":"
bn_to_pygment_tok(tok: str) -> Any\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_theme","title":"bn_to_pygment_theme","text":"
bn_to_pygment_theme(theme: dict[str, str]) -> dict[Any, str]\n
"},{"location":"reference/pwndbg/integration/ida/","title":"ida","text":""},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida","title":"ida","text":"
Talks to an XMLRPC server running inside of an active IDA Pro instance, in order to query it about the database.  Allows symbol resolution and interactive debugging.
 
Classes:
 
     
  •  IDC           \u2013            
    •  
  •  IdaProvider           \u2013            
    •  
 
Functions:
 
     
  •  ida_config_changed             \u2013              
    •  
  •  ensure_disabled             \u2013              
    •  
  •  try_init_ida_rpc_client             \u2013              
    Try to connect to the IDA RPC client.
     
    •  
  •  enabledIDA             \u2013              
    If we have a connection to Ida, call the function.
     
    •  
  •  establish_connection             \u2013              
    If we already had a connection, or succeed in creating a new one, return True.
     
    •  
  •  withIDA             \u2013              
    Try to connect to Ida before running the decorated function.
     
    •  
  •  withHexrays             \u2013              
    •  
  •  takes_address             \u2013              
    •  
  •  returns_address             \u2013              
    •  
  •  l2r             \u2013              
    •  
  •  r2l             \u2013              
    •  
  •  remote             \u2013              
    Runs the provided function in IDA's interpreter.
     
    •  
  •  base             \u2013              
    •  
  •  Comment             \u2013              
    •  
  •  Name             \u2013              
    •  
  •  GetFuncOffset             \u2013              
    •  
  •  GetFuncAttr             \u2013              
    •  
  •  GetType             \u2013              
    •  
  •  here             \u2013              
    •  
  •  Jump             \u2013              
    •  
  •  Anterior             \u2013              
    •  
  •  GetBreakpoints             \u2013              
    •  
  •  GetBptQty             \u2013              
    •  
  •  GetBptEA             \u2013              
    •  
  •  UpdateBreakpoints             \u2013              
    •  
  •  SetColor             \u2013              
    •  
  •  Auto_Color_PC             \u2013              
    •  
  •  Auto_UnColor_PC             \u2013              
    •  
  •  LocByName             \u2013              
    •  
  •  PrevHead             \u2013              
    •  
  •  NextHead             \u2013              
    •  
  •  GetFunctionName             \u2013              
    •  
  •  GetFlags             \u2013              
    •  
  •  isASCII             \u2013              
    •  
  •  ArgCount             \u2013              
    •  
  •  SaveBase             \u2013              
    •  
  •  GetIdbPath             \u2013              
    •  
  •  has_cached_cfunc             \u2013              
    •  
  •  decompile             \u2013              
    •  
  •  decompile_context             \u2013              
    •  
  •  get_ida_versions             \u2013              
    •  
  •  GetStrucQty             \u2013              
    •  
  •  GetStrucId             \u2013              
    •  
  •  GetStrucName             \u2013              
    •  
  •  GetStrucSize             \u2013              
    •  
  •  GetFrameId             \u2013              
    •  
  •  GetMemberQty             \u2013              
    •  
  •  GetMemberSize             \u2013              
    •  
  •  GetMemberId             \u2013              
    •  
  •  GetMemberName             \u2013              
    •  
  •  GetMemberOffset             \u2013              
    •  
  •  GetMemberFlag             \u2013              
    •  
  •  GetStrucNextOff             \u2013              
    •  
  •  print_member             \u2013              
    •  
  •  print_structs             \u2013              
    •  
 
Attributes:
 
     
  •  ida_rpc_host           \u2013            
    •  
  •  ida_rpc_port           \u2013            
    •  
  •  ida_timeout           \u2013            
    •  
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
  •  colored_pc           \u2013            
    •  
  •  idc           \u2013            
    •  
  •  ida_replacements           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_rpc_host","title":"ida_rpc_host  module-attribute","text":"
ida_rpc_host = add_param(\n    \"ida-rpc-host\", \"127.0.0.1\", \"ida xmlrpc server address\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_rpc_port","title":"ida_rpc_port  module-attribute","text":"
ida_rpc_port = add_param('ida-rpc-port', 43718, 'ida xmlrpc server port')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_timeout","title":"ida_timeout  module-attribute","text":"
ida_timeout = add_param(\n    \"ida-timeout\", 2, \"time to wait for ida xmlrpc in seconds\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.colored_pc","title":"colored_pc  module-attribute","text":"
colored_pc = None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.idc","title":"idc  module-attribute","text":"
idc = IDC()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_replacements","title":"ida_replacements  module-attribute","text":"
ida_replacements = {\n    \"__int64\": \"signed long long int\",\n    \"__int32\": \"signed int\",\n    \"__int16\": \"signed short\",\n    \"__int8\": \"signed char\",\n    \"__uint64\": \"unsigned long long int\",\n    \"__uint32\": \"unsigned int\",\n    \"__uint16\": \"unsigned short\",\n    \"__uint8\": \"unsigned char\",\n    \"_BOOL_1\": \"unsigned char\",\n    \"_BOOL_2\": \"unsigned short\",\n    \"_BOOL_4\": \"unsigned int\",\n    \"_BYTE\": \"unsigned char\",\n    \"_WORD\": \"unsigned short\",\n    \"_DWORD\": \"unsigned int\",\n    \"_QWORD\": \"unsigned long long\",\n    \"__pure\": \"\",\n    \"__hidden\": \"\",\n    \"__return_ptr\": \"\",\n    \"__struct_ptr\": \"\",\n    \"__array_ptr\": \"\",\n    \"__fastcall\": \"\",\n    \"__cdecl\": \"\",\n    \"__thiscall\": \"\",\n    \"__userpurge\": \"\",\n}\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IDC","title":"IDC","text":"
Attributes:
 
     
  •  query           \u2013            
    •  
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IDC.query","title":"query  class-attribute instance-attribute","text":"
query = (\n    \"{k:v for k,v in globals()['idc'].__dict__.items() if isinstance(v, int)}\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider","title":"IdaProvider","text":"
               Bases: IntegrationProvider
 
Methods:
 
     
  •  get_symbol             \u2013              
    •  
  •  get_versions             \u2013              
    •  
  •  is_in_function             \u2013              
    •  
  •  get_comment_lines             \u2013              
    •  
  •  decompile             \u2013              
    •  
  •  get_func_type             \u2013              
    •  
  •  disable             \u2013              
    •  
  •  get_stack_var_name             \u2013              
    Gets the name of a stack variable based on only the address of the variable.
     
    •  
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_symbol","title":"get_symbol","text":"
get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_versions","title":"get_versions","text":"
get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.is_in_function","title":"is_in_function","text":"
is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_comment_lines","title":"get_comment_lines","text":"
get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.decompile","title":"decompile","text":"
decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_func_type","title":"get_func_type","text":"
get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.disable","title":"disable","text":"
disable() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_stack_var_name","title":"get_stack_var_name","text":"
get_stack_var_name(addr: int) -> str | None\n
 
Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_config_changed","title":"ida_config_changed","text":"
ida_config_changed() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ensure_disabled","title":"ensure_disabled","text":"
ensure_disabled() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.try_init_ida_rpc_client","title":"try_init_ida_rpc_client","text":"
try_init_ida_rpc_client() -> bool\n
 
Try to connect to the IDA RPC client.
 
If the connection succeeds, or we were already connected, return True. Otherwise, False.
 
An appropriate message will be also printed to the user.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.enabledIDA","title":"enabledIDA","text":"
enabledIDA(func: Callable[P, T]) -> Callable[P, T | None]\n
 
If we have a connection to Ida, call the function.
 
Otherwise, return None. Thus, all functions decorated with this must have \"| None\" in their return signature.
 
This will not try to open a connection if it doesn't already exist. No messages will be printed.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.establish_connection","title":"establish_connection","text":"
establish_connection() -> bool\n
 
If we already had a connection, or succeed in creating a new one, return True. Otherwise False.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withIDA","title":"withIDA","text":"
withIDA(func: Callable[P, T]) -> Callable[P, T | None]\n
 
Try to connect to Ida before running the decorated function.
 
If we fail connecting to Ida, return None. Thus, all functions decorated with this must have \"| None\" in their return signature.
 
Use this for user-initiated stuff like pwndbg.commands.ida.save_ida().
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withHexrays","title":"withHexrays","text":"
withHexrays(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.takes_address","title":"takes_address","text":"
takes_address(\n    function: Callable[Concatenate[int, P], T],\n) -> Callable[Concatenate[int, P], T]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.returns_address","title":"returns_address","text":"
returns_address(function: Callable[P, int]) -> Callable[P, int]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.l2r","title":"l2r","text":"
l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.r2l","title":"r2l","text":"
r2l(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.remote","title":"remote","text":"
remote(function) -> None\n
 
Runs the provided function in IDA's interpreter.
 
The function must be self-contained and not reference any global variables.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.base","title":"base","text":"
base()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Comment","title":"Comment","text":"
Comment(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Name","title":"Name","text":"
Name(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFuncOffset","title":"GetFuncOffset","text":"
GetFuncOffset(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFuncAttr","title":"GetFuncAttr","text":"
GetFuncAttr(addr: int, attr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetType","title":"GetType","text":"
GetType(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.here","title":"here","text":"
here() -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Jump","title":"Jump","text":"
Jump(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Anterior","title":"Anterior","text":"
Anterior(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBreakpoints","title":"GetBreakpoints","text":"
GetBreakpoints()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptQty","title":"GetBptQty","text":"
GetBptQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptEA","title":"GetBptEA","text":"
GetBptEA(i: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.UpdateBreakpoints","title":"UpdateBreakpoints","text":"
UpdateBreakpoints() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SetColor","title":"SetColor","text":"
SetColor(pc, color)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_Color_PC","title":"Auto_Color_PC","text":"
Auto_Color_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_UnColor_PC","title":"Auto_UnColor_PC","text":"
Auto_UnColor_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.LocByName","title":"LocByName","text":"
LocByName(name) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.PrevHead","title":"PrevHead","text":"
PrevHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.NextHead","title":"NextHead","text":"
NextHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFunctionName","title":"GetFunctionName","text":"
GetFunctionName(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFlags","title":"GetFlags","text":"
GetFlags(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.isASCII","title":"isASCII","text":"
isASCII(flags)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ArgCount","title":"ArgCount","text":"
ArgCount(address) -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SaveBase","title":"SaveBase","text":"
SaveBase(path: str)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetIdbPath","title":"GetIdbPath","text":"
GetIdbPath()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.has_cached_cfunc","title":"has_cached_cfunc","text":"
has_cached_cfunc(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile","title":"decompile","text":"
decompile(addr) -> str | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile_context","title":"decompile_context","text":"
decompile_context(pc, context_lines) -> str | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.get_ida_versions","title":"get_ida_versions","text":"
get_ida_versions() -> dict[str, str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucQty","title":"GetStrucQty","text":"
GetStrucQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucId","title":"GetStrucId","text":"
GetStrucId(idx)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucName","title":"GetStrucName","text":"
GetStrucName(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucSize","title":"GetStrucSize","text":"
GetStrucSize(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFrameId","title":"GetFrameId","text":"
GetFrameId(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberQty","title":"GetMemberQty","text":"
GetMemberQty(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberSize","title":"GetMemberSize","text":"
GetMemberSize(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberId","title":"GetMemberId","text":"
GetMemberId(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberName","title":"GetMemberName","text":"
GetMemberName(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberOffset","title":"GetMemberOffset","text":"
GetMemberOffset(sid, member_name)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberFlag","title":"GetMemberFlag","text":"
GetMemberFlag(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucNextOff","title":"GetStrucNextOff","text":"
GetStrucNextOff(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_member","title":"print_member","text":"
print_member(sid, offset) -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_structs","title":"print_structs","text":"
print_structs() -> None\n
"},{"location":"reference/pwndbg/lib/","title":"lib","text":""},{"location":"reference/pwndbg/lib/#pwndbg.lib","title":"lib","text":"
Library for non-debugger-dependant functionality.
 
Modules:
 
     
  •  abi           \u2013            
    •  
  •  android           \u2013            
    •  
  •  arch           \u2013            
    •  
  •  cache           \u2013            
    Caches return values until some event in the inferior happens,
     
    •  
  •  common           \u2013            
    •  
  •  config           \u2013            
    •  
  •  disasm           \u2013            
    •  
  •  elftypes           \u2013            
    •  
  •  exception           \u2013            
    •  
  •  funcparser           \u2013            
    •  
  •  functions           \u2013            
    •  
  •  functions_data           \u2013            
    •  
  •  heap           \u2013            
    •  
  •  kernel           \u2013            
    •  
  •  memory           \u2013            
    Reading, writing, and describing memory.
     
    •  
  •  net           \u2013            
    Re-implements some psutil functionality to be able to get information from
     
    •  
  •  pretty_print           \u2013            
    •  
  •  regs           \u2013            
    Reading register value from the inferior, and provides a
     
    •  
  •  stdio           \u2013            
    Provides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout
     
    •  
  •  strings           \u2013            
    •  
  •  tempfile           \u2013            
    Common helper and cache for pwndbg tempdir
     
    •  
  •  tips           \u2013            
    •  
  •  version           \u2013            
    •  
  •  which           \u2013            
    •  
  •  zig           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/abi/","title":"abi","text":""},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi","title":"abi","text":"
Classes:
 
     
  •  ABI           \u2013            
    Encapsulates information about a calling convention.
     
    •  
  •  SyscallABI           \u2013            
    The syscall ABI treats the syscall number as the zeroth argument,
     
    •  
  •  SigreturnABI           \u2013            
    The sigreturn ABI is similar to the syscall ABI, except that
     
    •  
 
Attributes:
 
     
  •  linux_i386           \u2013            
    •  
  •  linux_amd64           \u2013            
    •  
  •  linux_arm           \u2013            
    •  
  •  linux_aarch64           \u2013            
    •  
  •  linux_mips           \u2013            
    •  
  •  linux_mips64           \u2013            
    •  
  •  linux_ppc           \u2013            
    •  
  •  linux_ppc64           \u2013            
    •  
  •  linux_riscv32           \u2013            
    •  
  •  linux_riscv64           \u2013            
    •  
  •  linux_i386_syscall           \u2013            
    •  
  •  linux_amd64_syscall           \u2013            
    •  
  •  linux_arm_syscall           \u2013            
    •  
  •  linux_aarch64_syscall           \u2013            
    •  
  •  linux_mips_syscall           \u2013            
    •  
  •  linux_mips64_syscall           \u2013            
    •  
  •  linux_ppc_syscall           \u2013            
    •  
  •  linux_ppc64_syscall           \u2013            
    •  
  •  linux_riscv32_syscall           \u2013            
    •  
  •  linux_riscv64_syscall           \u2013            
    •  
  •  linux_i386_sigreturn           \u2013            
    •  
  •  linux_amd64_sigreturn           \u2013            
    •  
  •  linux_arm_sigreturn           \u2013            
    •  
  •  linux_i386_srop           \u2013            
    •  
  •  linux_amd64_srop           \u2013            
    •  
  •  linux_arm_srop           \u2013            
    •  
  •  DEFAULT_ABIS               (dict[tuple[int, str, str], ABI])           \u2013            
    •  
  •  SYSCALL_ABIS               (dict[tuple[int, str, str], SyscallABI])           \u2013            
    •  
  •  SIGRETURN_ABIS               (dict[tuple[int, str, str], SigreturnABI])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386","title":"linux_i386  module-attribute","text":"
linux_i386 = ABI((), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64","title":"linux_amd64  module-attribute","text":"
linux_amd64 = ABI(('rdi', 'rsi', 'rdx', 'rcx', 'r8', 'r9'), 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm","title":"linux_arm  module-attribute","text":"
linux_arm = ABI(('r0', 'r1', 'r2', 'r3'), 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64","title":"linux_aarch64  module-attribute","text":"
linux_aarch64 = ABI(('x0', 'x1', 'x2', 'x3', 'x4', 'x5', 'x6', 'x7'), 16, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips","title":"linux_mips  module-attribute","text":"
linux_mips = ABI(('$a0', '$a1', '$a2', '$a3'), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64","title":"linux_mips64  module-attribute","text":"
linux_mips64 = ABI(\n    (\"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\", \"$a6\", \"$a7\"), 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc","title":"linux_ppc  module-attribute","text":"
linux_ppc = ABI(('r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64","title":"linux_ppc64  module-attribute","text":"
linux_ppc64 = ABI(('r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'), 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32","title":"linux_riscv32  module-attribute","text":"
linux_riscv32 = ABI(('a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64","title":"linux_riscv64  module-attribute","text":"
linux_riscv64 = ABI(('a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'), 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_syscall","title":"linux_i386_syscall  module-attribute","text":"
linux_i386_syscall = SyscallABI(\n    (\"eax\", \"ebx\", \"ecx\", \"edx\", \"esi\", \"edi\", \"ebp\"), 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_syscall","title":"linux_amd64_syscall  module-attribute","text":"
linux_amd64_syscall = SyscallABI(\n    (\"rax\", \"rdi\", \"rsi\", \"rdx\", \"r10\", \"r8\", \"r9\"), 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_syscall","title":"linux_arm_syscall  module-attribute","text":"
linux_arm_syscall = SyscallABI(\n    (\"r7\", \"r0\", \"r1\", \"r2\", \"r3\", \"r4\", \"r5\", \"r6\"), 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64_syscall","title":"linux_aarch64_syscall  module-attribute","text":"
linux_aarch64_syscall = SyscallABI(\n    (\"x8\", \"x0\", \"x1\", \"x2\", \"x3\", \"x4\", \"x5\"), 16, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips_syscall","title":"linux_mips_syscall  module-attribute","text":"
linux_mips_syscall = SyscallABI(('$v0', '$a0', '$a1', '$a2', '$a3'), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64_syscall","title":"linux_mips64_syscall  module-attribute","text":"
linux_mips64_syscall = SyscallABI(\n    (\"$v0\", \"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\"), 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc_syscall","title":"linux_ppc_syscall  module-attribute","text":"
linux_ppc_syscall = SyscallABI(\n    (\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\"), 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64_syscall","title":"linux_ppc64_syscall  module-attribute","text":"
linux_ppc64_syscall = SyscallABI(\n    (\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\"), 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32_syscall","title":"linux_riscv32_syscall  module-attribute","text":"
linux_riscv32_syscall = SyscallABI(\n    (\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"), 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64_syscall","title":"linux_riscv64_syscall  module-attribute","text":"
linux_riscv64_syscall = SyscallABI(\n    (\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"), 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_sigreturn","title":"linux_i386_sigreturn  module-attribute","text":"
linux_i386_sigreturn = SigreturnABI(('eax',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_sigreturn","title":"linux_amd64_sigreturn  module-attribute","text":"
linux_amd64_sigreturn = SigreturnABI(('rax',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_sigreturn","title":"linux_arm_sigreturn  module-attribute","text":"
linux_arm_sigreturn = SigreturnABI(('r7',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_srop","title":"linux_i386_srop  module-attribute","text":"
linux_i386_srop = ABI(('eax',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_srop","title":"linux_amd64_srop  module-attribute","text":"
linux_amd64_srop = ABI(('rax',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_srop","title":"linux_arm_srop  module-attribute","text":"
linux_arm_srop = ABI(('r7',), 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.DEFAULT_ABIS","title":"DEFAULT_ABIS  module-attribute","text":"
DEFAULT_ABIS: dict[tuple[int, str, str], ABI] = {\n    (32, \"i386\", \"linux\"): linux_i386,\n    (64, \"x86-64\", \"linux\"): linux_amd64,\n    (64, \"aarch64\", \"linux\"): linux_aarch64,\n    (32, \"arm\", \"linux\"): linux_arm,\n    (32, \"thumb\", \"linux\"): linux_arm,\n    (32, \"mips\", \"linux\"): linux_mips,\n    (64, \"mips\", \"linux\"): linux_mips64,\n    (32, \"powerpc\", \"linux\"): linux_ppc,\n    (64, \"powerpc\", \"linux\"): linux_ppc64,\n    (32, \"rv32\", \"linux\"): linux_riscv32,\n    (64, \"rv64\", \"linux\"): linux_riscv64,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SYSCALL_ABIS","title":"SYSCALL_ABIS  module-attribute","text":"
SYSCALL_ABIS: dict[tuple[int, str, str], SyscallABI] = {\n    (32, \"i386\", \"linux\"): linux_i386_syscall,\n    (64, \"x86-64\", \"linux\"): linux_amd64_syscall,\n    (64, \"aarch64\", \"linux\"): linux_aarch64_syscall,\n    (32, \"arm\", \"linux\"): linux_arm_syscall,\n    (32, \"thumb\", \"linux\"): linux_arm_syscall,\n    (32, \"mips\", \"linux\"): linux_mips_syscall,\n    (64, \"mips\", \"linux\"): linux_mips64_syscall,\n    (32, \"powerpc\", \"linux\"): linux_ppc_syscall,\n    (64, \"powerpc\", \"linux\"): linux_ppc64_syscall,\n    (32, \"rv32\", \"linux\"): linux_riscv32_syscall,\n    (64, \"rv64\", \"linux\"): linux_riscv64_syscall,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SIGRETURN_ABIS","title":"SIGRETURN_ABIS  module-attribute","text":"
SIGRETURN_ABIS: dict[tuple[int, str, str], SigreturnABI] = {\n    (32, \"i386\", \"linux\"): linux_i386_sigreturn,\n    (64, \"x86-64\", \"linux\"): linux_amd64_sigreturn,\n    (32, \"arm\", \"linux\"): linux_arm_sigreturn,\n    (32, \"thumb\", \"linux\"): linux_arm_sigreturn,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI","title":"ABI","text":"
ABI(regs: tuple[str, ...], align: int, minimum: int)\n
 
Encapsulates information about a calling convention.
 
Attributes:
 
     
  •  returns           \u2013            
    •  
  •  register_arguments               (tuple[str, ...])           \u2013            
    •  
  •  arg_alignment           \u2013            
    •  
  •  stack_minimum           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.returns","title":"returns  class-attribute instance-attribute","text":"
returns = True\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.register_arguments","title":"register_arguments  class-attribute instance-attribute","text":"
register_arguments: tuple[str, ...] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.arg_alignment","title":"arg_alignment  class-attribute instance-attribute","text":"
arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.stack_minimum","title":"stack_minimum  class-attribute instance-attribute","text":"
stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI","title":"SyscallABI","text":"
SyscallABI(register_arguments: tuple[str, ...], *a: Any, **kw: Any)\n
 
               Bases: ABI
 
The syscall ABI treats the syscall number as the zeroth argument, which must be loaded into the specified register.
 
Attributes:
 
     
  •  syscall_register           \u2013            
    •  
  •  register_arguments               (tuple[str, ...])           \u2013            
    •  
  •  arg_alignment           \u2013            
    •  
  •  stack_minimum           \u2013            
    •  
  •  returns           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.syscall_register","title":"syscall_register  instance-attribute","text":"
syscall_register = register_arguments[0]\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.register_arguments","title":"register_arguments  class-attribute instance-attribute","text":"
register_arguments: tuple[str, ...] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.arg_alignment","title":"arg_alignment  class-attribute instance-attribute","text":"
arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.stack_minimum","title":"stack_minimum  class-attribute instance-attribute","text":"
stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.returns","title":"returns  class-attribute instance-attribute","text":"
returns = True\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI","title":"SigreturnABI","text":"
SigreturnABI(register_arguments: tuple[str, ...], *a: Any, **kw: Any)\n
 
               Bases: SyscallABI
 
The sigreturn ABI is similar to the syscall ABI, except that both PC and SP are loaded from the stack.  Because of this, there is no 'return' slot necessary on the stack.
 
Attributes:
 
     
  •  returns           \u2013            
    •  
  •  register_arguments               (tuple[str, ...])           \u2013            
    •  
  •  arg_alignment           \u2013            
    •  
  •  stack_minimum           \u2013            
    •  
  •  syscall_register           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.returns","title":"returns  class-attribute instance-attribute","text":"
returns = False\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.register_arguments","title":"register_arguments  class-attribute instance-attribute","text":"
register_arguments: tuple[str, ...] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.arg_alignment","title":"arg_alignment  class-attribute instance-attribute","text":"
arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.stack_minimum","title":"stack_minimum  class-attribute instance-attribute","text":"
stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.syscall_register","title":"syscall_register  instance-attribute","text":"
syscall_register = register_arguments[0]\n
"},{"location":"reference/pwndbg/lib/android/","title":"android","text":""},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android","title":"android","text":"
Functions:
 
     
  •  aid_name             \u2013              
    •  
 
Attributes:
 
     
  •  KNOWN_AIDS           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android.KNOWN_AIDS","title":"KNOWN_AIDS  module-attribute","text":"
KNOWN_AIDS = {\n    0: \"AID_ROOT\",\n    1000: \"AID_SYSTEM\",\n    1001: \"AID_RADIO\",\n    1002: \"AID_BLUETOOTH\",\n    1003: \"AID_GRAPHICS\",\n    1004: \"AID_INPUT\",\n    1005: \"AID_AUDIO\",\n    1006: \"AID_CAMERA\",\n    1007: \"AID_LOG\",\n    1008: \"AID_COMPASS\",\n    1009: \"AID_MOUNT\",\n    1010: \"AID_WIFI\",\n    1011: \"AID_ADB\",\n    1012: \"AID_INSTALL\",\n    1013: \"AID_MEDIA\",\n    1014: \"AID_DHCP\",\n    1015: \"AID_SDCARD_RW\",\n    1016: \"AID_VPN\",\n    1017: \"AID_KEYSTORE\",\n    1018: \"AID_USB\",\n    1019: \"AID_DRM\",\n    1020: \"AID_MDNSR\",\n    1021: \"AID_GPS\",\n    1022: \"AID_UNUSED1\",\n    1023: \"AID_MEDIA_RW\",\n    1024: \"AID_MTP\",\n    1025: \"AID_UNUSED2\",\n    1026: \"AID_DRMRPC\",\n    1027: \"AID_NFC\",\n    1028: \"AID_SDCARD_R\",\n    1029: \"AID_CLAT\",\n    1030: \"AID_LOOP_RADIO\",\n    1031: \"AID_MEDIA_DRM\",\n    1032: \"AID_PACKAGE_INFO\",\n    1033: \"AID_SDCARD_PICS\",\n    1034: \"AID_SDCARD_AV\",\n    1035: \"AID_SDCARD_ALL\",\n    1036: \"AID_LOGD\",\n    1037: \"AID_SHARED_RELRO\",\n    1038: \"AID_DBUS\",\n    1039: \"AID_TLSDATE\",\n    1040: \"AID_MEDIA_EX\",\n    1041: \"AID_AUDIOSERVER\",\n    1042: \"AID_METRICS_COLL\",\n    1043: \"AID_METRICSD\",\n    1044: \"AID_WEBSERV\",\n    1045: \"AID_DEBUGGERD\",\n    1046: \"AID_MEDIA_CODEC\",\n    1047: \"AID_CAMERASERVER\",\n    1048: \"AID_FIREWALL\",\n    1049: \"AID_TRUNKS\",\n    1050: \"AID_NVRAM\",\n    2001: \"AID_CACHE\",\n    2002: \"AID_DIAG\",\n    2900: \"AID_OEM_RESERVED_START\",\n    2999: \"AID_OEM_RESERVED_END\",\n    3001: \"AID_NET_BT_ADMIN\",\n    3002: \"AID_NET_BT\",\n    3003: \"AID_INET\",\n    3004: \"AID_NET_RAW\",\n    3005: \"AID_NET_ADMIN\",\n    3006: \"AID_NET_BW_STATS\",\n    3007: \"AID_NET_BW_ACCT\",\n    3008: \"AID_NET_BT_STACK\",\n    3009: \"AID_READPROC\",\n    3010: \"AID_WAKELOCK\",\n    5000: \"AID_OEM_RESERVED_2_START\",\n    5999: \"AID_OEM_RESERVED_2_END\",\n    9997: \"AID_EVERYBODY\",\n    9998: \"AID_MISC\",\n    9999: \"AID_NOBODY\",\n    10000: \"AID_APP\",\n    50000: \"AID_SHARED_GID_START\",\n    59999: \"AID_SHARED_GID_END\",\n    99000: \"AID_ISOLATED_START\",\n    99999: \"AID_ISOLATED_END\",\n    100000: \"AID_USER\",\n}\n
"},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android.aid_name","title":"aid_name","text":"
aid_name(uid: int) -> str\n
"},{"location":"reference/pwndbg/lib/arch/","title":"arch","text":""},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch","title":"arch","text":"
Classes:
 
     
  •  Platform           \u2013            
    •  
  •  ArchAttribute           \u2013            
    •  
  •  ArchDefinition           \u2013            
    •  
 
Attributes:
 
     
  •  PWNDBG_SUPPORTED_ARCHITECTURES_TYPE           \u2013            
    •  
  •  PWNDBG_SUPPORTED_ARCHITECTURES               (list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE])           \u2013            
    •  
  •  PWNLIB_ARCH_MAPPINGS           \u2013            
    •  
  •  PWNLIB_PLATFORM_MAPPINGS               (dict[Platform, str])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNDBG_SUPPORTED_ARCHITECTURES_TYPE","title":"PWNDBG_SUPPORTED_ARCHITECTURES_TYPE  module-attribute","text":"
PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = Literal[\n    \"x86-64\",\n    \"i386\",\n    \"i8086\",\n    \"mips\",\n    \"aarch64\",\n    \"arm\",\n    \"armcm\",\n    \"rv32\",\n    \"rv64\",\n    \"sparc\",\n    \"powerpc\",\n    \"loongarch64\",\n    \"s390x\",\n]\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNDBG_SUPPORTED_ARCHITECTURES","title":"PWNDBG_SUPPORTED_ARCHITECTURES  module-attribute","text":"
PWNDBG_SUPPORTED_ARCHITECTURES: list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE] = (\n    list(get_args(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE))\n)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNLIB_ARCH_MAPPINGS","title":"PWNLIB_ARCH_MAPPINGS  module-attribute","text":"
PWNLIB_ARCH_MAPPINGS = {\n    \"x86-64\": \"amd64\",\n    \"i386\": \"i386\",\n    \"i8086\": \"none\",\n    \"mips\": \"mips\",\n    \"aarch64\": \"aarch64\",\n    \"arm\": \"arm\",\n    \"armcm\": \"thumb\",\n    \"rv32\": \"riscv32\",\n    \"rv64\": \"riscv64\",\n    \"powerpc\": \"powerpc\",\n    \"sparc\": \"sparc\",\n    \"loongarch64\": \"none\",\n    \"s390x\": \"s390\",\n}\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNLIB_PLATFORM_MAPPINGS","title":"PWNLIB_PLATFORM_MAPPINGS  module-attribute","text":"
PWNLIB_PLATFORM_MAPPINGS: dict[Platform, str] = {\n    LINUX: \"linux\",\n    DARWIN: \"darwin\",\n}\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform","title":"Platform","text":"
               Bases: Enum
 
Attributes:
 
     
  •  LINUX           \u2013            
    •  
  •  DARWIN           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform.LINUX","title":"LINUX  class-attribute instance-attribute","text":"
LINUX = (auto(),)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform.DARWIN","title":"DARWIN  class-attribute instance-attribute","text":"
DARWIN = (auto(),)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute","title":"ArchAttribute","text":"
ArchAttribute(_, cs_mode)\n
 
               Bases: Enum
 
Attributes:
 
     
  •  MIPS_ISA_1           \u2013            
    •  
  •  MIPS_ISA_2           \u2013            
    •  
  •  MIPS_ISA_3           \u2013            
    •  
  •  MIPS_ISA_4           \u2013            
    •  
  •  MIPS_ISA_5           \u2013            
    •  
  •  MIPS_ISA_32           \u2013            
    •  
  •  MIPS_ISA_32R2           \u2013            
    •  
  •  MIPS_ISA_32R3           \u2013            
    •  
  •  MIPS_ISA_32R5           \u2013            
    •  
  •  MIPS_ISA_32R6           \u2013            
    •  
  •  MIPS_ISA_64           \u2013            
    •  
  •  MIPS_ISA_64R2           \u2013            
    •  
  •  MIPS_ISA_64R3           \u2013            
    •  
  •  MIPS_ISA_64R5           \u2013            
    •  
  •  MIPS_ISA_64R6           \u2013            
    •  
  •  MIPS_ISA_MICRO           \u2013            
    •  
  •  MIPS_ISA_NANO           \u2013            
    •  
  •  cs_mode           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_1","title":"MIPS_ISA_1  class-attribute instance-attribute","text":"
MIPS_ISA_1 = (auto(), CS_MODE_MIPS1)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_2","title":"MIPS_ISA_2  class-attribute instance-attribute","text":"
MIPS_ISA_2 = (auto(), CS_MODE_MIPS2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_3","title":"MIPS_ISA_3  class-attribute instance-attribute","text":"
MIPS_ISA_3 = (auto(), CS_MODE_MIPS3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_4","title":"MIPS_ISA_4  class-attribute instance-attribute","text":"
MIPS_ISA_4 = (auto(), CS_MODE_MIPS4)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_5","title":"MIPS_ISA_5  class-attribute instance-attribute","text":"
MIPS_ISA_5 = (auto(), CS_MODE_MIPS5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32","title":"MIPS_ISA_32  class-attribute instance-attribute","text":"
MIPS_ISA_32 = (auto(), CS_MODE_MIPS32)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R2","title":"MIPS_ISA_32R2  class-attribute instance-attribute","text":"
MIPS_ISA_32R2 = (auto(), CS_MODE_MIPS32R2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R3","title":"MIPS_ISA_32R3  class-attribute instance-attribute","text":"
MIPS_ISA_32R3 = (auto(), CS_MODE_MIPS32R3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R5","title":"MIPS_ISA_32R5  class-attribute instance-attribute","text":"
MIPS_ISA_32R5 = (auto(), CS_MODE_MIPS32R5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R6","title":"MIPS_ISA_32R6  class-attribute instance-attribute","text":"
MIPS_ISA_32R6 = (auto(), CS_MODE_MIPS32R6)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64","title":"MIPS_ISA_64  class-attribute instance-attribute","text":"
MIPS_ISA_64 = (auto(), CS_MODE_MIPS64)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R2","title":"MIPS_ISA_64R2  class-attribute instance-attribute","text":"
MIPS_ISA_64R2 = (auto(), CS_MODE_MIPS64R2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R3","title":"MIPS_ISA_64R3  class-attribute instance-attribute","text":"
MIPS_ISA_64R3 = (auto(), CS_MODE_MIPS64R3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R5","title":"MIPS_ISA_64R5  class-attribute instance-attribute","text":"
MIPS_ISA_64R5 = (auto(), CS_MODE_MIPS64R5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R6","title":"MIPS_ISA_64R6  class-attribute instance-attribute","text":"
MIPS_ISA_64R6 = (auto(), CS_MODE_MIPS64R6)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_MICRO","title":"MIPS_ISA_MICRO  class-attribute instance-attribute","text":"
MIPS_ISA_MICRO = (auto(), CS_MODE_MICRO)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_NANO","title":"MIPS_ISA_NANO  class-attribute instance-attribute","text":"
MIPS_ISA_NANO = (auto(), CS_MODE_NANOMIPS)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.cs_mode","title":"cs_mode  instance-attribute","text":"
cs_mode = cs_mode\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition","title":"ArchDefinition  dataclass","text":"
ArchDefinition(\n    name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n    ptrsize: int,\n    endian: Literal[\"little\", \"big\"],\n    platform: Platform,\n    attributes: list[ArchAttribute] = list(),\n)\n
 
Attributes:
 
     
  •  name               (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    Pointer size in bytes
     
    •  
  •  endian               (Literal['little', 'big'])           \u2013            
    •  
  •  platform               (Platform)           \u2013            
    •  
  •  attributes               (list[ArchAttribute])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.name","title":"name  instance-attribute","text":"
name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int\n
 
Pointer size in bytes
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.endian","title":"endian  instance-attribute","text":"
endian: Literal['little', 'big']\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.platform","title":"platform  instance-attribute","text":"
platform: Platform\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.attributes","title":"attributes  class-attribute instance-attribute","text":"
attributes: list[ArchAttribute] = field(default_factory=list)\n
"},{"location":"reference/pwndbg/lib/cache/","title":"cache","text":""},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache","title":"cache","text":"
Caches return values until some event in the inferior happens, e.g. execution stops because of a SIGINT or breakpoint, or a new library/objfile are loaded, etc.
 
Classes:
 
     
  •  DebugCacheDict           \u2013            
    •  
  •  CachedFunction           \u2013            
    •  
 
Functions:
 
     
  •  connect_clear_caching_events             \u2013              
    Connect given debugger event hooks to correspoonding _CacheUntilEvent instances
     
    •  
  •  cache_until             \u2013              
    •  
  •  clear_caches             \u2013              
    •  
  •  clear_cache             \u2013              
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
  •  P           \u2013            
    •  
  •  debug           \u2013            
    •  
  •  debug_name           \u2013            
    •  
  •  Cache           \u2013            
    •  
  •  IS_CACHING           \u2013            
    •  
  •  IS_CACHING_DISABLED_FOR               (dict[str, bool])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.T","title":"T  module-attribute","text":"
T = TypeVar('T', covariant=True)\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug","title":"debug  module-attribute","text":"
debug = NO_DEBUG\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug_name","title":"debug_name  module-attribute","text":"
debug_name = 'regs'\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.Cache","title":"Cache  module-attribute","text":"
Cache = Union[Dict[Tuple[Any, ...], Any], DebugCacheDict]\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING","title":"IS_CACHING  module-attribute","text":"
IS_CACHING = True\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING_DISABLED_FOR","title":"IS_CACHING_DISABLED_FOR  module-attribute","text":"
IS_CACHING_DISABLED_FOR: dict[str, bool] = {\n    \"stop\": False,\n    \"exit\": False,\n    \"objfile\": False,\n    \"start\": False,\n    \"cont\": False,\n    \"thread\": False,\n    \"prompt\": False,\n    \"forever\": False,\n}\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict","title":"DebugCacheDict","text":"
DebugCacheDict(func: Callable[P, T], *args: Any, **kwargs: Any)\n
 
               Bases: UserDict
 
Methods:
 
     
  •  __getitem__             \u2013              
    •  
  •  __setitem__             \u2013              
    •  
  •  clear             \u2013              
    •  
 
Attributes:
 
     
  •  hits           \u2013            
    •  
  •  misses           \u2013            
    •  
  •  func           \u2013            
    •  
  •  name           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.hits","title":"hits  instance-attribute","text":"
hits = 0\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.misses","title":"misses  instance-attribute","text":"
misses = 0\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.func","title":"func  instance-attribute","text":"
func = func\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.name","title":"name  instance-attribute","text":"
name = f'{split('.')[-1]}.{__name__}'\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__getitem__","title":"__getitem__","text":"
__getitem__(key: tuple[Any, ...]) -> Any\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__setitem__","title":"__setitem__","text":"
__setitem__(key: tuple[Any, ...], value: Any) -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.clear","title":"clear","text":"
clear() -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.CachedFunction","title":"CachedFunction","text":"
               Bases: Protocol[T]
 
Methods:
 
     
  •  __call__             \u2013              
    •  
 
Attributes:
 
     
  •  cache               (Cache)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.CachedFunction.cache","title":"cache  instance-attribute","text":"
cache: Cache\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.CachedFunction.__call__","title":"__call__","text":"
__call__(*args: Any, **kwargs: Any) -> T\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.connect_clear_caching_events","title":"connect_clear_caching_events","text":"
connect_clear_caching_events(\n    event_dicts: dict[str, tuple[Any, ...]], **kwargs: Any\n) -> None\n
 
Connect given debugger event hooks to correspoonding _CacheUntilEvent instances
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.cache_until","title":"cache_until","text":"
cache_until(\n    *event_names: str,\n) -> Callable[[Callable[P, T]], CachedFunction[T]]\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_caches","title":"clear_caches","text":"
clear_caches() -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_cache","title":"clear_cache","text":"
clear_cache(cache_name: str) -> None\n
"},{"location":"reference/pwndbg/lib/common/","title":"common","text":""},{"location":"reference/pwndbg/lib/common/#pwndbg.lib.common","title":"common","text":"
Functions:
 
     
  •  hex2ptr_common             \u2013              
    Converts a hex string to a little-endian integer address.
     
    •  
"},{"location":"reference/pwndbg/lib/common/#pwndbg.lib.common.hex2ptr_common","title":"hex2ptr_common","text":"
hex2ptr_common(arg: str) -> int\n
 
Converts a hex string to a little-endian integer address.
"},{"location":"reference/pwndbg/lib/config/","title":"config","text":""},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config","title":"config","text":"
Classes:
 
     
  •  Scope           \u2013            
    •  
  •  Parameter           \u2013            
    •  
  •  Config           \u2013            
    •  
 
Attributes:
 
     
  •  T           \u2013            
    •  
  •  PARAM_BOOLEAN           \u2013            
    •  
  •  PARAM_AUTO_BOOLEAN           \u2013            
    •  
  •  PARAM_INTEGER           \u2013            
    •  
  •  PARAM_ZINTEGER           \u2013            
    •  
  •  PARAM_UINTEGER           \u2013            
    •  
  •  PARAM_ZUINTEGER           \u2013            
    •  
  •  PARAM_ZUINTEGER_UNLIMITED           \u2013            
    •  
  •  PARAM_STRING           \u2013            
    •  
  •  PARAM_ENUM           \u2013            
    •  
  •  PARAM_OPTIONAL_FILENAME           \u2013            
    •  
  •  PARAM_CLASSES           \u2013            
    •  
  •  HELP_DEFAULT_PREFIX           \u2013            
    •  
  •  HELP_VALID_VALUES_PREFIX           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_BOOLEAN","title":"PARAM_BOOLEAN  module-attribute","text":"
PARAM_BOOLEAN = 0\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_AUTO_BOOLEAN","title":"PARAM_AUTO_BOOLEAN  module-attribute","text":"
PARAM_AUTO_BOOLEAN = 1\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_INTEGER","title":"PARAM_INTEGER  module-attribute","text":"
PARAM_INTEGER = 2\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZINTEGER","title":"PARAM_ZINTEGER  module-attribute","text":"
PARAM_ZINTEGER = 3\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_UINTEGER","title":"PARAM_UINTEGER  module-attribute","text":"
PARAM_UINTEGER = 4\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER","title":"PARAM_ZUINTEGER  module-attribute","text":"
PARAM_ZUINTEGER = 5\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER_UNLIMITED","title":"PARAM_ZUINTEGER_UNLIMITED  module-attribute","text":"
PARAM_ZUINTEGER_UNLIMITED = 6\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_STRING","title":"PARAM_STRING  module-attribute","text":"
PARAM_STRING = 7\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ENUM","title":"PARAM_ENUM  module-attribute","text":"
PARAM_ENUM = 8\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_OPTIONAL_FILENAME","title":"PARAM_OPTIONAL_FILENAME  module-attribute","text":"
PARAM_OPTIONAL_FILENAME = 9\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_CLASSES","title":"PARAM_CLASSES  module-attribute","text":"
PARAM_CLASSES = {bool: PARAM_BOOLEAN, int: PARAM_ZINTEGER, str: PARAM_STRING}\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.HELP_DEFAULT_PREFIX","title":"HELP_DEFAULT_PREFIX  module-attribute","text":"
HELP_DEFAULT_PREFIX = 'Default:'\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.HELP_VALID_VALUES_PREFIX","title":"HELP_VALID_VALUES_PREFIX  module-attribute","text":"
HELP_VALID_VALUES_PREFIX = 'Valid values:'\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope","title":"Scope","text":"
               Bases: Enum
 
Attributes:
 
     
  •  config           \u2013            
    •  
  •  theme           \u2013            
    •  
  •  heap           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.config","title":"config  class-attribute instance-attribute","text":"
config = 1\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.theme","title":"theme  class-attribute instance-attribute","text":"
theme = 2\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.heap","title":"heap  class-attribute instance-attribute","text":"
heap = 3\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter","title":"Parameter","text":"
Parameter(\n    name: str,\n    default: Any,\n    set_show_doc: str,\n    *,\n    help_docstring: str = \"\",\n    param_class: int | None = None,\n    enum_sequence: Sequence[str] | None = None,\n    scope: Scope = config,\n)\n
 
Methods:
 
     
  •  add_update_listener             \u2013              
    •  
  •  revert_default             \u2013              
    •  
  •  attr_name             \u2013              
    Returns the attribute name associated with this config option,
     
    •  
  •  __getattr__             \u2013              
    •  
  •  pretty_val             \u2013              
    Convert a value this object could contain to its pretty string representation.
     
    •  
  •  pretty             \u2013              
    •  
  •  pretty_default             \u2013              
    •  
  •  __int__             \u2013              
    •  
  •  __str__             \u2013              
    •  
  •  __bool__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
  •  __lt__             \u2013              
    •  
  •  __add__             \u2013              
    •  
  •  __radd__             \u2013              
    •  
  •  __sub__             \u2013              
    •  
  •  __rsub__             \u2013              
    •  
  •  __mul__             \u2013              
    •  
  •  __rmul__             \u2013              
    •  
  •  __div__             \u2013              
    •  
  •  __floordiv__             \u2013              
    •  
  •  __pow__             \u2013              
    •  
  •  __mod__             \u2013              
    •  
  •  __len__             \u2013              
    •  
 
Attributes:
 
     
  •  name           \u2013            
    •  
  •  default           \u2013            
    •  
  •  param_class           \u2013            
    •  
  •  set_show_doc           \u2013            
    •  
  •  help_docstring           \u2013            
    •  
  •  enum_sequence           \u2013            
    •  
  •  scope           \u2013            
    •  
  •  update_listeners               (list[Callable[[Any], None]])           \u2013            
    •  
  •  value               (Any)           \u2013            
    •  
  •  is_changed               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.name","title":"name  instance-attribute","text":"
name = name\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.default","title":"default  instance-attribute","text":"
default = default\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.param_class","title":"param_class  instance-attribute","text":"
param_class = param_class or PARAM_CLASSES[type(default)]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.set_show_doc","title":"set_show_doc  instance-attribute","text":"
set_show_doc = set_show_doc\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.help_docstring","title":"help_docstring  instance-attribute","text":"
help_docstring = help_docstring\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.enum_sequence","title":"enum_sequence  instance-attribute","text":"
enum_sequence = enum_sequence\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.scope","title":"scope  instance-attribute","text":"
scope = scope\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.update_listeners","title":"update_listeners  instance-attribute","text":"
update_listeners: list[Callable[[Any], None]] = []\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.value","title":"value  property writable","text":"
value: Any\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.is_changed","title":"is_changed  property","text":"
is_changed: bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.add_update_listener","title":"add_update_listener","text":"
add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.revert_default","title":"revert_default","text":"
revert_default() -> None\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.attr_name","title":"attr_name","text":"
attr_name() -> str\n
 
Returns the attribute name associated with this config option, i.e. my-config has the attribute name my_config
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_val","title":"pretty_val","text":"
pretty_val(val: Any) -> str\n
 
Convert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty","title":"pretty","text":"
pretty() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_default","title":"pretty_default","text":"
pretty_default() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__int__","title":"__int__","text":"
__int__() -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__bool__","title":"__bool__","text":"
__bool__() -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__eq__","title":"__eq__","text":"
__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__lt__","title":"__lt__","text":"
__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__add__","title":"__add__","text":"
__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__radd__","title":"__radd__","text":"
__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__sub__","title":"__sub__","text":"
__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rsub__","title":"__rsub__","text":"
__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mul__","title":"__mul__","text":"
__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rmul__","title":"__rmul__","text":"
__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__div__","title":"__div__","text":"
__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__floordiv__","title":"__floordiv__","text":"
__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__pow__","title":"__pow__","text":"
__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mod__","title":"__mod__","text":"
__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__len__","title":"__len__","text":"
__len__() -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config","title":"Config","text":"
Config()\n
 
Methods:
 
     
  •  add_param             \u2013              
    •  
  •  add_param_obj             \u2013              
    •  
  •  trigger             \u2013              
    •  
  •  get_params             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  __setattr__             \u2013              
    •  
 
Attributes:
 
     
  •  params               (dict[str, Parameter])           \u2013            
    •  
  •  triggers               (DefaultDict[str, list[Callable[..., Any]]])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.params","title":"params  instance-attribute","text":"
params: dict[str, Parameter] = {}\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.triggers","title":"triggers  instance-attribute","text":"
triggers: DefaultDict[str, list[Callable[..., Any]]] = defaultdict(list)\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param","title":"add_param","text":"
add_param(\n    name: str,\n    default: Any,\n    set_show_doc: str,\n    *,\n    help_docstring: str = \"\",\n    param_class: int | None = None,\n    enum_sequence: Sequence[str] | None = None,\n    scope: Scope = config,\n) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param_obj","title":"add_param_obj","text":"
add_param_obj(p: Parameter) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.trigger","title":"trigger","text":"
trigger(*params: Parameter) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.get_params","title":"get_params","text":"
get_params(scope: Scope) -> list[Parameter]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__getattr__","title":"__getattr__","text":"
__getattr__(name: str) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__setattr__","title":"__setattr__","text":"
__setattr__(attr, val)\n
"},{"location":"reference/pwndbg/lib/disasm/","title":"disasm","text":""},{"location":"reference/pwndbg/lib/disasm/#pwndbg.lib.disasm","title":"disasm","text":"
Modules:
 
     
  •  helpers           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/disasm/helpers/","title":"helpers","text":""},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers","title":"helpers","text":"
Functions:
 
     
  •  to_signed             \u2013              
    Returns the signed number associated with the two's-complement binary representation of unsigned
     
    •  
  •  logical_shift_left             \u2013              
    •  
  •  logical_shift_right             \u2013              
    n is truncated to the width of bit_width before the operation takes place.
     
    •  
  •  rotate_right             \u2013              
    n is truncated to the width of bit_width before the operation takes place.
     
    •  
  •  arithmetic_shift_right             \u2013              
    This returns the value represented by the two's-complement binary representation of the final result.
     
    •  
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.to_signed","title":"to_signed","text":"
to_signed(unsigned: int, bit_width: int)\n
 
Returns the signed number associated with the two's-complement binary representation of unsigned
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_left","title":"logical_shift_left","text":"
logical_shift_left(n: int, shift_amt: int, bit_width: int)\n
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_right","title":"logical_shift_right","text":"
logical_shift_right(n: int, shift_amt: int, bit_width: int)\n
 
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.rotate_right","title":"rotate_right","text":"
rotate_right(n: int, shift_amt: int, bit_width: int)\n
 
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.arithmetic_shift_right","title":"arithmetic_shift_right","text":"
arithmetic_shift_right(n: int, shift_amt: int, bit_width: int)\n
 
This returns the value represented by the two's-complement binary representation of the final result. This means the result could be negative (if the top bit of the input is negative)
 
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/elftypes/","title":"elftypes","text":""},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes","title":"elftypes","text":"
Classes:
 
     
  •  constants           \u2013            
    •  
  •  Elf32_Ehdr           \u2013            
    •  
  •  Elf64_Ehdr           \u2013            
    •  
  •  Elf32_Phdr           \u2013            
    •  
  •  Elf64_Phdr           \u2013            
    •  
  •  AUXV           \u2013            
    •  
 
Attributes:
 
     
  •  Elf32_Addr           \u2013            
    •  
  •  Elf32_Half           \u2013            
    •  
  •  Elf32_Off           \u2013            
    •  
  •  Elf32_Sword           \u2013            
    •  
  •  Elf32_Word           \u2013            
    •  
  •  Elf64_Addr           \u2013            
    •  
  •  Elf64_Half           \u2013            
    •  
  •  Elf64_SHalf           \u2013            
    •  
  •  Elf64_Off           \u2013            
    •  
  •  Elf64_Sword           \u2013            
    •  
  •  Elf64_Word           \u2013            
    •  
  •  Elf64_Xword           \u2013            
    •  
  •  Elf64_Sxword           \u2013            
    •  
  •  AT_CONSTANTS               (dict[int, str])           \u2013            
    •  
  •  AT_CONSTANT_NAMES           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Addr","title":"Elf32_Addr  module-attribute","text":"
Elf32_Addr = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Half","title":"Elf32_Half  module-attribute","text":"
Elf32_Half = c_uint16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Off","title":"Elf32_Off  module-attribute","text":"
Elf32_Off = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Sword","title":"Elf32_Sword  module-attribute","text":"
Elf32_Sword = c_int32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Word","title":"Elf32_Word  module-attribute","text":"
Elf32_Word = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Addr","title":"Elf64_Addr  module-attribute","text":"
Elf64_Addr = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Half","title":"Elf64_Half  module-attribute","text":"
Elf64_Half = c_uint16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_SHalf","title":"Elf64_SHalf  module-attribute","text":"
Elf64_SHalf = c_int16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Off","title":"Elf64_Off  module-attribute","text":"
Elf64_Off = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sword","title":"Elf64_Sword  module-attribute","text":"
Elf64_Sword = c_int32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Word","title":"Elf64_Word  module-attribute","text":"
Elf64_Word = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Xword","title":"Elf64_Xword  module-attribute","text":"
Elf64_Xword = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sxword","title":"Elf64_Sxword  module-attribute","text":"
Elf64_Sxword = c_int64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANTS","title":"AT_CONSTANTS  module-attribute","text":"
AT_CONSTANTS: dict[int, str] = {\n    0: \"AT_NULL\",\n    1: \"AT_IGNORE\",\n    2: \"AT_EXECFD\",\n    3: \"AT_PHDR\",\n    4: \"AT_PHENT\",\n    5: \"AT_PHNUM\",\n    6: \"AT_PAGESZ\",\n    7: \"AT_BASE\",\n    8: \"AT_FLAGS\",\n    9: \"AT_ENTRY\",\n    10: \"AT_NOTELF\",\n    11: \"AT_UID\",\n    12: \"AT_EUID\",\n    13: \"AT_GID\",\n    14: \"AT_EGID\",\n    15: \"AT_PLATFORM\",\n    16: \"AT_HWCAP\",\n    17: \"AT_CLKTCK\",\n    18: \"AT_FPUCW\",\n    19: \"AT_DCACHEBSIZE\",\n    20: \"AT_ICACHEBSIZE\",\n    21: \"AT_UCACHEBSIZE\",\n    22: \"AT_IGNOREPPC\",\n    23: \"AT_SECURE\",\n    24: \"AT_BASE_PLATFORM\",\n    25: \"AT_RANDOM\",\n    26: \"AT_HWCAP2\",\n    27: \"AT_RSEQ_FEATURE_SIZE\",\n    28: \"AT_RSEQ_ALIGN\",\n    29: \"AT_HWCAP3\",\n    30: \"AT_HWCAP4\",\n    31: \"AT_EXECFN\",\n    32: \"AT_SYSINFO\",\n    33: \"AT_SYSINFO_EHDR\",\n    34: \"AT_L1I_CACHESHAPE\",\n    35: \"AT_L1D_CACHESHAPE\",\n    36: \"AT_L2_CACHESHAPE\",\n    37: \"AT_L3_CACHESHAPE\",\n    40: \"AT_L1I_CACHESIZE\",\n    41: \"AT_L1I_CACHEGEOMETRY\",\n    42: \"AT_L1D_CACHESIZE\",\n    43: \"AT_L1D_CACHEGEOMETRY\",\n    44: \"AT_L2_CACHESIZE\",\n    45: \"AT_L2_CACHEGEOMETRY\",\n    46: \"AT_L3_CACHESIZE\",\n    47: \"AT_L3_CACHEGEOMETRY\",\n    51: \"AT_MINSIGSTKSZ\",\n}\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANT_NAMES","title":"AT_CONSTANT_NAMES  module-attribute","text":"
AT_CONSTANT_NAMES = {v: _Ifor (k, v) in (items())}\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants","title":"constants","text":"
Attributes:
 
     
  •  EI_MAG0           \u2013            
    •  
  •  EI_MAG1           \u2013            
    •  
  •  EI_MAG2           \u2013            
    •  
  •  EI_MAG3           \u2013            
    •  
  •  EI_CLASS           \u2013            
    •  
  •  EI_DATA           \u2013            
    •  
  •  EI_VERSION           \u2013            
    •  
  •  EI_OSABI           \u2013            
    •  
  •  EI_ABIVERSION           \u2013            
    •  
  •  EI_PAD           \u2013            
    •  
  •  EI_NIDENT           \u2013            
    •  
  •  ELFMAG0           \u2013            
    •  
  •  ELFMAG1           \u2013            
    •  
  •  ELFMAG2           \u2013            
    •  
  •  ELFMAG3           \u2013            
    •  
  •  ELFCLASSNONE           \u2013            
    •  
  •  ELFCLASS32           \u2013            
    •  
  •  ELFCLASS64           \u2013            
    •  
  •  ELFDATANONE           \u2013            
    •  
  •  ELFDATA2LSB           \u2013            
    •  
  •  ELFDATA2MSB           \u2013            
    •  
  •  PT_NULL           \u2013            
    •  
  •  PT_LOAD           \u2013            
    •  
  •  PT_DYNAMIC           \u2013            
    •  
  •  PT_INTERP           \u2013            
    •  
  •  PT_NOTE           \u2013            
    •  
  •  PT_SHLIB           \u2013            
    •  
  •  PT_PHDR           \u2013            
    •  
  •  PT_TLS           \u2013            
    •  
  •  ET_NONE           \u2013            
    •  
  •  ET_REL           \u2013            
    •  
  •  ET_EXEC           \u2013            
    •  
  •  ET_DYN           \u2013            
    •  
  •  ET_CORE           \u2013            
    •  
  •  DT_NULL           \u2013            
    •  
  •  DT_NEEDED           \u2013            
    •  
  •  DT_PLTRELSZ           \u2013            
    •  
  •  DT_PLTGOT           \u2013            
    •  
  •  DT_HASH           \u2013            
    •  
  •  DT_STRTAB           \u2013            
    •  
  •  DT_SYMTAB           \u2013            
    •  
  •  DT_RELA           \u2013            
    •  
  •  DT_RELASZ           \u2013            
    •  
  •  DT_RELAENT           \u2013            
    •  
  •  DT_STRSZ           \u2013            
    •  
  •  DT_SYMENT           \u2013            
    •  
  •  DT_INIT           \u2013            
    •  
  •  DT_FINI           \u2013            
    •  
  •  DT_SONAME           \u2013            
    •  
  •  DT_RPATH           \u2013            
    •  
  •  DT_SYMBOLIC           \u2013            
    •  
  •  DT_REL           \u2013            
    •  
  •  DT_RELSZ           \u2013            
    •  
  •  DT_RELENT           \u2013            
    •  
  •  DT_PLTREL           \u2013            
    •  
  •  DT_DEBUG           \u2013            
    •  
  •  DT_TEXTREL           \u2013            
    •  
  •  DT_JMPREL           \u2013            
    •  
  •  DT_ENCODING           \u2013            
    •  
  •  SHT_NULL           \u2013            
    •  
  •  SHT_PROGBITS           \u2013            
    •  
  •  SHT_SYMTAB           \u2013            
    •  
  •  SHT_STRTAB           \u2013            
    •  
  •  SHT_RELA           \u2013            
    •  
  •  SHT_HASH           \u2013            
    •  
  •  SHT_DYNAMIC           \u2013            
    •  
  •  SHT_NOTE           \u2013            
    •  
  •  SHT_NOBITS           \u2013            
    •  
  •  SHT_REL           \u2013            
    •  
  •  SHT_SHLIB           \u2013            
    •  
  •  SHT_DYNSYM           \u2013            
    •  
  •  SHT_NUM           \u2013            
    •  
  •  STT_NOTYPE           \u2013            
    •  
  •  STT_OBJECT           \u2013            
    •  
  •  STT_FUNC           \u2013            
    •  
  •  STT_SECTION           \u2013            
    •  
  •  STT_FILE           \u2013            
    •  
  •  STT_COMMON           \u2013            
    •  
  •  STT_TLS           \u2013            
    •  
  •  NT_PRSTATUS           \u2013            
    •  
  •  NT_PRFPREG           \u2013            
    •  
  •  NT_PRPSINFO           \u2013            
    •  
  •  NT_TASKSTRUCT           \u2013            
    •  
  •  NT_AUXV           \u2013            
    •  
  •  NT_SIGINFO           \u2013            
    •  
  •  NT_FILE           \u2013            
    •  
  •  NT_PRXFPREG           \u2013            
    •  
  •  NT_PPC_VMX           \u2013            
    •  
  •  NT_PPC_SPE           \u2013            
    •  
  •  NT_PPC_VSX           \u2013            
    •  
  •  NT_386_TLS           \u2013            
    •  
  •  NT_386_IOPERM           \u2013            
    •  
  •  NT_X86_XSTATE           \u2013            
    •  
  •  NT_S390_HIGH_GPRS           \u2013            
    •  
  •  NT_S390_TIMER           \u2013            
    •  
  •  NT_S390_TODCMP           \u2013            
    •  
  •  NT_S390_TODPREG           \u2013            
    •  
  •  NT_S390_CTRS           \u2013            
    •  
  •  NT_S390_PREFIX           \u2013            
    •  
  •  NT_S390_LAST_BREAK           \u2013            
    •  
  •  NT_S390_SYSTEM_CALL           \u2013            
    •  
  •  NT_S390_TDB           \u2013            
    •  
  •  NT_ARM_VFP           \u2013            
    •  
  •  NT_ARM_TLS           \u2013            
    •  
  •  NT_ARM_HW_BREAK           \u2013            
    •  
  •  NT_ARM_HW_WATCH           \u2013            
    •  
  •  NT_METAG_CBUF           \u2013            
    •  
  •  NT_METAG_RPIPE           \u2013            
    •  
  •  NT_METAG_TLS           \u2013            
    •  
  •  AT_NULL           \u2013            
    •  
  •  AT_IGNORE           \u2013            
    •  
  •  AT_EXECFD           \u2013            
    •  
  •  AT_PHDR           \u2013            
    •  
  •  AT_PHENT           \u2013            
    •  
  •  AT_PHNUM           \u2013            
    •  
  •  AT_PAGESZ           \u2013            
    •  
  •  AT_BASE           \u2013            
    •  
  •  AT_FLAGS           \u2013            
    •  
  •  AT_ENTRY           \u2013            
    •  
  •  AT_NOTELF           \u2013            
    •  
  •  AT_UID           \u2013            
    •  
  •  AT_EUID           \u2013            
    •  
  •  AT_GID           \u2013            
    •  
  •  AT_EGID           \u2013            
    •  
  •  AT_PLATFORM           \u2013            
    •  
  •  AT_HWCAP           \u2013            
    •  
  •  AT_CLKTCK           \u2013            
    •  
  •  AT_FPUCW           \u2013            
    •  
  •  AT_DCACHEBSIZE           \u2013            
    •  
  •  AT_ICACHEBSIZE           \u2013            
    •  
  •  AT_UCACHEBSIZE           \u2013            
    •  
  •  AT_IGNOREPPC           \u2013            
    •  
  •  AT_SECURE           \u2013            
    •  
  •  AT_BASE_PLATFORM           \u2013            
    •  
  •  AT_RANDOM           \u2013            
    •  
  •  AT_EXECFN           \u2013            
    •  
  •  AT_SYSINFO           \u2013            
    •  
  •  AT_SYSINFO_EHDR           \u2013            
    •  
  •  AT_L1I_CACHESHAPE           \u2013            
    •  
  •  AT_L1D_CACHESHAPE           \u2013            
    •  
  •  AT_L2_CACHESHAPE           \u2013            
    •  
  •  AT_L3_CACHESHAPE           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG0","title":"EI_MAG0  class-attribute instance-attribute","text":"
EI_MAG0 = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG1","title":"EI_MAG1  class-attribute instance-attribute","text":"
EI_MAG1 = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG2","title":"EI_MAG2  class-attribute instance-attribute","text":"
EI_MAG2 = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG3","title":"EI_MAG3  class-attribute instance-attribute","text":"
EI_MAG3 = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_CLASS","title":"EI_CLASS  class-attribute instance-attribute","text":"
EI_CLASS = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_DATA","title":"EI_DATA  class-attribute instance-attribute","text":"
EI_DATA = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_VERSION","title":"EI_VERSION  class-attribute instance-attribute","text":"
EI_VERSION = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_OSABI","title":"EI_OSABI  class-attribute instance-attribute","text":"
EI_OSABI = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_ABIVERSION","title":"EI_ABIVERSION  class-attribute instance-attribute","text":"
EI_ABIVERSION = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_PAD","title":"EI_PAD  class-attribute instance-attribute","text":"
EI_PAD = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_NIDENT","title":"EI_NIDENT  class-attribute instance-attribute","text":"
EI_NIDENT = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG0","title":"ELFMAG0  class-attribute instance-attribute","text":"
ELFMAG0 = 127\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG1","title":"ELFMAG1  class-attribute instance-attribute","text":"
ELFMAG1 = ord('E')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG2","title":"ELFMAG2  class-attribute instance-attribute","text":"
ELFMAG2 = ord('L')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG3","title":"ELFMAG3  class-attribute instance-attribute","text":"
ELFMAG3 = ord('F')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASSNONE","title":"ELFCLASSNONE  class-attribute instance-attribute","text":"
ELFCLASSNONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS32","title":"ELFCLASS32  class-attribute instance-attribute","text":"
ELFCLASS32 = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS64","title":"ELFCLASS64  class-attribute instance-attribute","text":"
ELFCLASS64 = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATANONE","title":"ELFDATANONE  class-attribute instance-attribute","text":"
ELFDATANONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2LSB","title":"ELFDATA2LSB  class-attribute instance-attribute","text":"
ELFDATA2LSB = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2MSB","title":"ELFDATA2MSB  class-attribute instance-attribute","text":"
ELFDATA2MSB = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NULL","title":"PT_NULL  class-attribute instance-attribute","text":"
PT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_LOAD","title":"PT_LOAD  class-attribute instance-attribute","text":"
PT_LOAD = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_DYNAMIC","title":"PT_DYNAMIC  class-attribute instance-attribute","text":"
PT_DYNAMIC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_INTERP","title":"PT_INTERP  class-attribute instance-attribute","text":"
PT_INTERP = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NOTE","title":"PT_NOTE  class-attribute instance-attribute","text":"
PT_NOTE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_SHLIB","title":"PT_SHLIB  class-attribute instance-attribute","text":"
PT_SHLIB = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_PHDR","title":"PT_PHDR  class-attribute instance-attribute","text":"
PT_PHDR = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_TLS","title":"PT_TLS  class-attribute instance-attribute","text":"
PT_TLS = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_NONE","title":"ET_NONE  class-attribute instance-attribute","text":"
ET_NONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_REL","title":"ET_REL  class-attribute instance-attribute","text":"
ET_REL = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_EXEC","title":"ET_EXEC  class-attribute instance-attribute","text":"
ET_EXEC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_DYN","title":"ET_DYN  class-attribute instance-attribute","text":"
ET_DYN = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_CORE","title":"ET_CORE  class-attribute instance-attribute","text":"
ET_CORE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NULL","title":"DT_NULL  class-attribute instance-attribute","text":"
DT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NEEDED","title":"DT_NEEDED  class-attribute instance-attribute","text":"
DT_NEEDED = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTRELSZ","title":"DT_PLTRELSZ  class-attribute instance-attribute","text":"
DT_PLTRELSZ = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTGOT","title":"DT_PLTGOT  class-attribute instance-attribute","text":"
DT_PLTGOT = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_HASH","title":"DT_HASH  class-attribute instance-attribute","text":"
DT_HASH = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRTAB","title":"DT_STRTAB  class-attribute instance-attribute","text":"
DT_STRTAB = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMTAB","title":"DT_SYMTAB  class-attribute instance-attribute","text":"
DT_SYMTAB = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELA","title":"DT_RELA  class-attribute instance-attribute","text":"
DT_RELA = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELASZ","title":"DT_RELASZ  class-attribute instance-attribute","text":"
DT_RELASZ = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELAENT","title":"DT_RELAENT  class-attribute instance-attribute","text":"
DT_RELAENT = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRSZ","title":"DT_STRSZ  class-attribute instance-attribute","text":"
DT_STRSZ = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMENT","title":"DT_SYMENT  class-attribute instance-attribute","text":"
DT_SYMENT = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_INIT","title":"DT_INIT  class-attribute instance-attribute","text":"
DT_INIT = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_FINI","title":"DT_FINI  class-attribute instance-attribute","text":"
DT_FINI = 13\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SONAME","title":"DT_SONAME  class-attribute instance-attribute","text":"
DT_SONAME = 14\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RPATH","title":"DT_RPATH  class-attribute instance-attribute","text":"
DT_RPATH = 15\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMBOLIC","title":"DT_SYMBOLIC  class-attribute instance-attribute","text":"
DT_SYMBOLIC = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_REL","title":"DT_REL  class-attribute instance-attribute","text":"
DT_REL = 17\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELSZ","title":"DT_RELSZ  class-attribute instance-attribute","text":"
DT_RELSZ = 18\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELENT","title":"DT_RELENT  class-attribute instance-attribute","text":"
DT_RELENT = 19\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTREL","title":"DT_PLTREL  class-attribute instance-attribute","text":"
DT_PLTREL = 20\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_DEBUG","title":"DT_DEBUG  class-attribute instance-attribute","text":"
DT_DEBUG = 21\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_TEXTREL","title":"DT_TEXTREL  class-attribute instance-attribute","text":"
DT_TEXTREL = 22\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_JMPREL","title":"DT_JMPREL  class-attribute instance-attribute","text":"
DT_JMPREL = 23\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_ENCODING","title":"DT_ENCODING  class-attribute instance-attribute","text":"
DT_ENCODING = 32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NULL","title":"SHT_NULL  class-attribute instance-attribute","text":"
SHT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_PROGBITS","title":"SHT_PROGBITS  class-attribute instance-attribute","text":"
SHT_PROGBITS = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SYMTAB","title":"SHT_SYMTAB  class-attribute instance-attribute","text":"
SHT_SYMTAB = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_STRTAB","title":"SHT_STRTAB  class-attribute instance-attribute","text":"
SHT_STRTAB = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_RELA","title":"SHT_RELA  class-attribute instance-attribute","text":"
SHT_RELA = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_HASH","title":"SHT_HASH  class-attribute instance-attribute","text":"
SHT_HASH = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNAMIC","title":"SHT_DYNAMIC  class-attribute instance-attribute","text":"
SHT_DYNAMIC = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOTE","title":"SHT_NOTE  class-attribute instance-attribute","text":"
SHT_NOTE = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOBITS","title":"SHT_NOBITS  class-attribute instance-attribute","text":"
SHT_NOBITS = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_REL","title":"SHT_REL  class-attribute instance-attribute","text":"
SHT_REL = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SHLIB","title":"SHT_SHLIB  class-attribute instance-attribute","text":"
SHT_SHLIB = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNSYM","title":"SHT_DYNSYM  class-attribute instance-attribute","text":"
SHT_DYNSYM = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NUM","title":"SHT_NUM  class-attribute instance-attribute","text":"
SHT_NUM = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_NOTYPE","title":"STT_NOTYPE  class-attribute instance-attribute","text":"
STT_NOTYPE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_OBJECT","title":"STT_OBJECT  class-attribute instance-attribute","text":"
STT_OBJECT = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FUNC","title":"STT_FUNC  class-attribute instance-attribute","text":"
STT_FUNC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_SECTION","title":"STT_SECTION  class-attribute instance-attribute","text":"
STT_SECTION = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FILE","title":"STT_FILE  class-attribute instance-attribute","text":"
STT_FILE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_COMMON","title":"STT_COMMON  class-attribute instance-attribute","text":"
STT_COMMON = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_TLS","title":"STT_TLS  class-attribute instance-attribute","text":"
STT_TLS = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRSTATUS","title":"NT_PRSTATUS  class-attribute instance-attribute","text":"
NT_PRSTATUS = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRFPREG","title":"NT_PRFPREG  class-attribute instance-attribute","text":"
NT_PRFPREG = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRPSINFO","title":"NT_PRPSINFO  class-attribute instance-attribute","text":"
NT_PRPSINFO = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_TASKSTRUCT","title":"NT_TASKSTRUCT  class-attribute instance-attribute","text":"
NT_TASKSTRUCT = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_AUXV","title":"NT_AUXV  class-attribute instance-attribute","text":"
NT_AUXV = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_SIGINFO","title":"NT_SIGINFO  class-attribute instance-attribute","text":"
NT_SIGINFO = 1397311305\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_FILE","title":"NT_FILE  class-attribute instance-attribute","text":"
NT_FILE = 1179208773\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRXFPREG","title":"NT_PRXFPREG  class-attribute instance-attribute","text":"
NT_PRXFPREG = 1189489535\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VMX","title":"NT_PPC_VMX  class-attribute instance-attribute","text":"
NT_PPC_VMX = 256\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_SPE","title":"NT_PPC_SPE  class-attribute instance-attribute","text":"
NT_PPC_SPE = 257\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VSX","title":"NT_PPC_VSX  class-attribute instance-attribute","text":"
NT_PPC_VSX = 258\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_TLS","title":"NT_386_TLS  class-attribute instance-attribute","text":"
NT_386_TLS = 512\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_IOPERM","title":"NT_386_IOPERM  class-attribute instance-attribute","text":"
NT_386_IOPERM = 513\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_X86_XSTATE","title":"NT_X86_XSTATE  class-attribute instance-attribute","text":"
NT_X86_XSTATE = 514\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_HIGH_GPRS","title":"NT_S390_HIGH_GPRS  class-attribute instance-attribute","text":"
NT_S390_HIGH_GPRS = 768\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TIMER","title":"NT_S390_TIMER  class-attribute instance-attribute","text":"
NT_S390_TIMER = 769\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODCMP","title":"NT_S390_TODCMP  class-attribute instance-attribute","text":"
NT_S390_TODCMP = 770\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODPREG","title":"NT_S390_TODPREG  class-attribute instance-attribute","text":"
NT_S390_TODPREG = 771\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_CTRS","title":"NT_S390_CTRS  class-attribute instance-attribute","text":"
NT_S390_CTRS = 772\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_PREFIX","title":"NT_S390_PREFIX  class-attribute instance-attribute","text":"
NT_S390_PREFIX = 773\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_LAST_BREAK","title":"NT_S390_LAST_BREAK  class-attribute instance-attribute","text":"
NT_S390_LAST_BREAK = 774\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_SYSTEM_CALL","title":"NT_S390_SYSTEM_CALL  class-attribute instance-attribute","text":"
NT_S390_SYSTEM_CALL = 775\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TDB","title":"NT_S390_TDB  class-attribute instance-attribute","text":"
NT_S390_TDB = 776\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_VFP","title":"NT_ARM_VFP  class-attribute instance-attribute","text":"
NT_ARM_VFP = 1024\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_TLS","title":"NT_ARM_TLS  class-attribute instance-attribute","text":"
NT_ARM_TLS = 1025\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_BREAK","title":"NT_ARM_HW_BREAK  class-attribute instance-attribute","text":"
NT_ARM_HW_BREAK = 1026\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_WATCH","title":"NT_ARM_HW_WATCH  class-attribute instance-attribute","text":"
NT_ARM_HW_WATCH = 1027\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_CBUF","title":"NT_METAG_CBUF  class-attribute instance-attribute","text":"
NT_METAG_CBUF = 1280\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_RPIPE","title":"NT_METAG_RPIPE  class-attribute instance-attribute","text":"
NT_METAG_RPIPE = 1281\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_TLS","title":"NT_METAG_TLS  class-attribute instance-attribute","text":"
NT_METAG_TLS = 1282\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NULL","title":"AT_NULL  class-attribute instance-attribute","text":"
AT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNORE","title":"AT_IGNORE  class-attribute instance-attribute","text":"
AT_IGNORE = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFD","title":"AT_EXECFD  class-attribute instance-attribute","text":"
AT_EXECFD = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHDR","title":"AT_PHDR  class-attribute instance-attribute","text":"
AT_PHDR = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHENT","title":"AT_PHENT  class-attribute instance-attribute","text":"
AT_PHENT = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHNUM","title":"AT_PHNUM  class-attribute instance-attribute","text":"
AT_PHNUM = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PAGESZ","title":"AT_PAGESZ  class-attribute instance-attribute","text":"
AT_PAGESZ = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE","title":"AT_BASE  class-attribute instance-attribute","text":"
AT_BASE = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FLAGS","title":"AT_FLAGS  class-attribute instance-attribute","text":"
AT_FLAGS = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ENTRY","title":"AT_ENTRY  class-attribute instance-attribute","text":"
AT_ENTRY = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NOTELF","title":"AT_NOTELF  class-attribute instance-attribute","text":"
AT_NOTELF = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UID","title":"AT_UID  class-attribute instance-attribute","text":"
AT_UID = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EUID","title":"AT_EUID  class-attribute instance-attribute","text":"
AT_EUID = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_GID","title":"AT_GID  class-attribute instance-attribute","text":"
AT_GID = 13\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EGID","title":"AT_EGID  class-attribute instance-attribute","text":"
AT_EGID = 14\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PLATFORM","title":"AT_PLATFORM  class-attribute instance-attribute","text":"
AT_PLATFORM = 15\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_HWCAP","title":"AT_HWCAP  class-attribute instance-attribute","text":"
AT_HWCAP = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_CLKTCK","title":"AT_CLKTCK  class-attribute instance-attribute","text":"
AT_CLKTCK = 17\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FPUCW","title":"AT_FPUCW  class-attribute instance-attribute","text":"
AT_FPUCW = 18\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_DCACHEBSIZE","title":"AT_DCACHEBSIZE  class-attribute instance-attribute","text":"
AT_DCACHEBSIZE = 19\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ICACHEBSIZE","title":"AT_ICACHEBSIZE  class-attribute instance-attribute","text":"
AT_ICACHEBSIZE = 20\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UCACHEBSIZE","title":"AT_UCACHEBSIZE  class-attribute instance-attribute","text":"
AT_UCACHEBSIZE = 21\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNOREPPC","title":"AT_IGNOREPPC  class-attribute instance-attribute","text":"
AT_IGNOREPPC = 22\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SECURE","title":"AT_SECURE  class-attribute instance-attribute","text":"
AT_SECURE = 23\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORM  class-attribute instance-attribute","text":"
AT_BASE_PLATFORM = 24\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_RANDOM","title":"AT_RANDOM  class-attribute instance-attribute","text":"
AT_RANDOM = 25\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFN","title":"AT_EXECFN  class-attribute instance-attribute","text":"
AT_EXECFN = 31\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO","title":"AT_SYSINFO  class-attribute instance-attribute","text":"
AT_SYSINFO = 32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDR  class-attribute instance-attribute","text":"
AT_SYSINFO_EHDR = 33\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1I_CACHESHAPE","title":"AT_L1I_CACHESHAPE  class-attribute instance-attribute","text":"
AT_L1I_CACHESHAPE = 34\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1D_CACHESHAPE","title":"AT_L1D_CACHESHAPE  class-attribute instance-attribute","text":"
AT_L1D_CACHESHAPE = 35\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L2_CACHESHAPE","title":"AT_L2_CACHESHAPE  class-attribute instance-attribute","text":"
AT_L2_CACHESHAPE = 36\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L3_CACHESHAPE","title":"AT_L3_CACHESHAPE  class-attribute instance-attribute","text":"
AT_L3_CACHESHAPE = 37\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Ehdr","title":"Elf32_Ehdr","text":"
               Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Ehdr","title":"Elf64_Ehdr","text":"
               Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Phdr","title":"Elf32_Phdr","text":"
               Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Phdr","title":"Elf64_Phdr","text":"
               Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV","title":"AUXV","text":"
               Bases: dict[str, int | str]
 
Methods:
 
     
  •  set             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  __str__             \u2013              
    •  
 
Attributes:
 
     
  •  AT_PHDR               (int | None)           \u2013            
    •  
  •  AT_BASE               (int | None)           \u2013            
    •  
  •  AT_PLATFORM               (str | None)           \u2013            
    •  
  •  AT_BASE_PLATFORM               (str | None)           \u2013            
    •  
  •  AT_ENTRY               (int | None)           \u2013            
    •  
  •  AT_RANDOM               (int | None)           \u2013            
    •  
  •  AT_EXECFN               (str | None)           \u2013            
    •  
  •  AT_SYSINFO               (int | None)           \u2013            
    •  
  •  AT_SYSINFO_EHDR               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_PHDR","title":"AT_PHDR  instance-attribute","text":"
AT_PHDR: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE","title":"AT_BASE  instance-attribute","text":"
AT_BASE: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_PLATFORM","title":"AT_PLATFORM  instance-attribute","text":"
AT_PLATFORM: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORM  instance-attribute","text":"
AT_BASE_PLATFORM: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_ENTRY","title":"AT_ENTRY  instance-attribute","text":"
AT_ENTRY: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_RANDOM","title":"AT_RANDOM  instance-attribute","text":"
AT_RANDOM: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_EXECFN","title":"AT_EXECFN  instance-attribute","text":"
AT_EXECFN: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO","title":"AT_SYSINFO  instance-attribute","text":"
AT_SYSINFO: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDR  instance-attribute","text":"
AT_SYSINFO_EHDR: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.set","title":"set","text":"
set(const: int, value: int) -> None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__getattr__","title":"__getattr__","text":"
__getattr__(attr: str) -> int | str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/exception/","title":"exception","text":""},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception","title":"exception","text":"
Classes:
 
     
  •  IndentContextManager           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager","title":"IndentContextManager","text":"
IndentContextManager()\n
 
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
  •  print             \u2013              
    •  
  •  addr_hex             \u2013              
    •  
  •  aux_hex             \u2013              
    •  
  •  prefix             \u2013              
    •  
 
Attributes:
 
     
  •  indent           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.indent","title":"indent  instance-attribute","text":"
indent = 0\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.__enter__","title":"__enter__","text":"
__enter__() -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.__exit__","title":"__exit__","text":"
__exit__(\n    exc_type: type[BaseException] | None,\n    exc_value: BaseException | None,\n    exc_tb: TracebackType | None,\n) -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.print","title":"print","text":"
print(*a, **kw) -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.addr_hex","title":"addr_hex","text":"
addr_hex(val: int) -> str\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.aux_hex","title":"aux_hex","text":"
aux_hex(val: int) -> str\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.prefix","title":"prefix","text":"
prefix(s: str)\n
"},{"location":"reference/pwndbg/lib/funcparser/","title":"funcparser","text":""},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser","title":"funcparser","text":"
Functions:
 
     
  •  extractTypeAndName             \u2013              
    •  
  •  Stringify             \u2013              
    •  
  •  ExtractFuncDecl             \u2013              
    •  
  •  ExtractAllFuncDecls             \u2013              
    •  
  •  ExtractFuncDeclFromSource             \u2013              
    •  
 
Attributes:
 
     
  •  CAstNode           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.CAstNode","title":"CAstNode  module-attribute","text":"
CAstNode = Union[\n    EllipsisParam, PtrDecl, ArrayDecl, FuncDecl, Struct, Union, Enum\n]\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.extractTypeAndName","title":"extractTypeAndName","text":"
extractTypeAndName(\n    n: CAstNode, defaultName: str | None = None\n) -> tuple[str, int, str] | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.Stringify","title":"Stringify","text":"
Stringify(X: Function | Argument) -> str\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDecl","title":"ExtractFuncDecl","text":"
ExtractFuncDecl(node: CAstNode, verbose: bool = False) -> Function | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractAllFuncDecls","title":"ExtractAllFuncDecls","text":"
ExtractAllFuncDecls(ast: CAstNode, verbose: bool = False)\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDeclFromSource","title":"ExtractFuncDeclFromSource","text":"
ExtractFuncDeclFromSource(source: str) -> Function | None\n
"},{"location":"reference/pwndbg/lib/functions/","title":"functions","text":""},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions","title":"functions","text":"
Classes:
 
     
  •  Function           \u2013            
    •  
  •  Argument           \u2013            
    •  
  •  Flag           \u2013            
    •  
  •  LazyFunctions           \u2013            
    •  
 
Functions:
 
     
  •  format_flags_argument             \u2013              
    •  
 
Attributes:
 
     
  •  functions           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.functions","title":"functions  module-attribute","text":"
functions = LazyFunctions()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function","title":"Function","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  type               (str)           \u2013            
    •  
  •  derefcnt               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  args               (list[Argument])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.type","title":"type  instance-attribute","text":"
type: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.derefcnt","title":"derefcnt  instance-attribute","text":"
derefcnt: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.args","title":"args  instance-attribute","text":"
args: list[Argument]\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument","title":"Argument","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  type               (str)           \u2013            
    •  
  •  derefcnt               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
  •  flags               (tuple[Flag, ...] | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.type","title":"type  instance-attribute","text":"
type: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.derefcnt","title":"derefcnt  instance-attribute","text":"
derefcnt: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.flags","title":"flags  class-attribute instance-attribute","text":"
flags: tuple[Flag, ...] | None = None\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag","title":"Flag","text":"
               Bases: NamedTuple
 
Attributes:
 
     
  •  value               (int)           \u2013            
    •  
  •  name               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag.value","title":"value  instance-attribute","text":"
value: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions","title":"LazyFunctions","text":"
LazyFunctions(*args, **kw)\n
 
               Bases: Mapping[str, Function]
 
Methods:
 
     
  •  __getitem__             \u2013              
    •  
  •  __iter__             \u2013              
    •  
  •  __len__             \u2013              
    •  
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__getitem__","title":"__getitem__","text":"
__getitem__(key)\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__iter__","title":"__iter__","text":"
__iter__()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__len__","title":"__len__","text":"
__len__()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.format_flags_argument","title":"format_flags_argument","text":"
format_flags_argument(flags: tuple[Flag, ...], value: int)\n
"},{"location":"reference/pwndbg/lib/functions_data/","title":"functions_data","text":""},{"location":"reference/pwndbg/lib/functions_data/#pwndbg.lib.functions_data","title":"functions_data","text":"
Functions:
 
     
  •  load_functions             \u2013              
    •  
"},{"location":"reference/pwndbg/lib/functions_data/#pwndbg.lib.functions_data.load_functions","title":"load_functions","text":"
load_functions()\n
"},{"location":"reference/pwndbg/lib/heap/","title":"heap","text":""},{"location":"reference/pwndbg/lib/heap/#pwndbg.lib.heap","title":"heap","text":"
Modules:
 
     
  •  helpers           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/heap/helpers/","title":"helpers","text":""},{"location":"reference/pwndbg/lib/heap/helpers/#pwndbg.lib.heap.helpers","title":"helpers","text":"
Functions:
 
     
  •  find_fastbin_size             \u2013              
    •  
"},{"location":"reference/pwndbg/lib/heap/helpers/#pwndbg.lib.heap.helpers.find_fastbin_size","title":"find_fastbin_size","text":"
find_fastbin_size(\n    mem: bytes, max_size: int, step: int\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/lib/kernel/","title":"kernel","text":""},{"location":"reference/pwndbg/lib/kernel/#pwndbg.lib.kernel","title":"kernel","text":"
Modules:
 
     
  •  kconfig           \u2013            
    •  
  •  structs           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/kernel/kconfig/","title":"kconfig","text":""},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig","title":"kconfig","text":"
Classes:
 
     
  •  Kconfig           \u2013            
    •  
 
Functions:
 
     
  •  parse_config             \u2013              
    •  
  •  parse_compresed_config             \u2013              
    •  
  •  config_to_key             \u2013              
    •  
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig","title":"Kconfig","text":"
Kconfig(compressed_config: bytes | None, *args: Any, **kwargs: Any)\n
 
               Bases: UserDict
 
Methods:
 
     
  •  get_key             \u2013              
    •  
  •  __getitem__             \u2013              
    •  
  •  __contains__             \u2013              
    •  
  •  __getattr__             \u2013              
    •  
  •  update_with_file             \u2013              
    •  
 
Attributes:
 
     
  •  data           \u2013            
    •  
  •  CONFIG_SLUB_TINY               (bool)           \u2013            
    •  
  •  CONFIG_SLUB_CPU_PARTIAL               (bool)           \u2013            
    •  
  •  CONFIG_MEMCG               (bool)           \u2013            
    •  
  •  CONFIG_SLAB_FREELIST_RANDOM               (bool)           \u2013            
    •  
  •  CONFIG_HARDENED_USERCOPY               (bool)           \u2013            
    •  
  •  CONFIG_SLAB_FREELIST_HARDENED               (bool)           \u2013            
    •  
  •  CONFIG_NUMA               (bool)           \u2013            
    •  
  •  CONFIG_KASAN_GENERIC               (bool)           \u2013            
    •  
  •  CONFIG_KASAN               (bool)           \u2013            
    •  
  •  CONFIG_SMP               (bool)           \u2013            
    •  
  •  CONFIG_CMA               (bool)           \u2013            
    •  
  •  CONFIG_MEMORY_ISOLATION               (bool)           \u2013            
    •  
  •  CONFIG_SYSFS               (bool)           \u2013            
    •  
  •  CONFIG_DEBUG_FS               (bool)           \u2013            
    •  
  •  CONFIG_SECURITY               (bool)           \u2013            
    •  
  •  CONFIG_THREAD_INFO_IN_TASK               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.data","title":"data  instance-attribute","text":"
data = parse_compresed_config(compressed_config)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SLUB_TINY","title":"CONFIG_SLUB_TINY  property","text":"
CONFIG_SLUB_TINY: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SLUB_CPU_PARTIAL","title":"CONFIG_SLUB_CPU_PARTIAL  property","text":"
CONFIG_SLUB_CPU_PARTIAL: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_MEMCG","title":"CONFIG_MEMCG  property","text":"
CONFIG_MEMCG: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SLAB_FREELIST_RANDOM","title":"CONFIG_SLAB_FREELIST_RANDOM  property","text":"
CONFIG_SLAB_FREELIST_RANDOM: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_HARDENED_USERCOPY","title":"CONFIG_HARDENED_USERCOPY  property","text":"
CONFIG_HARDENED_USERCOPY: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SLAB_FREELIST_HARDENED","title":"CONFIG_SLAB_FREELIST_HARDENED  property","text":"
CONFIG_SLAB_FREELIST_HARDENED: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_NUMA","title":"CONFIG_NUMA  property","text":"
CONFIG_NUMA: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_KASAN_GENERIC","title":"CONFIG_KASAN_GENERIC  property","text":"
CONFIG_KASAN_GENERIC: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_KASAN","title":"CONFIG_KASAN  property","text":"
CONFIG_KASAN: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SMP","title":"CONFIG_SMP  property","text":"
CONFIG_SMP: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_CMA","title":"CONFIG_CMA  property","text":"
CONFIG_CMA: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_MEMORY_ISOLATION","title":"CONFIG_MEMORY_ISOLATION  property","text":"
CONFIG_MEMORY_ISOLATION: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SYSFS","title":"CONFIG_SYSFS  property","text":"
CONFIG_SYSFS: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_DEBUG_FS","title":"CONFIG_DEBUG_FS  property","text":"
CONFIG_DEBUG_FS: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_SECURITY","title":"CONFIG_SECURITY  property","text":"
CONFIG_SECURITY: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.CONFIG_THREAD_INFO_IN_TASK","title":"CONFIG_THREAD_INFO_IN_TASK  property","text":"
CONFIG_THREAD_INFO_IN_TASK: bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.get_key","title":"get_key","text":"
get_key(name: str) -> str | None\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getitem__","title":"__getitem__","text":"
__getitem__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__contains__","title":"__contains__","text":"
__contains__(name: object) -> bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getattr__","title":"__getattr__","text":"
__getattr__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.update_with_file","title":"update_with_file","text":"
update_with_file(file_path)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_config","title":"parse_config","text":"
parse_config(config_text: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_compresed_config","title":"parse_compresed_config","text":"
parse_compresed_config(compressed_config: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.config_to_key","title":"config_to_key","text":"
config_to_key(name: str) -> str\n
"},{"location":"reference/pwndbg/lib/kernel/structs/","title":"structs","text":""},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs","title":"structs","text":"
Classes:
 
     
  •  IDTEntry           \u2013            
    Represents an entry in the Interrupt Descriptor Table (IDT)
     
    •  
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry","title":"IDTEntry","text":"
IDTEntry(entry)\n
 
Represents an entry in the Interrupt Descriptor Table (IDT)
 
The IDTEntry class stores information about an IDT entry, including its index, offset, segment selector, descriptor privilege level (DPL), gate type, and interrupt stack table (IST) index.
 
https://wiki.osdev.org/Interrupt_Descriptor_Table
 
Attributes:
 
     
  •  offset           \u2013            
    •  
  •  segment           \u2013            
    •  
  •  dpl           \u2013            
    •  
  •  type           \u2013            
    •  
  •  ist           \u2013            
    •  
  •  present           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.offset","title":"offset  instance-attribute","text":"
offset = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.segment","title":"segment  instance-attribute","text":"
segment = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.dpl","title":"dpl  instance-attribute","text":"
dpl = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.type","title":"type  instance-attribute","text":"
type = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.ist","title":"ist  instance-attribute","text":"
ist = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.present","title":"present  instance-attribute","text":"
present = None\n
"},{"location":"reference/pwndbg/lib/memory/","title":"memory","text":""},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory","title":"memory","text":"
Reading, writing, and describing memory.
 
Classes:
 
     
  •  Page           \u2013            
    Represents the address space and page permissions of at least
     
    •  
 
Functions:
 
     
  •  round_down             \u2013              
    round_down(address, align) -> int
     
    •  
  •  round_up             \u2013              
    round_up(address, align) -> int
     
    •  
  •  format_address             \u2013              
    Format the given address as a string.
     
    •  
  •  page_align             \u2013              
    page_align(address) -> int
     
    •  
  •  page_size_align             \u2013              
    •  
  •  page_offset             \u2013              
    •  
 
Attributes:
 
     
  •  PAGE_SIZE           \u2013            
    •  
  •  PAGE_MASK           \u2013            
    •  
  •  align_down           \u2013            
    •  
  •  align_up           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.PAGE_SIZE","title":"PAGE_SIZE  module-attribute","text":"
PAGE_SIZE = 4096\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.PAGE_MASK","title":"PAGE_MASK  module-attribute","text":"
PAGE_MASK = ~(PAGE_SIZE - 1)\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_down","title":"align_down  module-attribute","text":"
align_down = round_down\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_up","title":"align_up  module-attribute","text":"
align_up = round_up\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page","title":"Page","text":"
Page(\n    start: int,\n    size: int,\n    flags: int,\n    offset: int,\n    objfile: str = \"\",\n    in_darwin_shared_cache: bool = False,\n)\n
 
Represents the address space and page permissions of at least one page of memory.
 
Methods:
 
     
  •  __str__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
  •  __contains__             \u2013              
    •  
  •  __eq__             \u2013              
    •  
  •  __lt__             \u2013              
    •  
  •  __hash__             \u2013              
    •  
 
Attributes:
 
     
  •  vaddr           \u2013            
    •  
  •  memsz           \u2013            
    •  
  •  flags           \u2013            
    •  
  •  offset           \u2013            
    •  
  •  objfile           \u2013            
    Possible non-empty values of objfile:
     
    •  
  •  in_darwin_shared_cache               (bool)           \u2013            
    Whether this mapping is part of the Darwin Shared Cache.
     
    •  
  •  start               (int)           \u2013            
    Mapping start address.
     
    •  
  •  end               (int)           \u2013            
    Address beyond mapping. So the last effective address is self.end-1
     
    •  
  •  is_stack               (bool)           \u2013            
    •  
  •  is_memory_mapped_file               (bool)           \u2013            
    •  
  •  read               (bool)           \u2013            
    •  
  •  write               (bool)           \u2013            
    •  
  •  execute               (bool)           \u2013            
    •  
  •  rw               (bool)           \u2013            
    •  
  •  wx               (bool)           \u2013            
    •  
  •  rwx               (bool)           \u2013            
    •  
  •  is_guard               (bool)           \u2013            
    •  
  •  permstr               (str)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.vaddr","title":"vaddr  class-attribute instance-attribute","text":"
vaddr = start\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.memsz","title":"memsz  class-attribute instance-attribute","text":"
memsz = size\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.flags","title":"flags  class-attribute instance-attribute","text":"
flags = flags\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.offset","title":"offset  class-attribute instance-attribute","text":"
offset = offset\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.objfile","title":"objfile  class-attribute instance-attribute","text":"
objfile = objfile\n
 
Possible non-empty values of objfile: - Contains square brackets \"[]\" if it's not a memory mapped file.     Examples: [stack], [vsyscall], [heap], [vdso] - A path to a file, such as /usr/lib/libc.so.6
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.in_darwin_shared_cache","title":"in_darwin_shared_cache  instance-attribute","text":"
in_darwin_shared_cache: bool = in_darwin_shared_cache\n
 
Whether this mapping is part of the Darwin Shared Cache.
 
This is an interesting property to know, as these entries may not be useful to us at all times, and having an easy way to filter them out is helpful..
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.start","title":"start  property","text":"
start: int\n
 
Mapping start address.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.end","title":"end  property","text":"
end: int\n
 
Address beyond mapping. So the last effective address is self.end-1 It is the same as displayed in /proc//maps"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_stack","title":"is_stack  property","text":"
is_stack: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_memory_mapped_file","title":"is_memory_mapped_file  property","text":"
is_memory_mapped_file: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.read","title":"read  property","text":"
read: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.write","title":"write  property","text":"
write: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.execute","title":"execute  property","text":"
execute: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rw","title":"rw  property","text":"
rw: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.wx","title":"wx  property","text":"
wx: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rwx","title":"rwx  property","text":"
rwx: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_guard","title":"is_guard  property","text":"
is_guard: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.permstr","title":"permstr  property","text":"
permstr: str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__contains__","title":"__contains__","text":"
__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__eq__","title":"__eq__","text":"
__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__lt__","title":"__lt__","text":"
__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__hash__","title":"__hash__","text":"
__hash__() -> int\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_down","title":"round_down","text":"
round_down(address: int, align: int) -> int\n
 
round_down(address, align) -> int
 
Round down address to the nearest increment of align.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_up","title":"round_up","text":"
round_up(address: int, align: int) -> int\n
 
round_up(address, align) -> int
 
Round up address to the nearest increment of align.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.format_address","title":"format_address","text":"
format_address(\n    vaddr: int,\n    memsz: int,\n    permstr: str,\n    offset: int,\n    objfile: str | None = None,\n) -> str\n
 
Format the given address as a string.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_align","title":"page_align","text":"
page_align(address: int) -> int\n
 
page_align(address) -> int
 
Round down address to the nearest page boundary.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_size_align","title":"page_size_align","text":"
page_size_align(address: int) -> int\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_offset","title":"page_offset","text":"
page_offset(address: int) -> int\n
"},{"location":"reference/pwndbg/lib/net/","title":"net","text":""},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net","title":"net","text":"
Re-implements some psutil functionality to be able to get information from remote debugging sessions.
 
Classes:
 
     
  •  inode           \u2013            
    •  
  •  Connection           \u2013            
    •  
  •  UnixSocket           \u2013            
    •  
  •  Netlink           \u2013            
    •  
 
Functions:
 
     
  •  format_host_port             \u2013              
    •  
  •  tcp             \u2013              
    •  
  •  tcp6             \u2013              
    •  
  •  unix             \u2013              
    •  
  •  netlink             \u2013              
    •  
 
Attributes:
 
     
  •  TCP_STATUSES           \u2013            
    •  
  •  NETLINK_TYPES           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.TCP_STATUSES","title":"TCP_STATUSES  module-attribute","text":"
TCP_STATUSES = {\n    \"01\": \"established\",\n    \"02\": \"syn_sent\",\n    \"03\": \"syn_recv\",\n    \"04\": \"fin_wait1\",\n    \"05\": \"fin_wait2\",\n    \"06\": \"time_wait\",\n    \"07\": \"close\",\n    \"08\": \"close_wait\",\n    \"09\": \"last_ack\",\n    \"0A\": \"listen\",\n    \"0B\": \"closing\",\n}\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.NETLINK_TYPES","title":"NETLINK_TYPES  module-attribute","text":"
NETLINK_TYPES = {\n    0: \"NETLINK_ROUTE\",\n    1: \"NETLINK_UNUSED\",\n    2: \"NETLINK_USERSOCK\",\n    3: \"NETLINK_FIREWALL\",\n    4: \"NETLINK_SOCK_DIAG\",\n    5: \"NETLINK_NFLOG\",\n    6: \"NETLINK_XFRM\",\n    7: \"NETLINK_SELINUX\",\n    8: \"NETLINK_ISCSI\",\n    9: \"NETLINK_AUDIT\",\n    10: \"NETLINK_FIB_LOOKUP\",\n    11: \"NETLINK_CONNECTOR\",\n    12: \"NETLINK_NETFILTER\",\n    13: \"NETLINK_IP6_FW\",\n    14: \"NETLINK_DNRTMSG\",\n    15: \"NETLINK_KOBJECT_UEVENT\",\n    16: \"NETLINK_GENERIC\",\n    18: \"NETLINK_SCSITRANSPORT\",\n    19: \"NETLINK_ECRYPTFS\",\n    20: \"NETLINK_RDMA\",\n    21: \"NETLINK_CRYPTO\",\n}\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.inode","title":"inode","text":"
Attributes:
 
     
  •  inode               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.inode.inode","title":"inode  class-attribute instance-attribute","text":"
inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection","title":"Connection","text":"
               Bases: inode
 
Methods:
 
     
  •  __str__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  rhost               (str | None)           \u2013            
    •  
  •  lhost               (str | None)           \u2013            
    •  
  •  rport               (int | None)           \u2013            
    •  
  •  lport               (int | None)           \u2013            
    •  
  •  inode               (int | None)           \u2013            
    •  
  •  status               (str | None)           \u2013            
    •  
  •  family               (str | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.rhost","title":"rhost  class-attribute instance-attribute","text":"
rhost: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lhost","title":"lhost  class-attribute instance-attribute","text":"
lhost: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.rport","title":"rport  class-attribute instance-attribute","text":"
rport: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lport","title":"lport  class-attribute instance-attribute","text":"
lport: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.inode","title":"inode  class-attribute instance-attribute","text":"
inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.status","title":"status  class-attribute instance-attribute","text":"
status: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.family","title":"family  class-attribute instance-attribute","text":"
family: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket","title":"UnixSocket","text":"
               Bases: inode
 
Methods:
 
     
  •  __str__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  path           \u2013            
    •  
  •  inode               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.path","title":"path  class-attribute instance-attribute","text":"
path = '(anonymous)'\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.inode","title":"inode  class-attribute instance-attribute","text":"
inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink","title":"Netlink","text":"
               Bases: inode
 
Methods:
 
     
  •  __str__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  eth               (int)           \u2013            
    •  
  •  portid               (int | None)           \u2013            
    •  
  •  inode               (int | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.eth","title":"eth  class-attribute instance-attribute","text":"
eth: int = 0\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.portid","title":"portid  class-attribute instance-attribute","text":"
portid: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.inode","title":"inode  class-attribute instance-attribute","text":"
inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__str__","title":"__str__","text":"
__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.format_host_port","title":"format_host_port","text":"
format_host_port(ip, port)\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.tcp","title":"tcp","text":"
tcp(data: str) -> list[Connection]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.tcp6","title":"tcp6","text":"
tcp6(data: str) -> list[Connection]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.unix","title":"unix","text":"
unix(data: str) -> list[UnixSocket]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.netlink","title":"netlink","text":"
netlink(data: str) -> list[Netlink]\n
"},{"location":"reference/pwndbg/lib/pretty_print/","title":"pretty_print","text":""},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print","title":"pretty_print","text":"
Classes:
 
     
  •  Property           \u2013            
    A (property name, property value) pair
     
    •  
 
Functions:
 
     
  •  int_to_string             \u2013              
    Converts an integer value to string.
     
    •  
  •  int_pair_to_string             \u2013              
    Converts an integer pair to a string pair.
     
    •  
  •  from_properties             \u2013              
    When you have (property name, property value) pairs
     
    •  
 
Attributes:
 
     
  •  max_decimal_number           \u2013            
    •  
  •  config_property_name_color           \u2013            
    •  
  •  config_property_value_color           \u2013            
    •  
  •  config_property_title_color           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.max_decimal_number","title":"max_decimal_number  module-attribute","text":"
max_decimal_number = add_param(\n    \"max-decimal-number\",\n    9,\n    \"show all numbers greater than this in hex\",\n    param_class=PARAM_ZUINTEGER_UNLIMITED,\n    help_docstring=\"\\nFor negative numbers, their absolute value is used.\\n\\nSet the parameter to 'unlimited' if you want all values in decimal.\\nSpecially, set the parameter to zero if you want all values in hex.\\n\\nThe assembly instruction operands come from capstone, and are thus\\nnot controlled by this setting. For consistency with them, leave\\nthis setting at 9 (the default).\\n\",\n)\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.config_property_name_color","title":"config_property_name_color  module-attribute","text":"
config_property_name_color = add_color_param(\n    \"prop-name-color\",\n    \"bold\",\n    \"color used to highlight the name in name-value pairs\",\n    help_docstring=\"\\nUsed heavily in mallocng commands.\\n\",\n)\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.config_property_value_color","title":"config_property_value_color  module-attribute","text":"
config_property_value_color = add_color_param(\n    \"prop-value-color\",\n    \"yellow\",\n    \"color used to highlight the value in name-value pairs\",\n    help_docstring=\"\\nUsed heavily in mallocng commands.\\n\",\n)\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.config_property_title_color","title":"config_property_title_color  module-attribute","text":"
config_property_title_color = add_color_param(\n    \"prop-title-color\",\n    \"green\",\n    \"color used to highlight the title of name-value pair groups\",\n    help_docstring=\"\\nUsed heavily in mallocng commands.\\n\",\n)\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property","title":"Property  dataclass","text":"
Property(\n    name: str,\n    value: Any,\n    alt_value: Any = None,\n    extra: str | list[str] = \"\",\n    is_addr: bool = False,\n    use_hex: bool = True,\n    name_color_func: Callable[[str], str] | None = None,\n    value_color_func: Callable[[str], str] | None = None,\n)\n
 
A (property name, property value) pair with optional extra information.
 
Used by from_properties().
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  value               (Any)           \u2013            
    •  
  •  alt_value               (Any)           \u2013            
    •  
  •  extra               (str | list[str])           \u2013            
    •  
  •  is_addr               (bool)           \u2013            
    •  
  •  use_hex               (bool)           \u2013            
    •  
  •  name_color_func               (Callable[[str], str] | None)           \u2013            
    •  
  •  value_color_func               (Callable[[str], str] | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.value","title":"value  instance-attribute","text":"
value: Any\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.alt_value","title":"alt_value  class-attribute instance-attribute","text":"
alt_value: Any = None\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.extra","title":"extra  class-attribute instance-attribute","text":"
extra: str | list[str] = ''\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.is_addr","title":"is_addr  class-attribute instance-attribute","text":"
is_addr: bool = False\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.use_hex","title":"use_hex  class-attribute instance-attribute","text":"
use_hex: bool = True\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.name_color_func","title":"name_color_func  class-attribute instance-attribute","text":"
name_color_func: Callable[[str], str] | None = None\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.Property.value_color_func","title":"value_color_func  class-attribute instance-attribute","text":"
value_color_func: Callable[[str], str] | None = None\n
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.int_to_string","title":"int_to_string","text":"
int_to_string(num: int) -> str\n
 
Converts an integer value to string.
 
Decides whether to format it in decimal or hex depending on the max-decimal-number config.
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.int_pair_to_string","title":"int_pair_to_string","text":"
int_pair_to_string(num1: int, num2: int) -> tuple[str, str]\n
 
Converts an integer pair to a string pair.
 
Decides whether to format them in decimal or hex depending on the max-decimal-number config.
 
If either value should be hex, both are hex.
"},{"location":"reference/pwndbg/lib/pretty_print/#pwndbg.lib.pretty_print.from_properties","title":"from_properties","text":"
from_properties(\n    title: str,\n    properties: list[Property],\n    *,\n    preamble: str = \"\",\n    value_offset: int = 14,\n    extra_offset: int = 16,\n    title_color_func: Callable[[str], str] | None = None,\n    name_color_func: Callable[[str], str] | None = None,\n    value_color_func: Callable[[str], str] | None = None,\n    indent_size: int = 2,\n) -> str\n
 
When you have (property name, property value) pairs that you want to print, each on a new line.
 
A common usecase is printing a struct.
 Example 
general   start:          0x7ffff7ff6040   user start:     0x7ffff7ff6040    aka p   end:            0x7ffff7ff606c    start + stride - 4   stride:         0x30              distance between adjacent slots   user size:      0x20              aka \"nominal size\", n   slack:          0x0 (0x0)         slot's unused memory / 0x10
 
Parameters:
 
     
  •  title               (str)           \u2013            
    The title of this property group. An empty string may be provided for a titleless group.
     
    •  
  •  properties               (list[Property])           \u2013            
    The list of properties to format.
     
    •  
  •  preamble               (str, default:                   '' )           \u2013            
    A string that will be printed between the title and the properties, may be used to denote the address of an object like e.g. @ 0x408000 - 0x408fe0
     
    •  
  •  value_offset               (int, default:                   14 )           \u2013            
    The number of characters from the start of the name of a property to the start of its value.
     
    •  
  •  extra_offset               (int, default:                   16 )           \u2013            
    The number of characters from the start of the value of a property to the start of its extra text.
     
    •  
  •  title_color_func               (Callable[[str], str] | None, default:                   None )           \u2013            
    The function to use to color the title.
     
    •  
  •  name_color_func               (Callable[[str], str] | None, default:                   None )           \u2013            
    The function to use to color names.
     
    •  
  •  value_color_func               (Callable[[str], str] | None, default:                   None )           \u2013            
    The function to use to color values. This function isn't applied to is_addr=True properties.
     
    •  
  •  indent_size               (int, default:                   2 )           \u2013            
    The indentation to use i.e. the offset from the title to the names.
     
    •  
"},{"location":"reference/pwndbg/lib/regs/","title":"regs","text":""},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs","title":"regs","text":"
Reading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
 
Classes:
 
     
  •  BitFlags           \u2013            
    •  
  •  AddressingRegister           \u2013            
    Represents a register that is used to store an address, e.g. cr3, gsbase, fsbase
     
    •  
  •  SegmentRegisters           \u2013            
    Represents the x86 segment register set
     
    •  
  •  KernelRegisterSet           \u2013            
    additional registers that are useful when pwning kernels
     
    •  
  •  UnicornRegisterWrite           \u2013            
    Represent a register to write to the Unicorn emulator.
     
    •  
  •  Reg           \u2013            
    •  
  •  RegisterSet           \u2013            
    •  
  •  PseudoEmulatedRegisterFile           \u2013            
    This class represents a set of registers that can be written, read, and invalidated.
     
    •  
 
Attributes:
 
     
  •  arm_cpsr_flags           \u2013            
    •  
  •  arm_xpsr_flags           \u2013            
    •  
  •  aarch64_cpsr_flags           \u2013            
    •  
  •  aarch64_sctlr_flags           \u2013            
    •  
  •  aarch64_tcr_flags           \u2013            
    •  
  •  aarch64_scr_flags           \u2013            
    •  
  •  aarch64_mmfr_flags           \u2013            
    •  
  •  arm           \u2013            
    •  
  •  armcm           \u2013            
    •  
  •  aarch64           \u2013            
    •  
  •  x86flags           \u2013            
    •  
  •  amd64_kernel           \u2013            
    •  
  •  amd64           \u2013            
    •  
  •  i386           \u2013            
    •  
  •  powerpc           \u2013            
    •  
  •  sparc           \u2013            
    •  
  •  mips           \u2013            
    •  
  •  riscv           \u2013            
    •  
  •  loongarch64           \u2013            
    •  
  •  s390x           \u2013            
    •  
  •  reg_sets               (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_cpsr_flags","title":"arm_cpsr_flags  module-attribute","text":"
arm_cpsr_flags = BitFlags(\n    [\n        (\"N\", 31),\n        (\"Z\", 30),\n        (\"C\", 29),\n        (\"V\", 28),\n        (\"Q\", 27),\n        (\"J\", 24),\n        (\"T\", 5),\n        (\"E\", 9),\n        (\"A\", 8),\n        (\"I\", 7),\n        (\"F\", 6),\n    ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_xpsr_flags","title":"arm_xpsr_flags  module-attribute","text":"
arm_xpsr_flags = BitFlags(\n    [(\"N\", 31), (\"Z\", 30), (\"C\", 29), (\"V\", 28), (\"Q\", 27), (\"T\", 24)]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_cpsr_flags","title":"aarch64_cpsr_flags  module-attribute","text":"
aarch64_cpsr_flags = BitFlags(\n    [\n        (\"N\", 31),\n        (\"Z\", 30),\n        (\"C\", 29),\n        (\"V\", 28),\n        (\"Q\", 27),\n        (\"PAN\", 22),\n        (\"IL\", 20),\n        (\"D\", 9),\n        (\"A\", 8),\n        (\"I\", 7),\n        (\"F\", 6),\n        (\"EL\", 2),\n        (\"SP\", 0),\n    ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_sctlr_flags","title":"aarch64_sctlr_flags  module-attribute","text":"
aarch64_sctlr_flags = BitFlags(\n    [\n        (\"TIDCP\", 63),\n        (\"SPINTMASK\", 62),\n        (\"NMI\", 61),\n        (\"EPAN\", 57),\n        (\"ATA0\", 43),\n        (\"ATA0\", 42),\n        (\"TCF\", (40, 2)),\n        (\"TCF0\", (38, 2)),\n        (\"ITFSB\", 37),\n        (\"BT1\", 36),\n        (\"BT0\", 35),\n        (\"EnIA\", 31),\n        (\"EnIB\", 30),\n        (\"EnDA\", 27),\n        (\"UCI\", 26),\n        (\"EE\", 25),\n        (\"E0E\", 24),\n        (\"SPAN\", 23),\n        (\"TSCXT\", 20),\n        (\"WXN\", 19),\n        (\"nTWE\", 18),\n        (\"nTWI\", 16),\n        (\"UCT\", 15),\n        (\"DZE\", 14),\n        (\"EnDB\", 13),\n        (\"I\", 12),\n        (\"UMA\", 9),\n        (\"SED\", 8),\n        (\"ITD\", 7),\n        (\"nAA\", 6),\n        (\"CP15BEN\", 5),\n        (\"SA0\", 4),\n        (\"SA\", 3),\n        (\"C\", 2),\n        (\"A\", 1),\n        (\"M\", 0),\n    ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_tcr_flags","title":"aarch64_tcr_flags  module-attribute","text":"
aarch64_tcr_flags = BitFlags(\n    [(\"TG1\", (30, 31)), (\"T1SZ\", (16, 21)), (\"TG0\", (14, 15)), (\"T0SZ\", (0, 5))]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_scr_flags","title":"aarch64_scr_flags  module-attribute","text":"
aarch64_scr_flags = BitFlags(\n    [(\"HCE\", 8), (\"SMD\", 7), (\"EA\", 3), (\"FIQ\", 2), (\"IRQ\", 1), (\"NS\", 0)]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_mmfr_flags","title":"aarch64_mmfr_flags  module-attribute","text":"
aarch64_mmfr_flags = BitFlags([('VARange', (16, 19))])\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm","title":"arm  module-attribute","text":"
arm = RegisterSet(\n    retaddr=(Reg(\"lr\", 4),),\n    flags={\"cpsr\": arm_cpsr_flags},\n    gpr=(\n        Reg(\"r0\", 4),\n        Reg(\"r1\", 4),\n        Reg(\"r2\", 4),\n        Reg(\"r3\", 4),\n        Reg(\"r4\", 4),\n        Reg(\"r5\", 4),\n        Reg(\"r6\", 4),\n        Reg(\"r7\", 4),\n        Reg(\"r8\", 4),\n        Reg(\"r9\", 4),\n        Reg(\"r10\", 4),\n        Reg(\"r11\", 4),\n        Reg(\"r12\", 4),\n    ),\n    args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n    retval=\"r0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.armcm","title":"armcm  module-attribute","text":"
armcm = RegisterSet(\n    retaddr=(Reg(\"lr\", 4),),\n    flags={\"xpsr\": arm_xpsr_flags},\n    gpr=(\n        Reg(\"r0\", 4),\n        Reg(\"r1\", 4),\n        Reg(\"r2\", 4),\n        Reg(\"r3\", 4),\n        Reg(\"r4\", 4),\n        Reg(\"r5\", 4),\n        Reg(\"r6\", 4),\n        Reg(\"r7\", 4),\n        Reg(\"r8\", 4),\n        Reg(\"r9\", 4),\n        Reg(\"r10\", 4),\n        Reg(\"r11\", 4),\n        Reg(\"r12\", 4),\n    ),\n    args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n    retval=\"r0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64","title":"aarch64  module-attribute","text":"
aarch64 = RegisterSet(\n    retaddr=(Reg(\"lr\", 8),),\n    flags={\"cpsr\": aarch64_cpsr_flags},\n    extra_flags={\n        \"scr_el3\": aarch64_scr_flags,\n        \"sctlr\": aarch64_sctlr_flags,\n        \"sctlr_el2\": aarch64_sctlr_flags,\n        \"sctlr_el3\": aarch64_sctlr_flags,\n        \"spsr_el1\": aarch64_cpsr_flags,\n        \"spsr_el2\": aarch64_cpsr_flags,\n        \"spsr_el3\": aarch64_cpsr_flags,\n        \"tcr_el1\": aarch64_tcr_flags,\n        \"id_aa64mmfr2_el1\": aarch64_mmfr_flags,\n        \"ttbr0_el1\": BitFlags(),\n        \"ttbr1_el1\": BitFlags(),\n    },\n    frame=Reg(\"x29\", 8, subregisters=(Reg(\"w29\", 4, zero_extend_writes=True),)),\n    gpr=(\n        Reg(\"x0\", 8, subregisters=(Reg(\"w0\", 4, zero_extend_writes=True),)),\n        Reg(\"x1\", 8, subregisters=(Reg(\"w1\", 4, zero_extend_writes=True),)),\n        Reg(\"x2\", 8, subregisters=(Reg(\"w2\", 4, zero_extend_writes=True),)),\n        Reg(\"x3\", 8, subregisters=(Reg(\"w3\", 4, zero_extend_writes=True),)),\n        Reg(\"x4\", 8, subregisters=(Reg(\"w4\", 4, zero_extend_writes=True),)),\n        Reg(\"x5\", 8, subregisters=(Reg(\"w5\", 4, zero_extend_writes=True),)),\n        Reg(\"x6\", 8, subregisters=(Reg(\"w6\", 4, zero_extend_writes=True),)),\n        Reg(\"x7\", 8, subregisters=(Reg(\"w7\", 4, zero_extend_writes=True),)),\n        Reg(\"x8\", 8, subregisters=(Reg(\"w8\", 4, zero_extend_writes=True),)),\n        Reg(\"x9\", 8, subregisters=(Reg(\"w9\", 4, zero_extend_writes=True),)),\n        Reg(\"x10\", 8, subregisters=(Reg(\"w10\", 4, zero_extend_writes=True),)),\n        Reg(\"x11\", 8, subregisters=(Reg(\"w11\", 4, zero_extend_writes=True),)),\n        Reg(\"x12\", 8, subregisters=(Reg(\"w12\", 4, zero_extend_writes=True),)),\n        Reg(\"x13\", 8, subregisters=(Reg(\"w13\", 4, zero_extend_writes=True),)),\n        Reg(\"x14\", 8, subregisters=(Reg(\"w14\", 4, zero_extend_writes=True),)),\n        Reg(\"x15\", 8, subregisters=(Reg(\"w15\", 4, zero_extend_writes=True),)),\n        Reg(\"x16\", 8, subregisters=(Reg(\"w16\", 4, zero_extend_writes=True),)),\n        Reg(\"x17\", 8, subregisters=(Reg(\"w17\", 4, zero_extend_writes=True),)),\n        Reg(\"x18\", 8, subregisters=(Reg(\"w18\", 4, zero_extend_writes=True),)),\n        Reg(\"x19\", 8, subregisters=(Reg(\"w19\", 4, zero_extend_writes=True),)),\n        Reg(\"x20\", 8, subregisters=(Reg(\"w20\", 4, zero_extend_writes=True),)),\n        Reg(\"x21\", 8, subregisters=(Reg(\"w21\", 4, zero_extend_writes=True),)),\n        Reg(\"x22\", 8, subregisters=(Reg(\"w22\", 4, zero_extend_writes=True),)),\n        Reg(\"x23\", 8, subregisters=(Reg(\"w23\", 4, zero_extend_writes=True),)),\n        Reg(\"x24\", 8, subregisters=(Reg(\"w24\", 4, zero_extend_writes=True),)),\n        Reg(\"x25\", 8, subregisters=(Reg(\"w25\", 4, zero_extend_writes=True),)),\n        Reg(\"x26\", 8, subregisters=(Reg(\"w26\", 4, zero_extend_writes=True),)),\n        Reg(\"x27\", 8, subregisters=(Reg(\"w27\", 4, zero_extend_writes=True),)),\n        Reg(\"x28\", 8, subregisters=(Reg(\"w28\", 4, zero_extend_writes=True),)),\n    ),\n    args=(\"x0\", \"x1\", \"x2\", \"x3\"),\n    retval=\"x0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.x86flags","title":"x86flags  module-attribute","text":"
x86flags = {\n    \"eflags\": BitFlags(\n        [\n            (\"CF\", 0),\n            (\"PF\", 2),\n            (\"AF\", 4),\n            (\"ZF\", 6),\n            (\"SF\", 7),\n            (\"IF\", 9),\n            (\"DF\", 10),\n            (\"OF\", 11),\n            (\"AC\", 18),\n        ]\n    )\n}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.amd64_kernel","title":"amd64_kernel  module-attribute","text":"
amd64_kernel = KernelRegisterSet(\n    segments=SegmentRegisters([\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\"]),\n    controls={\n        \"cr0\": BitFlags([(\"PE\", 0), (\"WP\", 16), (\"PG\", 31)]),\n        \"cr3\": AddressingRegister(\"cr3\", False),\n        \"cr4\": BitFlags(\n            [\n                (\"UMIP\", 11),\n                (\"FSGSBASE\", 16),\n                (\"SMEP\", 20),\n                (\"SMAP\", 21),\n                (\"PKE\", 22),\n                (\"CET\", 23),\n                (\"PKS\", 24),\n            ]\n        ),\n    },\n    msrs={\n        \"efer\": BitFlags([(\"NXE\", 11)]),\n        \"gs_base\": AddressingRegister(\"gs_base\", True),\n        \"fs_base\": AddressingRegister(\"fs_base\", True),\n    },\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.amd64","title":"amd64  module-attribute","text":"
amd64 = RegisterSet(\n    pc=Reg(\"rip\"),\n    stack=Reg(\n        \"rsp\",\n        8,\n        subregisters=(\n            Reg(\"esp\", 4, 0, zero_extend_writes=True),\n            Reg(\"sp\", 2, 0),\n            Reg(\"spl\", 1, 0),\n        ),\n    ),\n    frame=Reg(\n        \"rbp\",\n        8,\n        subregisters=(\n            Reg(\"ebp\", 4, 0, zero_extend_writes=True),\n            Reg(\"bp\", 2, 0),\n            Reg(\"bpl\", 1, 0),\n        ),\n    ),\n    flags=x86flags,\n    gpr=(\n        Reg(\n            \"rax\",\n            8,\n            subregisters=(\n                Reg(\"eax\", 4, 0, zero_extend_writes=True),\n                Reg(\"ax\", 2, 0),\n                Reg(\"ah\", 1, 1),\n                Reg(\"al\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"rbx\",\n            8,\n            subregisters=(\n                Reg(\"ebx\", 4, 0, zero_extend_writes=True),\n                Reg(\"bx\", 2, 0),\n                Reg(\"bh\", 1, 1),\n                Reg(\"bl\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"rcx\",\n            8,\n            subregisters=(\n                Reg(\"ecx\", 4, 0, zero_extend_writes=True),\n                Reg(\"cx\", 2, 0),\n                Reg(\"ch\", 1, 1),\n                Reg(\"cl\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"rdx\",\n            8,\n            subregisters=(\n                Reg(\"edx\", 4, 0, zero_extend_writes=True),\n                Reg(\"dx\", 2, 0),\n                Reg(\"dh\", 1, 1),\n                Reg(\"dl\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"rdi\",\n            8,\n            subregisters=(\n                Reg(\"edi\", 4, 0, zero_extend_writes=True),\n                Reg(\"di\", 2, 0),\n                Reg(\"dil\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"rsi\",\n            8,\n            subregisters=(\n                Reg(\"esi\", 4, 0, zero_extend_writes=True),\n                Reg(\"si\", 2, 0),\n                Reg(\"sil\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r8\",\n            8,\n            subregisters=(\n                Reg(\"r8d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r8w\", 2, 0),\n                Reg(\"r8b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r9\",\n            8,\n            subregisters=(\n                Reg(\"r9d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r9w\", 2, 0),\n                Reg(\"r9b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r10\",\n            8,\n            subregisters=(\n                Reg(\"r10d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r10w\", 2, 0),\n                Reg(\"r10b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r11\",\n            8,\n            subregisters=(\n                Reg(\"r11d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r11w\", 2, 0),\n                Reg(\"r11b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r12\",\n            8,\n            subregisters=(\n                Reg(\"r12d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r12w\", 2, 0),\n                Reg(\"r12b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r13\",\n            8,\n            subregisters=(\n                Reg(\"r13d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r13w\", 2, 0),\n                Reg(\"r13b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r14\",\n            8,\n            subregisters=(\n                Reg(\"r14d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r14w\", 2, 0),\n                Reg(\"r14b\", 1, 0),\n            ),\n        ),\n        Reg(\n            \"r15\",\n            8,\n            subregisters=(\n                Reg(\"r15d\", 4, 0, zero_extend_writes=True),\n                Reg(\"r15w\", 2, 0),\n                Reg(\"r15b\", 1, 0),\n            ),\n        ),\n    ),\n    misc=(\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\", \"fs_base\", \"gs_base\", \"ip\"),\n    kernel=amd64_kernel,\n    args=(\"rdi\", \"rsi\", \"rdx\", \"rcx\", \"r8\", \"r9\"),\n    retval=\"rax\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.i386","title":"i386  module-attribute","text":"
i386 = RegisterSet(\n    pc=Reg(\"eip\"),\n    stack=Reg(\"esp\", 4, subregisters=(Reg(\"sp\", 2, 0),)),\n    frame=Reg(\"ebp\", 4, subregisters=(Reg(\"bp\", 2, 0),)),\n    flags=x86flags,\n    gpr=(\n        Reg(\n            \"eax\",\n            4,\n            subregisters=(Reg(\"ax\", 2, 0), Reg(\"ah\", 1, 1), Reg(\"al\", 1, 0)),\n        ),\n        Reg(\n            \"ebx\",\n            4,\n            subregisters=(Reg(\"bx\", 2, 0), Reg(\"bh\", 1, 1), Reg(\"bl\", 1, 0)),\n        ),\n        Reg(\n            \"ecx\",\n            4,\n            subregisters=(Reg(\"cx\", 2, 0), Reg(\"ch\", 1, 1), Reg(\"cl\", 1, 0)),\n        ),\n        Reg(\n            \"edx\",\n            4,\n            subregisters=(Reg(\"dx\", 2, 0), Reg(\"dh\", 1, 1), Reg(\"dl\", 1, 0)),\n        ),\n        Reg(\"edi\", 4, subregisters=(Reg(\"di\", 2, 0),)),\n        Reg(\"esi\", 4, subregisters=(Reg(\"si\", 2, 0),)),\n    ),\n    misc=(\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\", \"fs_base\", \"gs_base\", \"ip\"),\n    retval=\"eax\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.powerpc","title":"powerpc  module-attribute","text":"
powerpc = RegisterSet(\n    retaddr=(Reg(\"lr\"),),\n    flags={\"msr\": BitFlags(), \"xer\": BitFlags()},\n    gpr=(\n        Reg(\"r0\"),\n        Reg(\"r1\"),\n        Reg(\"r2\"),\n        Reg(\"r3\"),\n        Reg(\"r4\"),\n        Reg(\"r5\"),\n        Reg(\"r6\"),\n        Reg(\"r7\"),\n        Reg(\"r8\"),\n        Reg(\"r9\"),\n        Reg(\"r10\"),\n        Reg(\"r11\"),\n        Reg(\"r12\"),\n        Reg(\"r13\"),\n        Reg(\"r14\"),\n        Reg(\"r15\"),\n        Reg(\"r16\"),\n        Reg(\"r17\"),\n        Reg(\"r18\"),\n        Reg(\"r19\"),\n        Reg(\"r20\"),\n        Reg(\"r21\"),\n        Reg(\"r22\"),\n        Reg(\"r23\"),\n        Reg(\"r24\"),\n        Reg(\"r25\"),\n        Reg(\"r26\"),\n        Reg(\"r27\"),\n        Reg(\"r28\"),\n        Reg(\"r29\"),\n        Reg(\"r30\"),\n        Reg(\"r31\"),\n        Reg(\"cr\"),\n        Reg(\"ctr\"),\n    ),\n    args=(\"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\", \"r10\"),\n    retval=\"r3\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.sparc","title":"sparc  module-attribute","text":"
sparc = RegisterSet(\n    stack=Reg(\"sp\"),\n    frame=Reg(\"fp\"),\n    retaddr=(Reg(\"i7\"),),\n    flags={\"psr\": BitFlags()},\n    gpr=(\n        Reg(\"g1\"),\n        Reg(\"g2\"),\n        Reg(\"g3\"),\n        Reg(\"g4\"),\n        Reg(\"g5\"),\n        Reg(\"g6\"),\n        Reg(\"g7\"),\n        Reg(\"o0\"),\n        Reg(\"o1\"),\n        Reg(\"o2\"),\n        Reg(\"o3\"),\n        Reg(\"o4\"),\n        Reg(\"o5\"),\n        Reg(\"o7\"),\n        Reg(\"l0\"),\n        Reg(\"l1\"),\n        Reg(\"l2\"),\n        Reg(\"l3\"),\n        Reg(\"l4\"),\n        Reg(\"l5\"),\n        Reg(\"l6\"),\n        Reg(\"l7\"),\n        Reg(\"i0\"),\n        Reg(\"i1\"),\n        Reg(\"i2\"),\n        Reg(\"i3\"),\n        Reg(\"i4\"),\n        Reg(\"i5\"),\n    ),\n    args=(\"i0\", \"i1\", \"i2\", \"i3\", \"i4\", \"i5\"),\n    retval=\"o0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.mips","title":"mips  module-attribute","text":"
mips = RegisterSet(\n    frame=Reg(\"fp\"),\n    retaddr=(Reg(\"ra\"),),\n    gpr=(\n        Reg(\"v0\"),\n        Reg(\"v1\"),\n        Reg(\"a0\"),\n        Reg(\"a1\"),\n        Reg(\"a2\"),\n        Reg(\"a3\"),\n        Reg(\"t0\"),\n        Reg(\"t1\"),\n        Reg(\"t2\"),\n        Reg(\"t3\"),\n        Reg(\"t4\"),\n        Reg(\"t5\"),\n        Reg(\"t6\"),\n        Reg(\"t7\"),\n        Reg(\"t8\"),\n        Reg(\"t9\"),\n        Reg(\"s0\"),\n        Reg(\"s1\"),\n        Reg(\"s2\"),\n        Reg(\"s3\"),\n        Reg(\"s4\"),\n        Reg(\"s5\"),\n        Reg(\"s6\"),\n        Reg(\"s7\"),\n        Reg(\"s8\"),\n        Reg(\"gp\"),\n    ),\n    args=(\"a0\", \"a1\", \"a2\", \"a3\"),\n    retval=\"v0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.riscv","title":"riscv  module-attribute","text":"
riscv = RegisterSet(\n    pc=Reg(\"pc\"),\n    stack=Reg(\"sp\"),\n    retaddr=(Reg(\"ra\"),),\n    gpr=(\n        Reg(\"gp\"),\n        Reg(\"tp\"),\n        Reg(\"t0\"),\n        Reg(\"t1\"),\n        Reg(\"t2\"),\n        Reg(\"s0\"),\n        Reg(\"s1\"),\n        Reg(\"a0\"),\n        Reg(\"a1\"),\n        Reg(\"a2\"),\n        Reg(\"a3\"),\n        Reg(\"a4\"),\n        Reg(\"a5\"),\n        Reg(\"a6\"),\n        Reg(\"a7\"),\n        Reg(\"s2\"),\n        Reg(\"s3\"),\n        Reg(\"s4\"),\n        Reg(\"s5\"),\n        Reg(\"s6\"),\n        Reg(\"s7\"),\n        Reg(\"s8\"),\n        Reg(\"s9\"),\n        Reg(\"s10\"),\n        Reg(\"s11\"),\n        Reg(\"t3\"),\n        Reg(\"t4\"),\n        Reg(\"t5\"),\n        Reg(\"t6\"),\n    ),\n    args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n    retval=\"a0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.loongarch64","title":"loongarch64  module-attribute","text":"
loongarch64 = RegisterSet(\n    pc=Reg(\"pc\"),\n    stack=Reg(\"sp\"),\n    frame=Reg(\"fp\"),\n    retaddr=(Reg(\"ra\"),),\n    gpr=(\n        Reg(\"a0\"),\n        Reg(\"a1\"),\n        Reg(\"a2\"),\n        Reg(\"a3\"),\n        Reg(\"a4\"),\n        Reg(\"a5\"),\n        Reg(\"a6\"),\n        Reg(\"a7\"),\n        Reg(\"t0\"),\n        Reg(\"t1\"),\n        Reg(\"t2\"),\n        Reg(\"t3\"),\n        Reg(\"t4\"),\n        Reg(\"t5\"),\n        Reg(\"t6\"),\n        Reg(\"t7\"),\n        Reg(\"t8\"),\n        Reg(\"s0\"),\n        Reg(\"s1\"),\n        Reg(\"s2\"),\n        Reg(\"s3\"),\n        Reg(\"s4\"),\n        Reg(\"s5\"),\n        Reg(\"s6\"),\n        Reg(\"s7\"),\n        Reg(\"s8\"),\n    ),\n    args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n    misc=(\"tp\", \"r21\"),\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.s390x","title":"s390x  module-attribute","text":"
s390x = RegisterSet(\n    pc=Reg(\"pc\"),\n    retaddr=(Reg(\"r14\"),),\n    stack=Reg(\"r15\"),\n    flags={\"pswm\": BitFlags()},\n    gpr=(\n        Reg(\"r0\"),\n        Reg(\"r1\"),\n        Reg(\"r2\"),\n        Reg(\"r3\"),\n        Reg(\"r4\"),\n        Reg(\"r5\"),\n        Reg(\"r6\"),\n        Reg(\"r7\"),\n        Reg(\"r8\"),\n        Reg(\"r9\"),\n        Reg(\"r10\"),\n        Reg(\"r11\"),\n        Reg(\"r12\"),\n        Reg(\"r13\"),\n    ),\n    args=(\"r2\", \"r3\", \"r4\", \"r5\", \"r6\"),\n    retval=\"r2\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.reg_sets","title":"reg_sets  module-attribute","text":"
reg_sets: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet] = {\n    \"i386\": i386,\n    \"i8086\": i386,\n    \"x86-64\": amd64,\n    \"rv32\": riscv,\n    \"rv64\": riscv,\n    \"mips\": mips,\n    \"sparc\": sparc,\n    \"arm\": arm,\n    \"armcm\": armcm,\n    \"aarch64\": aarch64,\n    \"powerpc\": powerpc,\n    \"loongarch64\": loongarch64,\n    \"s390x\": s390x,\n}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags","title":"BitFlags","text":"
BitFlags(flags: list[tuple[str, int | tuple[int, int]]] = [], value=None)\n
 
Methods:
 
     
  •  __getattr__             \u2013              
    •  
  •  __getitem__             \u2013              
    •  
  •  __setitem__             \u2013              
    •  
  •  __delitem__             \u2013              
    •  
  •  __iter__             \u2013              
    •  
  •  __len__             \u2013              
    •  
  •  __repr__             \u2013              
    •  
  •  update             \u2013              
    •  
  •  context             \u2013              
    •  
 
Attributes:
 
     
  •  regname               (str)           \u2013            
    •  
  •  flags               (OrderedDict[str, int | tuple[int, int]])           \u2013            
    •  
  •  value               (int)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.regname","title":"regname  instance-attribute","text":"
regname: str = ''\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.flags","title":"flags  instance-attribute","text":"
flags: OrderedDict[str, int | tuple[int, int]] = {}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.value","title":"value  instance-attribute","text":"
value: int = value\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__getattr__","title":"__getattr__","text":"
__getattr__(name)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__getitem__","title":"__getitem__","text":"
__getitem__(key)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__setitem__","title":"__setitem__","text":"
__setitem__(key, value)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__delitem__","title":"__delitem__","text":"
__delitem__(key)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__iter__","title":"__iter__","text":"
__iter__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__len__","title":"__len__","text":"
__len__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__repr__","title":"__repr__","text":"
__repr__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.update","title":"update","text":"
update(regname: str)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.context","title":"context","text":"
context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister","title":"AddressingRegister","text":"
AddressingRegister(reg: str, is_virtual: bool)\n
 
Represents a register that is used to store an address, e.g. cr3, gsbase, fsbase
 
Methods:
 
     
  •  update             \u2013              
    •  
  •  context             \u2013              
    •  
 
Attributes:
 
     
  •  reg               (str)           \u2013            
    •  
  •  value               (int)           \u2013            
    •  
  •  is_virtual               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.reg","title":"reg  instance-attribute","text":"
reg: str = reg\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.value","title":"value  instance-attribute","text":"
value: int = 0\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.is_virtual","title":"is_virtual  instance-attribute","text":"
is_virtual: bool = is_virtual\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.update","title":"update","text":"
update(regname: str)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.context","title":"context","text":"
context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters","title":"SegmentRegisters","text":"
SegmentRegisters(regs: list[str])\n
 
Represents the x86 segment register set
 
Methods:
 
     
  •  context             \u2013              
    •  
 
Attributes:
 
     
  •  regs               (list[str])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters.regs","title":"regs  instance-attribute","text":"
regs: list[str] = regs\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters.context","title":"context","text":"
context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet","title":"KernelRegisterSet","text":"
KernelRegisterSet(\n    segments: SegmentRegisters | None,\n    controls: dict[str, BitFlags | AddressingRegister] = {},\n    msrs: dict[str, BitFlags | AddressingRegister] = {},\n)\n
 
additional registers that are useful when pwning kernels used only for x86-64 for now
 
Attributes:
 
     
  •  segments               (SegmentRegisters)           \u2013            
    •  
  •  controls               (dict[str, BitFlags | AddressingRegister])           \u2013            
    •  
  •  msrs               (dict[str, BitFlags | AddressingRegister])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.segments","title":"segments  instance-attribute","text":"
segments: SegmentRegisters = segments\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.controls","title":"controls  instance-attribute","text":"
controls: dict[str, BitFlags | AddressingRegister] = controls\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.msrs","title":"msrs  instance-attribute","text":"
msrs: dict[str, BitFlags | AddressingRegister] = msrs\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite","title":"UnicornRegisterWrite  dataclass","text":"
UnicornRegisterWrite(name: str, force_write: bool)\n
 
Represent a register to write to the Unicorn emulator.
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  force_write               (bool)           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite.force_write","title":"force_write  instance-attribute","text":"
force_write: bool\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg","title":"Reg  dataclass","text":"
Reg(\n    name: str,\n    size: int | None = None,\n    offset: int = 0,\n    zero_extend_writes: bool = False,\n    subregisters: tuple[Reg, ...] = (),\n)\n
 
Attributes:
 
     
  •  name               (str)           \u2013            
    •  
  •  size               (int | None)           \u2013            
    Register width in bytes. None if the register size is arch.ptrsize
     
    •  
  •  offset               (int)           \u2013            
    Relevant for subregisters - the offset of this register in the main register
     
    •  
  •  zero_extend_writes               (bool)           \u2013            
    Upon writing a value to this subregister, are the higher bits of the full register zeroed out?
     
    •  
  •  subregisters               (tuple[Reg, ...])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.name","title":"name  instance-attribute","text":"
name: str\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.size","title":"size  class-attribute instance-attribute","text":"
size: int | None = None\n
 
Register width in bytes. None if the register size is arch.ptrsize
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.offset","title":"offset  class-attribute instance-attribute","text":"
offset: int = 0\n
 
Relevant for subregisters - the offset of this register in the main register
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.zero_extend_writes","title":"zero_extend_writes  class-attribute instance-attribute","text":"
zero_extend_writes: bool = False\n
 
Upon writing a value to this subregister, are the higher bits of the full register zeroed out?
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.subregisters","title":"subregisters  class-attribute instance-attribute","text":"
subregisters: tuple[Reg, ...] = ()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet","title":"RegisterSet","text":"
RegisterSet(\n    pc: Reg = Reg(\"pc\"),\n    stack: Reg = Reg(\"sp\"),\n    frame: Reg | None = None,\n    retaddr: tuple[Reg, ...] = (),\n    flags: dict[str, BitFlags] = {},\n    extra_flags: dict[str, BitFlags] = {},\n    gpr: tuple[Reg, ...] = (),\n    misc: tuple[str, ...] = (),\n    args: tuple[str, ...] = (),\n    kernel: KernelRegisterSet | None = None,\n    retval: str | None = None,\n)\n
 
Methods:
 
     
  •  __contains__             \u2013              
    •  
  •  __iter__             \u2013              
    •  
 
Attributes:
 
     
  •  pc               (str)           \u2013            
    Program counter register
     
    •  
  •  stack               (str)           \u2013            
    Stack pointer register
     
    •  
  •  frame               (str | None)           \u2013            
    Frame pointer register
     
    •  
  •  retaddr               (tuple[str, ...])           \u2013            
    Return address register
     
    •  
  •  flags               (dict[str, BitFlags])           \u2013            
    Maps name of flag register (eflags, cpsr) to a structure detailing what the bits mean
     
    •  
  •  extra_flags           \u2013            
    •  
  •  gpr               (tuple[str, ...])           \u2013            
    List of native-size general-purpose registers
     
    •  
  •  misc               (tuple[str, ...])           \u2013            
    List of miscellaneous, valid registers
     
    •  
  •  args               (tuple[str, ...])           \u2013            
    Register-based arguments for most common ABI
     
    •  
  •  retval               (str | None)           \u2013            
    Return value register
     
    •  
  •  kernel               (KernelRegisterSet | None)           \u2013            
    Extra registers for kernel debugging
     
    •  
  •  reg_definitions               (dict[str, Reg])           \u2013            
    Map of register name to Reg objects containing information on the register
     
    •  
  •  full_register_lookup               (dict[str, Reg])           \u2013            
    Map of register name to the full register it resides in.
     
    •  
  •  common               (list[str])           \u2013            
    Common registers which should be displayed in the register context
     
    •  
  •  emulated_regs_order               (list[UnicornRegisterWrite])           \u2013            
    •  
  •  all               (set[str])           \u2013            
    All valid registers
     
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.pc","title":"pc  instance-attribute","text":"
pc: str = name\n
 
Program counter register
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.stack","title":"stack  instance-attribute","text":"
stack: str = name\n
 
Stack pointer register
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.frame","title":"frame  class-attribute instance-attribute","text":"
frame: str | None = name if frame else None\n
 
Frame pointer register
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retaddr","title":"retaddr  instance-attribute","text":"
retaddr: tuple[str, ...] = tuple((name) for x in retaddr)\n
 
Return address register
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.flags","title":"flags  instance-attribute","text":"
flags: dict[str, BitFlags] = flags\n
 
Maps name of flag register (eflags, cpsr) to a structure detailing what the bits mean
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.extra_flags","title":"extra_flags  instance-attribute","text":"
extra_flags = extra_flags\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.gpr","title":"gpr  instance-attribute","text":"
gpr: tuple[str, ...] = tuple((name) for x in gpr)\n
 
List of native-size general-purpose registers
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.misc","title":"misc  instance-attribute","text":"
misc: tuple[str, ...] = misc\n
 
List of miscellaneous, valid registers
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.args","title":"args  instance-attribute","text":"
args: tuple[str, ...] = args\n
 
Register-based arguments for most common ABI
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retval","title":"retval  instance-attribute","text":"
retval: str | None = retval\n
 
Return value register
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.kernel","title":"kernel  instance-attribute","text":"
kernel: KernelRegisterSet | None = kernel\n
 
Extra registers for kernel debugging
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.reg_definitions","title":"reg_definitions  instance-attribute","text":"
reg_definitions: dict[str, Reg] = {}\n
 
Map of register name to Reg objects containing information on the register
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.full_register_lookup","title":"full_register_lookup  instance-attribute","text":"
full_register_lookup: dict[str, Reg] = {}\n
 
Map of register name to the full register it resides in. Example mapping: \"eax\" -> Reg(\"rax\")
 
A full size register maps to itself.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.common","title":"common  class-attribute instance-attribute","text":"
common: list[str] = []\n
 
Common registers which should be displayed in the register context
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.emulated_regs_order","title":"emulated_regs_order  instance-attribute","text":"
emulated_regs_order: list[UnicornRegisterWrite] = []\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.all","title":"all  instance-attribute","text":"
all: set[str] = (\n    set(misc)\n    | set(flags)\n    | set(extra_flags)\n    | set(retaddr)\n    | set(common)\n    | set(all_subregisters)\n)\n
 
All valid registers
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__contains__","title":"__contains__","text":"
__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__iter__","title":"__iter__","text":"
__iter__() -> Iterator[str]\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile","title":"PseudoEmulatedRegisterFile","text":"
PseudoEmulatedRegisterFile(register_set: RegisterSet, ptrsize: int)\n
 
This class represents a set of registers that can be written, read, and invalidated.
 
The aim is to allow some manual dynamic/static analysis without the need for a full emulator.
 
The implementation can handle the behavior of architectures with partial registers, such as x86 (Ex: rax has \"eax\", \"ax\", \"ah\", and \"al\" as subregisters) or AArch64 (Ex: X0 contains W0). Most of the complexity of the bitshifts and masks arise from the necessity to handle these cases.
 
Methods:
 
     
  •  write_register             \u2013              
    source_width is the byte width of the value's source.
     
    •  
  •  read_register             \u2013              
    •  
  •  invalidate_all_registers             \u2013              
    •  
  •  invalidate_register             \u2013              
    Invalidate the bits that a write to this register would override.
     
    •  
  •  __repr__             \u2013              
    •  
 
Attributes:
 
     
  •  register_set               (RegisterSet)           \u2013            
    •  
  •  ptrsize               (int)           \u2013            
    •  
  •  masks               (defaultdict[str, int])           \u2013            
    Map of register name to bitmask indicating what bits of the register we know the value of.
     
    •  
  •  values               (defaultdict[str, int])           \u2013            
    Map of register to the value we know it to have.
     
    •  
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.register_set","title":"register_set  instance-attribute","text":"
register_set: RegisterSet = register_set\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.ptrsize","title":"ptrsize  instance-attribute","text":"
ptrsize: int = ptrsize\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.masks","title":"masks  instance-attribute","text":"
masks: defaultdict[str, int] = defaultdict(int)\n
 
Map of register name to bitmask indicating what bits of the register we know the value of.
 
Example: {     \"rax\": 0xFFFF } This indicates that in the RAX register, we only know the bottom 16 bits. This likely resulted from writing the \"ax\" register. Any attempt to read any other bits returns None. In this case, we can read from \"ax\", \"ah\", and \"al\", but not \"eax\" or \"rax\".
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.values","title":"values  instance-attribute","text":"
values: defaultdict[str, int] = defaultdict(int)\n
 
Map of register to the value we know it to have.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.write_register","title":"write_register","text":"
write_register(\n    reg: str,\n    value: int,\n    source_width: int | None = None,\n    sign_extend: bool = False,\n) -> None\n
 
source_width is the byte width of the value's source. It should be specified when the source has a width shorter than the destination register.
 
Examples:
 
movsbl EAX, AL      // sign extend 1 byte register to 4 byte register movzbl EAX, AL      // zero extend
 
Source width would be 1, and in the first case sign_extend should be set to True. If sign_extend is False, we zero extend.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.read_register","title":"read_register","text":"
read_register(reg: str) -> int | None\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.invalidate_all_registers","title":"invalidate_all_registers","text":"
invalidate_all_registers() -> None\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.invalidate_register","title":"invalidate_register","text":"
invalidate_register(reg: str) -> None\n
 
Invalidate the bits that a write to this register would override.
 
This can be used when we statically detect that a register is written, but we don't know the concrete value that is written so we have to invalidate any current knowledge of the register's bits.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PseudoEmulatedRegisterFile.__repr__","title":"__repr__","text":"
__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/stdio/","title":"stdio","text":""},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio","title":"stdio","text":"
Provides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout which prevent output from appearing on-screen inside of certain event handlers.
 
Classes:
 
     
  •  Stdio           \u2013            
    •  
 
Attributes:
 
     
  •  stdio           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.stdio","title":"stdio  module-attribute","text":"
stdio = Stdio()\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio","title":"Stdio","text":"
Methods:
 
     
  •  __enter__             \u2013              
    •  
  •  __exit__             \u2013              
    •  
 
Attributes:
 
     
  •  queue               (list[tuple[TextIO, TextIO, TextIO]])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.queue","title":"queue  class-attribute instance-attribute","text":"
queue: list[tuple[TextIO, TextIO, TextIO]] = []\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__enter__","title":"__enter__","text":"
__enter__(*a: Any, **kw: Any) -> None\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__exit__","title":"__exit__","text":"
__exit__(\n    exc_type: type[BaseException] | None,\n    exc_value: BaseException | None,\n    traceback: TracebackType | None,\n) -> None\n
"},{"location":"reference/pwndbg/lib/strings/","title":"strings","text":""},{"location":"reference/pwndbg/lib/strings/#pwndbg.lib.strings","title":"strings","text":"
Functions:
 
     
  •  strip_colors             \u2013              
    Remove all ANSI color codes from the text
     
    •  
"},{"location":"reference/pwndbg/lib/strings/#pwndbg.lib.strings.strip_colors","title":"strip_colors","text":"
strip_colors(text)\n
 
Remove all ANSI color codes from the text
"},{"location":"reference/pwndbg/lib/tempfile/","title":"tempfile","text":""},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile","title":"tempfile","text":"
Common helper and cache for pwndbg tempdir
 
Functions:
 
     
  •  tempdir             \u2013              
    Returns a safe and unpredictable temporary directory with pwndbg prefix.
     
    •  
  •  cachedir             \u2013              
    Returns and potentially creates a persistent safe cachedir location
     
    •  
"},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile.tempdir","title":"tempdir","text":"
tempdir() -> str\n
 
Returns a safe and unpredictable temporary directory with pwndbg prefix.
"},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile.cachedir","title":"cachedir","text":"
cachedir(namespace: str | None = None) -> str\n
 
Returns and potentially creates a persistent safe cachedir location based on XDG_CACHE_HOME or ~/.cache or LOCALAPPDATA (Windows)
 
Optionally creates a sub namespace inside the pwndbg cache folder.
"},{"location":"reference/pwndbg/lib/tips/","title":"tips","text":""},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips","title":"tips","text":"
Functions:
 
     
  •  get_tip_of_the_day             \u2013              
    Returns a random tip based on the current debugger type.
     
    •  
  •  get_all_tips             \u2013              
    Returns all tips applicable to the current debugger.
     
    •  
  •  color_tip             \u2013              
    •  
 
Attributes:
 
     
  •  GDB_TIPS               (list[str])           \u2013            
    •  
  •  PWNDBG_TIPS               (list[str])           \u2013            
    •  
  •  LLDB_TIPS               (list[str])           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.GDB_TIPS","title":"GDB_TIPS  module-attribute","text":"
GDB_TIPS: list[str] = [\n    \"GDB's `apropos <topic>` command displays all registered commands that are related to the given <topic>\",\n    \"GDB's `follow-fork-mode` parameter can be used to set whether to trace parent or child after fork() calls. Pwndbg sets it to child by default\",\n    'Use GDB\\'s `dprintf` command to print all calls to given function. E.g. `dprintf malloc, \"malloc(%p)\\\\n\", (void*)$rdi` will print all malloc calls',\n    \"Use GDB's `pi` command to run an interactive Python console where you can use Pwndbg APIs like `pwndbg.aglib.memory.read(addr, len)`, `pwndbg.aglib.memory.write(addr, data)`, `pwndbg.aglib.vmmap.get()` and so on!\",\n    \"GDB's `set directories <path>` parameter can be used to debug e.g. glibc sources like the malloc/free functions!\",\n    \"If you have debugging symbols the `info args` command shows current frame's function arguments (use `up` and `down` to switch between frames)\",\n    'Calling functions like `call (void)puts(\"hello world\")` will run all other target threads for the time the function runs. Use `set scheduler-locking on` to lock the execution to current thread when calling functions',\n    \"Use the `pipe <cmd> | <prog>` command to pass output of a GDB/Pwndbg command to a shell program, e.g. `pipe elfsections | grep bss`. This can also be shortened to: `| <cmd> | <prog>`\",\n    \"Prefixing a command with `!` in GDB will execute it as a shell command, e.g.: `!ls` or `!cat flag.txt`\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.PWNDBG_TIPS","title":"PWNDBG_TIPS  module-attribute","text":"
PWNDBG_TIPS: list[str] = [\n    \"If you want Pwndbg to clear screen on each command (but still save previous output in history) use `set context-clear-screen on`\",\n    \"The `set show-flags on` setting will display CPU flags register in the regs context panel\",\n    \"GDB and Pwndbg parameters can be shown or set with `show <param>` and `set <param> <value>` GDB commands\",\n    \"Use Pwndbg's `config` and `theme` commands to tune its configuration and theme colors!\",\n    \"Pwndbg mirrors some of WinDbg commands like `eq`, `ew`, `ed`, `eb`, `es`, `dq`, `dw`, `dd`, `db`, `ds` for writing and reading memory\",\n    \"Pwndbg resolves kernel memory maps by parsing page tables (default) or via `monitor info mem` QEMU gdbstub command (use `set kernel-vmmap-via-page-tables off` for that)\",\n    \"Use the `vmmap` command for a better & colored memory maps display (than the GDB's `info proc mappings`)\",\n    \"Use the `telescope` command to dereference a given address/pointer multiple times (if the dereferenced value is a valid ptr; see `config telescope` to configure its behavior)\",\n    \"Use the `context` (or `ctx`) command to display the context once again. You can reconfigure the context layout with `set context-section <sections>` or forward the output to a file/tty via `set context-output <file>`. See also `config context` to configure it further!\",\n    \"Disable Pwndbg context information display with `set context-sections ''`\",\n    \"Pwndbg context displays where the program branches to thanks to emulating few instructions into the future. You can disable this with `set emulate off` which may also speed up debugging\",\n    \"Use the `canary` command to see all stack canary/cookie values on the stack (based on the *usual* stack canary value initialized by glibc)\",\n    \"Use the `procinfo` command for better process introspection (than the GDB's `info proc` command)\",\n    \"Want to display each context panel in a separate tmux window? See https://pwndbg.re/stable/tutorials/splitting-the-context/\",\n    'Use `$base(\"heap\")` to get the start address of a [heap] memory page',\n    \"Use the `errno` (or `errno <number>`) command to see the name of the last or provided (libc) error\",\n    \"Pwndbg sets the SIGLARM, SIGBUS, SIGPIPE and SIGSEGV signals so they are not passed to the app; see `info signals` for full GDB signals configuration\",\n    \"Use `vmmap -A|-B <number> <filter>` to display <number> of maps after/before filtered ones\",\n    \"Use the `killall` command to kill all specified threads (via their ids)\",\n    \"Use the `spray` command to spray memory with cyclic pattern or specified value\",\n    \"Use `patch <address> '<assembly>'` to patch an address with given assembly code\",\n    \"Want to NOP some instructions? Use `patch <address> 'nop; nop; nop'`\",\n    \"`heap-config` shows heap related configuration\",\n    \"`break-if-taken` and `break-if-not-taken` commands sets breakpoints after a given jump instruction was taken or not\",\n    \"`stepuntilasm <assembly-instruction [operands]>` steps program forward until matching instruction occures\",\n    \"Use `plist` command to dump elements of linked list\",\n    \"If your program has multiple threads they will be displayed in the context display or using the `context threads` command\",\n    \"Use `track-got enable|info|query` to track GOT accesses - useful for hijacking control flow via writable GOT/PLT\",\n    \"Need to `mmap` or `mprotect` memory in the debugee? Use commands with the same name to inject and run such syscalls\",\n    \"Use `hi` to see if a an address belongs to a glibc heap chunk\",\n    \"Use `contextprev` and `contextnext` to display a previous context output again without scrolling\",\n    \"Try splitting the context output into multiple TUI windows using `layout pwndbg` (`tui disable` or `ctrl-x + a` to go back to CLI mode)\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.LLDB_TIPS","title":"LLDB_TIPS  module-attribute","text":"
LLDB_TIPS: list[str] = [\n    \"Use LLDB's `help <command>` to get detailed help on any command\",\n    \"LLDB's `expr` command lets you evaluate expressions in the current frame context\",\n    \"Use `frame variable` (or `fr v`) to show all variables in the current frame\",\n    \"The `watchpoint set` command allows you to stop execution when a variable changes\",\n    \"Use `process launch --stop-at-entry` to stop at the program entry point\",\n    \"LLDB's `memory read` (or `m read`) command displays memory contents at a specified address\",\n    \"Use `thread backtrace all` to see backtraces of all threads\",\n    \"The `breakpoint set --func-regex <regex>` command sets breakpoints on functions matching a regular expression\",\n    \"Use `target modules list` to see all loaded modules in your process\",\n    \"LLDB's `image lookup` command helps find symbols, addresses, and files in the executable and loaded libraries\",\n    \"Use `command alias` to create custom shortcuts for frequently used commands\",\n    \"LLDB's `register read` shows the contents of registers in the selected frame\",\n    \"The `disassemble` command shows assembly instructions for the current function\",\n    \"Use `thread step-inst` (or `si`) to step one instruction\",\n    \"LLDB's Python API can be accessed with the `script` command to extend debugging capabilities\",\n    \"Use `process attach --pid <pid>` to attach to a running process\",\n    \"The `breakpoint command add` lets you run commands when a breakpoint is hit\",\n    \"Use `memory find` to search for a value in the process's memory\",\n    \"LLDB's `settings set` command allows you to customize debugger behavior\",\n    \"The `platform list` command shows all available platforms for remote debugging\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_tip_of_the_day","title":"get_tip_of_the_day","text":"
get_tip_of_the_day() -> str\n
 
Returns a random tip based on the current debugger type.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_all_tips","title":"get_all_tips","text":"
get_all_tips() -> list[str]\n
 
Returns all tips applicable to the current debugger.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.color_tip","title":"color_tip","text":"
color_tip(tip: str) -> str\n
"},{"location":"reference/pwndbg/lib/version/","title":"version","text":""},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version","title":"version","text":"
Functions:
 
     
  •  build_id             \u2013              
    Returns pwndbg commit id if git is available.
     
    •  
 
Attributes:
 
     
  •  __version__           \u2013            
    •  
  •  b_id           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.__version__","title":"__version__  module-attribute","text":"
__version__ = '2025.10.20'\n
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.b_id","title":"b_id  module-attribute","text":"
b_id = build_id()\n
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.build_id","title":"build_id","text":"
build_id() -> str\n
 
Returns pwndbg commit id if git is available.
"},{"location":"reference/pwndbg/lib/which/","title":"which","text":""},{"location":"reference/pwndbg/lib/which/#pwndbg.lib.which","title":"which","text":"
Functions:
 
     
  •  which             \u2013              
    which(name, flags = os.X_OK, all = False) -> str or str set
     
    •  
"},{"location":"reference/pwndbg/lib/which/#pwndbg.lib.which.which","title":"which","text":"
which(name: str, all: bool = False) -> str | set[str] | None\n
 
which(name, flags = os.X_OK, all = False) -> str or str set
 
Works as the system command which; searches $PATH for name and returns a full path if found.
 
If all is True the set of all found locations is returned, else the first occurrence or None is returned.
 
Parameters:
 
     
  •  name               (str)           \u2013            
    The file to search for.
     
    •  
  •  all               (bool, default:                   False )           \u2013            
    Whether to return all locations where name was found.
     
    •  
 
Returns:
 
     
  •  str | set[str] | None           \u2013            
    If all is True the set of all locations where name was found,
     
    •  
  •  str | set[str] | None           \u2013            
    else the first location or None if not found.
     
    •  
 Example 
which('sh') '/bin/sh'
"},{"location":"reference/pwndbg/lib/zig/","title":"zig","text":""},{"location":"reference/pwndbg/lib/zig/#pwndbg.lib.zig","title":"zig","text":"
Functions:
 
     
  •  get_zig_executable             \u2013              
    Get the path to the zig executable.
     
    •  
  •  flags             \u2013              
    •  
  •  asm             \u2013              
    •  
 
Attributes:
 
     
  •  ZIG_SUPPORTED_VERSION           \u2013            
    •  
"},{"location":"reference/pwndbg/lib/zig/#pwndbg.lib.zig.ZIG_SUPPORTED_VERSION","title":"ZIG_SUPPORTED_VERSION  module-attribute","text":"
ZIG_SUPPORTED_VERSION = '0.14.1'\n
"},{"location":"reference/pwndbg/lib/zig/#pwndbg.lib.zig.get_zig_executable","title":"get_zig_executable","text":"
get_zig_executable() -> str\n
 
Get the path to the zig executable. Precedence: ziglang module, zig in PATH.
"},{"location":"reference/pwndbg/lib/zig/#pwndbg.lib.zig.flags","title":"flags","text":"
flags(arch: ArchDefinition) -> list[str]\n
"},{"location":"reference/pwndbg/lib/zig/#pwndbg.lib.zig.asm","title":"asm","text":"
asm(\n    arch: ArchDefinition, data: str, includes: list[Path] | None = None\n) -> bytes\n
"},{"location":"reference/pwndbg/log/","title":"log","text":""},{"location":"reference/pwndbg/log/#pwndbg.log","title":"log","text":"
Logging.
 
Classes:
 
     
  •  ColorFormatter           \u2013            
    •  
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter","title":"ColorFormatter","text":"
               Bases: Formatter
 
Methods:
 
     
  •  format             \u2013              
    •  
 
Attributes:
 
     
  •  log_funcs           \u2013            
    •  
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter.log_funcs","title":"log_funcs  class-attribute instance-attribute","text":"
log_funcs = {\n    DEBUG: debug,\n    INFO: info,\n    WARNING: warn,\n    ERROR: error,\n    CRITICAL: error,\n}\n
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter.format","title":"format","text":"
format(record)\n
"},{"location":"reference/pwndbg/profiling/","title":"profiling","text":""},{"location":"reference/pwndbg/profiling/#pwndbg.profiling","title":"profiling","text":"
Pwndbg profiling.
 
Classes:
 
     
  •  Profiler           \u2013            
    •  
 
Functions:
 
     
  •  init             \u2013              
    •  
 
Attributes:
 
     
  •  profiler               (Profiler | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.profiler","title":"profiler  module-attribute","text":"
profiler: Profiler | None = None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler","title":"Profiler","text":"
Profiler(p: Profile)\n
 
Methods:
 
     
  •  print_time_elapsed             \u2013              
    •  
  •  start             \u2013              
    •  
  •  stop             \u2013              
    •  
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.print_time_elapsed","title":"print_time_elapsed","text":"
print_time_elapsed() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.start","title":"start","text":"
start() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.stop","title":"stop","text":"
stop(filename: str | None = None) -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.init","title":"init","text":"
init(p: Profile, _start_time: float | None) -> None\n
"},{"location":"reference/pwndbg/radare2/","title":"radare2","text":""},{"location":"reference/pwndbg/radare2/#pwndbg.radare2","title":"radare2","text":"
Radare2 integration with r2pipe.
 
Functions:
 
     
  •  r2pipe             \u2013              
    Spawn and return a r2pipe handle for the current process file.
     
    •  
  •  r2cmd             \u2013              
    •  
"},{"location":"reference/pwndbg/radare2/#pwndbg.radare2.r2pipe","title":"r2pipe","text":"
r2pipe()\n
 
Spawn and return a r2pipe handle for the current process file.
 
This function requires a radare2 installation plus the r2pipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed.
 
Raises ImportError if r2pipe python library is not available. Raises Exception if anything goes fatally wrong.
 
Returns a r2pipe.open handle.
"},{"location":"reference/pwndbg/radare2/#pwndbg.radare2.r2cmd","title":"r2cmd","text":"
r2cmd(arguments) -> str\n
"},{"location":"reference/pwndbg/rizin/","title":"rizin","text":""},{"location":"reference/pwndbg/rizin/#pwndbg.rizin","title":"rizin","text":"
Rizin integration with rzpipe.
 
Functions:
 
     
  •  rzpipe             \u2013              
    Spawn and return a rzpipe handle for the current process file.
     
    •  
  •  rzcmd             \u2013              
    •  
"},{"location":"reference/pwndbg/rizin/#pwndbg.rizin.rzpipe","title":"rzpipe","text":"
rzpipe()\n
 
Spawn and return a rzpipe handle for the current process file. This function requires a rizin installation plus the rzpipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed. Raises ImportError if rzpipe python library is not available. Raises Exception if anything goes fatally wrong. Returns a rzpipe.open handle.
"},{"location":"reference/pwndbg/rizin/#pwndbg.rizin.rzcmd","title":"rzcmd","text":"
rzcmd(arguments) -> str\n
"},{"location":"reference/pwndbg/search/","title":"search","text":""},{"location":"reference/pwndbg/search/#pwndbg.search","title":"search","text":"
Search the address space for byte patterns.
 
Functions:
 
     
  •  search             \u2013              
    Search inferior memory for a byte sequence.
     
    •  
"},{"location":"reference/pwndbg/search/#pwndbg.search.search","title":"search","text":"
search(\n    searchfor: bytes,\n    mappings: Collection[Page] | None = None,\n    start: int | None = None,\n    end: int | None = None,\n    step: int | None = None,\n    aligned: int | None = None,\n    limit: int | None = None,\n    executable: bool = False,\n    writable: bool = False,\n) -> Generator[int, None, None]\n
 
Search inferior memory for a byte sequence.
 
Parameters:
 
     
  •  searchfor               (bytes)           \u2013            
    Byte sequence to find
     
    •  
  •  mappings               (Collection[Page] | None, default:                   None )           \u2013            
    List of pwndbg.lib.memory.Page objects to search By default, uses all available mappings.
     
    •  
  •  start               (int | None, default:                   None )           \u2013            
    First address to search, inclusive.
     
    •  
  •  end               (int | None, default:                   None )           \u2013            
    Last address to search, exclusive.
     
    •  
  •  step               (int | None, default:                   None )           \u2013            
    Size of memory region to skip each result
     
    •  
  •  aligned               (int | None, default:                   None )           \u2013            
    Strict byte alignment for search result
     
    •  
  •  limit               (int | None, default:                   None )           \u2013            
    Maximum number of results to return
     
    •  
  •  executable               (bool, default:                   False )           \u2013            
    Restrict search to executable pages
     
    •  
  •  writable               (bool, default:                   False )           \u2013            
    Restrict search to writable pages
     
    •  
 
Yields:
 
     
  •  int           \u2013            
    An iterator on the address matches
     
    •  
"},{"location":"reference/pwndbg/ui/","title":"ui","text":""},{"location":"reference/pwndbg/ui/#pwndbg.ui","title":"ui","text":"
A few helpers for making things print pretty-like.
 
Functions:
 
     
  •  banner             \u2013              
    •  
  •  addrsz             \u2013              
    •  
  •  get_window_size             \u2013              
    •  
  •  get_cmd_window_size             \u2013              
    •  
 
Attributes:
 
     
  •  title_position           \u2013            
    •  
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.title_position","title":"title_position  module-attribute","text":"
title_position = add_param(\n    \"banner-title-position\",\n    \"center\",\n    \"banner title position\",\n    param_class=PARAM_ENUM,\n    enum_sequence=[\"center\", \"left\", \"right\"],\n)\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.banner","title":"banner","text":"
banner(title, target=stdout, width=None, extra='')\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.addrsz","title":"addrsz","text":"
addrsz(address) -> str\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_window_size","title":"get_window_size","text":"
get_window_size(target=stdout)\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_cmd_window_size","title":"get_cmd_window_size","text":"
get_cmd_window_size()\n
"},{"location":"reference/pwndbg/wrappers/","title":"wrappers","text":""},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers","title":"wrappers","text":"
Specific command output wrappers.
 
Modules:
 
     
  •  checksec           \u2013            
    •  
  •  readelf           \u2013            
    •  
 
Classes:
 
     
  •  OnlyWithCommand           \u2013            
    •  
 
Functions:
 
     
  •  call_cmd             \u2013              
    •  
 
Attributes:
 
     
  •  P           \u2013            
    •  
  •  T           \u2013            
    •  
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.P","title":"P  module-attribute","text":"
P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.T","title":"T  module-attribute","text":"
T = TypeVar('T')\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand","title":"OnlyWithCommand","text":"
OnlyWithCommand(*commands: str | list[str])\n
 
Methods:
 
     
  •  __call__             \u2013              
    •  
 
Attributes:
 
     
  •  all_cmds               (list[str])           \u2013            
    •  
  •  cmd               (list[str])           \u2013            
    •  
  •  cmd_path               (str | None)           \u2013            
    •  
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.all_cmds","title":"all_cmds  instance-attribute","text":"
all_cmds: list[str] = [\n    (cmd[0] if isinstance(cmd, list) else cmd) for cmd in commands\n]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd","title":"cmd  instance-attribute","text":"
cmd: list[str] = command if isinstance(command, list) else [command]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd_path","title":"cmd_path  instance-attribute","text":"
cmd_path: str | None = which(cmd[0])\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.__call__","title":"__call__","text":"
__call__(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.call_cmd","title":"call_cmd","text":"
call_cmd(*cmd: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/","title":"checksec","text":""},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec","title":"checksec","text":"
Functions:
 
     
  •  monkeypatch_pwnlib_term_text             \u2013              
    •  
  •  get_raw_out             \u2013              
    •  
  •  relro_status             \u2013              
    •  
  •  pie_status             \u2013              
    •  
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.monkeypatch_pwnlib_term_text","title":"monkeypatch_pwnlib_term_text","text":"
monkeypatch_pwnlib_term_text() -> Iterator[None]\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.get_raw_out","title":"get_raw_out","text":"
get_raw_out(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.relro_status","title":"relro_status","text":"
relro_status(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.pie_status","title":"pie_status","text":"
pie_status(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/readelf/","title":"readelf","text":""},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf","title":"readelf","text":"
Classes:
 
     
  •  RelocationType           \u2013            
    •  
 
Functions:
 
     
  •  get_got_entry             \u2013              
    •  
 
Attributes:
 
     
  •  cmd_name           \u2013            
    •  
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.cmd_name","title":"cmd_name  module-attribute","text":"
cmd_name = 'readelf'\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType","title":"RelocationType","text":"
               Bases: Enum
 
Attributes:
 
     
  •  JUMP_SLOT           \u2013            
    •  
  •  GLOB_DAT           \u2013            
    •  
  •  IRELATIVE           \u2013            
    •  
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.JUMP_SLOT","title":"JUMP_SLOT  class-attribute instance-attribute","text":"
JUMP_SLOT = 1\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.GLOB_DAT","title":"GLOB_DAT  class-attribute instance-attribute","text":"
GLOB_DAT = 2\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.IRELATIVE","title":"IRELATIVE  class-attribute instance-attribute","text":"
IRELATIVE = 3\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.get_got_entry","title":"get_got_entry","text":"
get_got_entry(local_path: str) -> dict[RelocationType, list[str]]\n
"},{"location":"blog/archive/2022/","title":"2022","text":""}]}
\ No newline at end of file